CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

477 matches found

GeoServer WPS - Server Side Request Forgery

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...

9.8CVSS7.2AI score0.89488EPSS

Exploits0References4

Nuclei•added yesterday•20 views

GeoServer WFS - XXE Processing Vulnerability

GeoServer Web Feature Service WFS is vulnerable to an XML External Entity XXE processing attack due to improper handling of XML input. This vulnerability allows attackers to perform Out-of-Band OOB data exfiltration and Server-Side Request Forgery SSRF by exploiting the GeoTools library. id:...

9.9CVSS5.8AI score0.13939EPSS

Exploits1References6

Nuclei•added yesterday•11 views

GeoServer Demo Request Endpoint - Server Side Request Forgery

It is possible to achieve Server Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. An unauthenticated user can supply a request that will be issued by the server, allowing enumeration of internal networks and, in the case of cloud instances, access to...

8.2CVSS5.7AI score0.06989EPSS

Exploits0References4

Nuclei•added yesterday•11 views

GeoServer - Missing Authorization on REST API Index

GeoServer contains a missing authorization vulnerability that allows unauthorized access to the REST API Index page, potentially exposing sensitive configuration information. id: CVE-2025-27505 info: name: GeoServer - Missing Authorization on REST API Index author: securitytaters severity: medium...

5.3CVSS5.8AI score0.00894EPSS

Exploits0References3

GithubExploit•added 2 days ago•50 views

Exploit for Eval Injection in Geoserver

CVE-2024-36401 — Unauthenticated RCE in GeoServer !CVEhttp...

9.8CVSS7.6AI score0.94425EPSS

Exploits24

Nuclei•added 2 days ago•33 views

Geoserver - Server-Side Request Forgery

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option for setting a proxy host. id: CVE-2021-40822 info: name: Geoserver - Server-Side Request Forgery author: For3stCo1d,aringo-bf severity: high description: GeoServer through 2.18.5 and 2.19.x throug...

7.5CVSS7.1AI score0.93253EPSS

Exploits0References5

Nuclei•added 4 days ago•60 views

GeoServer and GeoTools - Remote Code Execution

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

9.8CVSS7.4AI score0.94425EPSS

Exploits25References3

Nuclei•added 4 days ago•64 views

GeoServer RCE in Evaluating Property Name Expressions

In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expression...

9.8CVSS7.3AI score0.94425EPSS

Exploits24References4

Nuclei•added 4 days ago•19 views

GeoServer - XML External Entity Injection

GeoServer 2.26.0 to 2.26.2 and 2.25.6 contains an XML External Entity XXE injection caused by insufficient sanitization of XML input in /geoserver/wms GetMap operation, letting attackers disclose files or cause DoS, exploit requires crafted XML input. id: CVE-2025-58360 info: name: GeoServer - XM...

9.8CVSS6AI score0.81395EPSS

Exploits4References2

GithubExploit•added 6 days ago•57 views

Exploit for Code Injection in Geoserver

CV...

9.8CVSS7.4AI score0.94425EPSS

Exploits24

Nuclei•added 2026/05/29 3:59 a.m.•174 views

GeoServer <1.2.2 - Remote Code Execution

Programs run on GeoServer before 1.2.2 which use jt-jiffle and allow Jiffle script to be provided via network request are susceptible to remote code execution. The Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects downstream GeoServer 1.1.22. id:...

10CVSS7.6AI score0.9402EPSS

Exploits1References5

Nuclei•added 2026/05/28 5:39 a.m.•81 views

GeoServer OGC Filter - SQL Injection

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

9.8CVSS7.3AI score0.94057EPSS

Exploits2References5