CVE-2022-50899
- EPSS 0.05%
- Veröffentlicht 13.01.2026 22:51:45
- Zuletzt bearbeitet 27.02.2026 19:48:19
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with ex...
CVE-2025-30220
- EPSS 8.4%
- Veröffentlicht 10.06.2025 15:16:39
- Zuletzt bearbeitet 26.08.2025 16:10:11
GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever expos...
CVE-2021-28398
- EPSS 1.12%
- Veröffentlicht 05.09.2022 17:15:19
- Zuletzt bearbeitet 21.11.2024 05:59:37
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to...