1924 matches found
Ruby Dragonfly <1.4.0 - Remote Code Execution
Ruby Dragonfly before 1.4.0 contains an argument injection vulnerability that allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishand...
CVE-2026-61459
MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...
EUVD-2026-42987
MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...
CVE-2026-61459
Affected software: MCP Server Kubernetes before 3.9.0. Vulnerability: Argument injection in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that bypasses the assertNoDangerousFlags check by using leading dashes for resourceType/name. This allows injection of the --server flag to ...
CVE-2026-61459 MCP Server Kubernetes < 3.9.0 Argument Injection via kubectl Structured Tools
MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...
PT-2026-57272
Name of the Vulnerable Software and Affected Versions MCP Server Kubernetes versions prior to 3.9.0 Description An argument injection flaw exists in structured tools, specifically within the kubectl get, kubectl describe, and kubectl delete functions. By providing the resourceType and name...
CVE-2026-47829 Argument Injection in BOSH CLI Allows Local Command Execution on Operator Workstations via Compromised Director
Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affecte...
CVE-2026-47829
CVE-2026-47829 describes an argument injection flaw in bosh-cli that lets a compromised BOSH Director inject arbitrary OpenSSH options into the locally-spawned ssh process when operators run non-interactive SSH paths (e.g., bosh ssh -c, bosh logs -f). This can lead to local command execution on t...
CVE-2026-47829
Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affecte...
PYSEC-2026-1152 Apache Airflow ODBC Provider Argument Injection vulnerability
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of...
CVE-2026-57572
Crawl4AI prior to version 0.9.0 was vulnerable to unauthenticated remote command execution through Chromium launch-argument injection. The Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium’s launch arguments and could be manipulated to replace a chi...
CVE-2026-40047
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...
PYSEC-2026-914 Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks
scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2026-40047
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...
CVE-2026-40047
CVE-2026-40047 concerns Apache Camel’s camel-docling: Insufficient validation of custom CLI arguments allows argument injection and path traversal in DoclingProducer. The issue arises when unvalidated values in CamelDoclingCustomArguments (or path-bearing headers) reach the external docling tool ...
CVE-2026-40047 Apache Camel: Camel-Docling: Insufficient validation of custom CLI arguments enables argument injection and path traversal in DoclingProducer
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...
EUVD-2026-41823
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...
PT-2026-55881
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.18.2 Description An argument injection issue exists in the Apache Camel Docling component. The component uses java.lang.ProcessBuilder to execute the external docling command-line tool. When custom CLI...
CVE-2026-14459
Improper neutralization of argument delimiters in a command 'argument injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects pardus-software: from = 1.0.4 before 1.0.5...
CVE-2026-14460
Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects pardus-software: from = 1.0.4 before 1.0.5...