https://vulnerability.circl.lu/sightings/feed 2026-05-05T11:27:32.692989+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/f4b941b1-94d9-4eba-86f9-33b8b7cf0c32/export 2026-05-05T11:27:32.980295+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "f4b941b1-94d9-4eba-86f9-33b8b7cf0c32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42753", "type": "seen", "source": "https://t.me/cibsecurity/36701", "content": "\u203c CVE-2021-42753 \u203c\n\nAn improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-02T14:28:30.000000Z"} 2022-02-02T14:28:30+00:00 https://vulnerability.circl.lu/sighting/5ae4425b-c8dc-40fb-8970-dd983dfe23bf/export 2026-05-05T11:27:32.980218+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "5ae4425b-c8dc-40fb-8970-dd983dfe23bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42755", "type": "seen", "source": "https://t.me/cibsecurity/46470", "content": "\u203c CVE-2021-42755 \u203c\n\nAn integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T20:39:43.000000Z"} 2022-07-18T20:39:43+00:00 https://vulnerability.circl.lu/sighting/b77435da-c121-48db-8f2a-5a073b7c36eb/export 2026-05-05T11:27:32.980147+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "b77435da-c121-48db-8f2a-5a073b7c36eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42750", "type": "seen", "source": "https://t.me/cibsecurity/48095", "content": "\u203c CVE-2021-42750 \u203c\n\nA cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T20:33:29.000000Z"} 2022-08-12T20:33:29+00:00 https://vulnerability.circl.lu/sighting/e1d34474-2ad9-4eb6-8665-e803da796385/export 2026-05-05T11:27:32.980052+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "e1d34474-2ad9-4eb6-8665-e803da796385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42751", "type": "seen", "source": "https://t.me/cibsecurity/48098", "content": "\u203c CVE-2021-42751 \u203c\n\nA cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T20:33:32.000000Z"} 2022-08-12T20:33:32+00:00 https://vulnerability.circl.lu/sighting/93e7c7c9-3831-4005-9ce7-b83ee3d08b5e/export 2026-05-05T11:27:32.979974+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "93e7c7c9-3831-4005-9ce7-b83ee3d08b5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4275", "type": "seen", "source": "https://t.me/cibsecurity/55096", "content": "\u203c CVE-2021-4275 \u203c\n\nA vulnerability, which was classified as problematic, was found in katlings pyambic-pentameter. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 974f21aa1b2527ef39c8afe1a5060548217deca8. It is recommended to apply a patch to fix this issue. VDB-216498 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T00:13:16.000000Z"} 2022-12-22T00:13:16+00:00 https://vulnerability.circl.lu/sighting/9919d2f6-ca02-4f83-84e8-61ccab91ce3b/export 2026-05-05T11:27:32.979892+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "9919d2f6-ca02-4f83-84e8-61ccab91ce3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42756", "type": "seen", "source": "https://t.me/cibsecurity/58360", "content": "\u203c CVE-2021-42756 \u203c\n\nMultiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-16T22:17:51.000000Z"} 2023-02-16T22:17:51+00:00 https://vulnerability.circl.lu/sighting/1edadf5c-e36d-47b1-b133-1df35d308ffa/export 2026-05-05T11:27:32.979759+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "1edadf5c-e36d-47b1-b133-1df35d308ffa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42756", "type": "seen", "source": "https://t.me/true_secator/4087", "content": "Fortinet \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f\u00a0\u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f 40 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\u00a0\u0432 \u0441\u0432\u043e\u0435\u0439 \u043b\u0438\u043d\u0435\u0439\u043a\u0435 \u041f\u041e, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 FortiWeb, FortiOS, FortiNAC \u0438 FortiProxy.\n\n\u0414\u0432\u0430 \u0438\u0437 40 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u043e\u0446\u0435\u043d\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435, 15 \u2014 \u043a\u0430\u043a \u0432\u044b\u0441\u043e\u043a\u0438\u0435, 22 \u2014 \u043a\u0430\u043a \u0441\u0440\u0435\u0434\u043d\u0438\u0435 \u0438 \u043e\u0434\u0438\u043d \u2014 \u043a\u0430\u043a \u043d\u0438\u0437\u043a\u0438\u0439.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f RCE-\u043e\u0448\u0438\u0431\u043a\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0441\u0435\u0442\u0438 FortiNAC (CVE-2022-39952) \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS: 9,8.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0432\u043b\u0438\u044f\u044e\u0449\u0430\u044f \u043d\u0430 FortiNAC (\u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 9.4.0, \u0441 9.2.0 \u043f\u043e 9.2.5, \u0441 9.1.0 \u043f\u043e 9.1.7, 8.8, 8.7, 8.6, 8.5 \u0438 8.3), \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2022-39952\u00a0\u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS v3 9,8 (\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f).\n\nFortiNAC \u2014 \u044d\u0442\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0441\u0435\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0441\u0435\u0442\u0438 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438, \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u0442\u044c \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c \u0443\u0433\u0440\u043e\u0437\u044b.\n\n\u0412\u043d\u0435\u0448\u043d\u0438\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0438\u043c\u0435\u043d\u0435\u043c \u0444\u0430\u0439\u043b\u0430 \u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u043f\u0443\u0442\u0438 [CWE-73] \u043d\u0430 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0435 FortiNAC \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0434\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439 FortiNAC 7.2.0, 9.1.8, 9.1.8 \u0438 9.1.8.\n\n\u0412\u0442\u043e\u0440\u044b\u043c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u043c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u043c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0441\u0442\u0435\u043a\u0430 \u0432 \u043f\u0440\u043e\u043a\u0441\u0438-\u0434\u0435\u043c\u043e\u043d\u0435 FortiWeb (CVE-2021-42756 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS: 9,3), \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432.\n\n\u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e, \u0447\u0442\u043e CVE, \u043f\u043e-\u0432\u0438\u0434\u0438\u043c\u043e\u043c\u0443, \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0435\u0449\u0435 \u0432 2021 \u0433\u043e\u0434\u0443, \u043d\u043e \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u043b\u0430\u0441\u044c. CVE-2021-42756 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0435 \u043d\u0438\u0436\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 FortiWeb (5.x, 6.0.7, 6.1.2, 6.2.6, 6.3.16 \u0438 6.4), \u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 FortiWeb 6.0.8, 6.1.3, 6.2.7, 6.3.17 \u0438 7.0.0.\n\n\u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c Fortinet, \u043e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n\nHorizon3 \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c PoC \u0434\u043b\u044f \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u0430\u0436\u043d\u043e, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0431\u044b\u0441\u0442\u0440\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f.", "creation_timestamp": "2023-02-20T09:47:48.000000Z"} 2023-02-20T09:47:48+00:00 https://vulnerability.circl.lu/sighting/12ae7730-1ddb-4f59-9a22-01bea859b795/export 2026-05-05T11:27:32.979676+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "12ae7730-1ddb-4f59-9a22-01bea859b795", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42756", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10703", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2022-39952 (CVSS score 9.8) and CVE-2021-42756 are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb.\n\nhttps://securityaffairs.com/142553/hacking/poc-exploit-code-fortinet-fortinac.html", "creation_timestamp": "2023-02-23T05:57:38.000000Z"} 2023-02-23T05:57:38+00:00 https://vulnerability.circl.lu/sighting/86ae7f4a-731a-4243-83b4-6d4d094d3c0e/export 2026-05-05T11:27:32.979545+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "86ae7f4a-731a-4243-83b4-6d4d094d3c0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4275", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11675", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-4275\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as problematic, was found in katlings pyambic-pentameter. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 974f21aa1b2527ef39c8afe1a5060548217deca8. It is recommended to apply a patch to fix this issue. VDB-216498 is the identifier assigned to this vulnerability.\n\ud83d\udccf Published: 2022-12-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T17:28:23.169Z\n\ud83d\udd17 References:\n1. https://github.com/katlings/pyambic-pentameter/commit/974f21aa1b2527ef39c8afe1a5060548217deca8\n2. https://vuldb.com/?id.216498", "creation_timestamp": "2025-04-14T17:54:43.000000Z"} 2025-04-14T17:54:43+00:00 https://vulnerability.circl.lu/sighting/1dd04198-2f77-4633-9174-287dce73dde3/export 2026-05-05T11:27:32.976345+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "1dd04198-2f77-4633-9174-287dce73dde3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42756", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:12:56.000000Z"} 2025-08-31T03:12:56+00:00