Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

VulnCheck KEV
VulnCheck KEVadded 2025/07/31 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-29198

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the...

8.2CVSS5.8AI score0.06507EPSS
In wildExploits0References2
Github Security Blog
Github Security Blogadded 2025/06/10 8:17 p.m.14 views

GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx

Summary Missing checks allow for SSRF to specific targets using the TestWfsPost enpoint. Mitigation To manage the proxy base value as a system administrator, use the parameter PROXYBASEURL to provide a non-empty value that cannot be overridden by the user interface or incoming request.thomsmith...

8.2CVSS7.5AI score0.06507EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2025/06/10 3:15 p.m.7 views

CVE-2024-29198

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the...

8.2CVSS0.06507EPSS
Exploits0References3
CVE
CVEadded 2025/06/10 2:27 p.m.92 views

CVE-2024-29198

GeoServer contains an SSRF vulnerability (CVE-2024-29198) in the Demo Request endpoint when Proxy Base URL is not set. An unauthenticated user can issue a request that the server will fetch, enabling internal-network enumeration and potential access to sensitive cloud data via TestWfsPost. The is...

8.2CVSS7.5AI score0.06507EPSS
In wildExploits0References3Affected Software1
Cvelist
Cvelistadded 2025/06/10 2:27 p.m.23 views

CVE-2024-29198 GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the...

7.5CVSS0.06507EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2025/06/10 2:13 p.m.24 views

GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost

Summary It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Details A unauthenticated user can supply a request that will be issued by the server. This can be used to enumerate internal networks and also in the case of cloud...

8.2CVSS7AI score0.06507EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder