CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

MapTiler Tileserver-php v2.0 - Unauthenticated File Read

MapTiler Tileserver-php v2.0 contains a directory traversal caused by improper sanitization of GET parameters in renderTile function, letting attackers read arbitrary files on the server, exploit requires crafted web requests id: CVE-2025-44137 info: name: MapTiler Tileserver-php v2.0 -...

8.2CVSS7.9AI score0.00608EPSS

Exploits2References2

VulnCheck KEV•added 2025/11/27 12:0 a.m.•7 views

VulnCheck KEV: CVE-2025-44137

MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web...

8.2CVSS5.8AI score0.00608EPSS

In wildExploits2References2

VulnCheck KEV•added 2025/11/27 12:0 a.m.•2 views

VulnCheck KEV: CVE-2025-44136

MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting XSS. The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser...

9.8CVSS6.1AI score0.13017EPSS

In wildExploits2References2

RedhatCVE•added 2025/07/31 12:33 a.m.•4 views

CVE-2025-44136

9.8CVSS6.4AI score0.13017EPSS

Exploits2References1

OSV•added 2025/07/29 5:15 p.m.•2 views

CVE-2025-44136

9.8CVSS5.8AI score0.13017EPSS

Exploits2References2

NVD•added 2025/07/29 5:15 p.m.•3 views

CVE-2025-44136

9.8CVSS0.13017EPSS

Exploits2References2

CNNVD•added 2025/07/29 12:0 a.m.•1 views

TileServer PHP 安全漏洞

TileServer PHP is a folder hosting software from MapTiler Open Source. A security vulnerability exists in TileServer PHP version v2.0, which stems from the layer parameter not being HTML-encoded, and could lead to a cross-site scripting attack...

9.8CVSS5.9AI score0.13017EPSS

Exploits2References3

Vulnrichment•added 2025/07/29 12:0 a.m.•3 views

CVE-2025-44136

6.1AI score0.13017EPSS

Exploits2References2

ATTACKERKB•added 2025/07/29 12:0 a.m.•1 views

CVE-2025-44137

8.2CVSS5.4AI score0.00608EPSS

Exploits2References4

Positive Technologies•added 2025/07/29 12:0 a.m.•3 views

PT-2025-31223 · Maptiler · Maptiler Tileserver-Php

Name of the Vulnerable Software and Affected Versions: MapTiler Tileserver-php version 2.0 Description: MapTiler Tileserver-php version 2.0 is susceptible to a Cross Site Scripting XSS issue. The layer GET parameter is reflected in an error message without proper HTML encoding. This allows an...

9.8CVSS6.5AI score0.13017EPSS

Exploits2References8

Cvelist•added 2025/07/29 12:0 a.m.•6 views

CVE-2025-44136

0.13017EPSS

Exploits2References2

CNNVD•added 2025/07/29 12:0 a.m.•1 views

TileServer PHP 安全漏洞

TileServer PHP is a folder hosting software from MapTiler Open Source. A security vulnerability exists in TileServer PHP version v2.0, which stems from a path traversal allowed by the renderTile function that could lead to reading arbitrary files...

8.2CVSS9AI score0.00608EPSS

Exploits2References3

CVE•added 2025/07/29 12:0 a.m.•20 views

CVE-2025-44136

MapTiler Tileserver-php v2.0 is affected by an unauthenticated reflected XSS in the GET parameter layer, which is echoed in an error message without HTML encoding. This allows an attacker to execute arbitrary HTML/JavaScript in a victim’s browser. Connected sources confirm the vulnerable componen...

9.8CVSS6.1AI score0.13017EPSS

In wildExploits2References2Affected Software1

CVE•added 2025/07/29 12:0 a.m.•26 views

CVE-2025-44137

MapTiler Tileserver-php v2.0 is affected by a Directory Traversal in the renderTile function of tileserver.php. Improper sanitization of GET parameters allows crafting requests that insert ../ sequences to read arbitrary files on the server. Affected parameters include TileMatrix, TileRow, TileCo...

8.2CVSS6.3AI score0.00608EPSS

In wildExploits2References3Affected Software1