CVE-2026-5433

...

CVE-2026-2298

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 30th, 2026...

Qnap QTS and QuTS hero Improper Neutralization of Argument Delimiters in a Command (CVE-2025-62847)

An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS...

CVE-2025-62847

CVE-2025-62847 is an actual, documented vulnerability affecting QNAP QTS and QuTS hero. It is described as an improper neutralization of argument delimiters in a command, enabling an attacker to alter execution logic on affected systems. Fixed versions are QTS 5.2.7.3297 build 20251024 and later,...

EUVD-2025-25882

Malicious code in bioql PyPI...

CVE-2025-32918 Livestatus injection in autocomplete endpoint

Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions 2.4.0p6, 2.3.0p35, 2.2.0p44, and 2.1.0 EOL allows an authenticated user to inject arbitrary Livestatus commands...

CVE-2025-3945 Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara...

CVE-2024-6542 Livestatus injection in mknotifyd

Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk = 2.0.0p39, 2.1.0p47, 2.2.0p32 and 2.3.0p11 allows arbitrary livestatus command execution...

Input validation

Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk = 2.0.0p39, 2.1.0p37, and 2.2.0p15 allows arbitrary livestatus command execution for authorized users...

CVE-2023-6157

Improper neutralization of livestatus command delimiters in ajaxsearch in Checkmk = 2.0.0p39, 2.1.0p37, and 2.2.0p15 allows arbitrary livestatus command execution for authorized users...

CVE-2023-31208

Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk 2.0.0p36, 2.1.0p28, and 2.2.0b8 beta allows arbitrary livestatus command execution for authorized users...