CWE-88: CWE-88

An argument injection vulnerability in bird-lg-go's traceroute module allows remote attackers to inject arbitrary command-line flags via the q paramet...

This CVE describes an argument injection vulnerability in QNAP operating systems where attackers can manipulate command arguments to alter execution l...

CVE-2022-29215 is a YAML injection vulnerability in the RegionProtect Minecraft plugin that allows malicious inputs to cause instant server crashes. T...

This vulnerability allows argument injection in Unity Runtime, enabling attackers to load malicious library code from unintended locations. Applicatio...

This CVE allows administrators to execute arbitrary commands through command injection in Arista products. Attackers with admin privileges can exploit...

This vulnerability allows remote authenticated attackers with admin privileges to execute arbitrary code on Ivanti Connect Secure and Policy Secure ga...

This vulnerability allows authenticated attackers with administrative privileges on Mitel SIP phones to execute arbitrary system commands through argu...

This vulnerability in Docker Desktop for Windows allows local attackers to escalate privileges through argument injection in the installer. Attackers ...

This vulnerability allows attackers to execute arbitrary commands on Fortinet FortiNAC systems by injecting malicious arguments through input paramete...

CVE-2022-23915 is a remote code execution vulnerability in Weblate, a web-based translation management system. Authenticated users can inject argument...

CVE-2021-34816 is an argument injection vulnerability in Etherpad's plugin management system that allows privileged users to execute arbitrary code on...

This vulnerability allows authenticated attackers to execute arbitrary commands on Microhard BulletLTE-NA2 and IPn4Gii-NA2 devices via command injecti...

This vulnerability allows authenticated attackers to execute arbitrary commands on Microhard BulletLTE-NA2 and IPn4Gii-NA2 devices via the AT+MMNAME c...

This vulnerability allows authenticated attackers to execute arbitrary commands on Microhard BulletLTE-NA2 and IPn4Gii-NA2 devices through improper in...

This vulnerability allows authenticated attackers to execute arbitrary commands on Microhard BulletLTE-NA2 and IPn4Gii-NA2 devices through improper in...

An argument injection vulnerability in Mitel SIP phones allows unauthenticated attackers with physical access to execute arbitrary system commands. Th...

CVE-2025-15315 is a local privilege escalation vulnerability in Tanium Module Server that allows authenticated local users to gain elevated privileges...

CVE-2025-15316 is a local privilege escalation vulnerability in Tanium Server that allows authenticated users with limited privileges to elevate their...

Weblate versions before 5.16.0 have an argument injection vulnerability in the SSH management console when adding SSH host keys. This allows attackers...

An argument injection vulnerability in Advantech iView's NetworkServlet.backupDatabase() function allows authenticated users to inject arbitrary argum...

CVE-2022-31749 is an argument injection vulnerability in WatchGuard Fireware OS that allows authenticated remote attackers with unprivileged credentia...

This vulnerability in Cisco SD-WAN vManage Software allows authenticated remote attackers to inject arbitrary commands through the web UI's device tem...

This vulnerability in Symfony's Process component on Windows allows argument corruption when spawning native executables from MSYS2-based shells like ...

This vulnerability allows authenticated attackers with administrative privileges on affected Mitel SIP phones to conduct argument injection attacks du...

This vulnerability allows authenticated remote attackers with network-admin privileges to execute arbitrary commands on Cisco Nexus Dashboard Fabric C...

CVE-2025-59433 is an argument injection vulnerability in @conventional-changelog/git-client's getTags() API that allows attackers to pass malicious pa...

The Relevanssi Live Ajax Search WordPress plugin has an argument injection vulnerability that allows unauthenticated attackers to manipulate search qu...

A vulnerability in libnbd allows arbitrary code execution when processing malicious URIs. Attackers can exploit this by tricking libnbd into opening s...

Vim versions before 9.1.1198 contain a vulnerability in zip.vim that could cause data loss when users view specially crafted zip files and press 'x' o...

This vulnerability allows low-privileged remote attackers to inject malicious arguments into commands on Dell PowerProtect Data Domain systems, potent...

This vulnerability allows attackers to manipulate JSON configuration data passed to nftables (nft) through Foomuuri, potentially leading to firewall r...

This CVE describes an argument injection vulnerability in smb4k's mount helper that allows local users to perform arbitrary unmounts. Attackers can ma...

This vulnerability in mcp-server-git allows attackers to pass malicious arguments that get interpreted as command-line flags to git commands, enabling...

Easywall 0.3.1 contains an authenticated remote command execution vulnerability in the /ports-save endpoint. Attackers with valid credentials can inje...