Skip to main content

CWE-676

Use of Potentially Dangerous Function

7 CVEs Avg CVSS 5.8 MITRE
0
CRITICAL
2
HIGH
5
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2026-14501 MEDIUM This Month

Dangerous function use without sufficient restriction in IBM Db2 Genius Hub (versions 1.1, 1.1.1, 1.1.2) and IBM Agentics 1.0 exposes network-accessible endpoints to arbitrary code execution and sensitive information disclosure by low-privileged authenticated attackers. The vulnerability stems from CWE-676 - the use of inherently dangerous functions (such as eval, exec, or system-level calls) without adequate input validation or sandboxing. No public exploit has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog, though the RCE tag warrants attention given the potential for privilege escalation in agentic AI environments.

IBM RCE
NVD VulDB
CVSS 3.1
4.3
CVE-2025-67604 MEDIUM This Month

Denial-of-service attacks against Fortinet FortiAnalyzer and FortiManager 6.4 through 7.6.4 allow authenticated attackers to trigger system hangs via specially crafted HTTP requests that exploit a use of potentially dangerous function vulnerability (CWE-676). The crash occurs only when internal lock alignment conditions are met, making exploitation dependent on timing and system state rather than attacker control. CVSS 5.2 reflects medium severity with high attack complexity and low availability impact; active exploitation is not confirmed.

Denial Of Service Fortinet
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-65117 HIGH This Week

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements. [CVSS 7.4 HIGH]

Privilege Escalation Process Optimization
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2024-50307 MEDIUM This Month

Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-38434 MEDIUM This Month

Unitronics Vision PLC - CWE-676: Use of Potentially Dangerous Function may allow security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-37387 MEDIUM This Month

Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2022-39063 HIGH POC This Week

When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open5gs
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVSS 4.3
MEDIUM This Month

Dangerous function use without sufficient restriction in IBM Db2 Genius Hub (versions 1.1, 1.1.1, 1.1.2) and IBM Agentics 1.0 exposes network-accessible endpoints to arbitrary code execution and sensitive information disclosure by low-privileged authenticated attackers. The vulnerability stems from CWE-676 - the use of inherently dangerous functions (such as eval, exec, or system-level calls) without adequate input validation or sandboxing. No public exploit has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog, though the RCE tag warrants attention given the potential for privilege escalation in agentic AI environments.

IBM RCE
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Denial-of-service attacks against Fortinet FortiAnalyzer and FortiManager 6.4 through 7.6.4 allow authenticated attackers to trigger system hangs via specially crafted HTTP requests that exploit a use of potentially dangerous function vulnerability (CWE-676). The crash occurs only when internal lock alignment conditions are met, making exploitation dependent on timing and system state rather than attacker control. CVSS 5.2 reflects medium severity with high attack complexity and low availability impact; active exploitation is not confirmed.

Denial Of Service Fortinet
NVD VulDB
EPSS 0% CVSS 7.4
HIGH This Week

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements. [CVSS 7.4 HIGH]

Privilege Escalation Process Optimization
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Unitronics Vision PLC - CWE-676: Use of Potentially Dangerous Function may allow security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open5gs
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy