Weaknesses of type CWE-88
218 resultsCVE-2016-10033CRITICALThe mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail cEPSS 99.7%KEVCVE-2022-36804HIGHMultiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10,EPSS 99.2%KEVCVE-2026-24061CRITICALtelnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.EPSS 98.9%KEVCVE-2022-23221CRITICALH2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGEPSS 64.8%CVE-2024-41710MEDIUMA vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (EPSS 41.2%KEVCVE-2024-52301HIGHLaravel allows environment manipulation via query stringEPSS 38.0%CVE-2021-1531HIGHCisco Modeling Labs Web UI Command Injection VulnerabilityEPSS 30.5%CVE-2022-37027HIGHAhsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime EPSS 20.8%CVE-2025-57791MEDIUMArgument Injection Vulnerability in CommServeEPSS 20.7%CVE-2024-24576CRITICALRusts's `std::process::Command` did not properly escape arguments of batch files on WindowsEPSS 20.3%CVE-2001-0667HIGHInternet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commandEPSS 14.7%CVE-2023-6634HIGHLearnPress <= 4.2.5.7 - Command InjectionEPSS 8.5%CVE-2025-68144MEDIUMmcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local filesEPSS 7.3%CVE-2024-39930CRITICALThe built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. AuthenticEPSS 7.3%CVE-2019-3931—Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafteEPSS 5.9%CVE-2021-46850HIGHmyVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and rEPSS 5.2%CVE-2021-29472HIGHMissing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composerEPSS 4.8%CVE-2022-26532HIGHA argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEEPSS 4.8%CVE-2022-29184HIGHCommand Injection/Argument Injection in GoCDEPSS 3.6%CVE-2022-28391HIGHBusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatEPSS 3.5%