CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

497 matches found

CNNVD•added 2024/07/01 12:0 a.m.•3 views

GeoServer Security Vulnerabilities

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer that stems from the fact that GeoServer lists all environment variables and Java attributes to users with administrati...

4.9CVSS6.8AI score0.00397EPSS

Exploits0References2

ATTACKERKB•added 2024/07/01 12:0 a.m.•148 views

CVE-2024-36401

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

9.8CVSS8.6AI score0.99813EPSS

In wildExploits26References6

CNNVD•added 2024/07/01 12:0 a.m.•19 views

GeoServer Code Injection Vulnerability

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code injection vulnerability exists in GeoServer that stems from insecurely resolving attribute names to XPath expressions, which could lead to remote code...

9.8CVSS8.2AI score0.99813EPSS

Exploits26References9

Saint•added 2024/06/27 12:0 a.m.•106 views

GeoServer JAI-EXT extension command injection

Added: 06/27/2024 Background GeoServer is an open source server for sharing geospatial data. Java Advanced Imaging JAI is an API which provides a set of high level objects for the image processing. JAI-EXT is an open source project which extends the JAI API. Jiffle is a map algebra language...

8AI score

Exploits0

Saint•added 2024/06/27 12:0 a.m.•242 views

GeoServer JAI-EXT extension command injection

8AI score

Exploits0

CISA KEV Catalog•added 2024/06/26 12:0 a.m.•34 views

OSGeo GeoServer JAI-EXT Code Injection Vulnerability

OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution...

10CVSS9.7AI score0.98684EPSS

In wildExploits1

Positive Technologies•added 2024/06/04 12:0 a.m.•6 views

PT-2024-4472

Name of the Vulnerable Software and Affected Versions GeoServer versions prior to 2.22.6, 2.23.6, 2.24.4, and 2.25.2 GeoTools versions prior to 29.6, 30.4, and 31.2 Description GeoServer, an open-source server used for sharing and editing geospatial data, contains a Remote Code Execution RCE...

10CVSS9.6AI score0.99813EPSS

Exploits26References300

CNVD•added 2024/03/22 12:0 a.m.•77 views

GeoServer Arbitrary File Upload Vulnerability

GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in GeoServer versions prior to 2.23.4 and 2.24.1, which stems from the application's lack of effective authentication of uploaded files. An...

7.2CVSS7.7AI score0.01867EPSS

Exploits1References1

CNVD•added 2024/03/22 12:0 a.m.•17 views

GeoServer Cross-Site Scripting Vulnerability

GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. A cross-site scripting vulnerability exists in GeoServer versions prior to 2.23.4 and 2.24.1, which stems from the application's lack of effective filtering and escaping of user-supplied...

4.8CVSS6.3AI score0.00405EPSS

Exploits0References1

NVD•added 2024/03/20 6:15 p.m.•12 views

CVE-2024-23821

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

4.8CVSS4.9AI score0.00405EPSS

Exploits0References3

NVD•added 2024/03/20 6:15 p.m.•8 views

CVE-2024-23818

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

4.8CVSS4.9AI score0.00426EPSS

Exploits0References5

NVD•added 2024/03/20 6:15 p.m.•20 views

CVE-2024-23643

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

4.8CVSS4.9AI score0.00426EPSS

Exploits0References4

NVD•added 2024/03/20 6:15 p.m.•29 views

CVE-2024-23819

4.8CVSS4.9AI score0.00426EPSS

Exploits0References5

NVD•added 2024/03/20 6:15 p.m.•17 views

CVE-2024-23642

4.8CVSS4.9AI score0.00426EPSS

Exploits0References5

Vulnrichment•added 2024/03/20 6:3 p.m.•16 views

CVE-2024-23821 GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)

4.8CVSS5.2AI score0.00405EPSS

Exploits0References3

OSV•added 2024/03/20 6:3 p.m.•15 views

CVE-2024-23821 GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)

4.8CVSS4.3AI score0.00405EPSS

Exploits0References5

CVE•added 2024/03/20 6:3 p.m.•101 views

CVE-2024-23821

GeoServer exposes a stored XSS in the GWC Demos Page. Affected: GeoServer with GWC Demos Page accessible to all users; vulnerability requires an authenticated administrator with workspace‑level privileges to store a JavaScript payload in the GeoServer catalog, which then executes in another user’...

4.8CVSS4.8AI score0.00405EPSS

Exploits0References3Affected Software1