HTC VIVE Runtime Service 代码问题漏洞

HTC VIVE Runtime Service is a core backend driver from HTC Corporation. A code issue vulnerability exists in HTC VIVE Runtime Service version 1.0.0.4, which stems from the service path being unquoted, and could lead to a local user executing arbitrary code and elevating system privileges...

CVE-2023-25177

Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code...

CVE-2025-1929

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı allows SQL Injection, CAPEC - 7 - Blind SQL Injection. This issue affects Reel Sektör Hazine ve Risk Yönetimi...

Tenda W6-S 操作系统命令注入漏洞

Tenda W6-S is a wireless access point device from Tenda China. An OS command injection vulnerability exists in Tenda W6-S version 1.0.0.4, which originates from an incorrect operation of the file /goform/ate in the component ATE Service, which could lead to os command injection...

PT-2025-54180

A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...

Tenda W6-S 安全漏洞

Tenda W6-S is a wireless access point device from Tenda China. A security vulnerability exists in Tenda W6-S version 1.0.0.4, which originates from an incorrect manipulation of the file /bin/httpd parameter cookie in the component R7websSecurityHandler, which could result in a stack buffer overfl...

PT-2025-53720

Name of the Vulnerable Software and Affected Versions Tenda W6-S version 1.0.0.4510 Description A stack-based buffer overflow exists in the R7websSsecurityHandler component of Tenda W6-S. The issue is located in the file /bin/httpd. Manipulation of the Cookie argument can trigger the overflow. Th...

CVE-2025-1929

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı allows SQL Injection, CAPEC - 7 - Blind SQL Injection. This issue affects Reel Sektör Hazine ve Risk Yönetimi...

CVE-2025-1929 SQLi in RiskTurk's Treasury Management Software

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı allows SQL Injection, CAPEC - 7 - Blind SQL Injection. This issue affects Reel Sektör Hazine ve Risk Yönetimi...

CVE-2025-1929

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı allows SQL Injection, CAPEC - 7 - Blind SQL Injection. This issue affects Reel Sektör Hazine ve Risk Yönetimi...

CVE-2025-1929 SQLi in RiskTurk's Treasury Management Software

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı allows SQL Injection, CAPEC - 7 - Blind SQL Injection. This issue affects Reel Sektör Hazine ve Risk Yönetimi...

CVE-2025-1929

CVE-2025-1929 concerns an SQL injection in Reel Sektör Hazine ve Risk Yönetimi Yazılımı (Risk Yazılım Teknolojileri Ltd. Şti.) through version 1.0.0.4. The issue is described as improper neutralization of special elements used in an SQL command, i.e., a blind SQL injection (CAPEC-7). Connected so...

Riskturk Reel Sektör Hazine ve Risk Yönetimi SQL注入漏洞

Riskturk Reel Sektör Hazine ve Risk Yönetimi is a risk management software from the Turkish company Riskturk Reel. A SQL injection vulnerability exists in Riskturk Reel Sektör Hazine ve Risk Yönetimi 1.0.0.4 and earlier versions, which stems from improper handling of special elements and could le...

PT-2023-8818 · Delta Electronics · Cncsoft-B

Name of the Vulnerable Software and Affected Versions: Delta Electronics CNCSoft-B versions 1.0.0.4 and prior Description: The issue is caused by a stack-based buffer overflow in the CNCSoft-B software, which may allow an attacker to execute arbitrary code. This can be exploited by remote...

Delta Electronics DOPSoft 缓冲区错误漏洞

Delta Electronics DOPSoft is a Human Machine Interface HMI software suite from Delta Electronics Taiwan, China. A buffer error vulnerability exists in Delta Electronics DOPSoft version 1.0.0.4 and prior versions, which stems from susceptibility to a heap-based buffer overflow. An attacker can...

Tenda W6 缓冲区错误漏洞

The Tenda W6 is a wireless WiFi AP access point router from Tenda, China. A security vulnerability exists in Tenda W6-S v1.0.0.4510, which is caused by a stack overflow in the linkEn parameter via /goform/setAutoPing...

PT-2022-27545 · Tenda · Tenda W6-S

Name of the Vulnerable Software and Affected Versions: Tenda W6-S version 1.0.0.4510 Description: A stack overflow issue was discovered, which can be triggered via the linkEn parameter at the "/goform/setAutoPing" API endpoint. Recommendations: For Tenda W6-S version 1.0.0.4510, avoid using the...

Tenda W6 缓冲区错误漏洞

Tenda W6 is a wireless WiFi AP access point router from Tenda, China. A security vulnerability exists in Tenda W6-S v1.0.0.4510, which originates from a stack overflow via the wlradio parameter in /goform/wifiSSIDset...

PT-2022-27541 · Tenda · Tenda W6-S

Name of the Vulnerable Software and Affected Versions: Tenda W6-S version 1.0.0.4510 Description: A command injection issue was found in the tpi get ping output function at the "/goform/exeCommand" API endpoint. Recommendations: For Tenda W6-S version 1.0.0.4510, consider disabling the tpi get pi...

PT-2022-23006 · Asustek · Asustek Aura Ready Game Sdk

Name of the Vulnerable Software and Affected Versions: ASUSTeK Aura Ready Game SDK service GameSDK.exe version 1.0.0.4 Description: The issue is related to an unquoted service path in the ASUSTeK Aura Ready Game SDK service. This might allow a local user to escalate privileges by creating a...