https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 19:21:04 +0000 https://vulnerability.circl.lu/sighting/62a45bc4-38e6-43f7-9220-6c8c68c4f19a/export {"uuid": "62a45bc4-38e6-43f7-9220-6c8c68c4f19a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37743", "type": "seen", "source": "https://t.me/cibsecurity/26610", "content": "\u203c CVE-2021-37743 \u203c\n\napp/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-30T18:21:21.000000Z"} {"uuid": "62a45bc4-38e6-43f7-9220-6c8c68c4f19a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37743", "type": "seen", "source": "https://t.me/cibsecurity/26610", "content": "\u203c CVE-2021-37743 \u203c\n\napp/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-30T18:21:21.000000Z"} https://vulnerability.circl.lu/sighting/62a45bc4-38e6-43f7-9220-6c8c68c4f19a/export Fri, 30 Jul 2021 18:21:21 +0000 https://vulnerability.circl.lu/sighting/fbfb7659-bf8a-4637-a05f-c5b8202b9874/export {"uuid": "fbfb7659-bf8a-4637-a05f-c5b8202b9874", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37746", "type": "seen", "source": "https://t.me/cibsecurity/26614", "content": "\u203c CVE-2021-37746 \u203c\n\ntextview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-30T18:21:25.000000Z"} {"uuid": "fbfb7659-bf8a-4637-a05f-c5b8202b9874", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37746", "type": "seen", "source": "https://t.me/cibsecurity/26614", "content": "\u203c CVE-2021-37746 \u203c\n\ntextview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-30T18:21:25.000000Z"} https://vulnerability.circl.lu/sighting/fbfb7659-bf8a-4637-a05f-c5b8202b9874/export Fri, 30 Jul 2021 18:21:25 +0000 https://vulnerability.circl.lu/sighting/4af2173a-96fe-42ac-8ba0-b7f8fd92ad9d/export {"uuid": "4af2173a-96fe-42ac-8ba0-b7f8fd92ad9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37749", "type": "seen", "source": "https://t.me/cibsecurity/27990", "content": "\u203c CVE-2021-37749 \u203c\n\nMapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows blind SQL Injection via the Id (within sourceItems) parameter to the GetMap method.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T07:31:51.000000Z"} {"uuid": "4af2173a-96fe-42ac-8ba0-b7f8fd92ad9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37749", "type": "seen", "source": "https://t.me/cibsecurity/27990", "content": "\u203c CVE-2021-37749 \u203c\n\nMapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows blind SQL Injection via the Id (within sourceItems) parameter to the GetMap method.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T07:31:51.000000Z"} https://vulnerability.circl.lu/sighting/4af2173a-96fe-42ac-8ba0-b7f8fd92ad9d/export Mon, 30 Aug 2021 07:31:51 +0000 https://vulnerability.circl.lu/sighting/57fca8aa-cb5f-497d-a266-a57ab01488f2/export {"uuid": "57fca8aa-cb5f-497d-a266-a57ab01488f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37741", "type": "seen", "source": "https://t.me/cibsecurity/29182", "content": "\u203c CVE-2021-37741 \u203c\n\nManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-21T16:27:52.000000Z"} {"uuid": "57fca8aa-cb5f-497d-a266-a57ab01488f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37741", "type": "seen", "source": "https://t.me/cibsecurity/29182", "content": "\u203c CVE-2021-37741 \u203c\n\nManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-21T16:27:52.000000Z"} https://vulnerability.circl.lu/sighting/57fca8aa-cb5f-497d-a266-a57ab01488f2/export Tue, 21 Sep 2021 16:27:52 +0000 https://vulnerability.circl.lu/sighting/9db3bc11-a33f-4e65-8c28-6b64b16793e5/export {"uuid": "9db3bc11-a33f-4e65-8c28-6b64b16793e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37748", "type": "seen", "source": "https://t.me/cibsecurity/31366", "content": "\u203c CVE-2021-37748 \u203c\n\nMultiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-28T16:23:14.000000Z"} {"uuid": "9db3bc11-a33f-4e65-8c28-6b64b16793e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37748", "type": "seen", "source": "https://t.me/cibsecurity/31366", "content": "\u203c CVE-2021-37748 \u203c\n\nMultiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-28T16:23:14.000000Z"} https://vulnerability.circl.lu/sighting/9db3bc11-a33f-4e65-8c28-6b64b16793e5/export Thu, 28 Oct 2021 16:23:14 +0000 https://vulnerability.circl.lu/sighting/962cba51-ce79-4ea5-8b2b-7ac6cc1b6eba/export {"uuid": "962cba51-ce79-4ea5-8b2b-7ac6cc1b6eba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37748", "type": "published-proof-of-concept", "source": "Telegram/sOfZ8THCb3p8hX66T35TvVl2N3UfkRp46p4RZ9gZSAbn6g", "content": "", "creation_timestamp": "2021-10-29T18:51:58.000000Z"} {"uuid": "962cba51-ce79-4ea5-8b2b-7ac6cc1b6eba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37748", "type": "published-proof-of-concept", "source": "Telegram/sOfZ8THCb3p8hX66T35TvVl2N3UfkRp46p4RZ9gZSAbn6g", "content": "", "creation_timestamp": "2021-10-29T18:51:58.000000Z"} https://vulnerability.circl.lu/sighting/962cba51-ce79-4ea5-8b2b-7ac6cc1b6eba/export Fri, 29 Oct 2021 18:51:58 +0000 https://vulnerability.circl.lu/sighting/20fa695b-e442-468c-a263-fd023fcd7764/export {"uuid": "20fa695b-e442-468c-a263-fd023fcd7764", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37740", "type": "seen", "source": "https://t.me/cibsecurity/41200", "content": "\u203c CVE-2021-37740 \u203c\n\nA denial of service vulnerability exists in MDT's firmware for the KNXnet/IP Secure router SCN-IP100.03 and KNX IP interface SCN-IP000.03 before v3.0.4, that allows a remote attacker to turn the device unresponsive to all requests on the KNXnet/IP Secure layer, until the device is rebooted, via a SESSION_REQUEST frame with a modified total length field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-21T00:25:55.000000Z"} {"uuid": "20fa695b-e442-468c-a263-fd023fcd7764", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37740", "type": "seen", "source": "https://t.me/cibsecurity/41200", "content": "\u203c CVE-2021-37740 \u203c\n\nA denial of service vulnerability exists in MDT's firmware for the KNXnet/IP Secure router SCN-IP100.03 and KNX IP interface SCN-IP000.03 before v3.0.4, that allows a remote attacker to turn the device unresponsive to all requests on the KNXnet/IP Secure layer, until the device is rebooted, via a SESSION_REQUEST frame with a modified total length field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-21T00:25:55.000000Z"} https://vulnerability.circl.lu/sighting/20fa695b-e442-468c-a263-fd023fcd7764/export Thu, 21 Apr 2022 00:25:55 +0000 https://vulnerability.circl.lu/sighting/ceb997cf-628b-46f1-9f67-bb00bfe1f28e/export {"uuid": "ceb997cf-628b-46f1-9f67-bb00bfe1f28e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37748", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4614", "content": "#exploit\n1. Exploiting Grandstream HT801 ATA\n(CVE-2021-37748, CVE-2021-37915)\nhttps://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915\n]-> PoC: https://github.com/SECFORCE/CVE-2021-37748\n\n2. Finding An Unauthenticated RCE in MovableType (CVE-2021-20837)\nhttps://nemesis.sh/posts/movable-type-0day\n]-> PoC: https://github.com/ghost-nemesis/cve-2021-20837-poc", "creation_timestamp": "2024-08-05T18:55:24.000000Z"} {"uuid": "ceb997cf-628b-46f1-9f67-bb00bfe1f28e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37748", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4614", "content": "#exploit\n1. Exploiting Grandstream HT801 ATA\n(CVE-2021-37748, CVE-2021-37915)\nhttps://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915\n]-> PoC: https://github.com/SECFORCE/CVE-2021-37748\n\n2. Finding An Unauthenticated RCE in MovableType (CVE-2021-20837)\nhttps://nemesis.sh/posts/movable-type-0day\n]-> PoC: https://github.com/ghost-nemesis/cve-2021-20837-poc", "creation_timestamp": "2024-08-05T18:55:24.000000Z"} https://vulnerability.circl.lu/sighting/ceb997cf-628b-46f1-9f67-bb00bfe1f28e/export Mon, 05 Aug 2024 18:55:24 +0000