https://db.gcve.eu/sightings/feedMost recent sightings.2026-06-12T13:55:14.725774+00:00Vulnerability-Lookupinfo@gcve.eupython-feedgenContains only the most 10 recent sightings.https://db.gcve.eu/sighting/18f68e31-9255-49fd-b5b5-33ba60c01425/export18f68e31-9255-49fd-b5b5-33ba60c014252026-06-12T13:55:15.100101+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "18f68e31-9255-49fd-b5b5-33ba60c01425", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43256", "type": "seen", "source": "https://t.me/cibsecurity/34022", "content": "\u203c CVE-2021-43256 \u203c\n\nMicrosoft Excel Remote Code Execution Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-15T18:14:37.000000Z"}2021-12-15T18:14:37+00:00https://db.gcve.eu/sighting/11b417ac-2075-4f79-b739-5bf9e0631b3a/export11b417ac-2075-4f79-b739-5bf9e0631b3a2026-06-12T13:55:15.100031+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "11b417ac-2075-4f79-b739-5bf9e0631b3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43257", "type": "seen", "source": "https://t.me/cibsecurity/40815", "content": "\u203c CVE-2021-43257 \u203c\n\nLack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-15T00:19:25.000000Z"}2022-04-15T00:19:25+00:00https://db.gcve.eu/sighting/0e362824-f6a6-4cbf-89b4-30b2cbea1b1d/export0e362824-f6a6-4cbf-89b4-30b2cbea1b1d2026-06-12T13:55:15.099963+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "0e362824-f6a6-4cbf-89b4-30b2cbea1b1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43258", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/churchinfo_upload_exec.rb", "content": "", "creation_timestamp": "2022-11-19T01:52:50.000000Z"}2022-11-19T01:52:50+00:00https://db.gcve.eu/sighting/85aa1795-8d09-4cf9-891e-d406d8b57903/export85aa1795-8d09-4cf9-891e-d406d8b579032026-06-12T13:55:15.099889+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "85aa1795-8d09-4cf9-891e-d406d8b57903", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43258", "type": "published-proof-of-concept", "source": "https://t.me/BugCod3/80", "content": "CVE-2021-43258\nChurchInfo 1.2.13-1.3.0 Remote Code Execution Exploit\n\n\ud83c\udf10Github\n\n#CVE #RemoteCode #Exploit #Php\n\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\n\ud83d\udc64 T.me/MRvirusIRBOT \n\ud83d\udce2 T.me/SashClient\n\ud83e\udea9 Https://discord.gg/UfFvDYBBMM \n\ud83c\udf10 Https://sash.mybin.ir", "creation_timestamp": "2023-02-01T02:24:05.000000Z"}2023-02-01T02:24:05+00:00https://db.gcve.eu/sighting/79ab2fef-3c42-40c1-827e-82b9b4e1a28f/export79ab2fef-3c42-40c1-827e-82b9b4e1a28f2026-06-12T13:55:15.099815+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "79ab2fef-3c42-40c1-827e-82b9b4e1a28f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4325", "type": "seen", "source": "https://t.me/cibsecurity/58657", "content": "\u203c CVE-2021-4325 \u203c\n\nA vulnerability, which was classified as problematic, has been found in NHN TOAST UI Chart 4.1.4. This issue affects some unknown processing of the component Legend Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.0 is able to address this issue. The name of the patch is 1a3f455d17df379e11b501bb5ba1dd1bcc41d63e. It is recommended to upgrade the affected component. The identifier VDB-221501 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-22T02:17:06.000000Z"}2023-02-22T02:17:06+00:00https://db.gcve.eu/sighting/79d207da-582b-4a21-ae75-22ae2ce6079c/export79d207da-582b-4a21-ae75-22ae2ce6079c2026-06-12T13:55:15.099742+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "79d207da-582b-4a21-ae75-22ae2ce6079c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43258", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}2025-02-06T03:13:45+00:00https://db.gcve.eu/sighting/14c87ec4-b987-4e59-91f1-5f0cd4474c59/export14c87ec4-b987-4e59-91f1-5f0cd4474c592026-06-12T13:55:15.099641+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "14c87ec4-b987-4e59-91f1-5f0cd4474c59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43258", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:41.000000Z"}2025-02-23T04:10:41+00:00https://db.gcve.eu/sighting/52622aac-b716-49af-a1c3-c84d99d7bb1e/export52622aac-b716-49af-a1c3-c84d99d7bb1e2026-06-12T13:55:15.098289+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "52622aac-b716-49af-a1c3-c84d99d7bb1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43258", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13746", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-43258\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.\n\ud83d\udccf Published: 2022-11-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-28T20:20:38.840Z\n\ud83d\udd17 References:\n1. http://www.churchdb.org/\n2. https://sourceforge.net/projects/churchinfo/files/\n3. https://github.com/rapid7/metasploit-framework/pull/17257", "creation_timestamp": "2025-04-28T21:11:10.000000Z"}2025-04-28T21:11:10+00:00