By weakness (CWE)
CWE-88: related vulnerabilities
CVEs classified under CWE-88. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
2 published vulnerabilities
- CVE-2024-52011HIGH 8.3
CVE-2024-52011 is a command injection vulnerability in the launch-editor library, a Node.js utility that opens files in text editors with specified line numbers. Before version 2.9.0, the library failed to properly sanitize filename input on Windows systems, allowing an attacker to inject and execute arbitrary commands by crafting a malicious filename. An attacker would need to trick a user into opening a specially crafted file—typically through a development workflow, build process, or IDE integration—to trigger code execution with the privileges of the affected user.
- CVE-2026-41013HIGH 8.1
A flaw in how Cloud Foundry's Diego release handles SMB volume mounts allows a developer with basic access to a shared environment to bypass security restrictions and inject malicious mount commands. This could let them gain elevated privileges or circumvent security controls on multi-tenant systems where multiple teams share the same infrastructure.