https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-21T16:26:05.169288+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/b5cf7776-595d-478a-b530-85e3d09004f0/exportb5cf7776-595d-478a-b530-85e3d09004f02026-06-21T16:26:05.518345+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "b5cf7776-595d-478a-b530-85e3d09004f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40842", "type": "seen", "source": "https://t.me/cibsecurity/30535", "content": "\u203c CVE-2021-40842 \u203c\n\nProofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-13T22:26:52.000000Z"}2021-10-13T22:26:52+00:00https://vulnerability.circl.lu/sighting/d79e7716-efa1-499f-a1a5-0f2223b315cc/exportd79e7716-efa1-499f-a1a5-0f2223b315cc2026-06-21T16:26:05.518259+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "d79e7716-efa1-499f-a1a5-0f2223b315cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40843", "type": "seen", "source": "https://t.me/cibsecurity/30536", "content": "\u203c CVE-2021-40843 \u203c\n\nProofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-13T22:26:56.000000Z"}2021-10-13T22:26:56+00:00https://vulnerability.circl.lu/sighting/36f14eed-add0-480f-a49c-0106351f2bd3/export36f14eed-add0-480f-a49c-0106351f2bd32026-06-21T16:26:05.518177+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "36f14eed-add0-480f-a49c-0106351f2bd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40849", "type": "seen", "source": "https://t.me/cibsecurity/31707", "content": "\u203c CVE-2021-40849 \u203c\n\nIn Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T13:23:30.000000Z"}2021-11-03T13:23:30+00:00https://vulnerability.circl.lu/sighting/12d5124a-5612-4cc8-a9a6-d199204629d3/export12d5124a-5612-4cc8-a9a6-d199204629d32026-06-21T16:26:05.518090+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "12d5124a-5612-4cc8-a9a6-d199204629d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40848", "type": "seen", "source": "https://t.me/cibsecurity/31708", "content": "\u203c CVE-2021-40848 \u203c\n\nIn Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T13:23:32.000000Z"}2021-11-03T13:23:32+00:00https://vulnerability.circl.lu/sighting/1e00c0cd-82d3-41c7-b729-8cb8090e6b0b/export1e00c0cd-82d3-41c7-b729-8cb8090e6b0b2026-06-21T16:26:05.517999+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "1e00c0cd-82d3-41c7-b729-8cb8090e6b0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4084", "type": "seen", "source": "https://t.me/cibsecurity/33725", "content": "\u203c CVE-2021-4084 \u203c\n\npimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-10T14:25:13.000000Z"}2021-12-10T14:25:13+00:00https://vulnerability.circl.lu/sighting/31b09945-c11b-4413-ab23-aa4e8a4192c4/export31b09945-c11b-4413-ab23-aa4e8a4192c42026-06-21T16:26:05.517910+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "31b09945-c11b-4413-ab23-aa4e8a4192c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40841", "type": "seen", "source": "https://t.me/cibsecurity/37792", "content": "\u203c CVE-2021-40841 \u203c\n\nA Path Traversal vulnerability for a log file in LiveConfig 2.12.2 allows authenticated attackers to read files on the underlying server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-19T00:38:25.000000Z"}2022-02-19T00:38:25+00:00https://vulnerability.circl.lu/sighting/4093e46a-9164-4cec-83a0-a2fa9884cb5b/export4093e46a-9164-4cec-83a0-a2fa9884cb5b2026-06-21T16:26:05.517824+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "4093e46a-9164-4cec-83a0-a2fa9884cb5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40840", "type": "seen", "source": "https://t.me/cibsecurity/37793", "content": "\u203c CVE-2021-40840 \u203c\n\nA Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-19T00:38:27.000000Z"}2022-02-19T00:38:27+00:00https://vulnerability.circl.lu/sighting/7296a59a-6ad6-43ac-8774-bba976c76700/export7296a59a-6ad6-43ac-8774-bba976c767002026-06-21T16:26:05.517724+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "7296a59a-6ad6-43ac-8774-bba976c76700", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40846", "type": "seen", "source": "https://t.me/cibsecurity/38478", "content": "\u203c CVE-2021-40846 \u203c\n\nAn issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-05T00:27:16.000000Z"}2022-03-05T00:27:16+00:00https://vulnerability.circl.lu/sighting/3a45db26-7278-45eb-bafb-d838fd86f213/export3a45db26-7278-45eb-bafb-d838fd86f2132026-06-21T16:26:05.517595+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "3a45db26-7278-45eb-bafb-d838fd86f213", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40847", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4359", "content": "#Threat_Research\n1. Netgear SOHO Security Bug Allows RCE, Corporate Attacks (CVE-2021-40847)\nhttps://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html\n2. A vmap/vmalloc use-after-free vulnerability within the Android ION allocator\nhttps://labs.taszk.io/blog/post/61_android_ion_uaf", "creation_timestamp": "2022-05-27T12:41:34.000000Z"}2022-05-27T12:41:34+00:00https://vulnerability.circl.lu/sighting/52ccecbc-9ea0-4169-9df5-5bd46c63e452/export52ccecbc-9ea0-4169-9df5-5bd46c63e4522026-06-21T16:26:05.516104+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "52ccecbc-9ea0-4169-9df5-5bd46c63e452", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40845", "type": "seen", "source": "MISP/e9fe9c80-e538-4746-ae5b-1c9ea5c9e30b", "content": "", "creation_timestamp": "2024-11-14T06:10:10.000000Z"}2024-11-14T06:10:10+00:00