Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 11+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
Premium intel
High KEV
GeoServer Unauthenticated XXE via WMS GetMap Operation
XBOW-024-081 · github.com · 2025-11-26
docker.osgeo.org/geoserver >=2.26.0,<=2.26.1 · docker.osgeo.org/geoserver <=2.25.5 …
Read more
Premium intel
CVSS 9.8KEV
GeoServer CVE-2024-36401 RCE Vulnerability Advisory and Patch Guide
github.com · 2025-11-08

### Vulnerability Key Information Summary #### Vulnerability Overview - **Type**: Remote Code Execution (RCE) - **Description**: Due to unsafe evaluation of attribute expressions, unauthorized users c…

Read more
CVSS 5.3
GeoServer CVE-2025-27505: REST API Index Authorization Bypass
github.com · 2025-06-12

### Critical Vulnerability Information #### Vulnerability Title - **Missing Authorization on REST API Index** #### Severity - **Level**: Moderate (5.3/10) #### Affected Packages and Versions - **org.g…

Read more
CVSS 5.5
GeoServer Coverage REST API SSRF Vulnerability (CVE-2024-40625)
github.com · 2025-06-12

### Critical Vulnerability Information #### Vulnerability Name Coverage REST API Server Side Request Forgery #### Affected Versions - `org.geoserver.gs-rest` (Maven): < 2.26.0 - `org.geoserver.web:gs-…

Read more
CVSS 7.5
GeoServer CVE-2024-29198 Unauthenticated SSRF via TestWfsPost
github.com · 2025-06-12

### Critical Vulnerability Information #### Vulnerability Overview - **Type**: Unauthenticated SSRF via TestWfsPost - **Severity**: High (7.5/10) - **CVE ID**: CVE-2024-29198 - **CWE**: CWE-918 #### A…

Read more
Premium intel
CVSS 9.9
GeoNetwork XXE Vulnerability (CVE-2025-30220) Advisory and Fix
github.com · 2025-06-11

### Critical Vulnerability Information #### Vulnerability Type - XML External Entity (XXE) processing vulnerability #### Affected Scope - **Package**: - `org.geonetwork.opensource:gn-web-app` (Maven) …

Read more
Premium intel
CVSS 9.9
GeoServer WFS XXE Vulnerability (CVE-2025-30220) Advisory
github.com · 2025-06-11

### Key Information #### Vulnerability Overview - **Vulnerability Type**: XML External Entity (XXE) Processing Vulnerability - **Affected Service**: GeoServer WFS Service - **CVE ID**: CVE-2025-30220 …

Read more
Premium intel
CVSS 9.9
GeoTools XXE Vulnerability (CVE-2025-30220) in XSD Schema Handling
github.com · 2025-06-11

### Key Information #### Vulnerability Name XML External Entity (XXE) Processing Vulnerability in XSD schema handling #### Severity - **CVSS v3 Base Score**: 9.9 / 10 - **Attack Vector**: Network - **…

Read more
CVSS 7.5
GeoServer Jiffle DoS Vulnerability (CVE-2025-30145)
github.com · 2025-06-11

### Key Information #### Vulnerability Overview - **Type**: Denial of Service (DoS) vulnerability - **Location**: Jiffle process - **Severity**: High (7.5/10) #### Affected Packages and Versions | Pac…

Read more
CVSS 5.3
GeoServer GWC Information Disclosure Vulnerability (CVE-2024-38524)
github.com · 2025-06-11

### Critical Vulnerability Information #### Vulnerability Title GWC Home Page exposes sensitive server information #### Affected Versions - **org.geoserver.web:gs-web-app (Maven)** - Affected versions…

Read more
CVSS 9.3
GeoServer CVE-2024-34711: SSRF via Improper ENTITY_RESOLUTION_ALLOWLIST Validation
github.com · 2025-06-11

### Critical Vulnerability Information #### Vulnerability Name Improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) #### Affected Versions - org.geoserver.main:gs-main (Maven):…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.