CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-43938

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.01385EPSS

Exploits0References1

Circl•added 2025/09/10 4:36 p.m.•2 views

CVE-2025-43938

creationtimestamp| type| source ---|---|--- 2025-09-10 16:36:46+00:00| seen| Telegram/2l5kks5wxavZ6WPSNIyrQT4reZ9emfQFMxxIJMKhCOouTE...

5CVSS4.8AI score0.00019EPSS

Exploits0

RedhatCVE•added 2025/02/06 1:47 a.m.•5 views

CVE-2022-43938

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports .prpt through the JVM script manager...

8.8CVSS6.4AI score0.03861EPSS

Exploits0References1

Circl•added 2024/09/18 1:39 a.m.•1 views

CVE-2024-43938

creationtimestamp| type| source ---|---|--- 2024-09-18 01:39:35+00:00| seen| https://t.me/cvedetector/5879...

6.5CVSS4.8AI score0.00297EPSS

Exploits0References1

CVE•added 2024/09/17 10:43 p.m.•41 views

CVE-2024-43938

CVE-2024-43938 describes a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress Name Directory plugin, affecting versions up to 1.29.0. The issue arises from improper neutralization of user input during web page generation, enabling Attackers to inject scripts via crafted input tha...

6.5CVSS5.9AI score0.00297EPSS

Exploits0References1

Cvelist•added 2024/09/17 10:43 p.m.•29 views

CVE-2024-43938 WordPress Name Directory plugin <= 1.29.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeroen Peters Name Directory name-directory.This issue affects Name Directory: from n/a through = 1.29.0...

6.5CVSS0.00297EPSS

Exploits0References1

Patchstack•added 2024/08/26 12:0 a.m.•9 views

WordPress Name Directory Plugin <= 1.29.0 is vulnerable to Cross Site Scripting (XSS)

Software Name Directory Type Plugin Vulnerable versions = 1.29.0 Fixed in 1.29.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43938 Patch priority Medium CVSS severity Medium 7.1 Developer Jeroen Peters PSID 00d0c2d9ba55 Credits LVT-tholv2k Required privilege...

6.5CVSS6.6AI score0.00297EPSS

Exploits0References2Affected Software1

Circl•added 2023/04/03 10:25 p.m.•2 views

CVE-2022-43938

creationtimestamp| type| source ---|---|--- 2023-04-03 22:25:07+00:00| seen| https://t.me/cibsecurity/61356 2023-04-08 20:04:44+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8078...

8.8CVSS7.3AI score0.03861EPSS

Exploits0References2

Cvelist•added 2023/04/03 6:6 p.m.•19 views

CVE-2022-43938 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

8.8CVSS8.6AI score0.03861EPSS

Exploits0References1

Vulnrichment•added 2023/04/03 6:6 p.m.•4 views

CVE-2022-43938 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

8.8CVSS8.5AI score0.03861EPSS

Exploits0References1

CVE•added 2023/04/03 6:6 p.m.•56 views

CVE-2022-43938

CVE-2022-43938 affects Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x. The issue is described as an improper neutralization of directives in statically saved code (Static Code Injection) that, due to a JVM Script Manager flaw, cannot relia...

8.8CVSS8.5AI score0.03861EPSS

Exploits0References1Affected Software1

Circl•added 2022/04/29 8:25 p.m.•3 views

CVE-2021-43938

creationtimestamp| type| source ---|---|--- 2022-04-29 20:25:12+00:00| seen| https://t.me/cibsecurity/41679...

9.8CVSS8.7AI score0.00246EPSS

Exploits0References1

Cvelist•added 2022/04/29 3:18 p.m.•15 views

CVE-2021-43938 Elcomplus SmartPTT SCADA Server Information Exposure

Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization...

8.1CVSS9.8AI score0.00246EPSS

Exploits0References1

CVE•added 2022/04/29 3:18 p.m.•95 views

CVE-2021-43938

Elcomplus SmartPTT SCADA Server (vulnerable component: information exposure via unauthenticated file requests) is affected by CVE-2021-43938. The vulnerability arises from allowing an unauthenticated user to request various files from the server without authentication or authorization, leading to...

9.8CVSS9.2AI score0.00246EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by