Skip to main content
CVE-2022-29652 MEDIUM POC This Month

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-28959 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Spip
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2022-1416 MEDIUM POC This Month

Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-1730 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 18.0.4. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Drawio
NVD GitHub
CVSS 3.1
4.6
EPSS
0.6%
CVE-2022-29449 MEDIUM This Month

Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Opal Hotel Room Booking
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-22976 MEDIUM PATCH This Month

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Java Spring Security Financial Services Crime And Compliance Management Studio +1
NVD
CVSS 3.1
5.3
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy