{"vulnerability": "CVE-2021-3814", "sightings": [{"uuid": "4278d022-c1e2-4f88-903e-918ab083b19e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38147", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-38147.yaml", "content": "", "creation_timestamp": "2024-06-07T17:17:05.000000Z"}, {"uuid": "5d3e2b42-e67f-4bc3-b6a9-22fee3a01e8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38146", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-38146.yaml", "content": "", "creation_timestamp": "2024-06-07T17:11:41.000000Z"}, {"uuid": "21e3a47b-784c-487a-bc1f-f6b91e093cc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38141", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1315", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-38141 in OpenEMPI 4.04\nURL\uff1ahttps://github.com/connellmcg/CVE-2021-38141", "creation_timestamp": "2022-01-13T16:24:17.000000Z"}, {"uuid": "7b404836-f1d3-4b03-91df-561cc32d8daa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38147", "type": "seen", "source": "https://t.me/cibsecurity/33022", "content": "\u203c CVE-2021-38147 \u203c\n\nWipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-29T12:33:17.000000Z"}, {"uuid": "98c9bbfc-358c-4d81-8db3-162481d17d0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38148", "type": "seen", "source": "https://t.me/cibsecurity/26965", "content": "\u203c CVE-2021-38148 \u203c\n\nObsidian before 0.12.12 does not require user confirmation for non-http/https URLs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-07T07:33:47.000000Z"}, {"uuid": "625734bc-0ea5-4076-bb82-03bc37b00b0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38149", "type": "seen", "source": "https://t.me/cibsecurity/26924", "content": "\u203c CVE-2021-38149 \u203c\n\nindex.php/admin/add_user in Chikitsa Patient Management System 2.0.0 allows XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T16:32:39.000000Z"}, {"uuid": "b7075f3e-a3e4-4c29-8a9a-1984d51f80d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38142", "type": "seen", "source": "https://t.me/cibsecurity/28378", "content": "\u203c CVE-2021-38142 \u203c\n\nBarco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-07T22:22:40.000000Z"}]}