Netcad E-İmar SQL注入漏洞

Netcad E-İmar is a GIS-based urban planning information query platform developed by the Turkish company Netcad. Versions of Netcad E-İmar from 2.10.1.0 to 3.0.2 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of special elements within SQL commands, whic...

CVE-2026-42030

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

Exploit for SQL Injection in Djangoproject Django

CVE-2026-1207: Django GIS RasterField SQL Injection Vulnerabil...

CVE-2026-35235

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: GIS. Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

CVE-2026-35235

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: GIS. Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

CVE-2026-35235

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: GIS. Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

CVE-2026-35235

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: GIS. Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

Oracle MySQL Server 安全漏洞

Oracle MySQL Server is an open source relational database management system with a GIS component that provides geospatial data processing capabilities. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from a failure of the GIS component to properly handle a...

PT-2026-34152

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: GIS. Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

CVE-2025-67260

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack...

CVE-2025-67260

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack...

PT-2026-26625

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack...

CVE-2025-67260

CVE-2025-67260 concerns a file upload vulnerability in Terrapack software from ASTER TEC/ASTER S.p.A. The affected components/versions listed are Terrapack TkWebCoreNG 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack TpkWebGIS Client 1.0.0. The vulnerability allows attackers to upload...

Terrapack Arbitrary File Upload

Terrapack software suffers from an arbitrary file upload vulnerability that may allow attackers to execute arbitrary code. Affected software includes Terrapack TkWebCoreNG version 1.0.20200914, TKServerCGI version 2.5.4.150, and TpkWebGIS - Client version 1.0.0...

[SECURITY] Fedora 43 Update: qgis-3.44.8-1.fc43

Geographic Information System GIS manages, analyzes, and displays databases of geographic information. QGIS supports shape file viewing and editing, spatial data storage with PostgreSQL/PostGIS, projection on-the-fly, map composition, and a number of other features via a plugin interface. QGIS al...

[SECURITY] Fedora 44 Update: qgis-3.44.8-1.fc44

Geographic Information System GIS manages, analyzes, and displays databases of geographic information. QGIS supports shape file viewing and editing, spatial data storage with PostgreSQL/PostGIS, projection on-the-fly, map composition, and a number of other features via a plugin interface. QGIS al...

CVE-2026-24480

A flaw was found in the QGIS GitHub Actions workflow. This vulnerability allowed a remote attacker to achieve remote code execution and compromise the repository. The flaw occurred because the workflow used the pullrequesttarget trigger, which runs with the base repository's credentials, and then...

MiracleLinux 4 : mysql55-mysql-5.5.52-1.AXS4 (AXSA:2016-715:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-715:03 advisory. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many...

MiracleLinux 7 : rh-mariadb101-mariadb-10.1.19-6.el7 (AXSA:2016-1178:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-1178:02 advisory. MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation...

EUVD-2025-136590

Malicious code in inda-foi-gis npm...