https://db.gcve.eu/sightings/feed 2026-05-14T22:57:37.064043+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/bab320fc-6578-4ff8-98bb-4c0193809717/export 2026-05-14T22:57:37.406802+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "bab320fc-6578-4ff8-98bb-4c0193809717", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24741", "type": "seen", "source": "https://t.me/cibsecurity/29082", "content": "\u203c CVE-2021-24741 \u203c\n\nThe Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-20T14:26:44.000000Z"} 2021-09-20T14:26:44+00:00 https://db.gcve.eu/sighting/61d7967a-e906-43bc-b43c-995f7fd17155/export 2026-05-14T22:57:37.406745+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "61d7967a-e906-43bc-b43c-995f7fd17155", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24741", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/609", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aA Vagrant VM test lab to learn about CVE-2021-38647 in the Open Management Infrastructure agent (aka \\\"omigod\\\").\nURL\uff1ahttps://github.com/itsjeffersonli/CVE-2021-24741", "creation_timestamp": "2021-09-27T16:57:28.000000Z"} 2021-09-27T16:57:28+00:00 https://db.gcve.eu/sighting/3532fbb1-4607-4908-ac2a-eefccfff5117/export 2026-05-14T22:57:37.406683+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "3532fbb1-4607-4908-ac2a-eefccfff5117", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-2474", "type": "seen", "source": "https://t.me/cibsecurity/30870", "content": "\u203c CVE-2021-2474 \u203c\n\nVulnerability in the Oracle Web Analytics product of Oracle E-Business Suite (component: Admin). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Web Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Web Analytics accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-20T14:41:17.000000Z"} 2021-10-20T14:41:17+00:00 https://db.gcve.eu/sighting/c57845fd-5418-4def-8ec2-3f2c70bf0e45/export 2026-05-14T22:57:37.406618+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "c57845fd-5418-4def-8ec2-3f2c70bf0e45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24744", "type": "seen", "source": "https://t.me/cibsecurity/31139", "content": "\u203c CVE-2021-24744 \u203c\n\nThe WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-25T18:23:25.000000Z"} 2021-10-25T18:23:25+00:00 https://db.gcve.eu/sighting/46110cc7-e34b-4705-8292-e8bdf412504e/export 2026-05-14T22:57:37.406554+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "46110cc7-e34b-4705-8292-e8bdf412504e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24742", "type": "seen", "source": "https://t.me/cibsecurity/31522", "content": "\u203c CVE-2021-24742 \u203c\n\nThe Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-01T11:20:58.000000Z"} 2021-11-01T11:20:58+00:00 https://db.gcve.eu/sighting/6d6aaee2-78d7-413c-a703-da34e501fad5/export 2026-05-14T22:57:37.406493+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "6d6aaee2-78d7-413c-a703-da34e501fad5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24749", "type": "seen", "source": "https://t.me/cibsecurity/33019", "content": "\u203c CVE-2021-24749 \u203c\n\nThe URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-29T12:33:11.000000Z"} 2021-11-29T12:33:11+00:00 https://db.gcve.eu/sighting/cb6dc1e0-2776-4cce-98d9-cd1b6db14f30/export 2026-05-14T22:57:37.406425+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "cb6dc1e0-2776-4cce-98d9-cd1b6db14f30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24745", "type": "seen", "source": "https://t.me/cibsecurity/33029", "content": "\u203c CVE-2021-24745 \u203c\n\nThe About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-29T12:33:27.000000Z"} 2021-11-29T12:33:27+00:00 https://db.gcve.eu/sighting/17041cfe-3121-437f-8e57-cdebd25c9637/export 2026-05-14T22:57:37.406316+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "17041cfe-3121-437f-8e57-cdebd25c9637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24747", "type": "seen", "source": "https://t.me/cibsecurity/33811", "content": "\u203c CVE-2021-24747 \u203c\n\nThe SEO Booster WordPress plugin through 3.7 allows for authenticated SQL injection via the \"fn_my_ajaxified_dataloader_ajax\" AJAX request as the $_REQUEST['order'][0]['dir'] parameter is not properly escaped leading to blind and error-based SQL injections.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T14:24:08.000000Z"} 2021-12-13T14:24:08+00:00 https://db.gcve.eu/sighting/095d4f08-6223-489f-a056-6ffdd3dfad82/export 2026-05-14T22:57:37.402363+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "095d4f08-6223-489f-a056-6ffdd3dfad82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24746", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24746.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"} 2023-04-27T09:58:59+00:00