VYPR
Vendor

Geonetwork

Products
2
CVEs
3
Across products
3
Status
Private

Products

2

Recent CVEs

3
  • CVE-2021-28398HigSep 5, 2022
    risk 0.47cvss 7.2epss 0.01

    A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in…

  • CVE-2022-50899Jan 13, 2026
    risk 0.00cvss epss 0.00

    Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to…

  • CVE-2006-5513Oct 26, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors.