Total
240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47502 | 1 Apache | 1 Openoffice | 2025-02-13 | N/A | 7.8 HIGH |
| Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. | |||||
| CVE-2023-25356 | 1 Coredial | 1 Sipxcom | 2025-02-13 | N/A | 8.8 HIGH |
| CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution. | |||||
| CVE-2022-36804 | 1 Atlassian | 1 Bitbucket | 2025-02-09 | N/A | 8.8 HIGH |
| Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew. | |||||
| CVE-2025-24845 | 2025-02-06 | N/A | 6.3 MEDIUM | ||
| Improper neutralization of argument delimiters in a command ('Argument Injection') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker provides specially crafted data to the specific process of the Windows system where the product is running, the system may cause a Blue Screen of Death (BSOD), and as a result, cause a denial-of-service (DoS) condition. | |||||
| CVE-2024-51532 | 1 Dell | 12 Powerstore 1000t, Powerstore 1200t, Powerstore 3000t and 9 more | 2025-01-29 | N/A | 7.1 HIGH |
| Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files. | |||||
| CVE-2025-0065 | 2025-01-28 | N/A | 7.8 HIGH | ||
| Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection. | |||||
| CVE-2022-31749 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
| An argument injection vulnerability in the diagnose and import pac commands in WatchGuard Fireware OS before 12.8.1, 12.1.4, and 12.5.10 allows an authenticated remote attacker with unprivileged credentials to upload or read files to limited, arbitrary locations on WatchGuard Firebox and XTM appliances | |||||
| CVE-2024-11633 | 1 Ivanti | 1 Connect Secure | 2025-01-17 | N/A | 9.1 CRITICAL |
| Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution | |||||
| CVE-2024-9131 | 2025-01-10 | N/A | 7.2 HIGH | ||
| A user with administrator privileges can perform command injection | |||||
| CVE-2024-52301 | 2024-12-21 | N/A | N/A | ||
| Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs. | |||||
| CVE-2024-3367 | 1 Checkmk | 1 Checkmk | 2024-12-05 | N/A | 6.5 MEDIUM |
| Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc | |||||
| CVE-2024-39712 | 2024-12-01 | N/A | 9.1 CRITICAL | ||
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-39711 | 2024-12-01 | N/A | 9.1 CRITICAL | ||
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-39710 | 2024-12-01 | N/A | 9.1 CRITICAL | ||
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-38656 | 2024-12-01 | N/A | 9.1 CRITICAL | ||
| Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-38655 | 2024-11-23 | N/A | 9.1 CRITICAL | ||
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-47611 | 2024-11-21 | N/A | N/A | ||
| XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters (for example, filenames) that don't exist in the current legacy code page, the characters are converted to similar-looking characters with best-fit mapping. Some best-fit mappings result in ASCII characters that change the meaning of the command line, which can be exploited with malicious filenames to do argument injection or directory traversal attacks. This vulnerability is fixed in 5.6.3. Command line tools built for Cygwin or MSYS2 are unaffected. liblzma is unaffected. | |||||
| CVE-2024-3817 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package. | |||||
| CVE-2024-3684 | 2024-11-21 | N/A | 8.0 HIGH | ||
| A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.12.2, 3.11.8, 3.10.10, and 3.9.13. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-35307 | 2024-11-21 | N/A | N/A | ||
| Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777. | |||||