https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 06 May 2026 22:30:19 +0000 https://vulnerability.circl.lu/sighting/9624c8c5-a303-4535-ba5f-b699b5d497af/export {"uuid": "9624c8c5-a303-4535-ba5f-b699b5d497af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32788", "type": "seen", "source": "https://t.me/cibsecurity/26550", "content": "\u203c CVE-2021-32788 \u203c\n\nDiscourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-28T02:12:46.000000Z"} {"uuid": "9624c8c5-a303-4535-ba5f-b699b5d497af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32788", "type": "seen", "source": "https://t.me/cibsecurity/26550", "content": "\u203c CVE-2021-32788 \u203c\n\nDiscourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-28T02:12:46.000000Z"} https://vulnerability.circl.lu/sighting/9624c8c5-a303-4535-ba5f-b699b5d497af/export Wed, 28 Jul 2021 02:12:46 +0000 https://vulnerability.circl.lu/sighting/9e90aece-b991-473b-98f4-d15b46ede7f9/export {"uuid": "9e90aece-b991-473b-98f4-d15b46ede7f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32787", "type": "seen", "source": "https://t.me/cibsecurity/26720", "content": "\u203c CVE-2021-32787 \u203c\n\nSourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads and indexes. It is not possible to alter the information, nor interact with any other features in the site-admin area. The issue is patched in version 3.30.0, where the information cannot be accessed by unprivileged users. There are no workarounds aside from upgrading.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-03T02:27:50.000000Z"} {"uuid": "9e90aece-b991-473b-98f4-d15b46ede7f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32787", "type": "seen", "source": "https://t.me/cibsecurity/26720", "content": "\u203c CVE-2021-32787 \u203c\n\nSourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads and indexes. It is not possible to alter the information, nor interact with any other features in the site-admin area. The issue is patched in version 3.30.0, where the information cannot be accessed by unprivileged users. There are no workarounds aside from upgrading.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-03T02:27:50.000000Z"} https://vulnerability.circl.lu/sighting/9e90aece-b991-473b-98f4-d15b46ede7f9/export Tue, 03 Aug 2021 02:27:50 +0000 https://vulnerability.circl.lu/sighting/176046d2-5d76-4a39-874c-c5b88d8041a9/export {"uuid": "176046d2-5d76-4a39-874c-c5b88d8041a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32780", "type": "seen", "source": "https://t.me/cibsecurity/27849", "content": "\u203c CVE-2021-32780 \u203c\n\nEnvoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted **upstream** servers. Envoy versions 1.19.1, 1.18.4 contain fixes to stop processing of pending H/2 frames after connection transition to the CLOSED state.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-25T00:23:31.000000Z"} {"uuid": "176046d2-5d76-4a39-874c-c5b88d8041a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32780", "type": "seen", "source": "https://t.me/cibsecurity/27849", "content": "\u203c CVE-2021-32780 \u203c\n\nEnvoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted **upstream** servers. Envoy versions 1.19.1, 1.18.4 contain fixes to stop processing of pending H/2 frames after connection transition to the CLOSED state.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-25T00:23:31.000000Z"} https://vulnerability.circl.lu/sighting/176046d2-5d76-4a39-874c-c5b88d8041a9/export Wed, 25 Aug 2021 00:23:31 +0000 https://vulnerability.circl.lu/sighting/d2292bfa-821d-42dc-8f8b-dd4490d40894/export {"uuid": "d2292bfa-821d-42dc-8f8b-dd4490d40894", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32781", "type": "seen", "source": "https://t.me/cibsecurity/27850", "content": "\u203c CVE-2021-32781 \u203c\n\nEnvoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy's decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-25T00:23:32.000000Z"} {"uuid": "d2292bfa-821d-42dc-8f8b-dd4490d40894", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32781", "type": "seen", "source": "https://t.me/cibsecurity/27850", "content": "\u203c CVE-2021-32781 \u203c\n\nEnvoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy's decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-25T00:23:32.000000Z"} https://vulnerability.circl.lu/sighting/d2292bfa-821d-42dc-8f8b-dd4490d40894/export Wed, 25 Aug 2021 00:23:32 +0000 https://vulnerability.circl.lu/sighting/a36efb45-3f09-4335-887e-239da84ba9e7/export {"uuid": "a36efb45-3f09-4335-887e-239da84ba9e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32782", "type": "seen", "source": "https://t.me/cibsecurity/28398", "content": "\u203c CVE-2021-32782 \u203c\n\nNextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Circles application is upgraded to 0.21.3, 0.20.10 or 0.19.14 to resolve this issue. As a workaround users may use a browser that has support for Content-Security-Policy. A notable exemption is Internet Explorer which does not support CSP properly.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-08T00:23:00.000000Z"} {"uuid": "a36efb45-3f09-4335-887e-239da84ba9e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32782", "type": "seen", "source": "https://t.me/cibsecurity/28398", "content": "\u203c CVE-2021-32782 \u203c\n\nNextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Circles application is upgraded to 0.21.3, 0.20.10 or 0.19.14 to resolve this issue. As a workaround users may use a browser that has support for Content-Security-Policy. A notable exemption is Internet Explorer which does not support CSP properly.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-08T00:23:00.000000Z"} https://vulnerability.circl.lu/sighting/a36efb45-3f09-4335-887e-239da84ba9e7/export Wed, 08 Sep 2021 00:23:00 +0000 https://vulnerability.circl.lu/sighting/ad3f8cf2-4ca5-4f1e-bbb3-43577d251c4d/export {"uuid": "ad3f8cf2-4ca5-4f1e-bbb3-43577d251c4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32789", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4617", "content": "#exploit\nCVE-2021-32789:\nWooCommerce exploit\nhttps://github.com/andnorack/CVE-2021-32789", "creation_timestamp": "2021-10-28T11:07:01.000000Z"} {"uuid": "ad3f8cf2-4ca5-4f1e-bbb3-43577d251c4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32789", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4617", "content": "#exploit\nCVE-2021-32789:\nWooCommerce exploit\nhttps://github.com/andnorack/CVE-2021-32789", "creation_timestamp": "2021-10-28T11:07:01.000000Z"} https://vulnerability.circl.lu/sighting/ad3f8cf2-4ca5-4f1e-bbb3-43577d251c4d/export Thu, 28 Oct 2021 11:07:01 +0000 https://vulnerability.circl.lu/sighting/5c80bd7e-3c7e-4c2e-b05c-ddb0fa627e6b/export {"uuid": "5c80bd7e-3c7e-4c2e-b05c-ddb0fa627e6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32789", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-32789.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"} {"uuid": "5c80bd7e-3c7e-4c2e-b05c-ddb0fa627e6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32789", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-32789.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"} https://vulnerability.circl.lu/sighting/5c80bd7e-3c7e-4c2e-b05c-ddb0fa627e6b/export Thu, 27 Apr 2023 09:58:59 +0000 https://vulnerability.circl.lu/sighting/7ca059ac-b193-46b1-8ca9-a6bbd34fc484/export {"uuid": "7ca059ac-b193-46b1-8ca9-a6bbd34fc484", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32785", "type": "seen", "source": "Telegram/Hf_SunJuoYNf_bsQCJ20cuXyI7bzH8EMEXzusn30k3vpXeQ", "content": "", "creation_timestamp": "2024-10-15T10:14:15.000000Z"} {"uuid": "7ca059ac-b193-46b1-8ca9-a6bbd34fc484", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32785", "type": "seen", "source": "Telegram/Hf_SunJuoYNf_bsQCJ20cuXyI7bzH8EMEXzusn30k3vpXeQ", "content": "", "creation_timestamp": "2024-10-15T10:14:15.000000Z"} https://vulnerability.circl.lu/sighting/7ca059ac-b193-46b1-8ca9-a6bbd34fc484/export Tue, 15 Oct 2024 10:14:15 +0000 https://vulnerability.circl.lu/sighting/56a72464-bb2f-4dfc-9600-2e0342bed984/export {"uuid": "56a72464-bb2f-4dfc-9600-2e0342bed984", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32786", "type": "seen", "source": "Telegram/Hf_SunJuoYNf_bsQCJ20cuXyI7bzH8EMEXzusn30k3vpXeQ", "content": "", "creation_timestamp": "2024-10-15T10:14:15.000000Z"} {"uuid": "56a72464-bb2f-4dfc-9600-2e0342bed984", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32786", "type": "seen", "source": "Telegram/Hf_SunJuoYNf_bsQCJ20cuXyI7bzH8EMEXzusn30k3vpXeQ", "content": "", "creation_timestamp": "2024-10-15T10:14:15.000000Z"} https://vulnerability.circl.lu/sighting/56a72464-bb2f-4dfc-9600-2e0342bed984/export Tue, 15 Oct 2024 10:14:15 +0000 https://vulnerability.circl.lu/sighting/0e3a7fc7-9592-4087-8984-a154a74e67e8/export {"uuid": "0e3a7fc7-9592-4087-8984-a154a74e67e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32784", "type": "seen", "source": "https://gist.github.com/b0b0haha/3e0a988ffbf4047ad48b70a406cf6492", "content": "", "creation_timestamp": "2026-04-13T09:33:18.000000Z"} {"uuid": "0e3a7fc7-9592-4087-8984-a154a74e67e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32784", "type": "seen", "source": "https://gist.github.com/b0b0haha/3e0a988ffbf4047ad48b70a406cf6492", "content": "", "creation_timestamp": "2026-04-13T09:33:18.000000Z"} https://vulnerability.circl.lu/sighting/0e3a7fc7-9592-4087-8984-a154a74e67e8/export Mon, 13 Apr 2026 09:33:18 +0000