Falhas do tipo CWE-88
225 resultadosCVE-2025-32931CRITICALDevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands vEPSS 0.5%CVE-2023-30577HIGHAMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a differentEPSS 0.5%CVE-2026-44449CRITICALLumiverse: SMB `exists()` basename injection via smbclient `!cmd` escapeEPSS 0.5%CVE-2022-37005HIGHThe Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentialEPSS 0.4%CVE-2026-24126MEDIUMWeblate has an argument injection in management consoleEPSS 0.4%CVE-2024-31966MEDIUMA vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 ConferenEPSS 0.4%CVE-2026-26194HIGHGogs: Release tag option injection in release deletionEPSS 0.4%CVE-2026-6437MEDIUMAWS EFS CSI Driver Mount Option InjectionEPSS 0.4%CVE-2026-2298CRITICALImproper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement alEPSS 0.4%CVE-2025-12556HIGHIDIS ICM Viewer Argument InjectionEPSS 0.4%CVE-2026-49373HIGHIn JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settingsEPSS 0.4%CVE-2026-47365CRITICALArgument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass croEPSS 0.4%CVE-2024-3775MEDIUMaEnrich Technology a+HRD - Argument InjectionEPSS 0.4%CVE-2026-22168HIGHOpenClaw < 2026.2.21 - Command Injection via cmd.exe /c Trailing Arguments in system.runEPSS 0.4%CVE-2026-42601CRITICALArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddViewEPSS 0.4%CVE-2026-43941CRITICALUnvalidated shell.openExternal in electerm allows arbitrary protocol execution via terminal link clickEPSS 0.4%CVE-2026-26514HIGHAn Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input wEPSS 0.4%CVE-2024-7573MEDIUMRelevanssi Live Ajax Search <= 2.4 - Unauthenticated WP_Query Argument InjectionEPSS 0.4%CVE-2020-1738LOWA flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task iEPSS 0.4%CVE-2026-44450CRITICALLumiverse: RCE via MCP stdio argument injectionEPSS 0.4%