52 matches found
Arbitrary Argument Injection
Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via recipient handling in SendmailTransport when using sendmail -t mode. An attacker can inject arbitrary sendmail command-line options by supplying a recipient address beginning with -, as recipient address...
Arbitrary Argument Injection
Overview dbt-mcp is an A MCP Model Context Protocol server for interacting with dbt resources. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the nodeselection or resourcetype parameters in the rundbtcommand process. An attacker can override configuration fil...
Arbitrary Argument Injection
Overview exiftool-vendored is an Efficient, cross-platform access to ExifTool Affected versions of this package are vulnerable to Arbitrary Argument Injection via unsanitized input in tag names, filenames, or options passed to the ExifTool process. An attacker can manipulate file access or write...
Arbitrary Argument Injection
Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Arbitrary...
Arbitrary Argument Injection
Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the WriteMetadata process. An attacker can manipulate files, create or overwrite arbitrary files, and establish symlinks or hard links by injecting specially crafted metadata values containing newline...
Arbitrary Argument Injection
Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via unsanitized volumeHandle and mounttargetip fields. An attacker can inject unauthorized mount options by supplying specially crafted values to these fields when creating a PersistentVolume, resulting in...
Arbitrary Argument Injection
Overview mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl Affected versions of this package are vulnerable to Arbitrary Argument Injection through the startPortForward function in src/tools/portforward.ts. An attacker can inject additional kubectl flags b...
Arbitrary Argument Injection
Overview github.com/hashicorp/go-getter is a Package for downloading things from a string URL using a variety of protocols. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the GitGetter function that lacks validation for git options when attempting to check th...
Arbitrary Argument Injection
Overview skilleton is a Skills skeleton: deterministic AI skill dependency manager Affected versions of this package are vulnerable to Arbitrary Argument Injection via improper handling of repository and path input in the normalizeRepoUrl function. An attacker can cause unsafe or inefficient...
Arbitrary Argument Injection
Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via unsanitized arguments in the SEARCH process. An attacker can manipulate IMAP commands or bypass cross-site request forgery protections by supplying crafted input to the mail search functionality...
Arbitrary Argument Injection
Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the tag deletion. An attacker can execute arbitrary git options by supplying a crafted tag name when triggering the deletion, potentially causing unintended behavior or disruption of the underlying...
Arbitrary Argument Injection
Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Arbitrary Argument Injection via arguments passed to the addhostkey function. A user with access to the management console can add a malicio...
CVE-2025-69201
Tugtainer is a self-hosted app for automating updates of docker containers. In versions prior to 1.15.1, arbitary arguments can be injected in tugtainer-agent POST api/command/run. Version 1.15.1 fixes the issue...
CVE-2025-69201
Tugtainer is a self-hosted app for automating updates of docker containers. In versions prior to 1.15.1, arbitary arguments can be injected in tugtainer-agent POST api/command/run. Version 1.15.1 fixes the issue...
Arbitrary Argument Injection
Overview mcp-server-git is an A Model Context Protocol server providing tools to read, search, and manipulate Git repositories programmatically via LLMs Affected versions of this package are vulnerable to Arbitrary Argument Injection via the gitdiff and gitcheckout functions. An attacker can...
Arbitrary Argument Injection
Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Argument Injection vi...
Cloudinary Node SDK is vulnerable to Arbitrary Argument Injection through parameters that include an ampersand
Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...
CVE-2025-12613
Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...
CVE-2025-12613
Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...
CVE-2025-12613
CVE-2025-12613 affects the Cloudinary Node SDK prior to 2.7.0. The vulnerability stems from improper parsing of parameter values containing an ampersand, enabling Arbitrary Argument Injection where an attacker can inject additional, unintended parameters. Potential outcomes include bypassing secu...