https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 23:30:03 +0000 https://vulnerability.circl.lu/sighting/7e50f96c-ba16-423f-86aa-716a91ba9e38/export {"uuid": "7e50f96c-ba16-423f-86aa-716a91ba9e38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38157", "type": "seen", "source": "https://t.me/cibsecurity/26963", "content": "\u203c CVE-2021-38157 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-07T00:33:15.000000Z"} {"uuid": "7e50f96c-ba16-423f-86aa-716a91ba9e38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38157", "type": "seen", "source": "https://t.me/cibsecurity/26963", "content": "\u203c CVE-2021-38157 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-07T00:33:15.000000Z"} https://vulnerability.circl.lu/sighting/7e50f96c-ba16-423f-86aa-716a91ba9e38/export Sat, 07 Aug 2021 00:33:15 +0000 https://vulnerability.circl.lu/sighting/67c29030-6f59-4780-819f-3effc6c561b4/export {"uuid": "67c29030-6f59-4780-819f-3effc6c561b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38159", "type": "seen", "source": "https://t.me/cibsecurity/26967", "content": "\u203c CVE-2021-38159 \u203c\n\nIn certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or execute SQL statements that alter or delete database elements, via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8), 2019.1.7 (11.1.7), 2019.2.4 (11.2.4), 2020.0.7 (12.0.7), 2020.1.6 (12.1.6), and 2021.0.4 (13.0.4).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-07T20:34:33.000000Z"} {"uuid": "67c29030-6f59-4780-819f-3effc6c561b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38159", "type": "seen", "source": "https://t.me/cibsecurity/26967", "content": "\u203c CVE-2021-38159 \u203c\n\nIn certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or execute SQL statements that alter or delete database elements, via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8), 2019.1.7 (11.1.7), 2019.2.4 (11.2.4), 2020.0.7 (12.0.7), 2020.1.6 (12.1.6), and 2021.0.4 (13.0.4).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-07T20:34:33.000000Z"} https://vulnerability.circl.lu/sighting/67c29030-6f59-4780-819f-3effc6c561b4/export Sat, 07 Aug 2021 20:34:33 +0000 https://vulnerability.circl.lu/sighting/3a9dddf1-0797-4020-9123-179b005af360/export {"uuid": "3a9dddf1-0797-4020-9123-179b005af360", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38150", "type": "seen", "source": "https://t.me/cibsecurity/28807", "content": "\u203c CVE-2021-38150 \u203c\n\nWhen an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T16:22:04.000000Z"} {"uuid": "3a9dddf1-0797-4020-9123-179b005af360", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38150", "type": "seen", "source": "https://t.me/cibsecurity/28807", "content": "\u203c CVE-2021-38150 \u203c\n\nWhen an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T16:22:04.000000Z"} https://vulnerability.circl.lu/sighting/3a9dddf1-0797-4020-9123-179b005af360/export Tue, 14 Sep 2021 16:22:04 +0000 https://vulnerability.circl.lu/sighting/921fdfc7-2f2a-46ff-b6fe-2cce358717e3/export {"uuid": "921fdfc7-2f2a-46ff-b6fe-2cce358717e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38156", "type": "seen", "source": "https://t.me/cibsecurity/28907", "content": "\u203c CVE-2021-38156 \u203c\n\nIn Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T18:22:33.000000Z"} {"uuid": "921fdfc7-2f2a-46ff-b6fe-2cce358717e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38156", "type": "seen", "source": "https://t.me/cibsecurity/28907", "content": "\u203c CVE-2021-38156 \u203c\n\nIn Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T18:22:33.000000Z"} https://vulnerability.circl.lu/sighting/921fdfc7-2f2a-46ff-b6fe-2cce358717e3/export Wed, 15 Sep 2021 18:22:33 +0000 https://vulnerability.circl.lu/sighting/cb9f952b-7f61-495a-81a5-19d0042ce411/export {"uuid": "cb9f952b-7f61-495a-81a5-19d0042ce411", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/644", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC for exploiting CVE-2021-38156 : In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.\nURL\uff1ahttps://github.com/AIPOCAI/CVE-2021-39204", "creation_timestamp": "2021-10-05T12:34:09.000000Z"} {"uuid": "cb9f952b-7f61-495a-81a5-19d0042ce411", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/644", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC for exploiting CVE-2021-38156 : In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.\nURL\uff1ahttps://github.com/AIPOCAI/CVE-2021-39204", "creation_timestamp": "2021-10-05T12:34:09.000000Z"} https://vulnerability.circl.lu/sighting/cb9f952b-7f61-495a-81a5-19d0042ce411/export Tue, 05 Oct 2021 12:34:09 +0000 https://vulnerability.circl.lu/sighting/ca671249-1520-4caf-b68c-43c5078561ff/export {"uuid": "ca671249-1520-4caf-b68c-43c5078561ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/645", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC for exploiting CVE-2021-38156 : In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.\nURL\uff1ahttps://github.com/AKIA27TACKEDYE76PUGU/CVE-2021-39204", "creation_timestamp": "2021-10-05T13:51:13.000000Z"} {"uuid": "ca671249-1520-4caf-b68c-43c5078561ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/645", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC for exploiting CVE-2021-38156 : In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.\nURL\uff1ahttps://github.com/AKIA27TACKEDYE76PUGU/CVE-2021-39204", "creation_timestamp": "2021-10-05T13:51:13.000000Z"} https://vulnerability.circl.lu/sighting/ca671249-1520-4caf-b68c-43c5078561ff/export Tue, 05 Oct 2021 13:51:13 +0000 https://vulnerability.circl.lu/sighting/79ca4a8f-8dac-46b4-96c7-2be7c489231a/export {"uuid": "79ca4a8f-8dac-46b4-96c7-2be7c489231a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3815", "type": "seen", "source": "https://t.me/cibsecurity/33614", "content": "\u203c CVE-2021-3815 \u203c\n\nutils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-08T20:22:47.000000Z"} {"uuid": "79ca4a8f-8dac-46b4-96c7-2be7c489231a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3815", "type": "seen", "source": "https://t.me/cibsecurity/33614", "content": "\u203c CVE-2021-3815 \u203c\n\nutils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-08T20:22:47.000000Z"} https://vulnerability.circl.lu/sighting/79ca4a8f-8dac-46b4-96c7-2be7c489231a/export Wed, 08 Dec 2021 20:22:47 +0000 https://vulnerability.circl.lu/sighting/88e57af2-cd7e-4198-815c-89507bb91fe7/export {"uuid": "88e57af2-cd7e-4198-815c-89507bb91fe7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38159", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/49716", "content": "Palantir Public: SQL Injection at https://ift.tt/xHz9Lcb due to CVE-2021-38159\n\nhttps://ift.tt/LyudQ2n", "creation_timestamp": "2022-04-05T13:51:54.000000Z"} {"uuid": "88e57af2-cd7e-4198-815c-89507bb91fe7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38159", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/49716", "content": "Palantir Public: SQL Injection at https://ift.tt/xHz9Lcb due to CVE-2021-38159\n\nhttps://ift.tt/LyudQ2n", "creation_timestamp": "2022-04-05T13:51:54.000000Z"} https://vulnerability.circl.lu/sighting/88e57af2-cd7e-4198-815c-89507bb91fe7/export Tue, 05 Apr 2022 13:51:54 +0000 https://vulnerability.circl.lu/sighting/7ed13f30-1986-4849-8b43-ef7e039b01ae/export {"uuid": "7ed13f30-1986-4849-8b43-ef7e039b01ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38154", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-38154.yaml", "content": "", "creation_timestamp": "2025-10-10T10:51:44.000000Z"} {"uuid": "7ed13f30-1986-4849-8b43-ef7e039b01ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38154", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-38154.yaml", "content": "", "creation_timestamp": "2025-10-10T10:51:44.000000Z"} https://vulnerability.circl.lu/sighting/7ed13f30-1986-4849-8b43-ef7e039b01ae/export Fri, 10 Oct 2025 10:51:44 +0000 https://vulnerability.circl.lu/sighting/b5b002b9-70b9-4815-ad01-401d39c8584d/export {"uuid": "b5b002b9-70b9-4815-ad01-401d39c8584d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38154", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m2zlw2iwgd2n", "content": "", "creation_timestamp": "2025-10-12T21:02:31.314343Z"} {"uuid": "b5b002b9-70b9-4815-ad01-401d39c8584d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38154", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m2zlw2iwgd2n", "content": "", "creation_timestamp": "2025-10-12T21:02:31.314343Z"} https://vulnerability.circl.lu/sighting/b5b002b9-70b9-4815-ad01-401d39c8584d/export Sun, 12 Oct 2025 21:02:31 +0000