CWE-676
Use of Potentially Dangerous Function
BaseDraftLikelihood: High
Description
The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.
Hierarchy (View 1000)
CVEs mapped to this weakness (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-38434 | Med | 0.42 | 6.5 | 0.00 | Jul 21, 2024 | Unitronics Vision PLC – CWE-676: Use of Potentially Dangerous Function may allow security feature bypass | |
| CVE-2024-50307 | Med | 0.36 | 5.5 | 0.00 | Oct 28, 2024 | Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed on the device that runs Chatwork Desktop Application (Windows). | |
| CVE-2025-67604 | Med | 0.34 | 5.3 | 0.00 | May 12, 2026 | A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker. | |
| CVE-2024-37387 | Med | 0.26 | 4.0 | 0.00 | Jun 19, 2024 | Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, files in the PC where the product is installed may be altered. |