CWE-676
Use of Potentially Dangerous Function
Description
The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.
Hierarchy (View 1000)
CVEs mapped to this weakness (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-38434 | Med | 0.42 | 6.5 | 0.00 | Jul 21, 2024 | Unitronics Vision PLC – CWE-676: Use of Potentially Dangerous Function may allow security feature bypass | ||
| CVE-2026-48696 | Med | 0.40 | 6.2 | 0.00 | May 26, 2026 | FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689. | ||
| CVE-2026-54499 | hig | 0.38 | — | — | Jun 19, 2026 | ### Summary Stanza 1.12.0 attempts to safely load PyTorch checkpoint files using `torch.load(..., weights_only=True)`, but automatically falls back to the fully unsafe `torch.load(..., weights_only=False)` when the safe load raises `pickle.UnpicklingError`. Because the… | ||
| CVE-2024-50307 | Med | 0.36 | 5.5 | 0.00 | Oct 28, 2024 | Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary… | ||
| CVE-2025-67604 | Med | 0.34 | 5.3 | 0.00 | May 12, 2026 | A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager… | ||
| CVE-2024-37387 | Med | 0.26 | 4.0 | 0.00 | Jun 19, 2024 | Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, files in the PC where the product is installed may be altered. | ||
| CVE-2024-28219 | — | 0.00 | — | 0.01 | Apr 3, 2024 | In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. |
- risk 0.42cvss 6.5epss 0.00
Unitronics Vision PLC – CWE-676: Use of Potentially Dangerous Function may allow security feature bypass
- risk 0.40cvss 6.2epss 0.00
FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689.
- risk 0.38cvss —epss —
### Summary Stanza 1.12.0 attempts to safely load PyTorch checkpoint files using `torch.load(..., weights_only=True)`, but automatically falls back to the fully unsafe `torch.load(..., weights_only=False)` when the safe load raises `pickle.UnpicklingError`. Because the…
- risk 0.36cvss 5.5epss 0.00
Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary…
- risk 0.34cvss 5.3epss 0.00
A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager…
- risk 0.26cvss 4.0epss 0.00
Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, files in the PC where the product is installed may be altered.
- CVE-2024-28219Apr 3, 2024risk 0.00cvss —epss 0.01
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.