https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 24 May 2026 23:00:21 +0000 https://db.gcve.eu/sighting/4c7ab79b-88f6-4613-97eb-8d6c8ff20a31/export {"uuid": "4c7ab79b-88f6-4613-97eb-8d6c8ff20a31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40350", "type": "seen", "source": "https://t.me/cibsecurity/28178", "content": "\u203c CVE-2021-40350 \u203c\n\nwebctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the device does not validate.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-01T18:40:59.000000Z"} {"uuid": "4c7ab79b-88f6-4613-97eb-8d6c8ff20a31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40350", "type": "seen", "source": "https://t.me/cibsecurity/28178", "content": "\u203c CVE-2021-40350 \u203c\n\nwebctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the device does not validate.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-01T18:40:59.000000Z"} https://db.gcve.eu/sighting/4c7ab79b-88f6-4613-97eb-8d6c8ff20a31/export Wed, 01 Sep 2021 18:40:59 +0000 https://db.gcve.eu/sighting/f1ef3743-f8c4-42d5-82da-30e5b44469d2/export {"uuid": "f1ef3743-f8c4-42d5-82da-30e5b44469d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40356", "type": "seen", "source": "https://t.me/cibsecurity/28777", "content": "\u203c CVE-2021-40356 \u203c\n\nA vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T14:20:57.000000Z"} {"uuid": "f1ef3743-f8c4-42d5-82da-30e5b44469d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40356", "type": "seen", "source": "https://t.me/cibsecurity/28777", "content": "\u203c CVE-2021-40356 \u203c\n\nA vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T14:20:57.000000Z"} https://db.gcve.eu/sighting/f1ef3743-f8c4-42d5-82da-30e5b44469d2/export Tue, 14 Sep 2021 14:20:57 +0000 https://db.gcve.eu/sighting/be973ba4-0845-4817-b213-612f2a2c48f9/export {"uuid": "be973ba4-0845-4817-b213-612f2a2c48f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40357", "type": "seen", "source": "https://t.me/cibsecurity/28786", "content": "\u203c CVE-2021-40357 \u203c\n\nA vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All versions < V5.1.5), Teamcenter Active Workspace V5.2 (All versions < V5.2.1). A path traversal vulnerability in the application could allow an attacker to bypass certain restrictions such as direct access to other services within the host.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T14:21:09.000000Z"} {"uuid": "be973ba4-0845-4817-b213-612f2a2c48f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40357", "type": "seen", "source": "https://t.me/cibsecurity/28786", "content": "\u203c CVE-2021-40357 \u203c\n\nA vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All versions < V5.1.5), Teamcenter Active Workspace V5.2 (All versions < V5.2.1). A path traversal vulnerability in the application could allow an attacker to bypass certain restrictions such as direct access to other services within the host.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T14:21:09.000000Z"} https://db.gcve.eu/sighting/be973ba4-0845-4817-b213-612f2a2c48f9/export Tue, 14 Sep 2021 14:21:09 +0000 https://db.gcve.eu/sighting/dda78409-e9c5-4dd8-94b5-f868b709b87d/export {"uuid": "dda78409-e9c5-4dd8-94b5-f868b709b87d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40353", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/186", "content": "Latest Vulnerabilities and Exploits\n\nCVE-2021-3449 OpenSSL denial-of-service exploit\nhttps://github.com/terorie/cve-2021-3449\n\nProxyToken\nhttps://github.com/bhdresh/CVE-2021-33766-ProxyToken\n\nCVES Xstream-1.4.17\nhttps://github.com/zwjjustdoit/Xstream-1.4.17\n\nCVE-2021-36934/HiveNightmare/SeriousSAM\nhttps://github.com/cube0x0/CVE-2021-36934\n\nHow to exploit a vulnerable windows driver Exploit for AsrDrv104 sys\nhttps://github.com/stong/CVE-2020-15368\n\nCVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel\nhttps://github.com/0vercl0k/CVE-2021-32537\n\nCVE-2021-28476 a guest-to-host \"Hyper-V Remote Code Execution Vulnerability\" in vmswitch sys\nhttps://github.com/0vercl0k/CVE-2021-28476\n\nCVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit\nhttps://github.com/klezVirus/CVE-2021-40444\n\nExploit Accsess network clients by sending packets in wirless TP-LINK and preparing for a mitm attack\nhttps://github.com/lhashashinl/CVE-2021-37152\n\nProof on Concept Exploit for CVE-2021-38647 (OMIGOD)\nhttps://github.com/horizon3ai/CVE-2021-38647\n\nProof of Concept Exploit for vCenter CVE-2021-21972\nhttps://github.com/horizon3ai/CVE-2021-21972\n\nProof-of-Concept (PoC) script to exploit Pulse Secure CVE-2021-22893\nhttps://github.com/ZephrFish/CVE-2021-22893\n\nCVE-2021-33766 (ProxyToken)\nhttps://github.com/demossl/CVE-2021-33766-ProxyToken\n\nCVE-2021-2456\nhttps://github.com/peterjson31337/CVE-2021-2456\n\nCVE-2021-38647 POC for RCE\nhttps://github.com/midoxnet/CVE-2021-38647\n\nCVE-2021-26084 (PoC) | Confluence Server Webwork OGNL injection\nhttps://github.com/alt3kx/CVE-2021-26084_PoC\nhttps://github.com/r0ckysec/CVE-2021-26084_Confluence\nhttps://github.com/march0s1as/CVE-2021-26084\n\n\nCVE-2021-21551 Dell Driver EoP\nhttps://github.com/ihack4falafel/Dell-Driver-EoP-CVE-2021-21551\n\nA basic PoC leak for CVE-2021-28663 (Internal of the Android kernel backdoor vulnerability)\nhttps://github.com/lntrx/CVE-2021-28663\n\nCVE-2021-40353 openSIS 8.0 SQL Injection\nhttps://github.com/5qu1n7/CVE-2021-40353\n\nCVE-2021-28476 Ubuntu 20.04\nhttps://github.com/sh4m2hwz/CVE-2021-28476-tools-env\n\nmy exp for chrome V8 CVE-2021-30551\nhttps://github.com/xmzyshypnc/CVE-2021-30551\n\nPOC of CVE-2021-2394\nhttps://github.com/lz2y/CVE-2021-2394\n\nWordPress Backup Guard Authenticated Remote Code Execution Exploit\nhttps://github.com/0dayNinja/CVE-2021-24155.rb\n\nExploit code for CVE-2021-33909,Just a dump of removed\nhttps://github.com/bbinfosec43/CVE-2021-33909", "creation_timestamp": "2021-09-18T23:06:09.000000Z"} {"uuid": "dda78409-e9c5-4dd8-94b5-f868b709b87d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40353", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/186", "content": "Latest Vulnerabilities and Exploits\n\nCVE-2021-3449 OpenSSL denial-of-service exploit\nhttps://github.com/terorie/cve-2021-3449\n\nProxyToken\nhttps://github.com/bhdresh/CVE-2021-33766-ProxyToken\n\nCVES Xstream-1.4.17\nhttps://github.com/zwjjustdoit/Xstream-1.4.17\n\nCVE-2021-36934/HiveNightmare/SeriousSAM\nhttps://github.com/cube0x0/CVE-2021-36934\n\nHow to exploit a vulnerable windows driver Exploit for AsrDrv104 sys\nhttps://github.com/stong/CVE-2020-15368\n\nCVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel\nhttps://github.com/0vercl0k/CVE-2021-32537\n\nCVE-2021-28476 a guest-to-host \"Hyper-V Remote Code Execution Vulnerability\" in vmswitch sys\nhttps://github.com/0vercl0k/CVE-2021-28476\n\nCVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit\nhttps://github.com/klezVirus/CVE-2021-40444\n\nExploit Accsess network clients by sending packets in wirless TP-LINK and preparing for a mitm attack\nhttps://github.com/lhashashinl/CVE-2021-37152\n\nProof on Concept Exploit for CVE-2021-38647 (OMIGOD)\nhttps://github.com/horizon3ai/CVE-2021-38647\n\nProof of Concept Exploit for vCenter CVE-2021-21972\nhttps://github.com/horizon3ai/CVE-2021-21972\n\nProof-of-Concept (PoC) script to exploit Pulse Secure CVE-2021-22893\nhttps://github.com/ZephrFish/CVE-2021-22893\n\nCVE-2021-33766 (ProxyToken)\nhttps://github.com/demossl/CVE-2021-33766-ProxyToken\n\nCVE-2021-2456\nhttps://github.com/peterjson31337/CVE-2021-2456\n\nCVE-2021-38647 POC for RCE\nhttps://github.com/midoxnet/CVE-2021-38647\n\nCVE-2021-26084 (PoC) | Confluence Server Webwork OGNL injection\nhttps://github.com/alt3kx/CVE-2021-26084_PoC\nhttps://github.com/r0ckysec/CVE-2021-26084_Confluence\nhttps://github.com/march0s1as/CVE-2021-26084\n\n\nCVE-2021-21551 Dell Driver EoP\nhttps://github.com/ihack4falafel/Dell-Driver-EoP-CVE-2021-21551\n\nA basic PoC leak for CVE-2021-28663 (Internal of the Android kernel backdoor vulnerability)\nhttps://github.com/lntrx/CVE-2021-28663\n\nCVE-2021-40353 openSIS 8.0 SQL Injection\nhttps://github.com/5qu1n7/CVE-2021-40353\n\nCVE-2021-28476 Ubuntu 20.04\nhttps://github.com/sh4m2hwz/CVE-2021-28476-tools-env\n\nmy exp for chrome V8 CVE-2021-30551\nhttps://github.com/xmzyshypnc/CVE-2021-30551\n\nPOC of CVE-2021-2394\nhttps://github.com/lz2y/CVE-2021-2394\n\nWordPress Backup Guard Authenticated Remote Code Execution Exploit\nhttps://github.com/0dayNinja/CVE-2021-24155.rb\n\nExploit code for CVE-2021-33909,Just a dump of removed\nhttps://github.com/bbinfosec43/CVE-2021-33909", "creation_timestamp": "2021-09-18T23:06:09.000000Z"} https://db.gcve.eu/sighting/dda78409-e9c5-4dd8-94b5-f868b709b87d/export Sat, 18 Sep 2021 23:06:09 +0000 https://db.gcve.eu/sighting/49b6c259-75df-4c86-81e6-3322a70a4186/export {"uuid": "49b6c259-75df-4c86-81e6-3322a70a4186", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40352", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/840", "content": "Fabasoft Cloud Website XSS\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=IqMVpN\nTelegram Desktop 2.9.2 \u62d2\u7d55\u670d\u52d9\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=oCGAFS\nWordPress Plugin Payments Plugin&GetPaid 2.4.6 HTML\u6ce8\u5165\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=nmKPJY\nCVE-2021-40352 OpenEMR 6.0.0 \u4e0d\u5b89\u5168\u7684\u76f4\u63a5\u5c0d\u8c61\u5f15\u7528\nhttps://short.pwnwiki.org/?c=qyNCzS\nCiclope SQL\u6ce8\u5165\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=S4atKH\nCREFONO 8 SQL\u6ce8\u5165\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=GDFZKn\nBank of Saint Lucia SQL\u6ce8\u5165\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=on3IV3\nCVE-2021-39279&CVE-2021-39278&CVE-2015-0235&CVE-2013-1914 Moxa \u547d\u4ee4\u6ce8\u5165&XSS\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=g3rHRb\nFillip Technologies SQL\u6ce8\u5165\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=fwCNnF", "creation_timestamp": "2021-09-21T04:41:53.000000Z"} {"uuid": "49b6c259-75df-4c86-81e6-3322a70a4186", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40352", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/840", "content": "Fabasoft Cloud Website XSS\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=IqMVpN\nTelegram Desktop 2.9.2 \u62d2\u7d55\u670d\u52d9\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=oCGAFS\nWordPress Plugin Payments Plugin&GetPaid 2.4.6 HTML\u6ce8\u5165\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=nmKPJY\nCVE-2021-40352 OpenEMR 6.0.0 \u4e0d\u5b89\u5168\u7684\u76f4\u63a5\u5c0d\u8c61\u5f15\u7528\nhttps://short.pwnwiki.org/?c=qyNCzS\nCiclope SQL\u6ce8\u5165\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=S4atKH\nCREFONO 8 SQL\u6ce8\u5165\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=GDFZKn\nBank of Saint Lucia SQL\u6ce8\u5165\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=on3IV3\nCVE-2021-39279&CVE-2021-39278&CVE-2015-0235&CVE-2013-1914 Moxa \u547d\u4ee4\u6ce8\u5165&XSS\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=g3rHRb\nFillip Technologies SQL\u6ce8\u5165\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=fwCNnF", "creation_timestamp": "2021-09-21T04:41:53.000000Z"} https://db.gcve.eu/sighting/49b6c259-75df-4c86-81e6-3322a70a4186/export Tue, 21 Sep 2021 04:41:53 +0000 https://db.gcve.eu/sighting/1f2711fd-38bc-4672-b794-7bc721ea4dd4/export {"uuid": "1f2711fd-38bc-4672-b794-7bc721ea4dd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40353", "type": "published-proof-of-concept", "source": "https://t.me/cyber0iq/18", "content": "Latest Vulnerabilities and Exploits\n\nCVE-2021-3449 OpenSSL denial-of-service exploit\nhttps://github.com/terorie/cve-2021-3449\n\nProxyToken\nhttps://github.com/bhdresh/CVE-2021-33766-ProxyToken\n\nCVES Xstream-1.4.17\nhttps://github.com/zwjjustdoit/Xstream-1.4.17\n\nCVE-2021-36934/HiveNightmare/SeriousSAM\nhttps://github.com/cube0x0/CVE-2021-36934\n\nHow to exploit a vulnerable windows driver Exploit for AsrDrv104 sys\nhttps://github.com/stong/CVE-2020-15368\n\nCVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel\nhttps://github.com/0vercl0k/CVE-2021-32537\n\nCVE-2021-28476 a guest-to-host \"Hyper-V Remote Code Execution Vulnerability\" in vmswitch sys\nhttps://github.com/0vercl0k/CVE-2021-28476\n\nCVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit\nhttps://github.com/klezVirus/CVE-2021-40444\n\nExploit Accsess network clients by sending packets in wirless TP-LINK and preparing for a mitm attack\nhttps://github.com/lhashashinl/CVE-2021-37152\n\nProof on Concept Exploit for CVE-2021-38647 (OMIGOD)\nhttps://github.com/horizon3ai/CVE-2021-38647\n\nProof of Concept Exploit for vCenter CVE-2021-21972\nhttps://github.com/horizon3ai/CVE-2021-21972\n\nProof-of-Concept (PoC) script to exploit Pulse Secure CVE-2021-22893\nhttps://github.com/ZephrFish/CVE-2021-22893\n\nCVE-2021-33766 (ProxyToken)\nhttps://github.com/demossl/CVE-2021-33766-ProxyToken\n\nCVE-2021-2456\nhttps://github.com/peterjson31337/CVE-2021-2456\n\nCVE-2021-38647 POC for RCE\nhttps://github.com/midoxnet/CVE-2021-38647\n\nCVE-2021-26084 (PoC) | Confluence Server Webwork OGNL injection\nhttps://github.com/alt3kx/CVE-2021-26084_PoC\nhttps://github.com/r0ckysec/CVE-2021-26084_Confluence\nhttps://github.com/march0s1as/CVE-2021-26084\n\n\nCVE-2021-21551 Dell Driver EoP\nhttps://github.com/ihack4falafel/Dell-Driver-EoP-CVE-2021-21551\n\nA basic PoC leak for CVE-2021-28663 (Internal of the Android kernel backdoor vulnerability)\nhttps://github.com/lntrx/CVE-2021-28663\n\nCVE-2021-40353 openSIS 8.0 SQL Injection\nhttps://github.com/5qu1n7/CVE-2021-40353\n\nCVE-2021-28476 Ubuntu 20.04\nhttps://github.com/sh4m2hwz/CVE-2021-28476-tools-env\n\nmy exp for chrome V8 CVE-2021-30551\nhttps://github.com/xmzyshypnc/CVE-2021-30551\n\nPOC of CVE-2021-2394\nhttps://github.com/lz2y/CVE-2021-2394\n\nWordPress Backup Guard Authenticated Remote Code Execution Exploit\nhttps://github.com/0dayNinja/CVE-2021-24155.rb\n\nExploit code for CVE-2021-33909,Just a dump of removed\nhttps://github.com/bbinfosec43/CVE-2021-33909", "creation_timestamp": "2021-09-25T02:14:31.000000Z"} {"uuid": "1f2711fd-38bc-4672-b794-7bc721ea4dd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40353", "type": "published-proof-of-concept", "source": "https://t.me/cyber0iq/18", "content": "Latest Vulnerabilities and Exploits\n\nCVE-2021-3449 OpenSSL denial-of-service exploit\nhttps://github.com/terorie/cve-2021-3449\n\nProxyToken\nhttps://github.com/bhdresh/CVE-2021-33766-ProxyToken\n\nCVES Xstream-1.4.17\nhttps://github.com/zwjjustdoit/Xstream-1.4.17\n\nCVE-2021-36934/HiveNightmare/SeriousSAM\nhttps://github.com/cube0x0/CVE-2021-36934\n\nHow to exploit a vulnerable windows driver Exploit for AsrDrv104 sys\nhttps://github.com/stong/CVE-2020-15368\n\nCVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel\nhttps://github.com/0vercl0k/CVE-2021-32537\n\nCVE-2021-28476 a guest-to-host \"Hyper-V Remote Code Execution Vulnerability\" in vmswitch sys\nhttps://github.com/0vercl0k/CVE-2021-28476\n\nCVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit\nhttps://github.com/klezVirus/CVE-2021-40444\n\nExploit Accsess network clients by sending packets in wirless TP-LINK and preparing for a mitm attack\nhttps://github.com/lhashashinl/CVE-2021-37152\n\nProof on Concept Exploit for CVE-2021-38647 (OMIGOD)\nhttps://github.com/horizon3ai/CVE-2021-38647\n\nProof of Concept Exploit for vCenter CVE-2021-21972\nhttps://github.com/horizon3ai/CVE-2021-21972\n\nProof-of-Concept (PoC) script to exploit Pulse Secure CVE-2021-22893\nhttps://github.com/ZephrFish/CVE-2021-22893\n\nCVE-2021-33766 (ProxyToken)\nhttps://github.com/demossl/CVE-2021-33766-ProxyToken\n\nCVE-2021-2456\nhttps://github.com/peterjson31337/CVE-2021-2456\n\nCVE-2021-38647 POC for RCE\nhttps://github.com/midoxnet/CVE-2021-38647\n\nCVE-2021-26084 (PoC) | Confluence Server Webwork OGNL injection\nhttps://github.com/alt3kx/CVE-2021-26084_PoC\nhttps://github.com/r0ckysec/CVE-2021-26084_Confluence\nhttps://github.com/march0s1as/CVE-2021-26084\n\n\nCVE-2021-21551 Dell Driver EoP\nhttps://github.com/ihack4falafel/Dell-Driver-EoP-CVE-2021-21551\n\nA basic PoC leak for CVE-2021-28663 (Internal of the Android kernel backdoor vulnerability)\nhttps://github.com/lntrx/CVE-2021-28663\n\nCVE-2021-40353 openSIS 8.0 SQL Injection\nhttps://github.com/5qu1n7/CVE-2021-40353\n\nCVE-2021-28476 Ubuntu 20.04\nhttps://github.com/sh4m2hwz/CVE-2021-28476-tools-env\n\nmy exp for chrome V8 CVE-2021-30551\nhttps://github.com/xmzyshypnc/CVE-2021-30551\n\nPOC of CVE-2021-2394\nhttps://github.com/lz2y/CVE-2021-2394\n\nWordPress Backup Guard Authenticated Remote Code Execution Exploit\nhttps://github.com/0dayNinja/CVE-2021-24155.rb\n\nExploit code for CVE-2021-33909,Just a dump of removed\nhttps://github.com/bbinfosec43/CVE-2021-33909", "creation_timestamp": "2021-09-25T02:14:31.000000Z"} https://db.gcve.eu/sighting/1f2711fd-38bc-4672-b794-7bc721ea4dd4/export Sat, 25 Sep 2021 02:14:31 +0000 https://db.gcve.eu/sighting/b16e10ef-c701-453e-aee6-9faefd0fcd98/export {"uuid": "b16e10ef-c701-453e-aee6-9faefd0fcd98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40353", "type": "published-proof-of-concept", "source": "https://t.me/cyber0iq/19", "content": "Latest Vulnerabilities and Exploits\n\nCVE-2021-3449 OpenSSL denial-of-service exploit\nhttps://github.com/terorie/cve-2021-3449\n\nProxyToken\nhttps://github.com/bhdresh/CVE-2021-33766-ProxyToken\n\nCVES Xstream-1.4.17\nhttps://github.com/zwjjustdoit/Xstream-1.4.17\n\nCVE-2021-36934/HiveNightmare/SeriousSAM\nhttps://github.com/cube0x0/CVE-2021-36934\n\nHow to exploit a vulnerable windows driver Exploit for AsrDrv104 sys\nhttps://github.com/stong/CVE-2020-15368\n\nCVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel\nhttps://github.com/0vercl0k/CVE-2021-32537\n\nCVE-2021-28476 a guest-to-host \"Hyper-V Remote Code Execution Vulnerability\" in vmswitch sys\nhttps://github.com/0vercl0k/CVE-2021-28476\n\nCVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit\nhttps://github.com/klezVirus/CVE-2021-40444\n\nExploit Accsess network clients by sending packets in wirless TP-LINK and preparing for a mitm attack\nhttps://github.com/lhashashinl/CVE-2021-37152\n\nProof on Concept Exploit for CVE-2021-38647 (OMIGOD)\nhttps://github.com/horizon3ai/CVE-2021-38647\n\nProof of Concept Exploit for vCenter CVE-2021-21972\nhttps://github.com/horizon3ai/CVE-2021-21972\n\nProof-of-Concept (PoC) script to exploit Pulse Secure CVE-2021-22893\nhttps://github.com/ZephrFish/CVE-2021-22893\n\nCVE-2021-33766 (ProxyToken)\nhttps://github.com/demossl/CVE-2021-33766-ProxyToken\n\nCVE-2021-2456\nhttps://github.com/peterjson31337/CVE-2021-2456\n\nCVE-2021-38647 POC for RCE\nhttps://github.com/midoxnet/CVE-2021-38647\n\nCVE-2021-26084 (PoC) | Confluence Server Webwork OGNL injection\nhttps://github.com/alt3kx/CVE-2021-26084_PoC\nhttps://github.com/r0ckysec/CVE-2021-26084_Confluence\nhttps://github.com/march0s1as/CVE-2021-26084\n\n\nCVE-2021-21551 Dell Driver EoP\nhttps://github.com/ihack4falafel/Dell-Driver-EoP-CVE-2021-21551\n\nA basic PoC leak for CVE-2021-28663 (Internal of the Android kernel backdoor vulnerability)\nhttps://github.com/lntrx/CVE-2021-28663\n\nCVE-2021-40353 openSIS 8.0 SQL Injection\nhttps://github.com/5qu1n7/CVE-2021-40353\n\nCVE-2021-28476 Ubuntu 20.04\nhttps://github.com/sh4m2hwz/CVE-2021-28476-tools-env\n\nmy exp for chrome V8 CVE-2021-30551\nhttps://github.com/xmzyshypnc/CVE-2021-30551\n\nPOC of CVE-2021-2394\nhttps://github.com/lz2y/CVE-2021-2394\n\nWordPress Backup Guard Authenticated Remote Code Execution Exploit\nhttps://github.com/0dayNinja/CVE-2021-24155.rb\n\nExploit code for CVE-2021-33909,Just a dump of removed\nhttps://github.com/bbinfosec43/CVE-2021-33909", "creation_timestamp": "2021-09-25T02:15:23.000000Z"} {"uuid": "b16e10ef-c701-453e-aee6-9faefd0fcd98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40353", "type": "published-proof-of-concept", "source": "https://t.me/cyber0iq/19", "content": "Latest Vulnerabilities and Exploits\n\nCVE-2021-3449 OpenSSL denial-of-service exploit\nhttps://github.com/terorie/cve-2021-3449\n\nProxyToken\nhttps://github.com/bhdresh/CVE-2021-33766-ProxyToken\n\nCVES Xstream-1.4.17\nhttps://github.com/zwjjustdoit/Xstream-1.4.17\n\nCVE-2021-36934/HiveNightmare/SeriousSAM\nhttps://github.com/cube0x0/CVE-2021-36934\n\nHow to exploit a vulnerable windows driver Exploit for AsrDrv104 sys\nhttps://github.com/stong/CVE-2020-15368\n\nCVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel\nhttps://github.com/0vercl0k/CVE-2021-32537\n\nCVE-2021-28476 a guest-to-host \"Hyper-V Remote Code Execution Vulnerability\" in vmswitch sys\nhttps://github.com/0vercl0k/CVE-2021-28476\n\nCVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit\nhttps://github.com/klezVirus/CVE-2021-40444\n\nExploit Accsess network clients by sending packets in wirless TP-LINK and preparing for a mitm attack\nhttps://github.com/lhashashinl/CVE-2021-37152\n\nProof on Concept Exploit for CVE-2021-38647 (OMIGOD)\nhttps://github.com/horizon3ai/CVE-2021-38647\n\nProof of Concept Exploit for vCenter CVE-2021-21972\nhttps://github.com/horizon3ai/CVE-2021-21972\n\nProof-of-Concept (PoC) script to exploit Pulse Secure CVE-2021-22893\nhttps://github.com/ZephrFish/CVE-2021-22893\n\nCVE-2021-33766 (ProxyToken)\nhttps://github.com/demossl/CVE-2021-33766-ProxyToken\n\nCVE-2021-2456\nhttps://github.com/peterjson31337/CVE-2021-2456\n\nCVE-2021-38647 POC for RCE\nhttps://github.com/midoxnet/CVE-2021-38647\n\nCVE-2021-26084 (PoC) | Confluence Server Webwork OGNL injection\nhttps://github.com/alt3kx/CVE-2021-26084_PoC\nhttps://github.com/r0ckysec/CVE-2021-26084_Confluence\nhttps://github.com/march0s1as/CVE-2021-26084\n\n\nCVE-2021-21551 Dell Driver EoP\nhttps://github.com/ihack4falafel/Dell-Driver-EoP-CVE-2021-21551\n\nA basic PoC leak for CVE-2021-28663 (Internal of the Android kernel backdoor vulnerability)\nhttps://github.com/lntrx/CVE-2021-28663\n\nCVE-2021-40353 openSIS 8.0 SQL Injection\nhttps://github.com/5qu1n7/CVE-2021-40353\n\nCVE-2021-28476 Ubuntu 20.04\nhttps://github.com/sh4m2hwz/CVE-2021-28476-tools-env\n\nmy exp for chrome V8 CVE-2021-30551\nhttps://github.com/xmzyshypnc/CVE-2021-30551\n\nPOC of CVE-2021-2394\nhttps://github.com/lz2y/CVE-2021-2394\n\nWordPress Backup Guard Authenticated Remote Code Execution Exploit\nhttps://github.com/0dayNinja/CVE-2021-24155.rb\n\nExploit code for CVE-2021-33909,Just a dump of removed\nhttps://github.com/bbinfosec43/CVE-2021-33909", "creation_timestamp": "2021-09-25T02:15:23.000000Z"} https://db.gcve.eu/sighting/b16e10ef-c701-453e-aee6-9faefd0fcd98/export Sat, 25 Sep 2021 02:15:23 +0000 https://db.gcve.eu/sighting/9d23f444-e5b3-4159-bc53-085f7880ab72/export {"uuid": "9d23f444-e5b3-4159-bc53-085f7880ab72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40359", "type": "seen", "source": "https://t.me/cibsecurity/32029", "content": "\u203c CVE-2021-40359 \u203c\n\nA vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-09T14:29:58.000000Z"} {"uuid": "9d23f444-e5b3-4159-bc53-085f7880ab72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40359", "type": "seen", "source": "https://t.me/cibsecurity/32029", "content": "\u203c CVE-2021-40359 \u203c\n\nA vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-09T14:29:58.000000Z"} https://db.gcve.eu/sighting/9d23f444-e5b3-4159-bc53-085f7880ab72/export Tue, 09 Nov 2021 14:29:58 +0000 https://db.gcve.eu/sighting/783d58e0-e89b-422e-90a8-84babe3d73c2/export {"uuid": "783d58e0-e89b-422e-90a8-84babe3d73c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40358", "type": "seen", "source": "https://t.me/cibsecurity/32035", "content": "\u203c CVE-2021-40358 \u203c\n\nA vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-09T14:30:08.000000Z"} {"uuid": "783d58e0-e89b-422e-90a8-84babe3d73c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40358", "type": "seen", "source": "https://t.me/cibsecurity/32035", "content": "\u203c CVE-2021-40358 \u203c\n\nA vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-09T14:30:08.000000Z"} https://db.gcve.eu/sighting/783d58e0-e89b-422e-90a8-84babe3d73c2/export Tue, 09 Nov 2021 14:30:08 +0000 https://db.gcve.eu/sighting/dc6df64a-1680-4617-9751-2ac548f8f5f6/export {"uuid": "dc6df64a-1680-4617-9751-2ac548f8f5f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4035", "type": "seen", "source": "https://t.me/cibsecurity/37324", "content": "\u203c CVE-2021-4035 \u203c\n\nA stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T20:34:47.000000Z"} {"uuid": "dc6df64a-1680-4617-9751-2ac548f8f5f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4035", "type": "seen", "source": "https://t.me/cibsecurity/37324", "content": "\u203c CVE-2021-4035 \u203c\n\nA stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T20:34:47.000000Z"} https://db.gcve.eu/sighting/dc6df64a-1680-4617-9751-2ac548f8f5f6/export Fri, 11 Feb 2022 20:34:47 +0000