CVE-2026-42030

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

CVE-2025-67260

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack...

CVE-2025-67260

CVE-2025-67260 is a reserved candidate with no initial public detail, but a connected report documents an arbitrary file upload vulnerability in Terrapack software. Affected components include Terrapack TkWebCoreNG 1.0.20200914, TKServerCGI 2.5.4.150, and TpkWebGIS - Client 1.0.0. The flaw could ...

CVE-2025-67260

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack...

PT-2026-26625

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack...

Terrapack Arbitrary File Upload

Terrapack software suffers from an arbitrary file upload vulnerability that may allow attackers to execute arbitrary code. Affected software includes Terrapack TkWebCoreNG version 1.0.20200914, TKServerCGI version 2.5.4.150, and TpkWebGIS - Client version 1.0.0...