Search Vulnerabilities

Cacti: Command Injection via escape_command() no-op in RRDtool execution

CVE-2026-48793

Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path

CVE-2026-54686

Warp: DCS lifecycle hook spoofing can alter terminal session metadata

CVE-2026-11968

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in TortoiseGit

CVE-2026-44790

n8n: Arbitrary File Read via Git Node

Jun 23, 2026

CVE-2026-12530

Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()

Jun 17, 2026

CVE-2026-47365

Argument injection vulnerability in WordPress Toolkit before 6

Jun 12, 2026

CVE-2026-47250

mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

Jun 11, 2026

CVE-2026-46529

PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

CVE-2026-53694

Potential local privileges escalation through argument injection in the nxchmod.sh script

CVE-2026-52750

Ghidra < 12.1- Command Injection via URL Annotation Click

CVE-2026-11332

Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution

Jun 5, 2026

CVE-2026-41013

Tenant-controlled comma smuggles arbitrary CIFS mount options

Jun 1, 2026

CVE-2026-49373

In JetBrains TeamCity before 2026

May 29, 2026

CVE-2026-48116

AnythingLLM: RCE via ripgrep --pre argument injection in filesystem-search-files agent skill

May 28, 2026

CVE-2026-44712

pam_usb: Shell injection via device UUID and username in pamusb-conf and pamusb-agent

May 27, 2026

CVE-2026-44449

Lumiverse: SMB `exists()` basename injection via smbclient `!cmd` escape

CVE-2026-44450

Lumiverse: RCE via MCP stdio argument injection

CVE-2026-3515

Argument Injection in prefecthq/prefect

May 24, 2026

CVE-2026-47114

IINA < 1.4.3 Command Execution via iina://open URL Scheme

May 21, 2026

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

CVE-2026-40079

Cacti: Command Injection via escape_command() no-op in RRDtool execution

CVE-2026-48793

Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path

CVE-2026-54686

Warp: DCS lifecycle hook spoofing can alter terminal session metadata

CVE-2026-11968

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in TortoiseGit

CVE-2026-44790

n8n: Arbitrary File Read via Git Node

Jun 23, 2026

CVE-2026-12530

Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()

Jun 17, 2026

CVE-2026-47365

Argument injection vulnerability in WordPress Toolkit before 6

Jun 12, 2026

CVE-2026-47250

mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

Jun 11, 2026

CVE-2026-46529

PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

CVE-2026-53694

Potential local privileges escalation through argument injection in the nxchmod.sh script

CVE-2026-52750

Ghidra < 12.1- Command Injection via URL Annotation Click

CVE-2026-11332

Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution

Jun 5, 2026

CVE-2026-41013

Tenant-controlled comma smuggles arbitrary CIFS mount options

Jun 1, 2026

CVE-2026-49373

In JetBrains TeamCity before 2026

May 29, 2026

CVE-2026-48116

AnythingLLM: RCE via ripgrep --pre argument injection in filesystem-search-files agent skill

May 28, 2026

CVE-2026-44712

pam_usb: Shell injection via device UUID and username in pamusb-conf and pamusb-agent

May 27, 2026

CVE-2026-44449

Lumiverse: SMB `exists()` basename injection via smbclient `!cmd` escape

CVE-2026-44450

Lumiverse: RCE via MCP stdio argument injection

CVE-2026-3515

Argument Injection in prefecthq/prefect

May 24, 2026

CVE-2026-47114