{"vulnerability": "CVE-2021-3644", "sightings": [{"uuid": "663c3985-d1b9-4ab4-aeb0-f3794993b2b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36443", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8909", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-36443\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.\n\ud83d\udccf Published: 2023-02-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-26T16:24:32.854Z\n\ud83d\udd17 References:\n1. https://github.com/peacexie/imcat/issues/9", "creation_timestamp": "2025-03-26T17:25:40.000000Z"}, {"uuid": "6221bc75-3b93-4542-8d9f-76e48dd35af1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36440", "type": "seen", "source": "https://t.me/cibsecurity/28536", "content": "\u203c CVE-2021-36440 \u203c\n\nUnrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-09T00:28:49.000000Z"}, {"uuid": "148b9c5b-d490-4272-b426-b16bb8b9986f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36444", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8910", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-36444\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page.\n\ud83d\udccf Published: 2023-02-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-26T16:23:35.425Z\n\ud83d\udd17 References:\n1. https://github.com/peacexie/imcat/issues/9", "creation_timestamp": "2025-03-26T17:25:41.000000Z"}, {"uuid": "f03e1ad7-192f-4b07-8dc7-1910a8318465", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3644", "type": "seen", "source": "https://t.me/cibsecurity/48900", "content": "\u203c CVE-2021-3644 \u203c\n\nA flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-26T20:30:38.000000Z"}, {"uuid": "f699c4fe-02f0-4cae-9e66-11176815cb87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36443", "type": "seen", "source": "https://t.me/cibsecurity/57492", "content": "\u203c CVE-2021-36443 \u203c\n\nCross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T20:25:46.000000Z"}]}