CWE-134: CWE-134
Yearly Trend
Top Affected Vendors
All CWE-134 CVEs (49)
CVE-2023-53966 is a format string vulnerability in SOUND4 LinkAndShare Transmitter 1.1.2 that allows attackers to trigger memory stack overflows via m...
Dec 22, 2025A format string vulnerability in SonicOS SSL VPN interface allows remote unauthenticated attackers to execute arbitrary code or cause denial of servic...
Jul 29, 2025This critical vulnerability allows remote attackers to execute arbitrary code or commands on affected Fortinet devices by sending specially crafted pa...
Feb 15, 2024A format string vulnerability in Synology camera firmware allows remote attackers to execute arbitrary code by controlling format string inputs. This ...
Oct 25, 2023A format string vulnerability in ASUS AiMesh system allows unauthenticated remote attackers to execute arbitrary code on affected routers. This affect...
Jul 21, 2023CVE-2022-26674 is a format string vulnerability in ASUS RT-AX88U routers that allows unauthenticated remote attackers to write to arbitrary memory add...
Apr 22, 2022CVE-2022-27177 is a format string vulnerability in ConsoleMe that allows attackers to read sensitive information from memory and potentially execute a...
Apr 1, 2022This is a critical format string vulnerability in DrayTek router firmware that allows remote attackers to execute arbitrary code by sending specially ...
Mar 29, 2022CVE-2021-41193 is a remote format string vulnerability in wire-avs, the audio visual signaling component of Wire messenger. This allows attackers to c...
Mar 1, 2022CVE-2021-36161 is a remote code execution vulnerability in Apache Dubbo where maliciously crafted beans with special toString methods can trigger code...
Sep 9, 2021This format string vulnerability in libpano13 allows attackers to read and write arbitrary memory values, potentially leading to remote code execution...
Apr 5, 2021This is a format string vulnerability in Wire's Audio, Video, and Signaling (AVS) component that allows remote attackers to crash the application or p...
Oct 27, 2020A format string vulnerability in Motorola MTM5000 series firmware allows attackers to execute arbitrary code with root privileges by sending specially...
Oct 19, 2023This CVE describes a JavaScript string encoding vulnerability in the HttpRequest object that allows attackers to create specially crafted strings that...
Nov 27, 2024This CVE-2024-35845 is a buffer overflow vulnerability in the Linux kernel's iwlwifi driver where debug information strings lack proper null terminati...
May 17, 2024A format string vulnerability in the formPingCmd functionality of Planet WGR-500 routers allows memory corruption via specially crafted HTTP requests....
Oct 7, 2025A format string vulnerability in QNAP operating systems allows remote attackers to read sensitive memory or modify memory contents. This affects QTS a...
Nov 22, 2024This vulnerability in ASUS RT-AX88U routers allows authenticated remote attackers to exploit format string weaknesses in the Advanced OpenVPN function...
Sep 18, 2023This critical vulnerability in TOTOLINK N200RE V5 routers allows remote attackers to bypass validation mechanisms via a format string issue, leading t...
Sep 4, 2023A format string vulnerability in F5 BIG-IP's iControl SOAP interface allows authenticated attackers to crash the service or potentially execute arbitr...
Feb 1, 2023CVE-2025-24359 is a code execution vulnerability in the ASTEVAL Python library that allows attackers to bypass security restrictions and execute arbit...
Jan 24, 2025DMitry 1.3a contains a format-string vulnerability that allows attackers to read memory contents or potentially execute arbitrary code by providing sp...
Apr 30, 2024This vulnerability in Rust's standard library before version 1.52.0 allows uninitialized memory exposure or program crashes when joining strings. It o...
Apr 14, 2021A format string vulnerability in the IPSec VPN feature of Zyxel firewall and VPN devices allows remote code execution. Attackers could execute arbitra...
Feb 20, 2024CVE-2022-1215 is a format string vulnerability in libinput, a library that handles input devices in Linux systems. This vulnerability allows attackers...
Jun 2, 2022CVE-2022-24051 is a format string vulnerability in MariaDB's CONNECT storage engine that allows authenticated local attackers to escalate privileges a...
Feb 18, 2022This is a format string vulnerability in IBM Spectrum Scale's system core component that allows attackers to execute arbitrary code with process memor...
Jun 1, 2021A format string vulnerability in mpv media player allows attackers to execute arbitrary code by tricking users into opening a malicious m3u playlist f...
May 18, 2021This CVE describes an uncontrolled format string vulnerability in Panda3D's egg-mkfont tool. Attackers can exploit the -gp command-line option to read...
Jan 7, 2026This CVE describes a format string vulnerability in IBM webMethods Integration that allows authenticated users with execute Services permissions to ex...
Sep 22, 2025This CVE describes a format string vulnerability in Juniper SRX Series firewalls that allows unauthenticated attackers to cause denial-of-service by c...
Jul 11, 2024A format string vulnerability in Gallagher Controller 6000's diagnostic web interface allows attackers to read/write memory and potentially crash the ...
Dec 18, 2023This CVE describes a format string vulnerability in the voice wakeup module of Huawei/HarmonyOS devices. Attackers can exploit this by providing malic...
Jun 13, 2022A format string vulnerability in wire-avs (Audio, Visual, and Signaling component) could allow remote attackers to cause denial of service or potentia...
Nov 20, 2023A format string vulnerability in multiple Fortinet products allows privileged attackers to execute arbitrary code via crafted HTTP/HTTPS requests. Thi...
Mar 11, 2025A post-authentication format string vulnerability in SonicOS management interface allows authenticated attackers to crash firewalls and potentially ex...
Jan 9, 2025This CVE describes a format string vulnerability in QNAP operating systems that allows attackers with administrator access to read sensitive data or m...
Dec 6, 2024A format string vulnerability in QNAP operating systems allows remote attackers with administrator access to read sensitive data or modify memory. Thi...
Nov 22, 2024This CVE describes a format string vulnerability in QNAP operating systems that allows attackers with administrator access to read sensitive data or m...
Nov 22, 2024CVE-2024-45330 is a format string vulnerability in Fortinet FortiAnalyzer that allows attackers to escalate privileges via specially crafted requests....
Oct 8, 2024A format string vulnerability in ASUS RT-AX56U V2 and RT-AC86U routers allows remote attackers with administrator privileges to execute arbitrary code...
Jul 21, 2023This CVE describes a format string vulnerability in Fortinet FortiOS that allows authenticated administrators to execute arbitrary code or commands vi...
Feb 10, 2026This CVE describes a format string vulnerability in multiple Fortinet products that allows attackers to execute arbitrary code or commands. The vulner...
May 14, 2024A format string vulnerability in QNAP operating systems allows attackers with administrator access to read sensitive data or modify memory. This affec...
Jan 2, 2026A format string vulnerability in QNAP operating systems allows attackers with administrator access to read sensitive data or modify memory. This affec...
Oct 3, 2025This is a format string vulnerability in Foxit PDF Reader's print method that allows information disclosure. Attackers can exploit it by tricking user...
May 7, 2024This vulnerability allows attackers to bypass IP whitelist restrictions in n8n's Webhook node by using IP addresses that contain whitelisted entries a...
Jan 13, 2026A format string injection vulnerability in Revive Adserver allows attackers to cause a fatal PHP error that disables the admin console. This affects a...
Jan 20, 2026This vulnerability in Revive Adserver allows authenticated administrator users to cause a fatal PHP error by injecting format characters in settings, ...
Nov 20, 2025About CWE-134 (CWE-134)
Our database tracks 49 CVEs classified as CWE-134, with 15 rated critical and 26 rated high severity. The average CVSS score for CWE-134 vulnerabilities is 8.0.
External reference: View CWE-134 on MITRE CWE →
Monitor CWE-134 Vulnerabilities
Get alerted when new CWE-134 CVEs affect your infrastructure.
Start Monitoring Free