Judging Management System SQL Injection Vulnerability (CNVD-2023-64280)

Judging Management System is a judging management system. Judging Management System v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the id parameter of /php-jms/deductScores.php. An attacker can exploit this vulnerabilit...

ScienceLogic SL1 SQL Injection Vulnerability (CNVD-2023-66420)

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...

CVE-2022-41648

The HEIDENHAIN Controller TNC 640 NC software Version 340590 07 SP5, is vulnerable to improper authentication in its DNC communication for CNC machines. Authentication is not enabled by default for DNC communication. This vulnerability may allow an attacker to deny service on the production line,...

Cross site scripting

A persistent Cross-Site Scripting XSS vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web...

Winmail Cross-Site Scripting Vulnerability

Winmail is a server-side application used to provide mail services by Suzhou Huazhao Technology Winmail Company in China. A cross-site scripting vulnerability exists in Winmail version 6.5. An attacker can exploit this vulnerability to steal sensitive information...