Skip to main content

CWE-242

Use of Inherently Dangerous Function

8 CVEs Avg CVSS 8.4 MITRE
1
CRITICAL
7
HIGH
0
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2026-6477 HIGH PATCH This Week

PostgreSQL libpq client library allows malicious server superusers to execute arbitrary code on connecting clients by overwriting stack buffers via unbounded responses to PQfn() calls. The vulnerability affects lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions used by psql and pg_dump utilities. A compromised or malicious PostgreSQL server can exploit clients running these common administrative tools during routine operations like database backups or large object exports. EPSS and KEV data not available for this recent CVE. CVSS 8.8 reflects the network attack vector with user interaction requirement (connecting to malicious server).

Information Disclosure PostgreSQL
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-1994 HIGH This Month

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE IBM Cognos Command Center
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49215 HIGH PATCH This Week

Post-authentication SQL injection vulnerability in Trend Micro Endpoint Encryption PolicyServer that enables authenticated attackers to escalate privileges and achieve full system compromise (confidentiality, integrity, and availability impact). The vulnerability requires an attacker to first obtain low-privileged code execution on the target system before exploiting the SQL injection to escalate to administrative privileges. With a CVSS score of 8.8 and network accessibility, this represents a significant risk to organizations running vulnerable PolicyServer instances, particularly in environments where initial compromise vectors (phishing, lateral movement, supply chain) are plausible.

SQLi Trend Micro Privilege Escalation Trend Micro Endpoint Encryption
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-1331 HIGH This Week

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM RCE Cics Tx
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-52324 CRITICAL Act Now

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Reyee Os
NVD
CVSS 4.0
9.2
EPSS
0.7%
CVE-2022-36310 HIGH POC This Week

Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Airvelocity 1500 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-42543 HIGH This Week

The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Daqfactory
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2017-0904 Ruby HIGH PATCH This Week

The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

SSRF Private Address Check
NVD GitHub
CVSS 3.0
8.1
EPSS
0.9%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

PostgreSQL libpq client library allows malicious server superusers to execute arbitrary code on connecting clients by overwriting stack buffers via unbounded responses to PQfn() calls. The vulnerability affects lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions used by psql and pg_dump utilities. A compromised or malicious PostgreSQL server can exploit clients running these common administrative tools during routine operations like database backups or large object exports. EPSS and KEV data not available for this recent CVE. CVSS 8.8 reflects the network attack vector with user interaction requirement (connecting to malicious server).

Information Disclosure PostgreSQL
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Month

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE IBM Cognos Command Center
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Post-authentication SQL injection vulnerability in Trend Micro Endpoint Encryption PolicyServer that enables authenticated attackers to escalate privileges and achieve full system compromise (confidentiality, integrity, and availability impact). The vulnerability requires an attacker to first obtain low-privileged code execution on the target system before exploiting the SQL injection to escalate to administrative privileges. With a CVSS score of 8.8 and network accessibility, this represents a significant risk to organizations running vulnerable PolicyServer instances, particularly in environments where initial compromise vectors (phishing, lateral movement, supply chain) are plausible.

SQLi Trend Micro Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM RCE Cics Tx
NVD
EPSS 1% CVSS 9.2
CRITICAL Act Now

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Reyee Os
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Airvelocity 1500 Firmware
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Daqfactory
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

SSRF Private Address Check
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy