Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Nuclei
Nucleiadded 6 days ago60 views

GeoServer and GeoTools - Remote Code Execution

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

9.8CVSS7.4AI score0.94425EPSS
Exploits25References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-29614

Malicious code in bioql PyPI...

8.2CVSS7.1AI score0.08237EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/06/10 3:16 p.m.23 views

CVE-2025-30220 GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in...

9.9CVSS0.13939EPSS
Exploits1References7
CVE
CVEadded 2025/06/10 3:16 p.m.173 views

CVE-2025-30220

Geoserver-related CVE-2025-30220 is an XXE processing vulnerability in the GeoTools gt-xsd-core handling used by GeoServer WFS. The issue arises when building in‑memory XSD schemas without applying a proper EntityResolver, enabling unauthenticated attackers to exfiltrate local files and trigger S...

9.9CVSS9.3AI score0.13939EPSS
In wildExploits1References7Affected Software3
Positive Technologies
Positive Technologiesadded 2025/06/09 12:0 a.m.2 views

PT-2025-26262 · Maven · Org.Geotools:Gt-Wfs-Ng +1

Summary GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. Impact This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. Th...

9.9CVSS7.1AI score
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/02/05 9:54 p.m.8 views

CVE-2022-24818

GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...

8.2CVSS7.5AI score0.08237EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2025/02/05 3:32 p.m.17 views

GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

Summary Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Details The following methods pass XPath expressions to the commons-jxpath library which can execute arbitrary code and would be a security iss...

9.8CVSS7.9AI score0.90747EPSS
Exploits1References18Affected Software3
Rows per page
Query Builder