CWE-88 · Argument Injection

375 CVEs classified under CWE-88 (Argument Injection). Browse by severity and year.

Top CVEs for CWE-88
CVESeverityScorePublishedSummary
CVE-2026-40281Critical10.02026-05-06Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control char…
CVE-2024-24576Critical10.02024-04-09Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape argum…
CVE-2023-6269Critical10.02023-12-05An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (…
CVE-2026-47365Critical9.92026-06-12Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authoriza…
CVE-2026-44450Critical9.92026-05-26Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary n…
CVE-2024-47553Critical9.92024-10-08A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ``…
CVE-2024-39930Critical9.92024-07-04The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can…
CVE-2018-3856Critical9.92018-08-23An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device i…
CVE-2026-40079Critical9.82026-06-25Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization i…
CVE-2026-31230Critical9.82026-05-12The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_…
CVE-2026-42601Critical9.82026-05-09ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint (AddView in core/views.py) accepts a config J…
CVE-2026-6951Critical9.82026-04-25Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912](https://security.s…
CVE-2026-22738Critical9.82026-03-27In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could…
CVE-2026-32304Critical9.82026-03-13Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the create_function(args, code) function passes…
CVE-2026-27613Critical9.82026-02-25TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass…
CVE-2025-70327Critical9.82026-02-23TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The i…
CVE-2026-22583Critical9.82026-01-24Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module…
CVE-2026-22582Critical9.82026-01-24Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module)…
CVE-2026-24061Critical9.82026-01-21telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.
CVE-2025-52480Critical9.82025-06-25Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the cl…