https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 09 May 2026 10:38:57 +0000 https://vulnerability.circl.lu/sighting/83bc9ee7-1573-4860-ad22-4a6b339b70a6/export {"uuid": "83bc9ee7-1573-4860-ad22-4a6b339b70a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41078", "type": "seen", "source": "https://t.me/cibsecurity/31213", "content": "\u203c CVE-2021-41078 \u203c\n\nNameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-26T16:15:03.000000Z"} {"uuid": "83bc9ee7-1573-4860-ad22-4a6b339b70a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41078", "type": "seen", "source": "https://t.me/cibsecurity/31213", "content": "\u203c CVE-2021-41078 \u203c\n\nNameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-26T16:15:03.000000Z"} https://vulnerability.circl.lu/sighting/83bc9ee7-1573-4860-ad22-4a6b339b70a6/export Tue, 26 Oct 2021 16:15:03 +0000 https://vulnerability.circl.lu/sighting/d2ed6c2a-4b5a-419d-be00-3813f93cd664/export {"uuid": "d2ed6c2a-4b5a-419d-be00-3813f93cd664", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4107", "type": "seen", "source": "https://t.me/cibsecurity/33938", "content": "\u203c CVE-2021-4107 \u203c\n\nyetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-14T18:15:27.000000Z"} {"uuid": "d2ed6c2a-4b5a-419d-be00-3813f93cd664", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4107", "type": "seen", "source": "https://t.me/cibsecurity/33938", "content": "\u203c CVE-2021-4107 \u203c\n\nyetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-14T18:15:27.000000Z"} https://vulnerability.circl.lu/sighting/d2ed6c2a-4b5a-419d-be00-3813f93cd664/export Tue, 14 Dec 2021 18:15:27 +0000 https://vulnerability.circl.lu/sighting/2b95d0d6-9313-4d9a-b478-6b59b23bacc9/export {"uuid": "2b95d0d6-9313-4d9a-b478-6b59b23bacc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/155", "content": "Exploiting CVE-2021-41073 in io_uring\n\nValentina Palmiotti published an excellent write-up about exploiting a type confusion in io_uring to gain root privileges.\n\nThis bug allows freeing arbitrary slab allocations from the kmalloc-32 cache.\n\nValentina described how she constructed these exploit primitives:\n\n\u2714\ufe0f UAF in kmalloc-32\n\u2714\ufe0f Kernel heap info-leak\n\u2714\ufe0f Control flow hijacking\n\u2714\ufe0f Illegal privilege escalation\n\nThe researcher also described her experience with responsible disclosure.", "creation_timestamp": "2022-03-09T18:56:10.000000Z"} {"uuid": "2b95d0d6-9313-4d9a-b478-6b59b23bacc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/155", "content": "Exploiting CVE-2021-41073 in io_uring\n\nValentina Palmiotti published an excellent write-up about exploiting a type confusion in io_uring to gain root privileges.\n\nThis bug allows freeing arbitrary slab allocations from the kmalloc-32 cache.\n\nValentina described how she constructed these exploit primitives:\n\n\u2714\ufe0f UAF in kmalloc-32\n\u2714\ufe0f Kernel heap info-leak\n\u2714\ufe0f Control flow hijacking\n\u2714\ufe0f Illegal privilege escalation\n\nThe researcher also described her experience with responsible disclosure.", "creation_timestamp": "2022-03-09T18:56:10.000000Z"} https://vulnerability.circl.lu/sighting/2b95d0d6-9313-4d9a-b478-6b59b23bacc9/export Wed, 09 Mar 2022 18:56:10 +0000 https://vulnerability.circl.lu/sighting/746a50bd-4a7b-4c5d-b7dd-ea3252644fda/export {"uuid": "746a50bd-4a7b-4c5d-b7dd-ea3252644fda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1886", "content": "#exploit\nCVE-2021-41073:\nType confusion in Linux io_uring\nhttps://gist.github.com/QiuhaoLi/d66b0ff2aa5058bd007a3f6c61d29b6e\n\n@BlueRedTeam", "creation_timestamp": "2022-04-03T10:37:21.000000Z"} {"uuid": "746a50bd-4a7b-4c5d-b7dd-ea3252644fda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1886", "content": "#exploit\nCVE-2021-41073:\nType confusion in Linux io_uring\nhttps://gist.github.com/QiuhaoLi/d66b0ff2aa5058bd007a3f6c61d29b6e\n\n@BlueRedTeam", "creation_timestamp": "2022-04-03T10:37:21.000000Z"} https://vulnerability.circl.lu/sighting/746a50bd-4a7b-4c5d-b7dd-ea3252644fda/export Sun, 03 Apr 2022 10:37:21 +0000 https://vulnerability.circl.lu/sighting/a0603d55-d5ca-4ded-9bff-4591660e9728/export {"uuid": "a0603d55-d5ca-4ded-9bff-4591660e9728", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5733", "content": "#exploit\nCVE-2021-41073:\nType confusion in Linux io_uring\nhttps://gist.github.com/QiuhaoLi/d66b0ff2aa5058bd007a3f6c61d29b6e", "creation_timestamp": "2022-04-03T13:37:01.000000Z"} {"uuid": "a0603d55-d5ca-4ded-9bff-4591660e9728", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5733", "content": "#exploit\nCVE-2021-41073:\nType confusion in Linux io_uring\nhttps://gist.github.com/QiuhaoLi/d66b0ff2aa5058bd007a3f6c61d29b6e", "creation_timestamp": "2022-04-03T13:37:01.000000Z"} https://vulnerability.circl.lu/sighting/a0603d55-d5ca-4ded-9bff-4591660e9728/export Sun, 03 Apr 2022 13:37:01 +0000 https://vulnerability.circl.lu/sighting/44c1b2c2-3c8c-4ff5-86a4-466acacb55e5/export {"uuid": "44c1b2c2-3c8c-4ff5-86a4-466acacb55e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/173", "content": "io_uring - new code, new bugs, and a new exploit technique\n\nLam Jun Rong published an article that covers analyzing and exploiting CVE-2021-41073, an invalid-free vulnerability in the io_uring subsystem.\n\nThis vulnerability has previously been exploited by Valentina Palmiotti, but that exploit relied on eBPF. The new exploit targets Ubuntu 21.10, where eBPF is not available to unprivileged users.", "creation_timestamp": "2022-07-04T10:47:21.000000Z"} {"uuid": "44c1b2c2-3c8c-4ff5-86a4-466acacb55e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/173", "content": "io_uring - new code, new bugs, and a new exploit technique\n\nLam Jun Rong published an article that covers analyzing and exploiting CVE-2021-41073, an invalid-free vulnerability in the io_uring subsystem.\n\nThis vulnerability has previously been exploited by Valentina Palmiotti, but that exploit relied on eBPF. The new exploit targets Ubuntu 21.10, where eBPF is not available to unprivileged users.", "creation_timestamp": "2022-07-04T10:47:21.000000Z"} https://vulnerability.circl.lu/sighting/44c1b2c2-3c8c-4ff5-86a4-466acacb55e5/export Mon, 04 Jul 2022 10:47:21 +0000 https://vulnerability.circl.lu/sighting/708f4279-8ef0-4653-8f23-6c6673746de0/export {"uuid": "708f4279-8ef0-4653-8f23-6c6673746de0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1427", "content": "kernel-linux-factory\n*\n\u0423\u0434\u043e\u0431\u043d\u043e \u0442\u0435\u043c, \u0447\u0442\u043e \u043d\u0435 \u043d\u0443\u0436\u043d\u043e \u043a\u043e\u043c\u043f\u0438\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u043b\u0438 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0442\u044c \u0441\u0440\u0435\u0434\u0443, \u0433\u043b\u044f\u043d\u0443\u043b \u043a\u0430\u043a\u043e\u0435 \u044f\u0434\u0440\u043e, \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u043b \u0441\u043f\u043b\u043e\u0435\u0442, \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u043f\u043e \u043c\u043e\u0440\u0434\u0435 #root\n*\n\u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 exploits \u0434\u043b\u044f:\nCVE-2016-9793\n4-20-BPF-integer\nCVE-2017-5123\nCVE-2017-6074\nCVE-2017-7308\nCVE-2017-8890\nCVE-2017-11176\nCVE-2017-16995\nCVE-2017-1000112\nCVE-2018-5333\nCVE-2019-9213 & CVE-2019-8956\nCVE-2019-15666\nCVE-2020-8835\nCVE-2020-27194\nCVE-2021-3156\nCVE-2021-31440\nCVE-2021-3490\nCVE-2021-22555\nCVE-2021-41073\nCVE-2021-4154\nCVE-2021-42008\nCVE-2021-43267\nCVE-2022-0185\nCVE-2022-0847\nCVE-2022-0995\nCVE-2022-1015\nCVE-2022-2588\nCVE-2022-2639\nCVE-2022-25636\nCVE-2022-27666\nCVE-2022-32250\nCVE-2022-34918\n\ndownload\n\n#linux #exploits #kernel", "creation_timestamp": "2023-03-23T06:30:43.000000Z"} {"uuid": "708f4279-8ef0-4653-8f23-6c6673746de0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1427", "content": "kernel-linux-factory\n*\n\u0423\u0434\u043e\u0431\u043d\u043e \u0442\u0435\u043c, \u0447\u0442\u043e \u043d\u0435 \u043d\u0443\u0436\u043d\u043e \u043a\u043e\u043c\u043f\u0438\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u043b\u0438 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0442\u044c \u0441\u0440\u0435\u0434\u0443, \u0433\u043b\u044f\u043d\u0443\u043b \u043a\u0430\u043a\u043e\u0435 \u044f\u0434\u0440\u043e, \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u043b \u0441\u043f\u043b\u043e\u0435\u0442, \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u043f\u043e \u043c\u043e\u0440\u0434\u0435 #root\n*\n\u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 exploits \u0434\u043b\u044f:\nCVE-2016-9793\n4-20-BPF-integer\nCVE-2017-5123\nCVE-2017-6074\nCVE-2017-7308\nCVE-2017-8890\nCVE-2017-11176\nCVE-2017-16995\nCVE-2017-1000112\nCVE-2018-5333\nCVE-2019-9213 & CVE-2019-8956\nCVE-2019-15666\nCVE-2020-8835\nCVE-2020-27194\nCVE-2021-3156\nCVE-2021-31440\nCVE-2021-3490\nCVE-2021-22555\nCVE-2021-41073\nCVE-2021-4154\nCVE-2021-42008\nCVE-2021-43267\nCVE-2022-0185\nCVE-2022-0847\nCVE-2022-0995\nCVE-2022-1015\nCVE-2022-2588\nCVE-2022-2639\nCVE-2022-25636\nCVE-2022-27666\nCVE-2022-32250\nCVE-2022-34918\n\ndownload\n\n#linux #exploits #kernel", "creation_timestamp": "2023-03-23T06:30:43.000000Z"} https://vulnerability.circl.lu/sighting/708f4279-8ef0-4653-8f23-6c6673746de0/export Thu, 23 Mar 2023 06:30:43 +0000 https://vulnerability.circl.lu/sighting/5339eb2f-8aed-42f7-a98b-ec343af48539/export {"uuid": "5339eb2f-8aed-42f7-a98b-ec343af48539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "seen", "source": "Telegram/TXmZ8EBGvdc4uufvEqu6hfgyjEc7K_gjD1Jpp8Uzvu6-KK0", "content": "", "creation_timestamp": "2023-03-23T09:18:19.000000Z"} {"uuid": "5339eb2f-8aed-42f7-a98b-ec343af48539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "seen", "source": "Telegram/TXmZ8EBGvdc4uufvEqu6hfgyjEc7K_gjD1Jpp8Uzvu6-KK0", "content": "", "creation_timestamp": "2023-03-23T09:18:19.000000Z"} https://vulnerability.circl.lu/sighting/5339eb2f-8aed-42f7-a98b-ec343af48539/export Thu, 23 Mar 2023 09:18:19 +0000 https://vulnerability.circl.lu/sighting/5f1a7045-5f85-4977-b5ce-7859a490d7ce/export {"uuid": "5f1a7045-5f85-4977-b5ce-7859a490d7ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41072", "type": "seen", "source": "https://t.me/arpsyndicate/2849", "content": "#ExploitObserverAlert\n\nCVE-2021-41072\n\nDESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2021-41072. squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.\n\nFIRST-EPSS: 0.002930000\nNVD-IS: 5.2\nNVD-ES: 2.8", "creation_timestamp": "2024-01-16T12:24:04.000000Z"} {"uuid": "5f1a7045-5f85-4977-b5ce-7859a490d7ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41072", "type": "seen", "source": "https://t.me/arpsyndicate/2849", "content": "#ExploitObserverAlert\n\nCVE-2021-41072\n\nDESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2021-41072. squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.\n\nFIRST-EPSS: 0.002930000\nNVD-IS: 5.2\nNVD-ES: 2.8", "creation_timestamp": "2024-01-16T12:24:04.000000Z"} https://vulnerability.circl.lu/sighting/5f1a7045-5f85-4977-b5ce-7859a490d7ce/export Tue, 16 Jan 2024 12:24:04 +0000 https://vulnerability.circl.lu/sighting/f90ef69f-df43-413b-adb8-f17da0482355/export {"uuid": "f90ef69f-df43-413b-adb8-f17da0482355", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41074", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mcfxrjmh3a2t", "content": "", "creation_timestamp": "2026-01-14T21:03:04.427968Z"} {"uuid": "f90ef69f-df43-413b-adb8-f17da0482355", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41074", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mcfxrjmh3a2t", "content": "", "creation_timestamp": "2026-01-14T21:03:04.427968Z"} https://vulnerability.circl.lu/sighting/f90ef69f-df43-413b-adb8-f17da0482355/export Wed, 14 Jan 2026 21:03:04 +0000