https://vulnerability.circl.lu/sightings/feed 2026-05-04T10:24:54.934658+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/27072a02-2b9a-4fbc-a811-0061da2b073f/export 2026-05-04T10:24:55.302834+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "27072a02-2b9a-4fbc-a811-0061da2b073f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37694", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/27185", "content": "\u203c CVE-2021-37694 \u203c\n\n@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and all users are advised to update.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-11T22:38:40.000000Z"} 2021-08-11T22:38:40+00:00 https://vulnerability.circl.lu/sighting/0250f2a0-6718-4f4a-9654-69cbd32d8013/export 2026-05-04T10:24:55.302753+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "0250f2a0-6718-4f4a-9654-69cbd32d8013", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37699", "type": "seen", "source": "https://t.me/cibsecurity/27207", "content": "\u203c CVE-2021-37699 \u203c\n\nNext.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain. We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. The issue has been patched in release 11.1.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-12T07:39:11.000000Z"} 2021-08-12T07:39:11+00:00 https://vulnerability.circl.lu/sighting/6442edd9-594a-4f60-835f-786e51f7720a/export 2026-05-04T10:24:55.302675+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "6442edd9-594a-4f60-835f-786e51f7720a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37695", "type": "seen", "source": "https://t.me/cibsecurity/27290", "content": "\u203c CVE-2021-37695 \u203c\n\nckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-13T07:40:22.000000Z"} 2021-08-13T07:40:22+00:00 https://vulnerability.circl.lu/sighting/e7b60ca4-4ca2-4af6-a908-2adc96ee4cd7/export 2026-05-04T10:24:55.302584+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "e7b60ca4-4ca2-4af6-a908-2adc96ee4cd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37690", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/27291", "content": "\u203c CVE-2021-37690 \u203c\n\nTensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` struct. The shapes embedded in this struct are owned by an inference context that is cleaned up almost immediately; if the upstream code attempts to access this shape information, it can trigger a segfault. `ShapeRefiner` is mitigating this for normal output shapes by cloning them (and thus putting the newly created shape under ownership of an inference context that will not die), but we were not doing the same for shapes and types. This commit fixes that by doing similar logic on output shapes and types. We have patched the issue in GitHub commit ee119d4a498979525046fba1c3dd3f13a039fbb1. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-13T07:40:23.000000Z"} 2021-08-13T07:40:23+00:00 https://vulnerability.circl.lu/sighting/556a7a5b-98f2-4c10-a6e1-62403857bcf1/export 2026-05-04T10:24:55.302461+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "556a7a5b-98f2-4c10-a6e1-62403857bcf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37698", "type": "seen", "source": "https://t.me/cibsecurity/27604", "content": "\u203c CVE-2021-37698 \u203c\n\nIcinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate despite a certificate authority being specified. Icinga 2 instances which connect to any of the mentioned time series databases (TSDBs) using TLS over a spoofable infrastructure should immediately upgrade to version 2.13.1, 2.12.6, or 2.11.11 to patch the issue. Such instances should also change the credentials (if any) used by the TSDB writer feature to authenticate against the TSDB. There are no workarounds aside from upgrading.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-19T20:18:12.000000Z"} 2021-08-19T20:18:12+00:00 https://vulnerability.circl.lu/sighting/839895a0-6676-4808-99c5-31a2a11e0ba7/export 2026-05-04T10:24:55.299927+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "839895a0-6676-4808-99c5-31a2a11e0ba7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3769", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/33077", "content": "\u203c CVE-2021-3769 \u203c\n\n# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-30T12:34:10.000000Z"} 2021-11-30T12:34:10+00:00