CWE-88— Argument Injection or Modification
340 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-88page 5 of 7
- CVE-2023-39287MEDIUMCVSS 5.5EG 5.52023-08-25
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due t…
- CVE-2023-39288MEDIUMCVSS 5.5EG 5.52023-08-25
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due t…
- CVE-2023-44452HIGHCVSS 7.8EG 7.82024-05-03
Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required …
- CVE-2023-46681HIGHCVSS 7.8EG 7.82023-12-26
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the product's command line interface to execute …
- CVE-2023-47804HIGHCVSS 8.8EG 8.82023-12-29
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such …
- CVE-2023-49096HIGHCVSS 7.7EG 7.72023-12-06
Jellyfin is a Free Software Media System for managing and streaming media. In affected versions there is an argument injection in the VideosController, specifically the `/Videos/<itemId>/stream` and `/Videos/<itemId>/stream.<container>` en…
- CVE-2023-50232HIGHCVSS 8.8EG 8.82024-05-03
Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interacti…
- CVE-2023-6269CRITICALCVSS 10.0EG 10.02023-12-05
An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versio…
- CVE-2023-6634HIGHCVSS 8.1EG 9.02024-01-11
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This ma…
- CVE-2023-6792MEDIUMCVSS 5.5EG 5.52023-12-13
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
- CVE-2024-11633CRITICALCVSS 9.1EG 9.12024-12-10
Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution
- CVE-2024-20287MEDIUMCVSS 6.5EG 6.52024-01-17
A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affe…
- CVE-2024-20444MEDIUMCVSS 5.5EG 5.52024-10-02
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against…
- CVE-2024-21533MEDIUMCVSS 6.5EG 6.52024-10-08
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate…
- CVE-2024-22182HIGHCVSS 8.6EG 8.62024-03-01
A remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service.
- CVE-2024-23731CRITICALCVSS 9.8EG 9.82024-01-21
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument.
- CVE-2024-2422HIGHCVSS 8.8EG 8.82024-05-30
LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands.
- CVE-2024-24576CRITICALCVSS 10.0EG 10.02024-04-09
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows …
- CVE-2024-31966MEDIUMCVSS 6.2EG 6.22024-05-02
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct…
- CVE-2024-32462HIGHCVSS 8.4EG 8.42024-04-18
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its san…
- CVE-2024-32884MEDIUMCVSS 6.4EG 6.42024-04-26
gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The p…
- CVE-2024-3367MEDIUMCVSS 6.5EG 6.52024-04-16
Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc
- CVE-2024-35307CRITICALCVSS 9.8EG 9.82024-06-10
Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777.
- CVE-2024-3684HIGHCVSS 8.0EG 8.02024-04-19
A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and M…
- CVE-2024-3775MEDIUMCVSS 5.3EG 5.32024-04-15
aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized…
- CVE-2024-3817CRITICALCVSS 9.8EG 9.82024-04-17
HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package.
- CVE-2024-38655HIGHCVSS 7.2EG 9.12024-11-13
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- CVE-2024-38656CRITICALCVSS 9.1EG 9.12024-11-13
Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- CVE-2024-39710CRITICALCVSS 9.1EG 9.12024-11-13
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- CVE-2024-39711CRITICALCVSS 9.1EG 9.12024-11-13
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- CVE-2024-39712CRITICALCVSS 9.1EG 9.12024-11-13
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- CVE-2024-3980CRITICALCVSS 9.9EG 9.92024-08-27
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files …
- CVE-2024-39930CRITICALCVSS 9.9EG 9.92024-07-04
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string…
- CVE-2024-39933HIGHCVSS 7.7EG 7.72024-07-04
Gogs through 0.13.0 allows argument injection during the tagging of a new release.
- CVE-2024-41710HIGHCVSS 7.2EG 9.0⚠ KEV2024-08-12
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argum…
- CVE-2024-41711MEDIUMCVSS 6.8EG 6.82024-08-13
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an unauthenticated attacker with physical access to the phone to conduct an…
- CVE-2024-43402HIGHCVSS 8.1EG 8.12024-09-04
Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix w…
- CVE-2024-47516CRITICALCVSS 9.8EG 9.82025-03-26
A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance.
- CVE-2024-47553CRITICALCVSS 9.9EG 9.92024-10-08
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged …
- CVE-2024-47611MEDIUMCVSS 6.3EG 0.02024-10-02
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerabili…
- CVE-2024-51532HIGHCVSS 7.1EG 7.12024-12-19
Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification…
- CVE-2024-52301HIGHCVSS 7.5EG 7.52024-11-12
Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the re…
- CVE-2024-58275HIGHCVSS 8.7EG 0.02025-12-04
Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary com…
- CVE-2024-7573MEDIUMCVSS 5.3EG 5.32024-08-28
The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes…
- CVE-2024-9131HIGHCVSS 7.2EG 7.22025-01-10
A user with administrator privileges can perform command injection
- CVE-2025-0065HIGHCVSS 7.8EG 7.82025-01-28
Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via ar…
- CVE-2025-12556HIGHCVSS 8.8EG 8.82025-11-06
An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine.
- CVE-2025-12613HIGHCVSS 8.6EG 8.62025-11-10
Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead t…
- CVE-2025-14946MEDIUMCVSS 4.8EG 4.82025-12-19
A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with '-o' are incorrectl…
- CVE-2025-15315MEDIUMCVSS 6.7EG 6.72026-02-09
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
Map vulnerabilities like CWE-88 to your infrastructure
EchelonGraph correlates every CVE — across CWE-88 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →