Skip to main content
CVE-2022-28962 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-28927 CRITICAL POC PATCH THREAT Act Now

A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Subconverter
NVD GitHub
CVSS 3.1
9.8
EPSS
33.6%
CVE-2022-29304 HIGH POC This Week

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-28961 HIGH POC PATCH This Week

Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Spip
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-28960 HIGH POC PATCH This Week

A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE Spip
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-30018 HIGH POC This Week

Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mxcontrolcenter
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-1796 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 8.2.4979. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Vim
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-1785 HIGH POC PATCH This Week

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-28948 HIGH POC PATCH This Week

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Yaml Astra Trident
NVD GitHub
CVSS 3.1
7.5
EPSS
3.7%
CVE-2022-29652 MEDIUM POC This Month

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-28959 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Spip
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2022-22978 CRITICAL PATCH Act Now

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Security Financial Services Crime And Compliance Management Studio Active Iq Unified Manager
NVD
CVSS 3.1
9.8
EPSS
10.7%
CVE-2022-28350 CRITICAL Act Now

Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Valhall Gpu Kernel Driver
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-28349 CRITICAL Act Now

Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Bifrost Gpu Kernel Driver Midguard Gpu Kernel Driver +1
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-28348 CRITICAL Act Now

Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Bifrost Gpu Kernel Driver Midgard Gpu Kernel Driver +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-1416 MEDIUM POC This Month

Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-30617 HIGH PATCH This Week

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship (e.g.,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Strapi
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-1423 HIGH This Week

Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Gitlab
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-1730 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 18.0.4. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Drawio
NVD GitHub
CVSS 3.1
4.6
EPSS
0.6%
CVE-2022-28946 HIGH PATCH This Week

An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Open Policy Agent
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-30618 HIGH PATCH This Week

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Strapi
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-1413 HIGH This Week

Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-1183 HIGH This Week

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind H410c Firmware H300s Firmware H500s Firmware +2
NVD
CVSS 3.1
7.5
EPSS
6.4%
CVE-2022-1670 HIGH This Week

When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Octopus Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-29446 HIGH This Week

Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal WordPress Information Disclosure Counter Box
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-29449 MEDIUM This Month

Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Opal Hotel Room Booking
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-22976 MEDIUM PATCH This Month

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Java Spring Security Financial Services Crime And Compliance Management Studio +1
NVD
CVSS 3.1
5.3
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy