Falhas do tipo CWE-88
218 resultadosCVE-2021-3540MEDIUMIvanti MobileIron Core clish Restricted Shell Escape via Argument InjectionEPSS 3.3%CVE-2021-43809MEDIUMLocal Code Execution through Argument Injection via dash leading git url parameter in GemfileEPSS 2.8%CVE-2023-47804—Apache OpenOffice: Macro URL arbitrary script executionEPSS 2.7%CVE-2021-21386CRITICALImproper Neutralization of Argument Delimiters in a Decompiling Package ProcessEPSS 2.3%CVE-2023-25356HIGHCoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are ableEPSS 2.1%CVE-2026-35585HIGHFile Browser has a Command Injection via Hook RunnerEPSS 1.9%CVE-2024-39710CRITICALArgument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a rEPSS 1.9%CVE-2023-6269CRITICALArgument injection vulnerability in Atos Unify OpenScape Session Border Controller, Atos Unify OpenScape Branch and Atos Unify OpenScape BCFEPSS 1.9%CVE-2022-31084CRITICALUnauthenticated Remote Code Execution in ldap-account-managerEPSS 1.9%CVE-2024-38655CRITICALArgument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18EPSS 1.7%CVE-2024-39712CRITICALArgument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a rEPSS 1.7%CVE-2024-38656CRITICALArgument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a rEPSS 1.7%CVE-2024-39711CRITICALArgument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a EPSS 1.7%CVE-2024-11633CRITICALArgument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve EPSS 1.7%CVE-2021-24030—The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allowsEPSS 1.7%CVE-2017-1001003—math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creatinEPSS 1.7%CVE-2024-58275HIGHEasywall 0.3.1 - Authentication Bypass via Command Injection in /ports-save EndpointEPSS 1.6%CVE-2021-34718HIGHCisco IOS XR Software Arbitrary File Read and Write VulnerabilityEPSS 1.5%CVE-2021-41146HIGHArbitrary command execution on Windows in qutebrowserEPSS 1.4%CVE-2022-45062CRITICALIn Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.EPSS 1.4%