https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 12 Jun 2026 13:55:09 +0000 https://db.gcve.eu/sighting/18f68e31-9255-49fd-b5b5-33ba60c01425/export {"uuid": "18f68e31-9255-49fd-b5b5-33ba60c01425", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43256", "type": "seen", "source": "https://t.me/cibsecurity/34022", "content": "\u203c CVE-2021-43256 \u203c\n\nMicrosoft Excel Remote Code Execution Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-15T18:14:37.000000Z"} {"uuid": "18f68e31-9255-49fd-b5b5-33ba60c01425", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43256", "type": "seen", "source": "https://t.me/cibsecurity/34022", "content": "\u203c CVE-2021-43256 \u203c\n\nMicrosoft Excel Remote Code Execution Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-15T18:14:37.000000Z"} https://db.gcve.eu/sighting/18f68e31-9255-49fd-b5b5-33ba60c01425/export Wed, 15 Dec 2021 18:14:37 +0000 https://db.gcve.eu/sighting/11b417ac-2075-4f79-b739-5bf9e0631b3a/export {"uuid": "11b417ac-2075-4f79-b739-5bf9e0631b3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43257", "type": "seen", "source": "https://t.me/cibsecurity/40815", "content": "\u203c CVE-2021-43257 \u203c\n\nLack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-15T00:19:25.000000Z"} {"uuid": "11b417ac-2075-4f79-b739-5bf9e0631b3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43257", "type": "seen", "source": "https://t.me/cibsecurity/40815", "content": "\u203c CVE-2021-43257 \u203c\n\nLack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-15T00:19:25.000000Z"} https://db.gcve.eu/sighting/11b417ac-2075-4f79-b739-5bf9e0631b3a/export Fri, 15 Apr 2022 00:19:25 +0000 https://db.gcve.eu/sighting/0e362824-f6a6-4cbf-89b4-30b2cbea1b1d/export {"uuid": "0e362824-f6a6-4cbf-89b4-30b2cbea1b1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43258", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/churchinfo_upload_exec.rb", "content": "", "creation_timestamp": "2022-11-19T01:52:50.000000Z"} {"uuid": "0e362824-f6a6-4cbf-89b4-30b2cbea1b1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43258", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/churchinfo_upload_exec.rb", "content": "", "creation_timestamp": "2022-11-19T01:52:50.000000Z"} https://db.gcve.eu/sighting/0e362824-f6a6-4cbf-89b4-30b2cbea1b1d/export Sat, 19 Nov 2022 01:52:50 +0000 https://db.gcve.eu/sighting/85aa1795-8d09-4cf9-891e-d406d8b57903/export {"uuid": "85aa1795-8d09-4cf9-891e-d406d8b57903", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43258", "type": "published-proof-of-concept", "source": "https://t.me/BugCod3/80", "content": "CVE-2021-43258\nChurchInfo 1.2.13-1.3.0 Remote Code Execution Exploit\n\n\ud83c\udf10Github\n\n#CVE #RemoteCode #Exploit #Php\n\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\n\ud83d\udc64 T.me/MRvirusIRBOT \n\ud83d\udce2 T.me/SashClient\n\ud83e\udea9 Https://discord.gg/UfFvDYBBMM \n\ud83c\udf10 Https://sash.mybin.ir", "creation_timestamp": "2023-02-01T02:24:05.000000Z"} {"uuid": "85aa1795-8d09-4cf9-891e-d406d8b57903", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43258", "type": "published-proof-of-concept", "source": "https://t.me/BugCod3/80", "content": "CVE-2021-43258\nChurchInfo 1.2.13-1.3.0 Remote Code Execution Exploit\n\n\ud83c\udf10Github\n\n#CVE #RemoteCode #Exploit #Php\n\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\n\ud83d\udc64 T.me/MRvirusIRBOT \n\ud83d\udce2 T.me/SashClient\n\ud83e\udea9 Https://discord.gg/UfFvDYBBMM \n\ud83c\udf10 Https://sash.mybin.ir", "creation_timestamp": "2023-02-01T02:24:05.000000Z"} https://db.gcve.eu/sighting/85aa1795-8d09-4cf9-891e-d406d8b57903/export Wed, 01 Feb 2023 02:24:05 +0000 https://db.gcve.eu/sighting/79ab2fef-3c42-40c1-827e-82b9b4e1a28f/export {"uuid": "79ab2fef-3c42-40c1-827e-82b9b4e1a28f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4325", "type": "seen", "source": "https://t.me/cibsecurity/58657", "content": "\u203c CVE-2021-4325 \u203c\n\nA vulnerability, which was classified as problematic, has been found in NHN TOAST UI Chart 4.1.4. This issue affects some unknown processing of the component Legend Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.0 is able to address this issue. The name of the patch is 1a3f455d17df379e11b501bb5ba1dd1bcc41d63e. It is recommended to upgrade the affected component. The identifier VDB-221501 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-22T02:17:06.000000Z"} {"uuid": "79ab2fef-3c42-40c1-827e-82b9b4e1a28f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4325", "type": "seen", "source": "https://t.me/cibsecurity/58657", "content": "\u203c CVE-2021-4325 \u203c\n\nA vulnerability, which was classified as problematic, has been found in NHN TOAST UI Chart 4.1.4. This issue affects some unknown processing of the component Legend Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.0 is able to address this issue. The name of the patch is 1a3f455d17df379e11b501bb5ba1dd1bcc41d63e. It is recommended to upgrade the affected component. The identifier VDB-221501 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-22T02:17:06.000000Z"} https://db.gcve.eu/sighting/79ab2fef-3c42-40c1-827e-82b9b4e1a28f/export Wed, 22 Feb 2023 02:17:06 +0000 https://db.gcve.eu/sighting/79d207da-582b-4a21-ae75-22ae2ce6079c/export {"uuid": "79d207da-582b-4a21-ae75-22ae2ce6079c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43258", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"} {"uuid": "79d207da-582b-4a21-ae75-22ae2ce6079c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43258", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"} https://db.gcve.eu/sighting/79d207da-582b-4a21-ae75-22ae2ce6079c/export Thu, 06 Feb 2025 03:13:45 +0000 https://db.gcve.eu/sighting/14c87ec4-b987-4e59-91f1-5f0cd4474c59/export {"uuid": "14c87ec4-b987-4e59-91f1-5f0cd4474c59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43258", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:41.000000Z"} {"uuid": "14c87ec4-b987-4e59-91f1-5f0cd4474c59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43258", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:41.000000Z"} https://db.gcve.eu/sighting/14c87ec4-b987-4e59-91f1-5f0cd4474c59/export Sun, 23 Feb 2025 04:10:41 +0000 https://db.gcve.eu/sighting/52622aac-b716-49af-a1c3-c84d99d7bb1e/export {"uuid": "52622aac-b716-49af-a1c3-c84d99d7bb1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43258", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13746", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-43258\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.\n\ud83d\udccf Published: 2022-11-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-28T20:20:38.840Z\n\ud83d\udd17 References:\n1. http://www.churchdb.org/\n2. https://sourceforge.net/projects/churchinfo/files/\n3. https://github.com/rapid7/metasploit-framework/pull/17257", "creation_timestamp": "2025-04-28T21:11:10.000000Z"} {"uuid": "52622aac-b716-49af-a1c3-c84d99d7bb1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43258", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13746", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-43258\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.\n\ud83d\udccf Published: 2022-11-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-28T20:20:38.840Z\n\ud83d\udd17 References:\n1. http://www.churchdb.org/\n2. https://sourceforge.net/projects/churchinfo/files/\n3. https://github.com/rapid7/metasploit-framework/pull/17257", "creation_timestamp": "2025-04-28T21:11:10.000000Z"} https://db.gcve.eu/sighting/52622aac-b716-49af-a1c3-c84d99d7bb1e/export Mon, 28 Apr 2025 21:11:10 +0000