Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

VulnCheck KEV
VulnCheck KEVadded 2025/11/27 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-44137

MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web...

8.2CVSS5.8AI score0.00608EPSS
In wildExploits2References2
OSV
OSVadded 2025/07/29 5:15 p.m.2 views

CVE-2025-44136

MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting XSS. The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser...

9.8CVSS5.8AI score0.13017EPSS
Exploits2References2
NVD
NVDadded 2025/07/29 5:15 p.m.3 views

CVE-2025-44136

MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting XSS. The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser...

9.8CVSS0.13017EPSS
Exploits2References2
Vulnrichment
Vulnrichmentadded 2025/07/29 12:0 a.m.3 views

CVE-2025-44136

MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting XSS. The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser...

6.1AI score0.13017EPSS
Exploits2References2
Positive Technologies
Positive Technologiesadded 2025/07/29 12:0 a.m.3 views

PT-2025-31223 · Maptiler · Maptiler Tileserver-Php

Name of the Vulnerable Software and Affected Versions: MapTiler Tileserver-php version 2.0 Description: MapTiler Tileserver-php version 2.0 is susceptible to a Cross Site Scripting XSS issue. The layer GET parameter is reflected in an error message without proper HTML encoding. This allows an...

9.8CVSS6.5AI score0.13017EPSS
Exploits2References8
CVE
CVEadded 2025/07/29 12:0 a.m.20 views

CVE-2025-44136

MapTiler Tileserver-php v2.0 is affected by an unauthenticated reflected XSS in the GET parameter layer, which is echoed in an error message without HTML encoding. This allows an attacker to execute arbitrary HTML/JavaScript in a victim’s browser. Connected sources confirm the vulnerable componen...

9.8CVSS6.1AI score0.13017EPSS
In wildExploits2References2Affected Software1
CVE
CVEadded 2025/07/29 12:0 a.m.26 views

CVE-2025-44137

MapTiler Tileserver-php v2.0 is affected by a Directory Traversal in the renderTile function of tileserver.php. Improper sanitization of GET parameters allows crafting requests that insert ../ sequences to read arbitrary files on the server. Affected parameters include TileMatrix, TileRow, TileCo...

8.2CVSS6.3AI score0.00608EPSS
In wildExploits2References3Affected Software1
Rows per page
Query Builder