Ruby Dragonfly <1.4.0 - Remote Code Execution

Ruby Dragonfly before 1.4.0 contains an argument injection vulnerability that allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishand...

Important: Red Hat Security Advisory: evince security update

An update for evince is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2026-11968

Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit...

CVE-2026-11968

CVE-2026-11968 affects TortoiseGitBlame. The issue arises from argument injection via malicious Git history filenames, enabling arbitrary file write in TortoiseGit. The provided sources describe the vulnerability name and impact but do not include concrete exploit details, affected versions, root...

EUVD-2026-38733

Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit...

CVE-2026-11968 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in TortoiseGit

Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit...

CVE-2026-5366 Git Argument Injection in prefecthq/prefect

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...

Siemens Ruggedcom Rox Improper Neutralization of Argument Delimiters in a Command (CVE-2025-40948)

Affected devices do not properly validate input in the web server's JSON-RPC interface. This could allow an authenticated remote attacker to read arbitrary files from the underlying operating system's filesystem with root privileges. This plugin only works with Tenable.ot. Please visit...

PHP CGI - Argument Injection

PHP CGI - Argument Injection CVE-2024-4577 is a critical argument injection flaw in PHP. id: CVE-2024-4577 info: name: PHP CGI - Argument Injection author: Hüseyin TINTAŞ,sw0rk17,s4e-io,pdresearch severity: critical description: | PHP CGI - Argument Injection CVE-2024-4577 is a critical argument...

CVE-2026-44170 MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...

CVE-2026-44170

CVE-2026-44170 : MariaDB on Windows with the CONNECT storage engine and REST support is affected. The vulnerability arises when an interpolated table HTTP attribute is included in a curl command line without proper sanitization, enabling an attacker to execute shell commands on the server. Patche...

CVE-2026-47365

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...

CVE-2026-47365

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...

📄 Gogs 0.14.2 Argument Injection

Proof of concept exploit for an argument injection vulnerability in Gogs versions 0.14.2 and below and versions 0.15.0+dev and below. ================================================================================================================================== | Title : Gogs Git Rebase Argume...

CVE-2026-53694

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2...

openSUSE 16 Security Update : sshfs (openSUSE-SU-2026:20915-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20915-1 advisory. Changes in sshfs: - Update to 3.7.6: - Added new maintainer: abhinavagarwal07 Abhinav Agarwal - CVE-2026-47187: Fixed critical vulnerability -...

CVE-2026-53694

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2...

EUVD-2026-36060

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2...

CVE-2026-53694

CVE-2026-53694 affects Nomachine deployments prior to 9.5.7 and pre-8.23.2, with a local privilege-escalation path via an argument-delimiter handling flaw described as an Argument Injection vulnerability. The core issue is improper neutralization of argument delimiters in a command, enabling inje...

CVE-2026-53694 Potential local privileges escalation through argument injection in the nxchmod.sh script

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2...