Lucene search
K

49 matches found

CVE
CVE
added 2024/07/26 8:52 p.m.61 views

CVE-2024-41118

The CVE-2024-41118 entry concerns the open-source project streamlit-geospatial, where prior to commit c4f81d9616d40c60584e36abb15300853a66e489 the url variable in pages/7_📦_Web_Map_Service.py accepts user input and passes it into get_layers, which uses get_wms_layer to send requests to arbitrary ...

9.8CVSS8.1AI score0.00713EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2024/07/26 12:0 a.m.5 views

streamlit-geospatial 代码问题漏洞

streamlit-geospatial is an Open Geospatial Solutions open source streamlit multi-page application for geospatial applications. A code issue vulnerability exists in streamlit-geospatial that stems from pages/7? The url variable in WebMapService.py accepts user input that is passed to the getlayers...

9.8CVSS7AI score0.00713EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/07/26 12:0 a.m.7 views

PT-2024-29274 · Pypi · Streamlit-Geospatial

Name of the Vulnerable Software and Affected Versions: streamlit-geospatial versions prior to commit c4f81d9616d40c60584e36abb15300853a66e489 Description: The issue allows for blind server-side request forgery due to the url variable taking user input, which is then used by the get wms layer meth...

9.8CVSS7.1AI score0.00713EPSS
Exploits1References8
OSV
OSV
added 2024/01/16 10:15 a.m.3 views

CVE-2023-52104

Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality...

7.5CVSS5.8AI score0.00337EPSS
Exploits0References2
OSV
OSV
added 2023/07/06 1:15 p.m.5 views

CVE-2023-37241

Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may cause the device to restart...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/02/22 7:15 p.m.76 views

GeoServer OGC Filter SQL Injection Vulnerabilities

Impact GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is also supported through the Web Coverage Service WCS protocol for ImageMosaic coverages. SQL Injection...

9.8CVSS9.7AI score0.85247EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2023/02/21 9:0 p.m.300 views

CVE-2023-25157

CVE-2023-25157 (GeoServer SQL Injection) is triggered by flaws in OGC Filter handling within GeoServer’s WFS/WMS/WCS inputs, enabling SQL injection via filters such as PropertyIsLike, strEndsWith, strStartsWith, jsonArrayContains, and FeatureId under certain datastore conditions. Public details c...

9.8CVSS9.4AI score0.85247EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2022/04/01 8:15 p.m.8 views

CVE-2022-23158

Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server...

4.4CVSS5.8AI score0.00685EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/09/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-25157

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols...

9.8CVSS7.3AI score0.85247EPSS
Exploits2References1
Rows per page
Query Builder