CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added last week•6 views

CVE-2026-44672

CVE-2026-44672 affects mapfish-print, a component of MapFish for templated map printing. The vulnerability exists in the Dynamic table handling for versions 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, allowing an unauthenticated attacker to execute arbitrary code (Remote Code ...

EUVD•added last week•4 views

EUVD-2026-32909

Vulnrichment•added last week•3 views

CVE-2026-44672 mapfish-print: Remote Code Injection (RCE) in Dynamic table

Cvelist•added last week•22 views

CVE-2026-44672 mapfish-print: Remote Code Injection (RCE) in Dynamic table

9.3CVSS0.00102EPSS

ATTACKERKB•added last week•4 views

CVE-2026-44672

Exploits0References2Affected Software4

CNNVD•added 2026/05/28 12:0 a.m.•4 views

mapfish-print 代码注入漏洞

Mapfish-Print is a JAVA extension library created by individual developers for creating maps-related reports. This extension library is based on Java’s servlet/lib/application framework and can implement a service that receives requests and returns reports. Versions of Mapfish-Print from 3.23.0 t...

Github Security Blog•added 2026/05/13 1:35 a.m.•5 views

Mapfish Print: Remote Code Injection (RCE) in Dynamic table

Impact The attacker can execute arbitrary code without being authenticated Mitigation Upgrade to a patched version please check affected/patched version matrix Credits Bug Bounty of Canton du Jura...

Exploits0References2Affected Software2

Snyk•added 2026/05/13 1:35 a.m.•2 views

Arbitrary Code Injection

Overview org.mapfish.print:print-lib is a component of MapFish for printing templated cartographic maps. Affected versions of this package are vulnerable to Arbitrary Code Injection via the dynamic table. An attacker can execute arbitrary code by sending specially crafted requests without...

9.8CVSS6.2AI score0.00102EPSS

OSV•added 2026/05/13 1:35 a.m.•6 views

GHSA-Q7M6-WPVF-MVWX Mapfish Print: Remote Code Injection (RCE) in Dynamic table

Impact The attacker can execute arbitrary code without being authenticated Mitigation Upgrade to a patched version please check affected/patched version matrix Credits Bug Bounty of Canton du Jura...

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-0572

Malware in sbrugna...

9.3CVSS9AI score0.00342EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-0574

Malware in sbrugna...

9.3CVSS6.8AI score0.00311EPSS

Exploits0References4

RedhatCVE•added 2025/02/05 2:53 p.m.•5 views

CVE-2020-15232

In mapfish-print before version 3.24, a user can do to an XML External Entity XXE attack with the provided SDL style...

9.3CVSS6.7AI score0.00342EPSS

Exploits0

RedhatCVE•added 2025/02/05 2:47 p.m.•6 views

CVE-2020-15231

In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting...

9.3CVSS6.6AI score0.00311EPSS

Exploits0References4

Veracode•added 2020/10/05 4:48 a.m.•10 views

Cross-Site Scripting (XSS)

mapfish-print is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via JSONP...

9.3CVSS3.7AI score0.00311EPSS

Exploits0References3Affected Software3

NVD•added 2020/10/02 8:15 p.m.•10 views

CVE-2020-15232

In mapfish-print before version 3.24, a user can do to an XML External Entity XXE attack with the provided SDL style...

9.3CVSS0.00342EPSS

OSV•added 2020/10/02 8:15 p.m.•12 views

CVE-2020-15232

In mapfish-print before version 3.24, a user can do to an XML External Entity XXE attack with the provided SDL style...

9.1CVSS6.8AI score