Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-88

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

359 vulnerabilities with CWE-88

CVE-2024-9131 HIGH

Arista ng_firewall < 17.1.1 - Authenticated Command Injection

CVE-2024-51532 HIGH

Dell PowerStore - Command Injection

CVE-2024-11633 CRITICAL

Ivanti Connect Secure <22.7R2.4 - Command Injection

CVE-2024-39712 CRITICAL

Ivanti Connect Secure < 22.7 and Policy Secure < 22.7 - Authenticated Remote Code Execution via Argument Injection

CVE-2024-39711 CRITICAL

Ivanti Connect Secure < 22.7R2.1, 9.1R18.7 & Policy Secure < 22.7R1.1 - Authenticated RCE via Argument Injection

CVE-2024-39710 CRITICAL

Ivanti Connect Secure < 22.7R2.1 / 9.1R18.7 & Policy Secure < 22.7R1.1 - Authenticated RCE via Argument Injection

CVE-2024-38656 CRITICAL

Ivanti Connect Secure <22.7R2.2,9.1R18.9 - Command Injection

CVE-2024-38655 HIGH

Ivanti Connect/Ivanti Policy <22.7R2.1-9.1R18.9 - Command Injection

CVE-2024-52301 HIGH

Laravel Framework < 6.20.45 - Environment Manipulation via Crafted Query String

CVE-2024-47553 CRITICAL

Siemens SINEC Security Monitor < V4.9.0 - Code Injection

CVE-2024-21533 MEDIUM

ggit - Arbitrary Argument Injection via clone() API

CVE-2024-20444 MEDIUM

Cisco Nexus Dashboard Fabric Controller - Command Injection

CVE-2024-47611 MEDIUM

XZ Utils <5.6.2 - Command Injection

CVE-2024-43402 HIGH

Rust < 1.81.0 - OS Command Injection via Batch File Name Trailing Whitespace or Periods

CVE-2024-7573 MEDIUM

Relevanssi Live Ajax Search <2.4 - Command Injection

CVE-2024-41711 MEDIUM

Mitel 6800-6900w Series - Command Injection

CVE-2024-41710 HIGH KEV

Mitel 6800-6900w Series - Command Injection

CVE-2024-39933 HIGH

Gogs < 0.13.0 - Argument Injection via Release Tagging

CVE-2024-39930 CRITICAL

Gogs < 0.13.0 - Authenticated Remote Code Execution via SSH --split-string Argument Injection

CVE-2024-35307 CRITICAL

Pandora FMS 700-776 - Unauthenticated Remote Code Execution via Realtime Graph Extension Argument Injection

CVE-2024-2422 HIGH

LenelS2 NetBox <5.6.1 - Authenticated RCE

CVE-2024-31966 MEDIUM

Mitel 6800/6900 Series SIP Phones Authenticated Argument Injection

CVE-2024-32884 MEDIUM

gix-transport < 0.42.0 - Command Injection via SSH URL Username Smuggling

CVE-2024-3684 HIGH

GitHub Enterprise Server < 3.9.13 - Authenticated Server-Side Request Forgery in Management Console

CVE-2024-32462 HIGH

flatpak < 1.10.9, 1.12.9, 1.14.6, 1.15.8 - Sandbox Escape via Bubblewrap Argument Injection

Previous Page 6 of 15 Next

Details

Vulnerabilities 359

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy