CVE-2026-35011

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in opena.php via the frm_call parameter. An authenticated attacker can craft a URL containing an unsanitized frm_call value that is reflected in page output, allowing arbitrary JavaScript execution in the victim’s browser. A fix is ...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from an information disclosure during a system call that handles an invalid parameter, which could lead to an information disclosure...

CVE-2022-2511

Cross-site Scripting XSS vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL...

ROS-20220128-01

The vulnerability in the Polkit library for UNIX-like operating systems is related to improper handling of the number of call parameters in the pkexec setuid binary, which causes the binary to executes environment variables as commands. Exploitation of the vulnerability could allow an attacker to...

CVE-2020-1891

A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices...

CVE-2018-6021

Silex SD-320AN version 2.01 and prior and GE MobileLinkGEH-SD-320AN version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution...

CVE-2018-6021

Silex SD-320AN version 2.01 and prior and GE MobileLinkGEH-SD-320AN version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution...

Remote code execution

Silex SD-320AN version 2.01 and prior and GE MobileLinkGEH-SD-320AN version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution...

CVE-2018-6021

Silex SD-320AN version 2.01 and prior and GE MobileLinkGEH-SD-320AN version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution...

CVE-2018-6021

CVE-2018-6021 affects Silex SD-320AN (2.01 and earlier) and GE MobileLink GEH-SD-320AN (GEH-1.1 and earlier). Root cause: system call parameters not properly sanitized, enabling OS command injection and remote code execution. Publicly documented in ICSMA-18-128-01; CVSSv3 base score 7.4. Impact: ...

DokuWiki Reflection File Download Vulnerability

DokuWiki is a German software developer Andreas Gohr developed a PHP-based Wiki engine , it is mainly used for small and medium-sized team and personal website knowledge base management , and provides version control , full-text search and permission control and other functions . A security...

Cross site scripting

Cross-site scripting XSS vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call parameter...

CVE-2014-1237

Cross-site scripting XSS vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call parameter...