40 matches found
CVE-2022-50899
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...
CVE-2022-50899
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...
CVE-2022-50899
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...
CVE-2022-50899
Geonetwork 3.10–4.2.0 is affected by an XML External Entity (XXE) vulnerability in the PDF rendering path. The issue arises from an insecure XML parser that can be driven by a crafted XML document with external entity references, allowing an attacker to read arbitrary server files via the baseURL...
CVE-2022-50899 Geonetwork 4.2.0 - XML External Entity (XXE)
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...
CVE-2022-50899 Geonetwork 4.2.0 - XML External Entity (XXE)
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...
PT-2026-2375
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...
GeoNetwork 代码问题漏洞
GeoNetwork is GeoNetwork open source a catalog application . It is used to manage spatially referenced resources. A code issue vulnerability exists in GeoNetwork 4.2.0 and earlier versions, which stems from an XML external entity vulnerability in PDF rendering that could lead to reading arbitrary...
EUVD-2021-15078
Malware in sbrugna...
EUVD-2006-5498
Malware in sbrugna...
EUVD-2025-17815
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2025-30220
GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in...
GHSA-2P76-GC46-5FVC GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint
Impact GeoNetwork WFS Index functionality is affected by GeoTools XML External Entity XXE vulnerability during schema validation. This vulnerability is particularly severe as the REST API endpoint was not secured, potentially allowing unauthenticated attackers to read sensitive files Patches...
GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint
Impact GeoNetwork WFS Index functionality is affected by GeoTools XML External Entity XXE vulnerability during schema validation. This vulnerability is particularly severe as the REST API endpoint was not secured, potentially allowing unauthenticated attackers to read sensitive files Patches...
CVE-2025-30220 GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling
GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in...
CVE-2025-30220
Geoserver-related CVE-2025-30220 is an XXE processing vulnerability in the GeoTools gt-xsd-core handling used by GeoServer WFS. The issue arises when building in‑memory XSD schemas without applying a proper EntityResolver, enabling unauthenticated attackers to exfiltrate local files and trigger S...
PT-2025-26488 · Maven · Org.Geonetwork-Opensource:Gn-Web-App +1
Impact GeoNetwork WFS Index functionality is affected by GeoTools XML External Entity XXE vulnerability during schema validation. This vulnerability is particularly severe as the REST API endpoint was not secured, potentially allowing unauthenticated attackers to read sensitive files Patches...
PT-2025-24673
Name of the Vulnerable Software and Affected Versions GeoServer versions prior to 2.27.1 GeoServer versions prior to 2.26.3 GeoServer versions prior to 2.25.7 GeoTools versions prior to 33.1 GeoTools versions prior to 32.3 GeoTools versions prior to 31.7 GeoTools versions prior to 28.6.1 GeoNetwo...
CVE-2024-32037
GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software...
GHSA-52RF-25HQ-5M33 GeoNetwork search end-point information disclosure in response headers
Impact The search end-point response headers contain information about Elasticsearch software in use. This information is sensitive from a security point of view because it allows software used by the server to be easily identified. Patches GeoNetwork 4.4.5 / 4.2.10 Workarounds None References -...