Summary
GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-2PVR-WF23-7PC7
Astro: Host header SSRF in prerendered error page fetch
- CRITICALGHSA-2F55-G35J-5JMF
HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory
- HIGHGHSA-JRFP-M64G-PCWV
Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects
- HIGHGHSA-R2WG-2MCR-66RV
Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal
- HIGHGHSA-226F-F24G-524W
Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url` (incomplete-fix sibling of CVE-2026-45401)
- MEDIUMGHSA-HMCR-RMJQ-47QR
NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint