PT-2026-2375

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

EUVD-2021-15078

Malware in sbrugna...

EUVD-2025-17815

Malicious code in bioql PyPI...

GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint

Impact GeoNetwork WFS Index functionality is affected by GeoTools XML External Entity XXE vulnerability during schema validation. This vulnerability is particularly severe as the REST API endpoint was not secured, potentially allowing unauthenticated attackers to read sensitive files Patches...

CVE-2025-30220

Geoserver-related CVE-2025-30220 is an XXE processing vulnerability in the GeoTools gt-xsd-core handling used by GeoServer WFS. The issue arises when building in‑memory XSD schemas without applying a proper EntityResolver, enabling unauthenticated attackers to exfiltrate local files and trigger S...

CVE-2024-32037

GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software...