https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 31 May 2026 13:12:24 +0000 https://db.gcve.eu/sighting/16a27a0b-8cc9-4a1e-b252-f54c99403564/export {"uuid": "16a27a0b-8cc9-4a1e-b252-f54c99403564", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43963", "type": "seen", "source": "https://t.me/cibsecurity/33538", "content": "\u203c CVE-2021-43963 \u203c\n\nAn issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain write access. (This issue does not affect clusters where Sync Gateway is authenticated with X.509 client certificates. This issue also does not affect clusters where shared bucket access is not enabled on Sync Gateway.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-08T00:23:20.000000Z"} {"uuid": "16a27a0b-8cc9-4a1e-b252-f54c99403564", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43963", "type": "seen", "source": "https://t.me/cibsecurity/33538", "content": "\u203c CVE-2021-43963 \u203c\n\nAn issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain write access. (This issue does not affect clusters where Sync Gateway is authenticated with X.509 client certificates. This issue also does not affect clusters where shared bucket access is not enabled on Sync Gateway.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-08T00:23:20.000000Z"} https://db.gcve.eu/sighting/16a27a0b-8cc9-4a1e-b252-f54c99403564/export Wed, 08 Dec 2021 00:23:20 +0000 https://db.gcve.eu/sighting/1254d953-cb8e-44e2-a08f-ea4fc59c305d/export {"uuid": "1254d953-cb8e-44e2-a08f-ea4fc59c305d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43960", "type": "seen", "source": "https://t.me/cibsecurity/35368", "content": "\u203c CVE-2021-43960 \u203c\n\n** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and enter an XSS payload within the Page title, Page Instructions, Text before, Text after, or Text on side box. Once this has been done, the administrator must click save and finally wait until any user of the application performs a booking for rental items in the booking area of the application, where the XSS triggers. NOTE: another perspective is that the administrator may require JavaScript to customize any aspect of the page rendering. There is no effective way for the product to defend users in the face of a malicious administrator.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-12T22:17:34.000000Z"} {"uuid": "1254d953-cb8e-44e2-a08f-ea4fc59c305d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43960", "type": "seen", "source": "https://t.me/cibsecurity/35368", "content": "\u203c CVE-2021-43960 \u203c\n\n** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and enter an XSS payload within the Page title, Page Instructions, Text before, Text after, or Text on side box. Once this has been done, the administrator must click save and finally wait until any user of the application performs a booking for rental items in the booking area of the application, where the XSS triggers. NOTE: another perspective is that the administrator may require JavaScript to customize any aspect of the page rendering. There is no effective way for the product to defend users in the face of a malicious administrator.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-12T22:17:34.000000Z"} https://db.gcve.eu/sighting/1254d953-cb8e-44e2-a08f-ea4fc59c305d/export Wed, 12 Jan 2022 22:17:34 +0000 https://db.gcve.eu/sighting/14c5da60-0ef6-444f-842f-474905fc2f4a/export {"uuid": "14c5da60-0ef6-444f-842f-474905fc2f4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43969", "type": "seen", "source": "https://t.me/cibsecurity/38676", "content": "\u203c CVE-2021-43969 \u203c\n\nThe login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-10T20:19:01.000000Z"} {"uuid": "14c5da60-0ef6-444f-842f-474905fc2f4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43969", "type": "seen", "source": "https://t.me/cibsecurity/38676", "content": "\u203c CVE-2021-43969 \u203c\n\nThe login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-10T20:19:01.000000Z"} https://db.gcve.eu/sighting/14c5da60-0ef6-444f-842f-474905fc2f4a/export Thu, 10 Mar 2022 20:19:01 +0000 https://db.gcve.eu/sighting/141fdad5-41e1-4f75-b138-20a5c599e77f/export {"uuid": "141fdad5-41e1-4f75-b138-20a5c599e77f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43961", "type": "seen", "source": "https://t.me/cibsecurity/39185", "content": "\u203c CVE-2021-43961 \u203c\n\nSonatype Nexus Repository Manager 3.36.0 allows HTML Injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-18T01:22:02.000000Z"} {"uuid": "141fdad5-41e1-4f75-b138-20a5c599e77f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-43961", "type": "seen", "source": "https://t.me/cibsecurity/39185", "content": "\u203c CVE-2021-43961 \u203c\n\nSonatype Nexus Repository Manager 3.36.0 allows HTML Injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-18T01:22:02.000000Z"} https://db.gcve.eu/sighting/141fdad5-41e1-4f75-b138-20a5c599e77f/export Fri, 18 Mar 2022 01:22:02 +0000