346 matches found
SUSE CVE-2026-45104
MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying - it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...
CVE-2026-45104
MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying — it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...
CVE-2026-45104
MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying — it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...
CVE-2026-37430
An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...
EUVD-2026-29949
An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2026-37430
An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2026-37429
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...
CVE-2026-37430
The vulnerability CVE-2026-37430 affects the qihang-wms project, specifically the ShopOrderImportController.java component (commit 75c15a). An arbitrary file upload flaw allows an attacker to execute arbitrary code by uploading a crafted file. The reported CVSS v3.1 base score is 7.3 (HIGH) with ...
CVE-2026-37430
An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...
PT-2026-40606
An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2026-37430
An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2026-37430
An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...
SUSE CVE-2026-42030
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...
CVE-2026-42030 MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...
Linux Distros Unpatched Vulnerability : CVE-2026-42030
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS serv...
CVE-2026-39922 GeoNode SSRF via Service Registration
GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...
CVE-2026-39922
CVE-2026-39922 affects GeoNode 4.x (pre-4.4.5) and 5.x (pre-5.0.2). The issue is a server-side request forgery in the service registration endpoint, allowing authenticated attackers to submit crafted service URLs to trigger outbound requests to arbitrary URLs via the WMS service handler, bypassin...
OPENSUSE-SU-2026:20476-1 Security update for mapserver
This update for mapserver fixes the following issues: Changes in mapserver: - Update to release 8.6.1 msSLDParseRasterSymbolizer: fix potential heap buffer overflow boo1260869 CVE-2026-33721 GetFeatureInfo with IDENTIFY CLASSAUTO: take into account SYMBOL.ANCHORPOINT WCS 2.0: fix issue when input...
CVE-2026-33721
MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...
CVE-2026-3969
A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basic/depart/departaddbg.php of the component Basic Organizational Structure Module. Performing a manipulation of the argument Name results in sql injection. The attack may be...