Lucene search
+L

505 matches found

Chainguard
Chainguard
added 2026/04/17 7:17 p.m.14 views

CVE-2026-39304 vulnerabilities

Vulnerabilities for packages: zipkin, apache-activemq-artemis, geoserver...

7.5CVSS5.1AI score0.00896EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/17 7:17 p.m.8 views

CVE-2026-33227 vulnerabilities

Vulnerabilities for packages: zipkin, apache-activemq-artemis, geoserver...

4.3CVSS5.1AI score0.00419EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/17 7:17 p.m.9 views

GHSA-H2H4-5M64-M273 vulnerabilities

Vulnerabilities for packages: zipkin, apache-activemq-artemis, geoserver...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/04/17 7:17 p.m.10 views

CVE-2026-34197 vulnerabilities

Vulnerabilities for packages: geoserver, apache-activemq, apache-activemq-fips...

8.8CVSS6.7AI score0.96666EPSS
Exploits14
Chainguard
Chainguard
added 2026/04/17 7:17 p.m.10 views

GHSA-RXPJ-7QVF-XV32 vulnerabilities

Vulnerabilities for packages: geoserver, apache-activemq, apache-activemq-fips...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/03/18 7:17 p.m.5 views

GHSA-C825-6PH3-4H84 vulnerabilities

Vulnerabilities for packages: geoserver...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/03/18 7:17 p.m.5 views

GHSA-HFG5-XPVW-C9X4 vulnerabilities

Vulnerabilities for packages: geoserver...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/03/18 7:17 p.m.9 views

CVE-2025-66168 vulnerabilities

Vulnerabilities for packages: geoserver...

8.8CVSS5.8AI score0.0078EPSS
Exploits0
Chainguard
Chainguard
added 2026/03/18 7:17 p.m.12 views

CVE-2020-11971 vulnerabilities

Vulnerabilities for packages: geoserver...

7.5CVSS5.8AI score0.14331EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 9:1 a.m.7 views

CVE-2023-43795

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...

9.8CVSS6.7AI score0.67715EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/12/31 3:49 a.m.238 views

Exploit for Improper Restriction of XML External Entity Reference in Geoserver

During my geoserver analysis I found another way to attack una...

9.8CVSS7.2AI score0.67357EPSS
Exploits4
Metasploit
Metasploit
added 2025/12/30 6:58 p.m.406 views

GeoServer WMS GetMap XXE Arbitrary File Read

This module exploits an XML External Entity XXE vulnerability in GeoServer via the WMS GetMap operation. The vulnerability allows reading arbitrary files from the server's file system by injecting an XXE entity in the SLD Styled Layer Descriptor. Affected versions: - GeoServer = 2.26.0, use...

9.8CVSS6.1AI score0.67357EPSS
Exploits4
Veracode
Veracode
added 2025/12/13 4:53 a.m.6 views

XML External Entity (XXE)

GeoServer is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of XML entity resolution in schema parsing, which allows an attacker to exploit external entity references to access sensitive data or perform unauthorized actions...

9.9CVSS5.3AI score0.50825EPSS
Exploits1References9Affected Software2
GithubExploit
GithubExploit
added 2025/12/12 6:51 p.m.197 views

Exploit for Improper Restriction of XML External Entity Reference in Geoserver

CVE-2025-58360: GeoServer XXE Lab Unauthenticated XML Ext...

9.8CVSS7.5AI score0.67357EPSS
Exploits4
NCSC
NCSC
added 2025/12/12 9:2 a.m.9 views

Vulnerability fixed in GeoServer

OSGeo has fixed a vulnerability in GeoServer. The vulnerability is in the way GeoServer processes XML input, specifically via the /geoserver/wms GetMap operation. Improper sanitation of XML input allows attackers to disclose sensitive files or conduct denial-of-service attacks using custom XML...

9.8CVSS6.5AI score0.67357EPSS
Exploits4References1
GithubExploit
GithubExploit
added 2025/12/12 6:33 a.m.182 views

Exploit for Improper Restriction of XML External Entity Reference in Geoserver

CVE-ID How does this detection method work? How do...

9.8CVSS6.7AI score0.67357EPSS
Exploits4
The Hacker News
The Hacker News
added 2025/12/12 5:1 a.m.21 views

CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-58360 CVSS...

9.8CVSS7.1AI score0.99813EPSS
Exploits29
CISA
CISA
added 2025/12/11 12:0 p.m.8 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-58360link is external OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability This type of vulnerability is a frequent attack...

9.8CVSS6.9AI score0.67357EPSS
In wildExploits4References6
CISA KEV Catalog
CISA KEV Catalog
added 2025/12/11 12:0 a.m.13 views

OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability

OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation GetMap and could allow an attacker to define external entities within the XML request...

9.8CVSS6.8AI score0.67357EPSS
In wildExploits4
VulnCheck KEV
VulnCheck KEV
added 2025/12/05 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-58360

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...

9.8CVSS5.7AI score0.67357EPSS
In wildExploits4References169
Rows per page
Query Builder