CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

Tenable Nessus•added 6 days ago•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-9029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before...

7.3CVSS5.9AI score0.00296EPSS

Exploits0References2

Cvelist•added last week•31 views

CVE-2026-9029 Stored XSS via Geomap Panel Template Variable Attribution Injection

The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...

7.3CVSS0.00296EPSS

Exploits0References1

AlpineLinux•added last week•6 views

CVE-2026-9029

7.3CVSS5.9AI score0.00296EPSS

Exploits0

RedhatCVE•added 2026/05/15 2:2 p.m.•10 views

CVE-2026-42030

A flaw was found in MapServer, a system for developing web-based Geographic Information System GIS applications. A reflected Cross-Site Scripting XSS vulnerability in MapServer's Web Map Service WMS server allows an unauthenticated attacker to inject arbitrary HTML or JavaScript code into the...

6.1CVSS5.9AI score0.00247EPSS

Exploits1References2

SUSE CVE•added 2026/05/10 1:6 a.m.•8 views

SUSE CVE-2026-42030

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

6.1CVSS5.9AI score0.00247EPSS

Exploits1References3

NVD•added 2026/05/08 5:16 p.m.•13 views

CVE-2026-42030

6.1CVSS0.00247EPSS

Exploits1References2

OSV•added 2026/05/08 5:16 p.m.•11 views

UBUNTU-CVE-2026-42030

6.1CVSS5.9AI score0.00247EPSS

Exploits1References4

EUVD•added 2026/05/08 3:56 p.m.•9 views

EUVD-2026-28807

6.1CVSS5.9AI score0.00247EPSS

Exploits1References2

CVE•added 2026/05/08 3:56 p.m.•13 views

CVE-2026-42030

Technical details about CVE-2026-42030 are not publicly provided in the supplied documents. Monitor for updates from MapServer advisories and the CVE entry.

6.1CVSS5.9AI score0.00247EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/05/08 3:56 p.m.•32 views

CVE-2026-42030 MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer

6.1CVSS0.00247EPSS

Exploits1References2

Vulnrichment•added 2026/05/08 3:56 p.m.•8 views

CVE-2026-42030 MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer

6.1CVSS5.9AI score0.00247EPSS

Exploits1References2

CNNVD•added 2026/05/08 12:0 a.m.•8 views

Mapserver 安全漏洞

Mapserver is an open-source platform developed by the Open Geospatial Foundation, designed for publishing spatial data and interactive map applications to the web. Vulnerabilities existed in MapServer versions from 6.0 to 8.6.2. These vulnerabilities stemmed from the combination of the...

6.1CVSS5.7AI score0.00247EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 8:40 a.m.•4 views

CVE-2024-23818

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

4.8CVSS5.6AI score0.00426EPSS

Exploits0References1

Tenable Nessus•added 2024/12/10 12:0 a.m.•8 views

GeoServer < 2.23.4 Multiples Vulnerabilities

According to its banner, the version of GeoServer running on the remote host is prior to 2.23.5 or 2.24.0 prior to 2.24.2. It is, therefore, affected by Multiples Vulnerabilities : - An Arbitrary file upload vulnerability in REST Coverage Store API - A Stored Cross-Site Scripting XSS vulnerabilit...

7.2CVSS6AI score0.01867EPSS

Exploits1References12

NVD•added 2024/03/20 6:15 p.m.•8 views

CVE-2024-23818

4.8CVSS4.9AI score0.00426EPSS

Exploits0References5

Vulnrichment•added 2024/03/20 5:57 p.m.•16 views

CVE-2024-23818 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format

4.8CVSS5.5AI score0.00426EPSS

Exploits0References5

Cvelist•added 2024/03/20 5:57 p.m.•19 views

CVE-2024-23818 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format

4.8CVSS5.1AI score0.00426EPSS

Exploits0References5

CVE•added 2024/03/20 5:57 p.m.•82 views

CVE-2024-23818

GeoServer’s WMS OpenLayers Format has a stored XSS vulnerability that can be triggered by an authenticated administrator with workspace privileges to store a JavaScript payload in the GeoServer catalog, executed in another user’s browser when rendering WMS GetMap. Affected are versions prior to 2...

4.8CVSS4.8AI score0.00426EPSS

Exploits0References5Affected Software1

OSV•added 2024/03/20 5:57 p.m.•20 views

CVE-2024-23818 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format

4.8CVSS5.4AI score0.00426EPSS

Exploits0References7

OSV•added 2024/03/20 3:15 p.m.•14 views

GHSA-FCPM-HCHJ-MH72 GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)

Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap OpenLayers...

4.8CVSS4.9AI score0.00426EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by