Lucene search
+L

82 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-1623

Malicious code in bioql PyPI...

7.2CVSS6.9AI score0.01465EPSS
Exploits0References4
CISA
CISA
added 2025/09/23 12:0 p.m.10 views

CISA Releases Advisory on Lessons Learned from an Incident Response Engagement

Today, CISA released a cybersecurity advisory detailing lessons learned from an incident response engagement following the detection of potential malicious activity identified through security alerts generated by the agency’s endpoint detection and response tool. This advisory, CISA Shares Lesson...

9.8CVSS6.9AI score0.99813EPSS
In wildExploits25References4
The Hacker News
The Hacker News
added 2025/08/23 7:38 a.m.13 views

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

Cybersecurity researchers are calling attention to multiple campaigns that are taking advantage of known security vulnerabilities and exposed Redis servers to various malicious activities, including leveraging the compromised devices as IoT botnets, residential proxies, or cryptocurrency mining...

9.8CVSS10AI score0.99813EPSS
Exploits25
RedhatCVE
RedhatCVE
added 2025/06/12 3:21 p.m.10 views

CVE-2025-30145

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This...

7.5CVSS7.3AI score0.00432EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/12 3:21 p.m.11 views

CVE-2025-30220

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in...

9.9CVSS9.1AI score0.50825EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/12 3:21 p.m.8 views

CVE-2025-27505

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. The REST API index can...

5.3CVSS5.1AI score0.01022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/12 3:21 p.m.14 views

CVE-2024-34711

GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities XEE attack, then send GET request to any HTTP server. By default, GeoServer use...

9.3CVSS9.2AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/12 3:21 p.m.10 views

CVE-2024-40625

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allows attackers to upload files with a specified url with method equals 'url' with no restrict. This vulnerability is fix...

5.5CVSS5.3AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/12 3:21 p.m.6 views

CVE-2024-38524

GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPageHttpServletRequest, HttpServletResponse has no check to hide potentially sensitive information from users except for a hidden system property to hide the...

7.5CVSS4.9AI score0.00372EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/12 3:21 p.m.5 views

CVE-2024-29198

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the...

8.2CVSS7.5AI score0.01923EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/06/10 8:10 p.m.26 views

[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service

Summary GeoServer Web Feature Service WFS web service was found to be vulnerable to GeoTools CVE-2025-30220 XML External Entity XXE processing attack. It is possible to trigger the parsing of external DTDs and entities, bypassing standard entity resolvers. This allows for Out-of-Band OOB data...

9.9CVSS9.2AI score0.50825EPSS
Exploits1References9Affected Software2
Github Security Blog
Github Security Blog
added 2025/06/10 7:44 p.m.13 views

GeoServer Infinite Loop Vulnerability in Jiffle process

Summary Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. Details The Jiffle language supports multiple loop constructs that will cause its code block...

7.5CVSS7.5AI score0.00432EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2025/06/10 7:44 p.m.12 views

GHSA-GR67-PWCV-76GF GeoServer Infinite Loop Vulnerability in Jiffle process

Summary Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. Details The Jiffle language supports multiple loop constructs that will cause its code block...

7.5CVSS7.1AI score0.00432EPSS
Exploits0References5
NVD
NVD
added 2025/06/10 4:15 p.m.21 views

CVE-2025-30220

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in...

9.9CVSS0.50825EPSS
Exploits1References7
CVE
CVE
added 2025/06/10 3:16 p.m.238 views

CVE-2025-30220

Geoserver-related CVE-2025-30220 is an XXE processing vulnerability in the GeoTools gt-xsd-core handling used by GeoServer WFS. The issue arises when building in‑memory XSD schemas without applying a proper EntityResolver, enabling unauthenticated attackers to exfiltrate local files and trigger S...

9.9CVSS9.3AI score0.50825EPSS
In wildExploits1References7Affected Software3
NVD
NVD
added 2025/06/10 3:15 p.m.13 views

CVE-2025-30145

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This...

7.5CVSS0.00432EPSS
Exploits0References3
NVD
NVD
added 2025/06/10 3:15 p.m.22 views

CVE-2025-27505

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. The REST API index can...

5.3CVSS0.01022EPSS
Exploits0References4
NVD
NVD
added 2025/06/10 3:15 p.m.40 views

CVE-2024-34711

GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities XEE attack, then send GET request to any HTTP server. By default, GeoServer use...

9.3CVSS0.00262EPSS
Exploits0References2
NVD
NVD
added 2025/06/10 3:15 p.m.11 views

CVE-2024-38524

GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPageHttpServletRequest, HttpServletResponse has no check to hide potentially sensitive information from users except for a hidden system property to hide the...

7.5CVSS0.00372EPSS
Exploits1References5
NVD
NVD
added 2025/06/10 3:15 p.m.12 views

CVE-2024-29198

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the...

8.2CVSS0.01923EPSS
Exploits0References3
Rows per page
Query Builder