https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 15 May 2026 22:45:41 +0000 https://db.gcve.eu/sighting/93251367-8007-458d-bf60-c5e5bb6cca05/export {"uuid": "93251367-8007-458d-bf60-c5e5bb6cca05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-mrqp-q7vx-v2cx", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113997351988993753", "content": "", "creation_timestamp": "2025-02-13T15:45:48.274327Z"} {"uuid": "93251367-8007-458d-bf60-c5e5bb6cca05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-mrqp-q7vx-v2cx", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113997351988993753", "content": "", "creation_timestamp": "2025-02-13T15:45:48.274327Z"} https://db.gcve.eu/sighting/93251367-8007-458d-bf60-c5e5bb6cca05/export Thu, 13 Feb 2025 15:45:48 +0000 https://db.gcve.eu/sighting/31db7885-fe2b-4834-ad33-190b55ae60ae/export {"uuid": "31db7885-fe2b-4834-ad33-190b55ae60ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-MRQP-Q7VX-V2CX", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4277", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26511\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-13T16:16:50.270\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://github.com/instaclustr/cassandra-lucene-index/security/advisories/GHSA-mrqp-q7vx-v2cx", "creation_timestamp": "2025-02-13T17:12:16.000000Z"} {"uuid": "31db7885-fe2b-4834-ad33-190b55ae60ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-MRQP-Q7VX-V2CX", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4277", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26511\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-13T16:16:50.270\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://github.com/instaclustr/cassandra-lucene-index/security/advisories/GHSA-mrqp-q7vx-v2cx", "creation_timestamp": "2025-02-13T17:12:16.000000Z"} https://db.gcve.eu/sighting/31db7885-fe2b-4834-ad33-190b55ae60ae/export Thu, 13 Feb 2025 17:12:16 +0000 https://db.gcve.eu/sighting/74bc771b-304a-46cc-bab0-58058b73ad11/export {"uuid": "74bc771b-304a-46cc-bab0-58058b73ad11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-MRQP-Q7VX-V2CX", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4386", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26511\n\ud83d\udd25 CVSS Score: 8.7 (CVSS_V3)\n\ud83d\udd39 Description: **Summary / Details**\nSystems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.0-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow authenticated Cassandra users to remotely bypass RBAC to access data and and escalate their privileges. \n\n**Affected Versions**\n- Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 \n- versions 4.1.0-1.0.0 through 4.1.8-1.0.0\nwhen installed into Apache Cassandra version 4.x.\n\n**Required Configuration for Exploit**\nThese are the conditions required to enable exploit:\n1. Cassandra 4.x\n2. Vulnerable version of the Cassandra-Lucene-Index plugin configured for use\n3. Data added to tables\n4. Lucene index created\n5. Cassandra flush has run\n\n**Mitigation/Prevention**\nMitigation requires dropping all Lucene indexes and stopping use of the plugin. Exploit will be possible any time the required conditions are met.\n\n**Solution**\nUpgrade to a fixed version of the Cassandra-Lucene-Index plugin. \nReview users in Cassandra to validate all superuser privileges.\n\ud83d\udccf Published: 2025-02-13T17:16:27Z\n\ud83d\udccf Modified: 2025-02-14T00:32:57Z\n\ud83d\udd17 References:\n1. https://github.com/instaclustr/cassandra-lucene-index/security/advisories/GHSA-mrqp-q7vx-v2cx\n2. https://nvd.nist.gov/vuln/detail/CVE-2025-26511\n3. https://github.com/instaclustr/cassandra-lucene-index/commit/94380b165bd3e597d3e22e47f8cc674ec7c7bf7f\n4. https://github.com/instaclustr/cassandra-lucene-index", "creation_timestamp": "2025-02-14T01:13:03.000000Z"} {"uuid": "74bc771b-304a-46cc-bab0-58058b73ad11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-MRQP-Q7VX-V2CX", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4386", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26511\n\ud83d\udd25 CVSS Score: 8.7 (CVSS_V3)\n\ud83d\udd39 Description: **Summary / Details**\nSystems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.0-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow authenticated Cassandra users to remotely bypass RBAC to access data and and escalate their privileges. \n\n**Affected Versions**\n- Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 \n- versions 4.1.0-1.0.0 through 4.1.8-1.0.0\nwhen installed into Apache Cassandra version 4.x.\n\n**Required Configuration for Exploit**\nThese are the conditions required to enable exploit:\n1. Cassandra 4.x\n2. Vulnerable version of the Cassandra-Lucene-Index plugin configured for use\n3. Data added to tables\n4. Lucene index created\n5. Cassandra flush has run\n\n**Mitigation/Prevention**\nMitigation requires dropping all Lucene indexes and stopping use of the plugin. Exploit will be possible any time the required conditions are met.\n\n**Solution**\nUpgrade to a fixed version of the Cassandra-Lucene-Index plugin. \nReview users in Cassandra to validate all superuser privileges.\n\ud83d\udccf Published: 2025-02-13T17:16:27Z\n\ud83d\udccf Modified: 2025-02-14T00:32:57Z\n\ud83d\udd17 References:\n1. https://github.com/instaclustr/cassandra-lucene-index/security/advisories/GHSA-mrqp-q7vx-v2cx\n2. https://nvd.nist.gov/vuln/detail/CVE-2025-26511\n3. https://github.com/instaclustr/cassandra-lucene-index/commit/94380b165bd3e597d3e22e47f8cc674ec7c7bf7f\n4. https://github.com/instaclustr/cassandra-lucene-index", "creation_timestamp": "2025-02-14T01:13:03.000000Z"} https://db.gcve.eu/sighting/74bc771b-304a-46cc-bab0-58058b73ad11/export Fri, 14 Feb 2025 01:13:03 +0000