Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-05-09T00:58:26.042173+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/31faf7f7-8b45-4b92-9c8b-51ae1db11234/export 31faf7f7-8b45-4b92-9c8b-51ae1db11234 2026-05-09T00:58:26.367223+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "31faf7f7-8b45-4b92-9c8b-51ae1db11234", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41163", "type": "seen", "source": "https://t.me/BleepingComputer/10787", "content": "CISA urges admins to patch critical Discourse code execution bug\n\nA critical Discourse remote code execution (RCE) vulnerability tracked as CVE-2021-41163 was fixed via an urgent update by the developer on Friday [...]\n\nhttps://www.bleepingcomputer.com/news/security/cisa-urges-admins-to-patch-critical-discourse-code-execution-bug/", "creation_timestamp": "2021-10-25T09:25:34.000000Z"} 2021-10-25T09:25:34+00:00 https://vulnerability.circl.lu/sighting/124b7393-75e8-4a2f-b635-fa5b105a125b/export 124b7393-75e8-4a2f-b635-fa5b105a125b 2026-05-09T00:58:26.367089+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "124b7393-75e8-4a2f-b635-fa5b105a125b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41163", "type": "seen", "source": "https://t.me/true_secator/2253", "content": "\u200b\u200b\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Discourse \u0431\u044c\u044e\u0442 \u0442\u0440\u0435\u0432\u043e\u0433\u0443 \u0438 \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u044e\u0442 \u0441\u0432\u043e\u0438\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 2.7.9 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u041f\u041e, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u0435 \u043f\u0443\u0442\u0438.\n \n\u0414\u0435\u043b\u043e \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043d\u0435\u043c\u0435\u0446\u043a\u0438\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0438\u0437 Phenoelit \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0432 Discourse \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 CVE-2021-41163 \u0441 \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u043e\u043c CVSS 10, \u043f\u0440\u0438\u0447\u0438\u043d\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439 subscribe_url. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u0430.\n \nDiscourse - \u044d\u0442\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0447\u0430\u0442\u0430\u043c\u0438, \u0444\u043e\u0440\u0443\u043c\u0430\u043c\u0438 \u0438 \u0441\u043f\u0438\u0441\u043a\u0430\u043c\u0438 \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0438 \u0441 \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043f\u0435\u0440\u0435\u0442\u0430\u0441\u043a\u0438\u0432\u0430\u043d\u0438\u044f \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0439. Discourse \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 2000 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432. \u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043c\u0435\u0442\u0440\u0438\u043a\u0435 BuiltWith, \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 \u0431\u044b\u043b\u0430 \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u0430 \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 31 000 \u0441\u0430\u0439\u0442\u043e\u0432, \u0438 \u043e\u043a\u043e\u043b\u043e 14 300 \u0438\u0437 \u043d\u0438\u0445 \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c 8,639 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0434\u044b\u0440\u044f\u0432\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u0440\u0430\u0441\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442\u0441\u044f \u0438\u043c\u0435\u043d\u043d\u043e \u0432 \u0421\u0428\u0410.\n \n\u041f\u043e \u044d\u0442\u043e\u043c\u0443 \u043f\u043e\u0432\u043e\u0434\u0443 CISA \u0432\u044b\u0441\u0442\u0443\u043f\u0438\u043b\u043e \u0441 \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043a \u0430\u0434\u043c\u0438\u043d\u0430\u043c \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043b\u0438 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u043c\u0438 \u043f\u0443\u0442\u044f\u043c\u0438, \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0432 \u043d\u0430 \u0432\u043e\u0441\u0445\u043e\u0434\u044f\u0449\u0435\u043c \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043a\u0430\u0436\u0434\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441, \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0449\u0438\u0439\u0441\u044f \u0441 \u043f\u0443\u0442\u0438 /webhooks/aws, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0437\u043d\u0430\u043a\u043e\u043c\u0438\u0442\u044c\u0441\u044f \u0441 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u043c\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0432.", "creation_timestamp": "2021-10-26T16:30:52.000000Z"} 2021-10-26T16:30:52+00:00 https://vulnerability.circl.lu/sighting/2d504c10-a076-4e36-8a33-555151f0c59a/export 2d504c10-a076-4e36-8a33-555151f0c59a 2026-05-09T00:58:26.366959+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "2d504c10-a076-4e36-8a33-555151f0c59a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41163", "type": "published-proof-of-concept", "source": "https://t.me/NeKaspersky/1375", "content": "\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u041f\u041e \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0447\u0430\u0442\u0430\u043c\u0438, \u0444\u043e\u0440\u0443\u043c\u0430\u043c\u0438 \u0438 \u0441\u043f\u0438\u0441\u043a\u0430\u043c\u0438 \u0440\u0430\u0441\u0441\u044b\u043b\u043e\u043a Discourse \u043f\u0440\u043e\u0441\u044f\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e 2.7.9 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u0438\u0437-\u0437\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-41163 \u0441 \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u043e\u043c CVSS 10. \u041e\u043d\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u043b\u0430 \u0438\u0437-\u0437\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u0432\u0435\u0440\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439 subscribe_url. \n\n\u0423 Discourse \u0431\u043e\u043b\u044c\u0448\u0435 2000 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432(\u043a\u0430\u043a \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0435), \u043e\u043d\u0430 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430 31 000 \u0441\u0430\u0439\u0442\u043e\u0432, \u043e\u043a\u043e\u043b\u043e 14 000 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b. \n\nCISA \u0434\u0430\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u043e \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u0435 \u043a \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c, \u0447\u0442\u043e\u0431\u044b \u0442\u0435 \u0441\u0434\u0435\u043b\u0430\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043d\u0430 \u0432\u043e\u0441\u0445\u043e\u0434\u044f\u0449\u0435\u043c \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043a\u0430\u0436\u0434\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441, \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0449\u0438\u0439\u0441\u044f \u0441 /webhooks/aws. \n\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0442\u0443\u0442:\n\nhttps://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq", "creation_timestamp": "2021-10-26T19:15:29.000000Z"} 2021-10-26T19:15:29+00:00 https://vulnerability.circl.lu/sighting/cabdee0a-d3e5-44c3-a54f-656f2c49c03b/export cabdee0a-d3e5-44c3-a54f-656f2c49c03b 2026-05-09T00:58:26.366854+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "cabdee0a-d3e5-44c3-a54f-656f2c49c03b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41163", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4594", "content": "#exploit\nCVE-2021-41163:\nDiscourse <2.7.9 - RCE via malicious SNS subscription payload\nhttps://0day.click/recipe/discourse-sns-rce\n]-> https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq", "creation_timestamp": "2021-10-27T01:02:42.000000Z"} 2021-10-27T01:02:42+00:00 https://vulnerability.circl.lu/sighting/a057fbf4-b70c-46f5-b898-30b8a5541581/export a057fbf4-b70c-46f5-b898-30b8a5541581 2026-05-09T00:58:26.366742+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "a057fbf4-b70c-46f5-b898-30b8a5541581", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41164", "type": "seen", "source": "https://t.me/cibsecurity/32576", "content": "\u203c CVE-2021-41164 \u203c\n\nCKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T22:21:11.000000Z"} 2021-11-17T22:21:11+00:00 https://vulnerability.circl.lu/sighting/bc690f94-5fd3-4320-b8b9-92fe24ccc5c7/export bc690f94-5fd3-4320-b8b9-92fe24ccc5c7 2026-05-09T00:58:26.366632+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "bc690f94-5fd3-4320-b8b9-92fe24ccc5c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4116", "type": "seen", "source": "https://t.me/cibsecurity/33998", "content": "\u203c CVE-2021-4116 \u203c\n\nyetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-15T16:14:15.000000Z"} 2021-12-15T16:14:15+00:00 https://vulnerability.circl.lu/sighting/50a3f4c4-a70c-470e-9fb8-f18c1797907a/export 50a3f4c4-a70c-470e-9fb8-f18c1797907a 2026-05-09T00:58:26.366511+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "50a3f4c4-a70c-470e-9fb8-f18c1797907a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41166", "type": "seen", "source": "https://t.me/cibsecurity/36364", "content": "\u203c CVE-2021-41166 \u203c\n\nThe Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required `MANAGE_DOCUMENTS` permission may view image thumbnails for images it does not have permission to view. Version 3.17.1 contains a patch. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-27T02:19:58.000000Z"} 2022-01-27T02:19:58+00:00 https://vulnerability.circl.lu/sighting/07fb166f-2eed-46f2-bc10-4e8fb1a96df0/export 07fb166f-2eed-46f2-bc10-4e8fb1a96df0 2026-05-09T00:58:26.366395+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "07fb166f-2eed-46f2-bc10-4e8fb1a96df0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41161", "type": "seen", "source": "https://t.me/cibsecurity/41232", "content": "\u203c CVE-2021-41161 \u203c\n\nCombodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-21T20:26:52.000000Z"} 2022-04-21T20:26:52+00:00 https://vulnerability.circl.lu/sighting/a3ebff64-3789-4149-b38e-1a7c77fb88e2/export a3ebff64-3789-4149-b38e-1a7c77fb88e2 2026-05-09T00:58:26.366243+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "a3ebff64-3789-4149-b38e-1a7c77fb88e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41162", "type": "seen", "source": "https://t.me/cibsecurity/41233", "content": "\u203c CVE-2021-41162 \u203c\n\nCombodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-21T20:26:53.000000Z"} 2022-04-21T20:26:53+00:00 https://vulnerability.circl.lu/sighting/2000b2c2-7414-4a2b-a89b-ebadfe3fd97e/export 2000b2c2-7414-4a2b-a89b-ebadfe3fd97e 2026-05-09T00:58:26.364186+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "2000b2c2-7414-4a2b-a89b-ebadfe3fd97e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41163", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvjlb7pqgy22", "content": "", "creation_timestamp": "2025-08-03T21:02:30.299077Z"} 2025-08-03T21:02:30.299077+00:00