Arbitrary Argument Injection

Overview symfony/runtime is an Enables decoupling PHP applications from global state Affected versions of this package are vulnerable to Arbitrary Argument Injection via SymfonyRuntime::getInput when registerargcargv=On in web SAPIs. An attacker can modify the Symfony application environment and...

Arbitrary Argument Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary Argument Injection in a push operation. A user with permission to create or modify workflows can read arbitrary files on the server by injecting CLI flags during workflow creation or...

Arbitrary Argument Injection

Overview archivebox is a The self-hosted internet archive. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the AddView class. An attacker can execute arbitrary code on the server by submitting specially crafted configuration overrides to the /add/ endpoint,...

Arbitrary Argument Injection

Overview GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Arbitrary Argument Injection in the multioptions parameter of the clone function, which may be passed in via the clonefrom, clone, or Submodule.update functions. An...

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the ResolutionRequest process. An attacker can execute arbitrary code on the resolver pod and exfiltrate cluster-wide secrets by injecting malicious commands into the revision parameter of the git...

Arbitrary Argument Injection

Overview @aiondadotcom/mcp-ssh is a MCP Agent for managing SSH hosts - A Model Context Protocol server for SSH operations Affected versions of this package are vulnerable to Arbitrary Argument Injection via improper handling of the hostAlias, command, localPath, or remotePath arguments. An attack...

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the Execute function in the /internal/service/ffmpeg/ffmpeg.go file. An attacker can inject arbitrary arguments into the execution context by supplying crafted input, potentially leading to unauthorized...

CVE-2025-69201

CVE-2025-69201 (Tugtainer) affects the tugtainer-agent API, where the POST api/command/run endpoint is vulnerable to arbitrary argument injection. The issue exists in versions prior to 1.15.1 and is fixed in 1.15.1. Documented impact is remote command execution via the affected endpoint, with the...

CVE-2025-12613

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

GHSA-G4MF-96X5-5M2C Cloudinary Node SDK is vulnerable to Arbitrary Argument Injection through parameters that include an ampersand

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

EUVD-2025-44030

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

CVE-2023-26143

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...