https://vulnerability.circl.lu/sightings/feed 2026-06-15T21:11:44.988974+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/3953dccc-4981-4427-9ac2-d9ad4f99f475/export 2026-06-15T21:11:45.365387+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "3953dccc-4981-4427-9ac2-d9ad4f99f475", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42955", "type": "seen", "source": "https://t.me/cibsecurity/32457", "content": "\u203c CVE-2021-42955 \u203c\n\nZoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T16:14:48.000000Z"} 2021-11-17T16:14:48+00:00 https://vulnerability.circl.lu/sighting/ef3f3ba0-cc99-4f6f-ab4a-af9fd9088a2e/export 2026-06-15T21:11:45.365230+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "ef3f3ba0-cc99-4f6f-ab4a-af9fd9088a2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42956", "type": "seen", "source": "https://t.me/cibsecurity/32463", "content": "\u203c CVE-2021-42956 \u203c\n\nZoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T16:14:55.000000Z"} 2021-11-17T16:14:55+00:00 https://vulnerability.circl.lu/sighting/13d26be2-c6bd-4440-866c-2f05f646499d/export 2026-06-15T21:11:45.364993+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "13d26be2-c6bd-4440-866c-2f05f646499d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42954", "type": "seen", "source": "https://t.me/cibsecurity/32479", "content": "\u203c CVE-2021-42954 \u203c\n\nZoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T16:20:50.000000Z"} 2021-11-17T16:20:50+00:00 https://vulnerability.circl.lu/sighting/fb39c0bd-78ef-4c78-9833-58d88c88317f/export 2026-06-15T21:11:45.364763+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "fb39c0bd-78ef-4c78-9833-58d88c88317f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42952", "type": "seen", "source": "https://t.me/cibsecurity/38124", "content": "\u203c CVE-2021-42952 \u203c\n\nAll pervious versions before October 25, 2021 of Zepl Notebooks are affeced by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T22:21:09.000000Z"} 2022-02-25T22:21:09+00:00 https://vulnerability.circl.lu/sighting/fc512326-3632-4476-96c3-98f9d4c2f49e/export 2026-06-15T21:11:45.364510+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "fc512326-3632-4476-96c3-98f9d4c2f49e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42951", "type": "seen", "source": "https://t.me/cibsecurity/38243", "content": "\u203c CVE-2021-42951 \u203c\n\nA Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm and subsequently launch remote code execution with their desired result.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-01T07:23:44.000000Z"} 2022-03-01T07:23:44+00:00 https://vulnerability.circl.lu/sighting/53ad0fa8-4b69-4527-9b45-22e666f6b86a/export 2026-06-15T21:11:45.364182+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "53ad0fa8-4b69-4527-9b45-22e666f6b86a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42950", "type": "seen", "source": "https://t.me/cibsecurity/38342", "content": "\u203c CVE-2021-42950 \u203c\n\nRemote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon creating a new notebook with specially crafted malicious code, a user can then launch remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-03T07:25:46.000000Z"} 2022-03-03T07:25:46+00:00 https://vulnerability.circl.lu/sighting/c27a13b0-0865-451b-9485-9a73af644be5/export 2026-06-15T21:11:45.361076+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "c27a13b0-0865-451b-9485-9a73af644be5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4295", "type": "seen", "source": "https://t.me/cibsecurity/55522", "content": "\u203c CVE-2021-4295 \u203c\n\nA vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the component XML Handler. The manipulation leads to xml external entity reference. Upgrading to version 1.0.31 is able to address this issue. The name of the patch is fbd8ea121755a2d3d116b13f235bc8b61d8449af. It is recommended to upgrade the affected component. VDB-217018 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-29T12:13:01.000000Z"} 2022-12-29T12:13:01+00:00