https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 28 May 2026 14:13:59 +0000 https://db.gcve.eu/sighting/593d6e0e-41bd-4577-bd68-1c0f1a53d79b/export {"uuid": "593d6e0e-41bd-4577-bd68-1c0f1a53d79b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37840", "type": "seen", "source": "https://t.me/cibsecurity/26685", "content": "\u203c CVE-2021-37840 \u203c\n\naaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the browser used by a potential victim (e.g., exploitation can occur with Firefox but not Chrome).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-02T18:27:30.000000Z"} {"uuid": "593d6e0e-41bd-4577-bd68-1c0f1a53d79b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37840", "type": "seen", "source": "https://t.me/cibsecurity/26685", "content": "\u203c CVE-2021-37840 \u203c\n\naaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the browser used by a potential victim (e.g., exploitation can occur with Firefox but not Chrome).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-02T18:27:30.000000Z"} https://db.gcve.eu/sighting/593d6e0e-41bd-4577-bd68-1c0f1a53d79b/export Mon, 02 Aug 2021 18:27:30 +0000 https://db.gcve.eu/sighting/1eb52254-069f-44de-96d9-99b68e053914/export {"uuid": "1eb52254-069f-44de-96d9-99b68e053914", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37843", "type": "seen", "source": "https://t.me/cibsecurity/26700", "content": "\u203c CVE-2021-37843 \u203c\n\nThe resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided). The fixed versions are for Jira: 3.6.6.1, 4.0.12, 5.0.5; for Confluence 3.6.6, 4.0.12, 5.0.5; for Bitbucket 2.5.9, 3.6.6, 4.0.12, 5.0.5; for Bamboo 2.5.9, 3.6.6, 4.0.12, 5.0.5; and for Fisheye 2.5.9.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-02T22:27:54.000000Z"} {"uuid": "1eb52254-069f-44de-96d9-99b68e053914", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37843", "type": "seen", "source": "https://t.me/cibsecurity/26700", "content": "\u203c CVE-2021-37843 \u203c\n\nThe resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided). The fixed versions are for Jira: 3.6.6.1, 4.0.12, 5.0.5; for Confluence 3.6.6, 4.0.12, 5.0.5; for Bitbucket 2.5.9, 3.6.6, 4.0.12, 5.0.5; for Bamboo 2.5.9, 3.6.6, 4.0.12, 5.0.5; and for Fisheye 2.5.9.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-02T22:27:54.000000Z"} https://db.gcve.eu/sighting/1eb52254-069f-44de-96d9-99b68e053914/export Mon, 02 Aug 2021 22:27:54 +0000 https://db.gcve.eu/sighting/f318c363-b5d4-4a0d-92d2-f886631f7ddd/export {"uuid": "f318c363-b5d4-4a0d-92d2-f886631f7ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37847", "type": "seen", "source": "https://t.me/cibsecurity/26712", "content": "\u203c CVE-2021-37847 \u203c\n\ncrypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-03T00:28:00.000000Z"} {"uuid": "f318c363-b5d4-4a0d-92d2-f886631f7ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37847", "type": "seen", "source": "https://t.me/cibsecurity/26712", "content": "\u203c CVE-2021-37847 \u203c\n\ncrypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-03T00:28:00.000000Z"} https://db.gcve.eu/sighting/f318c363-b5d4-4a0d-92d2-f886631f7ddd/export Tue, 03 Aug 2021 00:28:00 +0000 https://db.gcve.eu/sighting/7c16fa95-370a-4596-85ee-e290de486bb4/export {"uuid": "7c16fa95-370a-4596-85ee-e290de486bb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37848", "type": "seen", "source": "https://t.me/cibsecurity/26716", "content": "\u203c CVE-2021-37848 \u203c\n\ncommon/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-03T00:28:04.000000Z"} {"uuid": "7c16fa95-370a-4596-85ee-e290de486bb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37848", "type": "seen", "source": "https://t.me/cibsecurity/26716", "content": "\u203c CVE-2021-37848 \u203c\n\ncommon/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-03T00:28:04.000000Z"} https://db.gcve.eu/sighting/7c16fa95-370a-4596-85ee-e290de486bb4/export Tue, 03 Aug 2021 00:28:04 +0000 https://db.gcve.eu/sighting/f0d0257f-5242-4101-a4f2-9e371cfa15dd/export {"uuid": "f0d0257f-5242-4101-a4f2-9e371cfa15dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37841", "type": "seen", "source": "https://t.me/cibsecurity/27231", "content": "\u203c CVE-2021-37841 \u203c\n\nDocker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-12T18:39:56.000000Z"} {"uuid": "f0d0257f-5242-4101-a4f2-9e371cfa15dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37841", "type": "seen", "source": "https://t.me/cibsecurity/27231", "content": "\u203c CVE-2021-37841 \u203c\n\nDocker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-12T18:39:56.000000Z"} https://db.gcve.eu/sighting/f0d0257f-5242-4101-a4f2-9e371cfa15dd/export Thu, 12 Aug 2021 18:39:56 +0000 https://db.gcve.eu/sighting/7af54762-7042-4199-b3d9-610f82ee5870/export {"uuid": "7af54762-7042-4199-b3d9-610f82ee5870", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37842", "type": "seen", "source": "https://t.me/cibsecurity/31595", "content": "\u203c CVE-2021-37842 \u203c\n\nmetakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-02T15:22:41.000000Z"} {"uuid": "7af54762-7042-4199-b3d9-610f82ee5870", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37842", "type": "seen", "source": "https://t.me/cibsecurity/31595", "content": "\u203c CVE-2021-37842 \u203c\n\nmetakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-02T15:22:41.000000Z"} https://db.gcve.eu/sighting/7af54762-7042-4199-b3d9-610f82ee5870/export Tue, 02 Nov 2021 15:22:41 +0000 https://db.gcve.eu/sighting/14697f4a-4a91-41b8-887c-da4ec6edd185/export {"uuid": "14697f4a-4a91-41b8-887c-da4ec6edd185", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3784", "type": "seen", "source": "https://t.me/cibsecurity/71610", "content": "\u203c CVE-2021-3784 \u203c\n\nGaruda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the 'Garuda settings manager', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-04T20:12:05.000000Z"} {"uuid": "14697f4a-4a91-41b8-887c-da4ec6edd185", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3784", "type": "seen", "source": "https://t.me/cibsecurity/71610", "content": "\u203c CVE-2021-3784 \u203c\n\nGaruda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the 'Garuda settings manager', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-04T20:12:05.000000Z"} https://db.gcve.eu/sighting/14697f4a-4a91-41b8-887c-da4ec6edd185/export Wed, 04 Oct 2023 20:12:05 +0000 https://db.gcve.eu/sighting/bc80a000-bb5f-4e09-ac5e-fbdecebc057b/export {"uuid": "bc80a000-bb5f-4e09-ac5e-fbdecebc057b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37845", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1548", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-37845\n\ud83d\udd39 Description: An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of \"The STARTTLS command is only valid in non-authenticated state.\" in RFC2595). This potentially allows an attacker to cause a victim's e-mail messages to be stored into an attacker's IMAP mailbox, but depends on details of the victim's client behavior.\n\ud83d\udccf Published: 2023-05-29T00:00:00\n\ud83d\udccf Modified: 2025-01-14T17:46:34.428Z\n\ud83d\udd17 References:\n1. http://uncensored.citadel.org/dotgoto?room=Citadel%20Security\n2. https://uncensored.citadel.org/msg/2099264259\n3. https://nostarttls.secvuln.info/", "creation_timestamp": "2025-01-14T18:09:19.000000Z"} {"uuid": "bc80a000-bb5f-4e09-ac5e-fbdecebc057b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37845", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1548", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-37845\n\ud83d\udd39 Description: An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of \"The STARTTLS command is only valid in non-authenticated state.\" in RFC2595). This potentially allows an attacker to cause a victim's e-mail messages to be stored into an attacker's IMAP mailbox, but depends on details of the victim's client behavior.\n\ud83d\udccf Published: 2023-05-29T00:00:00\n\ud83d\udccf Modified: 2025-01-14T17:46:34.428Z\n\ud83d\udd17 References:\n1. http://uncensored.citadel.org/dotgoto?room=Citadel%20Security\n2. https://uncensored.citadel.org/msg/2099264259\n3. https://nostarttls.secvuln.info/", "creation_timestamp": "2025-01-14T18:09:19.000000Z"} https://db.gcve.eu/sighting/bc80a000-bb5f-4e09-ac5e-fbdecebc057b/export Tue, 14 Jan 2025 18:09:19 +0000