📦 Geoserver

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on GeoServer instances by sending specially crafted OGC requests. It affects ALL default GeoServer installations du...

This vulnerability in GeoServer allows attackers to bypass input validation and read arbitrary classpath resources with specific file extensions when deployed on Windows with Apache Tomcat. If using a...

This CVE describes a path traversal vulnerability in GeoServer that allows administrators with access to the admin console to misconfigure log file locations to arbitrary paths, then view the contents...

GeoServer versions before 2.25.0 contain a reflected cross-site scripting vulnerability in the WMS GetFeatureInfo HTML output format. Attackers can inject malicious JavaScript via SLD_BODY parameters,...

GeoServer versions 2.10.0 through 2.24.3 and 2.25.0 expose environment variables and Java properties containing sensitive credentials to authenticated administrators via the Server Status page and RES...