https://db.gcve.eu/sightings/feedMost recent sightings.2026-05-15T08:07:40.434750+00:00Vulnerability-Lookupinfo@gcve.eupython-feedgenContains only the most 10 recent sightings.https://db.gcve.eu/sighting/07fe3c47-86f9-4530-b110-02a550dd3031/export07fe3c47-86f9-4530-b110-02a550dd30312026-05-15T08:07:40.669644+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "07fe3c47-86f9-4530-b110-02a550dd3031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23217", "type": "seen", "source": "https://t.me/cvedetector/17398", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-23217 - Mitmweb SSRF Proxy Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-23217 \nPublished : Feb. 6, 2025, 6:15 p.m. | 25\u00a0minutes ago \nDescription : mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server (bound to `*:8080` by default) to access mitmweb's internal API (bound to `127.0.0.1:8081` by default). In other words, while the cannot access the API directly, they can access the API through the proxy. An attacker may be able to escalate this SSRF-style access to remote code execution. The mitmproxy and mitmdump tools are unaffected. Only mitmweb is affected. This vulnerability has been fixed in mitmproxy 11.1.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"06 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-06T20:14:50.000000Z"}2025-02-06T20:14:50+00:00https://db.gcve.eu/sighting/e4493d97-9d90-4b1a-accb-96c2da17baf0/exporte4493d97-9d90-4b1a-accb-96c2da17baf02026-05-15T08:07:40.669595+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "e4493d97-9d90-4b1a-accb-96c2da17baf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23218", "type": "seen", "source": "Telegram/ycJJ40upQQHFCPrjQqS1KyUsWYsMMwSiWg8vSySp2rDnsb9e", "content": "", "creation_timestamp": "2025-02-18T21:38:56.000000Z"}2025-02-18T21:38:56+00:00https://db.gcve.eu/sighting/0eb6b138-f0e9-413c-955f-54afd06f4d1e/export0eb6b138-f0e9-413c-955f-54afd06f4d1e2026-05-15T08:07:40.669536+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "0eb6b138-f0e9-413c-955f-54afd06f4d1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2321", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7681", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2321\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this issue is some unknown functionality of the file /api/mjkj-chat/cgform-api/addData/. The manipulation of the argument chatUserID leads to business logic errors. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-03-15T12:00:10.514Z\n\ud83d\udccf Modified: 2025-03-15T12:00:10.514Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299750\n2. https://vuldb.com/?ctiid.299750\n3. https://vuldb.com/?submit.505690\n4. https://www.cnblogs.com/aibot/p/18732250", "creation_timestamp": "2025-03-15T12:44:38.000000Z"}2025-03-15T12:44:38+00:00https://db.gcve.eu/sighting/2c9581a4-889c-4903-9f59-5c3345560939/export2c9581a4-889c-4903-9f59-5c33455609392026-05-15T08:07:40.669466+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "2c9581a4-889c-4903-9f59-5c3345560939", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2321", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkgfmsfqlg2x", "content": "", "creation_timestamp": "2025-03-15T15:06:16.685431Z"}2025-03-15T15:06:16.685431+00:00https://db.gcve.eu/sighting/3db223dc-1b33-47ec-b7dc-2384b287df3e/export3db223dc-1b33-47ec-b7dc-2384b287df3e2026-05-15T08:07:40.669407+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "3db223dc-1b33-47ec-b7dc-2384b287df3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2321", "type": "seen", "source": "https://t.me/cvedetector/20367", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2321 - Springboot OpenAI ChatGPT Remote Business Logic Error Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-2321 \nPublished : March 15, 2025, 12:15 p.m. | 1\u00a0hour, 49\u00a0minutes ago \nDescription : A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this issue is some unknown functionality of the file /api/mjkj-chat/cgform-api/addData/. The manipulation of the argument chatUserID leads to business logic errors. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-15T15:17:12.000000Z"}2025-03-15T15:17:12+00:00https://db.gcve.eu/sighting/01772b21-e852-4480-869a-f67745a19f36/export01772b21-e852-4480-869a-f67745a19f362026-05-15T08:07:40.669346+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "01772b21-e852-4480-869a-f67745a19f36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23215", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10563", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23215\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear)\n\ud83d\udd39 Description: PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its passphrase is, it must also be considered potentially compromised. As a mitigation, both compromised keys have been revoked so that no future use of the keys are possible. Note, that the published artifacts in Maven Central under the group id net.sourceforge.pmd are not compromised and the signatures are valid.\n\ud83d\udccf Published: 2025-01-31T15:25:53.026Z\n\ud83d\udccf Modified: 2025-04-04T21:08:48.961Z\n\ud83d\udd17 References:\n1. https://github.com/pmd/pmd/security/advisories/GHSA-88m4-h43f-wx84\n2. https://github.com/pmd/pmd-designer/commit/1548f5f27ba2981b890827fecbd0612fa70a0362\n3. https://github.com/pmd/pmd-designer/commit/e87a45312753ec46b3e5576c6f6ac1f7de2f5891", "creation_timestamp": "2025-04-04T21:36:15.000000Z"}2025-04-04T21:36:15+00:00https://db.gcve.eu/sighting/e4c973b3-b85f-4ff1-a585-e79b986afa24/exporte4c973b3-b85f-4ff1-a585-e79b986afa242026-05-15T08:07:40.669288+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "e4c973b3-b85f-4ff1-a585-e79b986afa24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23211", "type": "published-proof-of-concept", "source": "https://t.me/information_security_channel/53524", "content": "CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution\nhttps://www.offsec.com/blog/cve-2025-23211/\n\nA criticial SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise. \nThe post CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution (https://www.offsec.com/blog/cve-2025-23211/) appeared first on OffSec (https://www.offsec.com/).", "creation_timestamp": "2025-05-08T21:17:38.000000Z"}2025-05-08T21:17:38+00:00https://db.gcve.eu/sighting/8b6488ff-9951-4e76-9c07-c4ed9aba79f6/export8b6488ff-9951-4e76-9c07-c4ed9aba79f62026-05-15T08:07:40.669232+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "8b6488ff-9951-4e76-9c07-c4ed9aba79f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23212", "type": "seen", "source": "MISP/d0bda5d9-8cbc-4c6c-8803-a5e3150f9ec2", "content": "", "creation_timestamp": "2025-09-01T19:03:02.000000Z"}2025-09-01T19:03:02+00:00https://db.gcve.eu/sighting/9e85a9bd-69ba-45d4-b0d1-f0f4c3472835/export9e85a9bd-69ba-45d4-b0d1-f0f4c34728352026-05-15T08:07:40.669143+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "9e85a9bd-69ba-45d4-b0d1-f0f4c3472835", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23213", "type": "seen", "source": "MISP/d0bda5d9-8cbc-4c6c-8803-a5e3150f9ec2", "content": "", "creation_timestamp": "2025-09-01T19:03:02.000000Z"}2025-09-01T19:03:02+00:00https://db.gcve.eu/sighting/b65b6f75-3d20-4451-84bd-83f0f87e4d8a/exportb65b6f75-3d20-4451-84bd-83f0f87e4d8a2026-05-15T08:07:40.667962+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "b65b6f75-3d20-4451-84bd-83f0f87e4d8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23210", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/50333", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPOC for the vuln CVE-2025-23210\nURL\uff1ahttps://github.com/s0ck37/CVE-2025-23210-POC\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-09-05T06:01:23.000000Z"}2025-09-05T06:01:23+00:00