182 matches found
CVE-2022-37021
Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15 and Java 11. ...
CVE-2022-37023
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details o...
Cross-site Request Forgery (CSRF)
Apache Geode is vulnerable to cross-site request forgery CSRF. The vulnerability is due to unsafe acceptance of state-changing GET requests in the Management and Monitoring REST API, allowing attackers who obtain a user’s session credentials to trigger malicious commands on behalf of the...
Apache Geode Cross-Site Request Forgery Vulnerability (CNVD-2025-25375)
Apache Geode is the Apache Foundation's suite of management platforms for distributed cloud architectures that provide real-time and consistent access to data for data-intensive applications. Apache Geode suffers from a cross-site request forgery vulnerability, which arises when a web application...
EUVD-2025-34997
Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...
CVE-2025-47410 Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system
Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...
Apache Geode 跨站请求伪造漏洞
Apache Geode is the Apache Foundation's suite of management platforms for distributed cloud architectures that provide real-time and consistent access to data for data-intensive applications. Apache Geode suffers from a cross-site request forgery vulnerability, which arises when a web application...
CVE-2024-44088
Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...
EUVD-2024-55032
Apache Geode web-api is vulnerable to Cross-site Scripting...
CVE-2024-44088
Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...
CVE-2024-44088
Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...
CVE-2024-44088 Apache Geode: Reflected XSS
Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...
CVE-2024-44088
Apache Geode web-api (REST) is affected by a Cross-site Scripting (XSS) vulnerability that can be exploited when a logged-in user is tricked into clicking a crafted link, potentially enabling code execution on the victim page and leading to session information theft or account takeover. All Geode...
CVE-2024-44088 Apache Geode: Reflected XSS
Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...
PT-2025-41925
Name of the Vulnerable Software and Affected Versions Apache Geode versions prior to 1.15.2 Description A malicious script injection issue exists in the Apache Geode web-api REST. An attacker can trick a logged-in user into clicking a specially-crafted link, leading to code execution on the...
Apache Geode 安全漏洞
Apache Geode is a U.S.-based Apache Foundation suite of management platforms used in distributed cloud architectures to provide real-time and consistent access to data for data-intensive applications. A security vulnerability exists in Apache Geode versions prior to 1.15.2 that originates from we...
EUVD-2019-0553
Malware in sbrugna...
EUVD-2022-1987
Malicious code in bioql PyPI...
EUVD-2022-6916
Malicious code in bioql PyPI...
EUVD-2022-0653
Malicious code in bioql PyPI...