CWE-88 (参数注入或修改) — Vulnerability Class 141

141 vulnerabilities classified as CWE-88 (参数注入或修改). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-40938	Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE — pipeline	7.5	High	2026-04-21
CVE-2026-6437	AWS EFS CSI Driver Mount Option Injection — AWS EFS CSI Driver	6.5	Medium	2026-04-17
CVE-2026-35153	Dell PowerProtect Data Domain（Dell PowerProtect DD）安全漏洞 — PowerProtect Data Domain	6.7	Medium	2026-04-17
CVE-2026-4145	Lenovo Software Fix 安全漏洞 — Software Fix	7.8	High	2026-04-15
CVE-2026-39884	MCP Server Kubernetes has Argument Injection in its port_forward tool via space-splitting — mcp-server-kubernetes	8.3	High	2026-04-14
CVE-2026-35033	Jellyfin: Potential SSRF + Arbitrary file read via stream argument injection — jellyfin	7.5	-	2026-04-14
CVE-2026-2449	upKeeper Instant Privilege Access 安全漏洞 — upKeeper Instant Privilege Access	9.8	-	2026-04-14
CVE-2026-40113	PraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars — PraisonAI	8.4	High	2026-04-09
CVE-2026-34769	Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference — electron	7.8	High	2026-04-03
CVE-2026-35538	Roundcube Webmail 参数注入漏洞 — Webmail	3.1	Low	2026-04-03
CVE-2026-0634	Code Execution in AssistFeedbackService on TECNO Pova7 Pro 5G — TECNO Pova7 Pro 5G	7.8^AI	High^AI	2026-04-02
CVE-2026-23924	Agent 2 Docker plugin arbitrary file read via Docker API injection — Zabbix	6.5	-	2026-03-24
CVE-2026-2298	Salesforce Marketing Cloud Engagement 安全漏洞 — Marketing Cloud Engagement	7.5^AI	High^AI	2026-03-23
CVE-2026-29608	OpenClaw 2026.3.1 < 2026.3.2 - Approval Integrity Bypass via system.run argv Rewriting — OpenClaw	6.7	Medium	2026-03-19
CVE-2026-22168	OpenClaw < 2026.2.21 - Command Injection via cmd.exe /c Trailing Arguments in system.run — OpenClaw	6.5	Medium	2026-03-18
CVE-2026-1717	Lenovo Vantage和Lenovo Baiying 安全漏洞 — Vantage	5.5	Medium	2026-03-11
CVE-2026-1716	Lenovo Vantage和Lenovo Baiying 安全漏洞 — Vantage	7.1	High	2026-03-11
CVE-2026-1715	Lenovo Vantage和Lenovo Baiying 安全漏洞 — Vantage	7.1	High	2026-03-11
CVE-2026-25689	Fortinet FortiDeceptor 参数注入漏洞 — FortiDeceptor	6.0	Medium	2026-03-10
CVE-2025-41761	Privilege escalation possible — UBR-01 Mk II	7.8	High	2026-03-09
CVE-2026-3682	welovemedia FFmate ffmpeg.go Execute argument injection — FFmate	6.3	Medium	2026-03-07
CVE-2026-26194	Gogs: Release tag option injection in release deletion — gogs	7.1	-	2026-03-05
CVE-2026-20016	Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 参数注入漏洞 — Cisco Secure Firewall Threat Defense (FTD) Software	6.0	Medium	2026-03-04
CVE-2026-20063	Cisco Secure FTD Software Authenticated Command Injection Vulnerability — Cisco Secure Firewall Threat Defense (FTD) Software	6.0	Medium	2026-03-04
CVE-2026-27947	Group-Office Vulnerable to Remote Code Execution (RCE) — groupoffice	8.0	-	2026-02-27
CVE-2026-24126	Weblate has an argument injection in management console — weblate	6.6	Medium	2026-02-18
CVE-2025-15315	Tanium addressed a local privilege escalation vulnerability in Tanium Module Server. — Tanium Module Server	6.7	Medium	2026-02-09
CVE-2025-15316	Tanium addressed a local privilege escalation vulnerability in Tanium Server. — Tanium Server	6.7	Medium	2026-02-09
CVE-2026-25134	Group-Office Argument Injection in MaintenanceController::actionZipLanguage — groupoffice	7.2^AI	High^AI	2026-02-02
CVE-2026-24739	Symfony has incorrect argument escaping under MSYS2/Git Bash on Windows that can lead to destructive file operations — symfony	6.3	Medium	2026-01-28

Vulnerabilities classified as CWE-88 (参数注入或修改) represent 141 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-88 (参数注入或修改) — Vulnerability Class 141