CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-17684

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.0017EPSS

Exploits0References4

RedhatCVE•added 2025/06/12 3:21 p.m.•4 views

CVE-2025-30145

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This...

7.5CVSS7.3AI score0.0017EPSS

Exploits0References1

OSV•added 2025/06/10 7:44 p.m.•3 views

GHSA-GR67-PWCV-76GF GeoServer Infinite Loop Vulnerability in Jiffle process

Summary Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. Details The Jiffle language supports multiple loop constructs that will cause its code block...

7.5CVSS7.1AI score0.0017EPSS

Exploits0References5

Github Security Blog•added 2025/06/10 7:44 p.m.•7 views

GeoServer Infinite Loop Vulnerability in Jiffle process

7.5CVSS7.5AI score0.0017EPSS

Exploits0References5Affected Software3

NVD•added 2025/06/10 3:15 p.m.•5 views

CVE-2025-30145

7.5CVSS0.0017EPSS

Exploits0References3

CVE•added 2025/06/10 2:58 p.m.•46 views

CVE-2025-30145

CVE-2025-30145 affects GeoServer; malicious Jiffle scripts can enter an infinite loop when used in WMS dynamic styling or a WPS process, enabling denial of service. Affected behavior is described as rendering transformations or WPS processes that may loop indefinitely. The issue is fixed in GeoSe...

7.5CVSS7.3AI score0.0017EPSS

Exploits0References3Affected Software1

OSV•added 2025/06/10 2:58 p.m.•4 views

CVE-2025-30145 GeoServer has an Infinite Loop Vulnerability in Jiffle process

7.5CVSS6.5AI score0.0017EPSS

Exploits0References5

Cvelist•added 2025/06/10 2:58 p.m.•6 views

CVE-2025-30145 GeoServer has an Infinite Loop Vulnerability in Jiffle process

7.5CVSS0.0017EPSS

Exploits0References3

Vulnrichment•added 2025/06/10 2:58 p.m.•5 views

CVE-2025-30145 GeoServer has an Infinite Loop Vulnerability in Jiffle process

7.5CVSS7.3AI score0.0017EPSS

Exploits0References3

CNNVD•added 2025/06/10 12:0 a.m.•0 views

GeoServer 安全漏洞

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer that originates from malicious Jiffle script execution and could lead to a denial of service attack...

7.5CVSS6.4AI score0.0017EPSS

Exploits0References5

Positive Technologies•added 2025/06/10 12:0 a.m.•2 views

PT-2025-24672 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.25.7 GeoServer versions prior to 2.26.3 GeoServer versions prior to 2.27.0 Description: The issue allows malicious Jiffle scripts to be executed, potentially triggering a denial of service through an infinite loo...

7.5CVSS6.3AI score0.0017EPSS

Exploits0References9

RedhatCVE•added 2025/02/05 9:56 p.m.•16 views

CVE-2022-24816

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging JAI API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects th...

10CVSS9.7AI score0.9402EPSS

Exploits1References1

Saint•added 2024/06/27 12:0 a.m.•237 views

GeoServer JAI-EXT extension command injection

Added: 06/27/2024 Background GeoServer is an open source server for sharing geospatial data. Java Advanced Imaging JAI is an API which provides a set of high level objects for the image processing. JAI-EXT is an open source project which extends the JAI API. Jiffle is a map algebra language...

8AI score

Exploits0

Saint•added 2024/06/27 12:0 a.m.•105 views

GeoServer JAI-EXT extension command injection

8AI score

Exploits0

VulnCheck KEV•added 2024/01/22 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-24816

OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution...

10CVSS7.5AI score0.9402EPSS

Exploits1References1

OSV•added 2023/09/19 8:35 p.m.•26 views

GHSA-V92F-JX6P-73RX Improper Control of Generation of Code ('Code Injection') in jai-ext

Impact Programs using jt-jiffle, and allowing Jiffle script to be provided via network request, are susceptible to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects the downstream GeoServer project. Patches Version 1.2.22...

9.8CVSS9.5AI score0.9402EPSS

Exploits1References5

Github Security Blog•added 2023/09/19 8:35 p.m.•40 views

Improper Control of Generation of Code ('Code Injection') in jai-ext

10CVSS9.5AI score0.9402EPSS

Exploits1References5Affected Software2

OSV•added 2023/06/12 3:30 p.m.•36 views

GHSA-59X6-G4JR-4HXC GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language

GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime.exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. RCE in Jiffle The Jiffle map algebra language, provided by jai-ext, allows efficient...

9.8CVSS9.8AI score0.34284EPSS

Exploits0References6

Github Security Blog•added 2023/06/12 3:30 p.m.•49 views

GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language

9.8CVSS8.8AI score0.34284EPSS

Exploits0References6Affected Software3

NVD•added 2022/04/13 9:15 p.m.•10 views

CVE-2022-24816

10CVSS0.9402EPSS

Exploits1References3

Rows per page