CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/06/10 2:49 p.m.•12 views

CVE-2024-40625 GeoServer Coverage REST API Allows Server Side Request Forgery

5.5CVSS0.00311EPSS

CVE•added 2025/06/10 2:49 p.m.•85 views

CVE-2024-40625

GeoServer's CVE-2024-40625 affects the Coverage REST API endpoint /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} where {method} = 'url' can upload arbitrary URLs without validation, enabling Server Side Request Forgery. The issue is tied to unfiltered file URL input and ...

5.5CVSS5.3AI score0.00311EPSS

Exploits0References3Affected Software1

OSV•added 2025/06/10 2:49 p.m.•3 views

CVE-2024-40625 GeoServer Coverage REST API Allows Server Side Request Forgery

5.5CVSS6.7AI score0.00311EPSS

Vulnrichment•added 2025/06/10 2:49 p.m.•6 views

CVE-2024-40625 GeoServer Coverage REST API Allows Server Side Request Forgery

5.5CVSS5.6AI score0.00311EPSS

OSV•added 2025/06/10 2:14 p.m.•8 views

GHSA-R4HF-R8GJ-JGW2 Coverage REST API Server Side Request Forgery

Summary The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allow to upload file with a specified url with method equals 'url' with no restrict. Details The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allow to upload file...

5.5CVSS7.3AI score0.00311EPSS

Github Security Blog•added 2025/06/10 2:14 p.m.•11 views

Coverage REST API Server Side Request Forgery

5.5CVSS5.9AI score0.00311EPSS

Exploits0References5Affected Software2

OSSF Malicious Packages•added 2025/06/10 3:24 a.m.•3 views

Malicious code in playwright-coverage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf8711293d366c2ab04b98c26ea6e6fbc5022a045727404387dc51c9496cb328 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

CNNVD•added 2025/06/10 12:0 a.m.•1 views

GeoServer 代码问题漏洞

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code issue vulnerability exists in GeoServer that stems from the Coverage rest api not restricting the URL for uploading files, which could lead to an attacker...

5.5CVSS6.8AI score0.00311EPSS

Packet Storm News•added 2025/06/10 12:0 a.m.•3 views

ZTaint-Havoc: from Havoc Mode to Zero-Execution Fuzzing-Driven Taint Inference

Fuzzing is a widely used technique for discovering software vulnerabilities, but identifying hot bytes that influence program behavior remains challenging. Traditional taint analysis can track such bytes white-box, but suffers from scalability issue. Fuzzing-Driven Taint Inference FTI offers a...

6.9AI score

Positive Technologies•added 2025/06/10 12:0 a.m.•3 views

PT-2025-24663 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.26.0 Description: The issue concerns the Coverage REST API, specifically the endpoint "/workspaces/workspaceName/coveragestores/storeName/method.format", which allows attackers to upload files with a specified UR...

5.5CVSS6.5AI score0.00311EPSS

Exploits0References7

Rapid7 Blog•added 2025/06/03 2:0 p.m.•5 views

Introducing AI Attack Coverage in Exposure Command: Secure what traditional AppSec Tools miss

The rise of GenAI-powered applications – from internal copilots to customer-facing chatbots – is changing how businesses operate. While these tools drive innovation, they also introduce a fast moving, often invisible layer of risk. Most traditional AppSec tools were never built to handle the uniq...

7.3AI score

CNNVD•added 2025/06/03 12:0 a.m.•1 views

D-Link DI-500WF-WT 注入漏洞

D-Link DI-500WF-WT is a device for wireless network coverage from China AUO D-Link. A command injection vulnerability exists in the D-Link DI-500WF-WT, which stems from the parameter cmd failing to properly filter constructed command special characters, commands, and so on. No detailed...

8.8CVSS7.6AI score0.02886EPSS

RedhatCVE•added 2025/05/23 8:39 a.m.•5 views

CVE-2024-23634

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...

6CVSS6.9AI score0.00694EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 11:18 p.m.•1 views

CVE-2022-36897

A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

4.3CVSS5.9AI score0.0055EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:11 p.m.•7 views

CVE-2021-21677

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability...

8.8CVSS7.9AI score0.02142EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:30 p.m.•6 views

CVE-2020-2212

Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration...

4.3CVSS6.6AI score0.00691EPSS

RedhatCVE•added 2025/05/22 3:18 p.m.•5 views

CVE-2020-2106

Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations...

5.4CVSS5.9AI score0.00735EPSS