| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-21621 | GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format | geoserver | geoserver | Medium | 6.1 | 2025-11-25 21:52:12 | Deep Dive |
| CVE-2025-58360 | GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature | geoserver | geoserver | High | 8.2 | 2025-11-25 20:17:35 | Deep Dive |
| CVE-2025-30220 | GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling | geoserver | geoserver | Critical | 9.9 | 2025-06-10 15:16:39 | Deep Dive |
| CVE-2025-30145 | GeoServer has an Infinite Loop Vulnerability in Jiffle process | geoserver | geoserver | High | 7.5 | 2025-06-10 14:58:48 | Deep Dive |
| CVE-2025-27505 | GeoServer Missing Authorization on REST API Index | geoserver | geoserver | Medium | 5.3 | 2025-06-10 14:52:19 | Deep Dive |
| CVE-2024-40625 | GeoServer Coverage REST API Allows Server Side Request Forgery | geoserver | geoserver | Medium | 5.5 | 2025-06-10 14:49:05 | Deep Dive |
| CVE-2024-38524 | GWC Home Page communicate version and revision information | geoserver | geoserver | Medium | 5.3 | 2025-06-10 14:43:05 | Deep Dive |
| CVE-2024-34711 | GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) | geoserver | geoserver | Critical | 9.3 | 2025-06-10 14:33:19 | Deep Dive |
| CVE-2024-29198 | GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost | geoserver | geoserver | High | 7.5 | 2025-06-10 14:27:39 | Deep Dive |
| CVE-2024-35230 | Welcome and About GeoServer pages communicate version and revision information | geoserver | geoserver | Medium | 5.3 | 2024-12-16 22:18:20 | Deep Dive |
| CVE-2024-36401 | Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver | geoserver | geoserver | Critical | 9.8 | 2024-07-01 15:25:42 | Deep Dive |
| CVE-2024-34696 | GeoServer's Server Status shows sensitive environmental variables and Java properties | geoserver | geoserver | Medium | 4.5 | 2024-07-01 14:36:05 | Deep Dive |
| CVE-2024-24749 | Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat | geoserver | geoserver | High | 7.5 | 2024-07-01 14:07:33 | Deep Dive |
| CVE-2024-23821 | GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS) | geoserver | geoserver | Medium | 4.8 | 2024-03-20 18:03:25 | Deep Dive |
| CVE-2024-23819 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page | geoserver | geoserver | Medium | 4.8 | 2024-03-20 18:00:46 | Deep Dive |
| CVE-2024-23818 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format | geoserver | geoserver | Medium | 4.8 | 2024-03-20 17:57:39 | Deep Dive |
| CVE-2024-23643 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form | geoserver | geoserver | Medium | 4.8 | 2024-03-20 17:50:48 | Deep Dive |
| CVE-2024-23642 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer | geoserver | geoserver | Medium | 4.8 | 2024-03-20 17:44:49 | Deep Dive |
| CVE-2024-23640 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher | geoserver | geoserver | Medium | 4.8 | 2024-03-20 15:26:02 | Deep Dive |
| CVE-2024-23634 | GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API | geoserver | geoserver | Medium | 6.0 | 2024-03-20 15:22:41 | Deep Dive |