Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI comman…

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote att…

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value …

Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS …

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x bef…

University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other pr…

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerabl…

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote at…

mIRC before 7.55 allows remote command execution by using argument injection through custom URI…

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem J…

Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote,…

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter paramet…

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including t…

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote att…

Laravel is a web application framework. When the register_argc_argv php directive is set to on …

The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument inje…

A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote attac…

Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Win…

TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A…

Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which …

Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options…

A security vulnerability has been identified that allows remote attackers to inject or manipula…

Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that ar…

Some implementations of rlogin allow root access if given a -froot parameter.

Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote atta…

Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.…

Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted…

Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another …

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() …

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (in…

Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to ex…

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, a…

Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 as…

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters t…

In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed …

The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go…

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument …

Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier…

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: E…

In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the …