Total
314 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-29954 | 2026-03-30 | N/A | 7.6 HIGH | ||
| In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when kubeconfiggenerator uses wget to download charts, the chartURL is directly concatenated into the command, allowing attackers to inject wget's `--header` option to achieve arbitrary HTTP header injection. | |||||
| CVE-2026-1715 | 1 Lenovo | 1 Vantage | 2026-03-25 | N/A | 7.1 HIGH |
| An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges. | |||||
| CVE-2026-1716 | 1 Lenovo | 1 Vantage | 2026-03-25 | N/A | 7.1 HIGH |
| An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges. | |||||
| CVE-2026-1717 | 1 Lenovo | 1 Vantage | 2026-03-25 | N/A | 5.5 MEDIUM |
| An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges. | |||||
| CVE-2026-23924 | 2026-03-25 | N/A | N/A | ||
| Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API. | |||||
| CVE-2026-2298 | 2026-03-24 | N/A | 9.4 CRITICAL | ||
| Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 30th, 2026. | |||||
| CVE-2026-4438 | 2026-03-23 | N/A | 5.4 MEDIUM | ||
| Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification. | |||||
| CVE-2024-21533 | 2026-03-21 | N/A | 6.5 MEDIUM | ||
| All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options. | |||||
| CVE-2026-29608 | 1 Openclaw | 1 Openclaw | 2026-03-19 | N/A | 6.7 MEDIUM |
| OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text. | |||||
| CVE-2026-22168 | 1 Openclaw | 1 Openclaw | 2026-03-19 | N/A | 6.5 MEDIUM |
| OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments through cmd.exe /c to achieve local command execution on trusted Windows nodes with mismatched audit logs. | |||||
| CVE-2026-25689 | 1 Fortinet | 1 Fortideceptor | 2026-03-13 | N/A | 6.5 MEDIUM |
| An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions may allow a privileged attacker with super-admin profile and CLI access to delete sensitive files via crafted HTTP requests. | |||||
| CVE-2025-41761 | 1 Mbs-solutions | 4 Ubr-01 Mk Ii, Ubr-02, Ubr-lon and 1 more | 2026-03-11 | N/A | 7.8 HIGH |
| A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and ip) with sudo. | |||||
| CVE-2024-47553 | 1 Siemens | 1 Sinec Security Monitor | 2026-03-10 | N/A | 9.9 CRITICAL |
| A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged remote attacker to execute arbitrary code with root privileges on the underlying OS. | |||||
| CVE-2025-15315 | 1 Tanium | 2 Module Server, Server | 2026-03-09 | N/A | 6.7 MEDIUM |
| Tanium addressed a local privilege escalation vulnerability in Tanium Module Server. | |||||
| CVE-2025-15316 | 1 Tanium | 2 Module Server, Server | 2026-03-09 | N/A | 6.7 MEDIUM |
| Tanium addressed a local privilege escalation vulnerability in Tanium Server. | |||||
| CVE-2026-3682 | 2026-03-09 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-37005 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2026-03-06 | N/A | 7.5 HIGH |
| The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2026-26194 | 1 Gogs | 1 Gogs | 2026-03-06 | N/A | 7.3 HIGH |
| Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been patched in version 0.14.2. | |||||
| CVE-2026-20016 | 2026-03-05 | N/A | 6.0 MEDIUM | ||
| A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. | |||||
| CVE-2026-20063 | 2026-03-05 | N/A | 6.0 MEDIUM | ||
| A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for a specific CLI command. A successful exploit could allow the attacker to execute commands on the underlying operating system as root. | |||||