https://db.gcve.eu/sightings/feed 2026-05-10T00:51:05.638819+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/025aefac-c8ea-406c-9caf-3d276665155d/export 2026-05-10T00:51:05.841124+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "025aefac-c8ea-406c-9caf-3d276665155d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56511", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lffloqc5nu2l", "content": "", "creation_timestamp": "2025-01-10T16:16:06.188289Z"} 2025-01-10T16:16:06.188289+00:00 https://db.gcve.eu/sighting/09b47156-42a3-42ae-8ca3-b09ac296b6d1/export 2026-05-10T00:51:05.841068+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "09b47156-42a3-42ae-8ca3-b09ac296b6d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56511", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1175", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56511\n\ud83d\udd39 Description: DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.filter.TokenFilter class, \u201drequest.getRequestURI\u201c is used to obtain the request URL, and it is passed to the \"WhitelistUtils.match\" method to determine whether the URL request is an interface that does not require authentication. The \"match\" method filters semicolons, but this is not enough. When users set \"server.servlet.context-path\" when deploying products, there is still a risk of being bypassed, which can be bypassed by any whitelist prefix /geo/../context-path/. The vulnerability has been fixed in v2.10.4.\n\ud83d\udccf Published: 2025-01-10T15:19:13.173Z\n\ud83d\udccf Modified: 2025-01-10T16:40:28.039Z\n\ud83d\udd17 References:\n1. https://github.com/dataease/dataease/security/advisories/GHSA-9f69-p73j-m73x", "creation_timestamp": "2025-01-10T17:04:01.000000Z"} 2025-01-10T17:04:01+00:00 https://db.gcve.eu/sighting/7feffb97-8a9d-45c1-a86f-fadf1f63eac9/export 2026-05-10T00:51:05.841013+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "7feffb97-8a9d-45c1-a86f-fadf1f63eac9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56511", "type": "seen", "source": "https://t.me/cvedetector/14967", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56511 - DataEase Unauthorized Access Bypass Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56511 \nPublished : Jan. 10, 2025, 4:15 p.m. | 38\u00a0minutes ago \nDescription : DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.filter.TokenFilter class, \u201drequest.getRequestURI\u201c is used to obtain the request URL, and it is passed to the \"WhitelistUtils.match\" method to determine whether the URL request is an interface that does not require authentication. The \"match\" method filters semicolons, but this is not enough. When users set \"server.servlet.context-path\" when deploying products, there is still a risk of being bypassed, which can be bypassed by any whitelist prefix /geo/../context-path/. The vulnerability has been fixed in v2.10.4. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"10 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-10T18:00:49.000000Z"} 2025-01-10T18:00:49+00:00 https://db.gcve.eu/sighting/b6b74e08-cd74-42bb-8036-4348c22c133e/export 2026-05-10T00:51:05.840967+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "b6b74e08-cd74-42bb-8036-4348c22c133e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56511", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lfoarsbxvz2r", "content": "", "creation_timestamp": "2025-01-14T02:54:55.797158Z"} 2025-01-14T02:54:55.797158+00:00 https://db.gcve.eu/sighting/d018924a-b21c-4405-a6f9-49b1fd77e320/export 2026-05-10T00:51:05.840921+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "d018924a-b21c-4405-a6f9-49b1fd77e320", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56515", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3vjtn5y2n", "content": "", "creation_timestamp": "2025-01-16T20:16:10.169954Z"} 2025-01-16T20:16:10.169954+00:00 https://db.gcve.eu/sighting/2cf37895-8b00-4f86-b629-0aa4f0781f28/export 2026-05-10T00:51:05.840873+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "2cf37895-8b00-4f86-b629-0aa4f0781f28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56511", "type": "seen", "source": "Telegram/Ae4a-7LZgDUT9R61I3HEpK06HPHIjPCPLsnM4Z2Lzvo3M84A", "content": "", "creation_timestamp": "2025-02-20T23:26:55.000000Z"} 2025-02-20T23:26:55+00:00 https://db.gcve.eu/sighting/3e8461bd-c3f6-4363-b293-5c20b151b2cb/export 2026-05-10T00:51:05.840816+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "3e8461bd-c3f6-4363-b293-5c20b151b2cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56518", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12271", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56518\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI.\n\ud83d\udccf Published: 2025-04-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-17T16:12:30.676Z\n\ud83d\udd17 References:\n1. https://docs.hazelcast.com/management-center/6.0-snapshot/getting-started/install\n2. https://gist.github.com/azraelxuemo/c3d42739aa3306a41111ef603dc65b4c", "creation_timestamp": "2025-04-17T16:58:31.000000Z"} 2025-04-17T16:58:31+00:00 https://db.gcve.eu/sighting/7c0e21d6-88cf-4aa5-9bfb-8ec1a3dea602/export 2026-05-10T00:51:05.840764+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "7c0e21d6-88cf-4aa5-9bfb-8ec1a3dea602", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56512", "type": "seen", "source": "MISP/3445a876-cced-4346-bf37-e276ba39cff4", "content": "", "creation_timestamp": "2025-09-02T18:30:14.000000Z"} 2025-09-02T18:30:14+00:00 https://db.gcve.eu/sighting/044739fa-28ed-4e5b-a263-94085315e04d/export 2026-05-10T00:51:05.840687+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "044739fa-28ed-4e5b-a263-94085315e04d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56511", "type": "seen", "source": "MISP/3445a876-cced-4346-bf37-e276ba39cff4", "content": "", "creation_timestamp": "2025-09-02T18:30:14.000000Z"} 2025-09-02T18:30:14+00:00 https://db.gcve.eu/sighting/5a30111b-d28d-41e6-b8d2-24b148a36b13/export 2026-05-10T00:51:05.839572+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "5a30111b-d28d-41e6-b8d2-24b148a36b13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-56513", "type": "seen", "source": "MISP/dd71e3c5-20f7-409a-8bcc-8df3cd8022a7", "content": "", "creation_timestamp": "2025-09-03T13:30:06.000000Z"} 2025-09-03T13:30:06+00:00