https://vulnerability.circl.lu/sightings/feed 2026-05-05T06:28:17.734375+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/7e50f96c-ba16-423f-86aa-716a91ba9e38/export 2026-05-05T06:28:18.038973+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "7e50f96c-ba16-423f-86aa-716a91ba9e38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38157", "type": "seen", "source": "https://t.me/cibsecurity/26963", "content": "\u203c CVE-2021-38157 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-07T00:33:15.000000Z"} 2021-08-07T00:33:15+00:00 https://vulnerability.circl.lu/sighting/67c29030-6f59-4780-819f-3effc6c561b4/export 2026-05-05T06:28:18.038825+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "67c29030-6f59-4780-819f-3effc6c561b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38159", "type": "seen", "source": "https://t.me/cibsecurity/26967", "content": "\u203c CVE-2021-38159 \u203c\n\nIn certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or execute SQL statements that alter or delete database elements, via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8), 2019.1.7 (11.1.7), 2019.2.4 (11.2.4), 2020.0.7 (12.0.7), 2020.1.6 (12.1.6), and 2021.0.4 (13.0.4).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-07T20:34:33.000000Z"} 2021-08-07T20:34:33+00:00 https://vulnerability.circl.lu/sighting/3a9dddf1-0797-4020-9123-179b005af360/export 2026-05-05T06:28:18.038671+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "3a9dddf1-0797-4020-9123-179b005af360", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38150", "type": "seen", "source": "https://t.me/cibsecurity/28807", "content": "\u203c CVE-2021-38150 \u203c\n\nWhen an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T16:22:04.000000Z"} 2021-09-14T16:22:04+00:00 https://vulnerability.circl.lu/sighting/921fdfc7-2f2a-46ff-b6fe-2cce358717e3/export 2026-05-05T06:28:18.038468+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "921fdfc7-2f2a-46ff-b6fe-2cce358717e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38156", "type": "seen", "source": "https://t.me/cibsecurity/28907", "content": "\u203c CVE-2021-38156 \u203c\n\nIn Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T18:22:33.000000Z"} 2021-09-15T18:22:33+00:00 https://vulnerability.circl.lu/sighting/cb9f952b-7f61-495a-81a5-19d0042ce411/export 2026-05-05T06:28:18.038275+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "cb9f952b-7f61-495a-81a5-19d0042ce411", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/644", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC for exploiting CVE-2021-38156 : In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.\nURL\uff1ahttps://github.com/AIPOCAI/CVE-2021-39204", "creation_timestamp": "2021-10-05T12:34:09.000000Z"} 2021-10-05T12:34:09+00:00 https://vulnerability.circl.lu/sighting/ca671249-1520-4caf-b68c-43c5078561ff/export 2026-05-05T06:28:18.038033+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "ca671249-1520-4caf-b68c-43c5078561ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/645", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC for exploiting CVE-2021-38156 : In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.\nURL\uff1ahttps://github.com/AKIA27TACKEDYE76PUGU/CVE-2021-39204", "creation_timestamp": "2021-10-05T13:51:13.000000Z"} 2021-10-05T13:51:13+00:00 https://vulnerability.circl.lu/sighting/79ca4a8f-8dac-46b4-96c7-2be7c489231a/export 2026-05-05T06:28:18.037726+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "79ca4a8f-8dac-46b4-96c7-2be7c489231a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3815", "type": "seen", "source": "https://t.me/cibsecurity/33614", "content": "\u203c CVE-2021-3815 \u203c\n\nutils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-08T20:22:47.000000Z"} 2021-12-08T20:22:47+00:00 https://vulnerability.circl.lu/sighting/88e57af2-cd7e-4198-815c-89507bb91fe7/export 2026-05-05T06:28:18.037527+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "88e57af2-cd7e-4198-815c-89507bb91fe7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38159", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/49716", "content": "Palantir Public: SQL Injection at https://ift.tt/xHz9Lcb due to CVE-2021-38159\n\nhttps://ift.tt/LyudQ2n", "creation_timestamp": "2022-04-05T13:51:54.000000Z"} 2022-04-05T13:51:54+00:00 https://vulnerability.circl.lu/sighting/7ed13f30-1986-4849-8b43-ef7e039b01ae/export 2026-05-05T06:28:18.037288+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "7ed13f30-1986-4849-8b43-ef7e039b01ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38154", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-38154.yaml", "content": "", "creation_timestamp": "2025-10-10T10:51:44.000000Z"} 2025-10-10T10:51:44+00:00 https://vulnerability.circl.lu/sighting/b5b002b9-70b9-4815-ad01-401d39c8584d/export 2026-05-05T06:28:18.035098+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "b5b002b9-70b9-4815-ad01-401d39c8584d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38154", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m2zlw2iwgd2n", "content": "", "creation_timestamp": "2025-10-12T21:02:31.314343Z"} 2025-10-12T21:02:31.314343+00:00