https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 06 Jun 2026 19:07:08 +0000 https://db.gcve.eu/sighting/21940549-15f6-4954-88fb-d119a3c8606d/export {"uuid": "21940549-15f6-4954-88fb-d119a3c8606d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3273", "type": "seen", "source": "https://t.me/cibsecurity/24130", "content": "\u203c CVE-2021-3273 \u203c\n\nNagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-25T16:37:48.000000Z"} {"uuid": "21940549-15f6-4954-88fb-d119a3c8606d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3273", "type": "seen", "source": "https://t.me/cibsecurity/24130", "content": "\u203c CVE-2021-3273 \u203c\n\nNagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-25T16:37:48.000000Z"} https://db.gcve.eu/sighting/21940549-15f6-4954-88fb-d119a3c8606d/export Thu, 25 Feb 2021 16:37:48 +0000 https://db.gcve.eu/sighting/50fb011e-a3b5-4753-8e8d-c963bfbedcb8/export {"uuid": "50fb011e-a3b5-4753-8e8d-c963bfbedcb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-32731", "type": "seen", "source": "https://t.me/cibsecurity/25877", "content": "\u203c CVE-2021-32731 \u203c\n\nXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Between (and including) versions 13.1RC1 and 13.1, the reset password form reveals the email address of users just by giving their username. The problem has been patched on XWiki 13.2RC1. As a workaround, it is possible to manually modify the `resetpasswordinline.vm` to perform the changes made to mitigate the vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-01T22:31:19.000000Z"} {"uuid": "50fb011e-a3b5-4753-8e8d-c963bfbedcb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-32731", "type": "seen", "source": "https://t.me/cibsecurity/25877", "content": "\u203c CVE-2021-32731 \u203c\n\nXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Between (and including) versions 13.1RC1 and 13.1, the reset password form reveals the email address of users just by giving their username. The problem has been patched on XWiki 13.2RC1. As a workaround, it is possible to manually modify the `resetpasswordinline.vm` to perform the changes made to mitigate the vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-01T22:31:19.000000Z"} https://db.gcve.eu/sighting/50fb011e-a3b5-4753-8e8d-c963bfbedcb8/export Thu, 01 Jul 2021 22:31:19 +0000 https://db.gcve.eu/sighting/62cecbe4-2ac3-4fe9-886c-0f9835aa87ee/export {"uuid": "62cecbe4-2ac3-4fe9-886c-0f9835aa87ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-32735", "type": "seen", "source": "https://t.me/cibsecurity/25897", "content": "\u203c CVE-2021-32735 \u203c\n\nKirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's `ListItem` component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scripting (XSS) attacks. Malicious authenticated Panel users can escalate their privileges if they get access to the Panel session of an admin user. Visitors without Panel access can use the attack vector if the site allows changing site data from a frontend form. Kirby 3.5.7 patches the vulnerability. As a partial workaround, site administrators can protect against attacks from visitors without Panel access by validating or sanitizing provided data from the frontend form.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-02T18:33:04.000000Z"} {"uuid": "62cecbe4-2ac3-4fe9-886c-0f9835aa87ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-32735", "type": "seen", "source": "https://t.me/cibsecurity/25897", "content": "\u203c CVE-2021-32735 \u203c\n\nKirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's `ListItem` component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scripting (XSS) attacks. Malicious authenticated Panel users can escalate their privileges if they get access to the Panel session of an admin user. Visitors without Panel access can use the attack vector if the site allows changing site data from a frontend form. Kirby 3.5.7 patches the vulnerability. As a partial workaround, site administrators can protect against attacks from visitors without Panel access by validating or sanitizing provided data from the frontend form.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-02T18:33:04.000000Z"} https://db.gcve.eu/sighting/62cecbe4-2ac3-4fe9-886c-0f9835aa87ee/export Fri, 02 Jul 2021 18:33:04 +0000 https://db.gcve.eu/sighting/81930aed-727a-4642-b2c9-3f9475697964/export {"uuid": "81930aed-727a-4642-b2c9-3f9475697964", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-32737", "type": "seen", "source": "https://t.me/cibsecurity/25904", "content": "\u203c CVE-2021-32737 \u203c\n\nSulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-02T22:32:28.000000Z"} {"uuid": "81930aed-727a-4642-b2c9-3f9475697964", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-32737", "type": "seen", "source": "https://t.me/cibsecurity/25904", "content": "\u203c CVE-2021-32737 \u203c\n\nSulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-02T22:32:28.000000Z"} https://db.gcve.eu/sighting/81930aed-727a-4642-b2c9-3f9475697964/export Fri, 02 Jul 2021 22:32:28 +0000