Monthly
Dangerous function use without sufficient restriction in IBM Db2 Genius Hub (versions 1.1, 1.1.1, 1.1.2) and IBM Agentics 1.0 exposes network-accessible endpoints to arbitrary code execution and sensitive information disclosure by low-privileged authenticated attackers. The vulnerability stems from CWE-676 - the use of inherently dangerous functions (such as eval, exec, or system-level calls) without adequate input validation or sandboxing. No public exploit has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog, though the RCE tag warrants attention given the potential for privilege escalation in agentic AI environments.
Denial-of-service attacks against Fortinet FortiAnalyzer and FortiManager 6.4 through 7.6.4 allow authenticated attackers to trigger system hangs via specially crafted HTTP requests that exploit a use of potentially dangerous function vulnerability (CWE-676). The crash occurs only when internal lock alignment conditions are met, making exploitation dependent on timing and system state rather than attacker control. CVSS 5.2 reflects medium severity with high attack complexity and low availability impact; active exploitation is not confirmed.
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements. [CVSS 7.4 HIGH]
Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unitronics Vision PLC - CWE-676: Use of Potentially Dangerous Function may allow security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Dangerous function use without sufficient restriction in IBM Db2 Genius Hub (versions 1.1, 1.1.1, 1.1.2) and IBM Agentics 1.0 exposes network-accessible endpoints to arbitrary code execution and sensitive information disclosure by low-privileged authenticated attackers. The vulnerability stems from CWE-676 - the use of inherently dangerous functions (such as eval, exec, or system-level calls) without adequate input validation or sandboxing. No public exploit has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog, though the RCE tag warrants attention given the potential for privilege escalation in agentic AI environments.
Denial-of-service attacks against Fortinet FortiAnalyzer and FortiManager 6.4 through 7.6.4 allow authenticated attackers to trigger system hangs via specially crafted HTTP requests that exploit a use of potentially dangerous function vulnerability (CWE-676). The crash occurs only when internal lock alignment conditions are met, making exploitation dependent on timing and system state rather than attacker control. CVSS 5.2 reflects medium severity with high attack complexity and low availability impact; active exploitation is not confirmed.
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements. [CVSS 7.4 HIGH]
Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unitronics Vision PLC - CWE-676: Use of Potentially Dangerous Function may allow security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.