Lucene search
K

5 matches found

NVD
NVD
added 2026/06/18 4:16 p.m.6 views

CVE-2025-58175

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses ENTITYRESOLUTIONALLOWLIST may allow attacker to perform unauthenticated Server-Side Request Forgery SSRF. This vulnerability requires that GeoServer i...

8.2CVSS0.00287EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 2:31 p.m.22 views

CVE-2025-58175

CVE-2025-58175 affects GeoServer prior to 2.26.4 and 2.27.3. When GeoServer is configured to use a proxy base URL and ENTITY_RESOLUTION_ALLOWLIST, an unauthenticated Server-Side Request Forgery (SSRF) can be triggered. The issue only affects installations where the proxy base URL lacks a URL path...

8.2CVSS5.3AI score0.00287EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/12 6:23 p.m.8 views

GHSA-X4R9-GMW3-HXWW GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution

Summary A GeoServer that uses ENTITYRESOLUTIONALLOWLIST may allow attacker to perform unauthenticated Server-Side Request Forgery SSRF. Details This vulnerability requires that GeoServer is set up to use a proxy base URL and the ENTITYRESOLUTIONALLOWLIST default since 2.25.0: Impact This...

6.5CVSS5.4AI score0.00287EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/12 6:23 p.m.22 views

GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution

Summary A GeoServer that uses ENTITYRESOLUTIONALLOWLIST may allow attacker to perform unauthenticated Server-Side Request Forgery SSRF. Details This vulnerability requires that GeoServer is set up to use a proxy base URL and the ENTITYRESOLUTIONALLOWLIST default since 2.25.0: Impact This...

8.2CVSS5.3AI score0.00287EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.10 views

PT-2026-49054

Name of the Vulnerable Software and Affected Versions GeoServer versions prior to 2.26.4 GeoServer versions prior to 2.27.3 Description GeoServer allows unauthenticated Server-Side Request Forgery SSRF, a condition where an attacker can cause the server to make requests to an unintended location...

6.5CVSS5.3AI score0.00287EPSS
Exploits0References5
Rows per page
Query Builder