https://db.gcve.eu/sightings/feed 2026-05-24T11:51:32.795944+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/c769f71c-d104-46d7-bfde-625b815f6346/export 2026-05-24T11:51:33.352111+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "c769f71c-d104-46d7-bfde-625b815f6346", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38619", "type": "seen", "source": "https://t.me/cibsecurity/27309", "content": "\u203c CVE-2021-38619 \u203c\n\nopenBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-13T18:41:19.000000Z"} 2021-08-13T18:41:19+00:00 https://db.gcve.eu/sighting/6e29ac19-a876-430f-a8e4-535da7397c27/export 2026-05-24T11:51:33.352061+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "6e29ac19-a876-430f-a8e4-535da7397c27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38613", "type": "seen", "source": "https://t.me/cibsecurity/27762", "content": "\u203c CVE-2021-38613 \u203c\n\nThe assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-24T16:23:17.000000Z"} 2021-08-24T16:23:17+00:00 https://db.gcve.eu/sighting/5aa83472-601f-4e09-b1fa-9c586b217d1c/export 2026-05-24T11:51:33.352008+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "5aa83472-601f-4e09-b1fa-9c586b217d1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38611", "type": "seen", "source": "https://t.me/cibsecurity/27766", "content": "\u203c CVE-2021-38611 \u203c\n\nA command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-24T16:23:25.000000Z"} 2021-08-24T16:23:25+00:00 https://db.gcve.eu/sighting/fd60a15b-bf64-41cc-913e-f6fc6741be90/export 2026-05-24T11:51:33.351958+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "fd60a15b-bf64-41cc-913e-f6fc6741be90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38612", "type": "seen", "source": "https://t.me/cibsecurity/27768", "content": "\u203c CVE-2021-38612 \u203c\n\nIn NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-24T16:23:29.000000Z"} 2021-08-24T16:23:29+00:00 https://db.gcve.eu/sighting/5fa02646-5f5c-4be8-9ec0-c8acb735d47d/export 2026-05-24T11:51:33.351902+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "5fa02646-5f5c-4be8-9ec0-c8acb735d47d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38615", "type": "seen", "source": "https://t.me/cibsecurity/28339", "content": "\u203c CVE-2021-38615 \u203c\n\nIn Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-07T16:17:24.000000Z"} 2021-09-07T16:17:24+00:00 https://db.gcve.eu/sighting/73a292b2-b659-4b1f-8df4-3aa0e79e4671/export 2026-05-24T11:51:33.351846+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "73a292b2-b659-4b1f-8df4-3aa0e79e4671", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38617", "type": "seen", "source": "https://t.me/cibsecurity/28346", "content": "\u203c CVE-2021-38617 \u203c\n\nIn Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-07T16:17:31.000000Z"} 2021-09-07T16:17:31+00:00 https://db.gcve.eu/sighting/6d73b8f5-80b4-4f6a-af0b-b4740ab5e66d/export 2026-05-24T11:51:33.351788+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "6d73b8f5-80b4-4f6a-af0b-b4740ab5e66d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38616", "type": "seen", "source": "https://t.me/cibsecurity/28347", "content": "\u203c CVE-2021-38616 \u203c\n\nIn Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-07T16:17:32.000000Z"} 2021-09-07T16:17:32+00:00 https://db.gcve.eu/sighting/a786f9ad-2445-4248-899e-58e2e48b159d/export 2026-05-24T11:51:33.351701+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "a786f9ad-2445-4248-899e-58e2e48b159d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38618", "type": "seen", "source": "https://t.me/cibsecurity/29928", "content": "\u203c CVE-2021-38618 \u203c\n\nIn GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-04T22:25:12.000000Z"} 2021-10-04T22:25:12+00:00 https://db.gcve.eu/sighting/15b2be9a-ec1a-49b1-911e-9a4fd0942974/export 2026-05-24T11:51:33.350429+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "15b2be9a-ec1a-49b1-911e-9a4fd0942974", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3861", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/36981", "content": "\u203c CVE-2021-3861 \u203c\n\nThe RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-08T00:35:45.000000Z"} 2022-02-08T00:35:45+00:00