Login Sign Up

CWE-88: CWE-88

84
Total CVEs
25
Critical
40
High
8.0
Avg CVSS
1
In CISA KEV

Yearly Trend

2026
12
2025
29
2024
15
2023
8
2022
14

Top Affected Vendors

1 Ivanti 5
2 Microhardcorp 4
3 Debian 4
4 Onsemi 3
5 Insightsoftware 2
6 Jellyfin 2
7 Salesforce 2
8 Dell 2
9 Weblate 2
10 Connectedio 2

All CWE-88 CVEs (84)

CVE-2023-6269
10.0

An argument injection vulnerability in Atos Unify OpenScape SBC, Branch, and BCF products allows unauthenticated attackers to bypass authentication, g...

Dec 5, 2023
CVE-2024-47553
9.9

This vulnerability in Siemens SINEC Security Monitor allows authenticated low-privileged remote attackers to execute arbitrary code with root privileg...

Oct 8, 2024
CVE-2024-39930
9.9

This vulnerability allows authenticated attackers to execute arbitrary code on Gogs servers by exploiting argument injection in the built-in SSH serve...

Jul 4, 2024
CVE-2026-22583
9.8

This vulnerability allows attackers to inject malicious arguments into Salesforce Marketing Cloud commands through the CloudPagesUrl module, potential...

Jan 24, 2026
CVE-2026-22582
9.8

This vulnerability allows attackers to inject malicious arguments into Salesforce Marketing Cloud commands through the MicrositeUrl module, potentiall...

Jan 24, 2026
CVE-2026-24061
KEV EPSS 83.9% 9.8

This vulnerability in GNU Inetutils telnetd allows remote attackers to bypass authentication by setting the USER environment variable to '-f root'. Th...

Jan 21, 2026
CVE-2025-52480
9.8

CVE-2025-52480 is an argument injection vulnerability in Registrator.jl's gettreesha() function that allows remote code execution when processing mali...

Jun 25, 2025
CVE-2024-47516
9.8

This vulnerability in Pagure allows remote code execution through argument injection in Git operations. Attackers can exploit this by manipulating rep...

Mar 26, 2025
CVE-2025-21613
9.8

An argument injection vulnerability in go-git versions before 5.13.0 allows attackers to set arbitrary values to git-upload-pack flags when using the ...

Jan 6, 2025
CVE-2024-3817
9.8

HashiCorp's go-getter library is vulnerable to argument injection when executing Git commands to discover remote branches. This allows attackers to in...

Apr 17, 2024
CVE-2023-33376
9.8

CVE-2023-33376 is an argument injection vulnerability in Connected IO routers that allows attackers to execute arbitrary operating system commands on ...

Aug 4, 2023
CVE-2023-33378
9.8

Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message handling, allowing attackers to execute arbitrary oper...

Aug 4, 2023
CVE-2022-24437
9.8

CVE-2022-24437 is a critical command injection vulnerability in git-pull-or-clone npm package that allows attackers to execute arbitrary commands on s...

May 1, 2022
CVE-2022-23221
9.8

This vulnerability allows remote attackers to execute arbitrary code on H2 Database Console by exploiting a flaw in JDBC URL parsing. Attackers can cr...

Jan 19, 2022
CVE-2021-37040
9.8

This CVE-2021-37040 is a parameter injection vulnerability in Huawei smartphones that allows privilege escalation when mounting CIFS shares. Attackers...

Dec 8, 2021
CVE-2021-31909
9.8

This vulnerability allows remote attackers to execute arbitrary code on JetBrains TeamCity servers by injecting malicious arguments. It affects all Te...

May 11, 2021
CVE-2020-21224
9.8

CVE-2020-21224 is a critical remote code execution vulnerability in Inspur ClusterEngine V4.0 where attackers can execute arbitrary code by sending ma...

Feb 22, 2021
CVE-2021-3401
9.8

This vulnerability in Bitcoin Core could allow remote code execution when malicious arguments are passed to the bitcoin-qt program through unsafe URI ...

Feb 4, 2021
CVE-2025-59937
9.1

The go-mail library versions 0.7.0 and below incorrectly handle mail.Address values when passed to SMTP commands, potentially allowing wrong address r...

Sep 29, 2025
CVE-2025-32931
9.1

CVE-2025-32931 is an authenticated remote code execution vulnerability in DevDojo Voyager that allows authenticated administrators to execute arbitrar...

Apr 14, 2025
CVE-2024-11633
9.1

This CVE describes an argument injection vulnerability in Ivanti Connect Secure that allows authenticated administrators to execute arbitrary code rem...

Dec 10, 2024
CVE-2024-39712
9.1

This vulnerability allows authenticated administrators to inject malicious arguments into Ivanti Connect Secure and Policy Secure systems, leading to ...

Nov 13, 2024
CVE-2024-39710
9.1

This vulnerability allows authenticated administrators to inject malicious arguments into Ivanti Connect Secure and Policy Secure systems, leading to ...

Nov 13, 2024
CVE-2024-38656
9.1

This vulnerability allows remote authenticated attackers with admin privileges to execute arbitrary code on Ivanti Connect Secure and Policy Secure ga...

Nov 13, 2024
CVE-2021-33473
9.1

CVE-2021-33473 is an argument injection vulnerability in the Dragonfly Ruby Gem v1.3.0 that allows attackers to read and write arbitrary files when th...

Jun 2, 2022
CVE-2026-25134
8.8

This vulnerability allows remote code execution in Group-Office by exploiting improper input validation in the MaintenanceController's zipLanguage act...

Feb 2, 2026
CVE-2026-0774
8.8

This vulnerability allows network-adjacent attackers to execute arbitrary code on WatchYourLAN installations without authentication. Attackers can inj...

Jan 23, 2026
CVE-2025-31499
8.8

This vulnerability allows argument injection in Jellyfin's FFmpeg processing, which can lead to arbitrary file write and potentially remote code execu...

Apr 15, 2025
CVE-2024-2422
8.8

This vulnerability allows authenticated attackers to execute arbitrary commands on LenelS2 NetBox access control and event monitoring systems. Organiz...

May 30, 2024
CVE-2025-12613
8.6

Cloudinary npm package versions before 2.7.0 are vulnerable to argument injection via ampersand characters in parameter values. Attackers can inject m...

Nov 10, 2025
CVE-2025-46835
8.5

Git GUI contains a path traversal vulnerability that allows attackers to create or overwrite files with user permissions when cloning untrusted reposi...

Jul 10, 2025
CVE-2025-43730
8.4

Dell ThinOS 10 versions before 2508_10.0127 contain an argument injection vulnerability that allows local unauthenticated attackers to execute arbitra...

Aug 27, 2025
CVE-2022-31084
8.1

CVE-2022-31084 is an arbitrary object instantiation vulnerability in LDAP Account Manager (LAM) that allows attackers to inject constructor arguments ...

Jun 27, 2022
CVE-2022-25865
8.1

CVE-2022-25865 is a command injection vulnerability in the workspace-tools package that allows attackers to execute arbitrary commands on affected sys...

May 13, 2022
CVE-2022-25648
8.1

CVE-2022-25648 is a command injection vulnerability in the ruby-git library that allows attackers to execute arbitrary commands on affected systems by...

Apr 19, 2022
CVE-2022-24066
8.1

This vulnerability allows remote command injection in simple-git npm package versions before 3.5.0. Attackers can execute arbitrary commands on system...

Apr 1, 2022
CVE-2022-21223
8.1

CVE-2022-21223 is a command injection vulnerability in cocoapods-downloader that allows attackers to execute arbitrary commands on systems using vulne...

Apr 1, 2022
CVE-2022-24433
8.1

CVE-2022-24433 is a command injection vulnerability in the simple-git npm package that allows attackers to execute arbitrary commands on the host syst...

Mar 11, 2022
CVE-2025-6231
7.8

This vulnerability in Lenovo Vantage allows a local attacker to modify an application configuration file and execute arbitrary code with elevated priv...

Jul 17, 2025
CVE-2025-0065
7.8

This vulnerability allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection in TeamViewer_se...

Jan 28, 2025
CVE-2023-46681
7.8

This vulnerability allows authenticated attackers with command-line interface access to VR-S1000 devices to execute arbitrary commands through argumen...

Dec 26, 2023
CVE-2023-30577
7.8

CVE-2023-30577 is an argument injection vulnerability in AMANDA's runtar.c component that allows attackers to execute arbitrary commands. This affects...

Jul 26, 2023
CVE-2022-26532
7.8

This CVE-2022-26532 is an argument injection vulnerability in Zyxel network devices that allows local authenticated attackers to execute arbitrary OS ...

May 24, 2022
CVE-2022-29971
7.8

This CVE describes an argument injection vulnerability in the Magnitude Simba Amazon Athena ODBC Driver's browser-based authentication component. It a...

May 9, 2022
CVE-2022-30239
7.8

An argument injection vulnerability in the Magnitude Simba Amazon Athena JDBC Driver's browser-based authentication component allows local users to ex...

May 9, 2022
CVE-2020-7851
7.8

CVE-2020-7851 is an argument injection vulnerability in Innorix Web-Based File Transfer Solution that allows remote file download and execution via cr...

Apr 19, 2021
CVE-2025-3460
7.7

The Quantenna Wi-Fi chipset's set_tx_pow script is vulnerable to command injection, allowing local attackers to execute arbitrary commands with elevat...

Jun 8, 2025
CVE-2025-32456
7.7

This vulnerability allows local attackers to execute arbitrary commands on systems using Quantenna Wi-Fi chipsets through command injection in the rou...

Jun 8, 2025
CVE-2025-32458
7.7

This vulnerability allows local attackers to execute arbitrary commands on systems using Quantenna Wi-Fi chipsets by exploiting command injection in t...

Jun 8, 2025
CVE-2023-49096
7.7

Jellyfin media server has an argument injection vulnerability in video/audio streaming endpoints that allows unauthenticated attackers to inject malic...

Dec 6, 2023

About CWE-88 (CWE-88)

Our database tracks 84 CVEs classified as CWE-88, with 25 rated critical and 40 rated high severity. The average CVSS score for CWE-88 vulnerabilities is 8.0.

External reference: View CWE-88 on MITRE CWE →

Monitor CWE-88 Vulnerabilities

Get alerted when new CWE-88 CVEs affect your infrastructure.

Start Monitoring Free