Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 08 May 2026 02:43:53 +0000 a99d074e-9559-44e0-b6a4-77c3d1fbb05e https://vulnerability.circl.lu/sighting/a99d074e-9559-44e0-b6a4-77c3d1fbb05e/export {"uuid": "a99d074e-9559-44e0-b6a4-77c3d1fbb05e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32679", "type": "seen", "source": "https://t.me/cibsecurity/26058", "content": "\u203c CVE-2021-32679 \u203c\n\nNextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized into a `DownloadResponse`, this could be used to trick users into downloading malicious files with a benign file extension. This would show in UI behaviours where Nextcloud applications would display a benign file extension (e.g. JPEG), but the file will actually be downloaded with an executable file extension. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. Administrators of Nextcloud instances do not have a workaround available, but developers of Nextcloud apps may manually escape the file name before passing it into `DownloadResponse`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-12T16:17:55.000000Z"} {"uuid": "a99d074e-9559-44e0-b6a4-77c3d1fbb05e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32679", "type": "seen", "source": "https://t.me/cibsecurity/26058", "content": "\u203c CVE-2021-32679 \u203c\n\nNextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized into a `DownloadResponse`, this could be used to trick users into downloading malicious files with a benign file extension. This would show in UI behaviours where Nextcloud applications would display a benign file extension (e.g. JPEG), but the file will actually be downloaded with an executable file extension. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. Administrators of Nextcloud instances do not have a workaround available, but developers of Nextcloud apps may manually escape the file name before passing it into `DownloadResponse`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-12T16:17:55.000000Z"} https://vulnerability.circl.lu/sighting/a99d074e-9559-44e0-b6a4-77c3d1fbb05e/export Mon, 12 Jul 2021 16:17:55 +0000 0cdcf0f7-9f16-401c-adb9-477644e1214e https://vulnerability.circl.lu/sighting/0cdcf0f7-9f16-401c-adb9-477644e1214e/export {"uuid": "0cdcf0f7-9f16-401c-adb9-477644e1214e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32678", "type": "seen", "source": "https://t.me/cibsecurity/26059", "content": "\u203c CVE-2021-32678 \u203c\n\nNextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` annotation. Risk depends on the installed applications on the Nextcloud Server, but could range from bypassing authentication ratelimits or spamming other Nextcloud users. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. No workarounds aside from upgrading are known to exist.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-12T16:17:56.000000Z"} {"uuid": "0cdcf0f7-9f16-401c-adb9-477644e1214e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32678", "type": "seen", "source": "https://t.me/cibsecurity/26059", "content": "\u203c CVE-2021-32678 \u203c\n\nNextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` annotation. Risk depends on the installed applications on the Nextcloud Server, but could range from bypassing authentication ratelimits or spamming other Nextcloud users. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. No workarounds aside from upgrading are known to exist.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-12T16:17:56.000000Z"} https://vulnerability.circl.lu/sighting/0cdcf0f7-9f16-401c-adb9-477644e1214e/export Mon, 12 Jul 2021 16:17:56 +0000 c75a53ee-e575-4766-bc34-c040e164f72d https://vulnerability.circl.lu/sighting/c75a53ee-e575-4766-bc34-c040e164f72d/export {"uuid": "c75a53ee-e575-4766-bc34-c040e164f72d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32672", "type": "seen", "source": "https://t.me/cibsecurity/29910", "content": "\u203c CVE-2021-32672 \u203c\n\nRedis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger\u00e2\u20ac\u2122s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-04T22:24:21.000000Z"} {"uuid": "c75a53ee-e575-4766-bc34-c040e164f72d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32672", "type": "seen", "source": "https://t.me/cibsecurity/29910", "content": "\u203c CVE-2021-32672 \u203c\n\nRedis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger\u00e2\u20ac\u2122s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-04T22:24:21.000000Z"} https://vulnerability.circl.lu/sighting/c75a53ee-e575-4766-bc34-c040e164f72d/export Mon, 04 Oct 2021 22:24:21 +0000 bae78603-7a4e-4ddf-b7d1-f7e71e503016 https://vulnerability.circl.lu/sighting/bae78603-7a4e-4ddf-b7d1-f7e71e503016/export {"uuid": "bae78603-7a4e-4ddf-b7d1-f7e71e503016", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32675", "type": "seen", "source": "https://t.me/cibsecurity/29912", "content": "\u203c CVE-2021-32675 \u203c\n\nRedis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-04T22:24:26.000000Z"} {"uuid": "bae78603-7a4e-4ddf-b7d1-f7e71e503016", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32675", "type": "seen", "source": "https://t.me/cibsecurity/29912", "content": "\u203c CVE-2021-32675 \u203c\n\nRedis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-04T22:24:26.000000Z"} https://vulnerability.circl.lu/sighting/bae78603-7a4e-4ddf-b7d1-f7e71e503016/export Mon, 04 Oct 2021 22:24:26 +0000 11df4168-4e41-48ae-969b-4a4d708fc04e https://vulnerability.circl.lu/sighting/11df4168-4e41-48ae-969b-4a4d708fc04e/export {"uuid": "11df4168-4e41-48ae-969b-4a4d708fc04e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3267", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4473", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-3267\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2023-04-04T15:15:08.587\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://github.com/Kitesky/KiteCMS/issues/6\n2. https://github.com/Kitesky/KiteCMS/issues/6", "creation_timestamp": "2025-02-14T19:11:20.000000Z"} {"uuid": "11df4168-4e41-48ae-969b-4a4d708fc04e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3267", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4473", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-3267\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2023-04-04T15:15:08.587\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://github.com/Kitesky/KiteCMS/issues/6\n2. https://github.com/Kitesky/KiteCMS/issues/6", "creation_timestamp": "2025-02-14T19:11:20.000000Z"} https://vulnerability.circl.lu/sighting/11df4168-4e41-48ae-969b-4a4d708fc04e/export Fri, 14 Feb 2025 19:11:20 +0000 b73314b2-c6d4-435c-8124-e3b16d691767 https://vulnerability.circl.lu/sighting/b73314b2-c6d4-435c-8124-e3b16d691767/export {"uuid": "b73314b2-c6d4-435c-8124-e3b16d691767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3267", "type": "seen", "source": "Telegram/nSHBeXs4S0Xf8KI83_91XViUUWfpxPtR8uAu7jJTgGul4lxJ", "content": "", "creation_timestamp": "2025-02-18T21:11:32.000000Z"} {"uuid": "b73314b2-c6d4-435c-8124-e3b16d691767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3267", "type": "seen", "source": "Telegram/nSHBeXs4S0Xf8KI83_91XViUUWfpxPtR8uAu7jJTgGul4lxJ", "content": "", "creation_timestamp": "2025-02-18T21:11:32.000000Z"} https://vulnerability.circl.lu/sighting/b73314b2-c6d4-435c-8124-e3b16d691767/export Tue, 18 Feb 2025 21:11:32 +0000