EUVD-2026-29549

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an...

CVE-2026-2449

Improper neutralization of argument delimiters in a command 'argument injection' vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

CVE-2026-2298

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 30th, 2026...

CVE-2026-25689

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions,...

CVE-2026-22583

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement CloudPagesUrl module allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026...

CVE-2026-22582

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement MicrositeUrl module allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026...

CVE-2026-22583

Salesforce Marketing Cloud Engagement (CloudPagesUrl module) is affected by CVE-2026-22583 due to improper neutralization of argument delimiters, enabling potential argument injection and Web Services Protocol Manipulation. The issue affects Marketing Cloud Engagement versions prior to January 21...

CVE-2025-43730

Dell ThinOS 10, versions prior to 250810.0127, contains an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure...

CVE-2025-43730

Dell ThinOS 10, versions prior to 250810.0127, contains an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure...

CVE-2025-43730

Dell ThinOS 10 is affected by an Improper Neutralization of Argument Delimiters in a Command (Argument Injection) vulnerability. Affected: Dell ThinOS 10 before 2508_10.0127. Impact per sources: local elevation of privileges and information disclosure for a local unauthenticated user. Root cause:...

Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial

URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow commands to be executed in the HgDriver if hg/Mercurial is installed on the system. Impact - The impact to Composer users directly is limit...

GHSA-H5H8-PC6H-JVVX Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial

URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow commands to be executed in the HgDriver if hg/Mercurial is installed on the system. Impact - The impact to Composer users directly is limit...

Arbtirary Command Execution

composer/composer is vulnerable to arbitrary command execution. A missing argument delimiter allows an attacker to inject and execute arbitrary commands via VCS repository URLs or source download URLs on systems with Mercurial...

CVE-2021-29472 Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer

Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to...

Missing argument delimiter can lead to command execution via VCS repository URLs or source download URLs on systems with Mercurial

URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow commands to be executed in the HgDriver if hg/Mercurial is installed on the system. Impact - The impact to Composer users directly is limit...