Weaknesses of type CWE-134
134 resultsCVE-2025-24359HIGHASTEVAL Vulnerable to Maliciously Crafted Format Strings Leading to Sandbox EscapeEPSS 0.2%CVE-2024-31837HIGHDMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string vulnerability, with a threat model similar to CVE-2017-7938.EPSS 0.2%CVE-2023-41842MEDIUMA use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute unauEPSS 0.2%CVE-2026-3008MEDIUMVulnerability in Notepad++EPSS 0.2%CVE-2026-21640LOWHackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific cEPSS 0.2%CVE-2026-6474MEDIUMPostgreSQL timeofday() can disclose portions of server memoryEPSS 0.2%CVE-2023-21420HIGHUse of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.EPSS 0.2%CVE-2024-55156MEDIUMAn XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access senEPSS 0.2%CVE-2026-6539MEDIUMNotepad++ 8.9.3 Format String Injection via nativeLang.xmlEPSS 0.2%CVE-2023-21497MEDIUMUse of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to acceEPSS 0.2%CVE-2026-6242MEDIUMAuthenticated Format String Vulnerability in ONVIF Subscribe Service on TP-Link Tapo C520WSEPSS 0.2%CVE-2026-6241MEDIUMAuthenticated Format String Vulnerability in ONVIF AddScopes Method on TP-Link Tapo C520WSEPSS 0.2%CVE-2025-10262MEDIUMAn unsanitized format validation vulnerability in Nokia SR LinuxEPSS 0.1%CVE-2026-6843MEDIUMNano: nano: format string vulnerability leads to denial of serviceEPSS 0.1%