Skip to main content

CWE-676

Use of Potentially Dangerous Function

6 CVEs Avg CVSS 6.0 MITRE
0
CRITICAL
2
HIGH
4
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2025-67604 MEDIUM This Month

Denial-of-service attacks against Fortinet FortiAnalyzer and FortiManager 6.4 through 7.6.4 allow authenticated attackers to trigger system hangs via specially crafted HTTP requests that exploit a use of potentially dangerous function vulnerability (CWE-676). The crash occurs only when internal lock alignment conditions are met, making exploitation dependent on timing and system state rather than attacker control. CVSS 5.2 reflects medium severity with high attack complexity and low availability impact; active exploitation is not confirmed.

Denial Of Service Fortinet
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-65117 HIGH This Week

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements. [CVSS 7.4 HIGH]

Privilege Escalation Process Optimization
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2024-50307 MEDIUM This Month

Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-38434 MEDIUM This Month

Unitronics Vision PLC - CWE-676: Use of Potentially Dangerous Function may allow security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-37387 MEDIUM This Month

Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2022-39063 HIGH POC This Week

When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open5gs
NVD
CVSS 3.1
7.5
EPSS
1.1%
EPSS 0% CVSS 5.3
MEDIUM This Month

Denial-of-service attacks against Fortinet FortiAnalyzer and FortiManager 6.4 through 7.6.4 allow authenticated attackers to trigger system hangs via specially crafted HTTP requests that exploit a use of potentially dangerous function vulnerability (CWE-676). The crash occurs only when internal lock alignment conditions are met, making exploitation dependent on timing and system state rather than attacker control. CVSS 5.2 reflects medium severity with high attack complexity and low availability impact; active exploitation is not confirmed.

Denial Of Service Fortinet
NVD VulDB
EPSS 0% CVSS 7.4
HIGH This Week

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements. [CVSS 7.4 HIGH]

Privilege Escalation Process Optimization
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Unitronics Vision PLC - CWE-676: Use of Potentially Dangerous Function may allow security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open5gs
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy