In GeoServer versions prior to 2.24.4 and 2.25.2 a high severity vulnerability CVE-2024-29198 was detected. This vulnerability allows attackers to perform Server-Side Request Forgery (SSRF) via the Demo request endpoint if the Proxy Base URL has not been configured. To address this issue, users should upgrade GeoServer to versions 2.24.4 or 2.25.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-29198.
Read more DatabaseIn GeoServer versions prior to 2.27.1, 2.26.3 and 2.25.7 a critical severity vulnerability CVE-2025-30220 was detected. This vulnerability allows attackers to exploit XML External Entity (XXE) injection due to improper use of the EntityResolver in the GeoTools Schema class, affecting XML parsing when external schemas are referenced. To address this issue, users should upgrade GeoServer to versions 2.27.1, 2.26.3 or 2.25.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30220.
Read more DatabaseIn GeoServer versions prior to 2.27.0, 2.26.3 and 2.25.7 a high severity vulnerability CVE-2025-30145 was detected. This vulnerability allows attackers to execute malicious Jiffle scripts as rendering transformations in WMS dynamic styles or WPS processes, potentially triggering an infinite loop and causing denial of service. To address this issue, users should upgrade GeoServer to versions 2.27.0, 2.26.3 or 2.25.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30145.
Read more DatabaseIn GeoServer versions prior to 2.26.3 and 2.25.6 a medium severity vulnerability CVE-2025-27505 was detected. This vulnerability allows attackers to bypass REST API access controls by appending file extensions (e.g., `.html`) to the `/rest` path, potentially disclosing information about installed extensions. To address this issue, users should upgrade GeoServer to versions 2.26.3 or 2.25.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27505.
Read more DatabaseIn GeoServer versions prior to 2.26.0 a medium severity vulnerability CVE-2024-40625 was detected. This vulnerability allows attackers to upload arbitrary files via the Coverage REST API endpoint `/workspaces/{workspaceName}/coveragestores/{storeName}/url.{format}` by abusing the `url` method without proper restrictions. To address this issue, users should upgrade GeoServer to versions 2.26.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-40625.
Read more DatabaseIn GeoServer versions prior to 2.26.2 and 2.25.6 a medium severity vulnerability CVE-2024-38524 was detected. This vulnerability allows users to access potentially sensitive information via the `GeoWebCacheDispatcher.handleFrontPage` method, as there is no default mechanism to hide storage locations unless a specific system property is manually configured. To address this issue, users should upgrade GeoServer to versions 2.26.2 or 2.25.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-38524.
Read more DatabaseIn Redis versions from 7.0.0 to before 8.0.2 a medium severity vulnerability CVE-2025-27151 was detected. This vulnerability allows attackers to trigger a stack-based buffer overflow in redis-check-aof by exploiting unsafe use of memcpy with user-supplied file paths, potentially leading to remote code execution. To address this issue, users should upgrade Redis to versions 8.0.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27151.
Read more DatabaseIn Pgpool-II versions 4.0 and 4.1 series, 4.2.0 to 4.2.21, 4.3.0 to 4.3.14, 4.4.0 to 4.4.11, 4.5.0 to 4.5.6 and 4.6.0 a critical severity vulnerability CVE-2025-46801 was detected. This vulnerability allows attackers to bypass authentication and log in as arbitrary users, enabling them to read, modify, or disable data in the connected database. To address this issue, users should upgrade Pgpool-II to versions 4.6.1, 4.5.7, 4.4.12, 4.3.15, 4.2.22 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46801.
Read more DatabaseIn PostgreSQL versions before 17.5, 16.9, 15.13, 14.18 and 13.21 a medium severity vulnerability CVE-2025-4207 was detected. This vulnerability allows a database input provider to trigger a temporary denial of service by exploiting a buffer over-read in GB18030 encoding validation, potentially causing process termination on affected platforms and impacting both the database server and libpq. To address this issue, users should upgrade PostgreSQL to versions 17.5, 16.9, 15.13, 14.18 or 13.21. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4207.
Read more Database