CWE-676— Use of Potentially Dangerous Function
The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.— MITRE CWE catalog
9 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-676page 1 of 1
- CVE-2021-27474CRITICALCVSS 10.0EG 7.52022-03-23
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryT…
- CVE-2022-39063HIGHCVSS 7.5EG 7.52022-09-16
When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to c…
- CVE-2024-37387MEDIUMCVSS 4.0EG 4.02024-06-19
Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, files in the PC where the product is installed may be altered.
- CVE-2024-38434MEDIUMCVSS 6.5EG 6.52024-07-21
Unitronics Vision PLC – CWE-676: Use of Potentially Dangerous Function may allow security feature bypass
- CVE-2024-50307MEDIUMCVSS 5.5EG 5.52024-10-28
Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external websit…
- CVE-2025-65117HIGHCVSS 7.4EG 7.42026-01-16
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts w…
- CVE-2025-67604MEDIUMCVSS 5.3EG 5.32026-05-12
A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiMa…
- CVE-2026-48696MEDIUMCVSS 6.2EG 6.22026-05-26
FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689.
- CVE-2026-54499HIGHCVSS 7.5EG 7.52026-06-19
Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load() attempt torch.load(..., …
Map vulnerabilities like CWE-676 to your infrastructure
EchelonGraph correlates every CVE — across CWE-676 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →