These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-8213 is a locally exploitable memory-safety issue in OSGeo GDAL’s Grid File Handler. The provided record says the affected function is GDSDfldsrch in frmts/hdf4/hdf-eos/GDapi.c and that the condition can lead to a heap-based buffer overflow. The source metadata also notes that a public exploit has been disclosed. From a defensive perspective, this is most relevant anywhere GDAL is used to process [truncated]
CVE-2026-8212 is a local memory-corruption issue in OSGeo GDAL affecting the SWSDfldsrch function in frmts/hdf4/hdf-eos/SWapi.c. The supplied record says the flaw can trigger a heap-based buffer overflow, requires local access, and has a public exploit reference. A fix is referenced by commit 3e04c0385630e4d42517046d9a4967dfccfeb7fd and the GDAL 3.13.0RC1 release.
CVE-2025-58360 is a GeoServer vulnerability described as an improper restriction of XML External Entity (XXE) reference handling. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-12-11 and set a remediation due date of 2026-01-01. Because it is a KEV-listed issue, defenders should treat it as urgent and follow vendor mitigation guidance immediately.
CVE-2024-36401 is a CISA Known Exploited Vulnerability affecting OSGeo GeoServer and related GeoTools usage. The supplied official metadata identifies it as an eval injection issue and notes CISA’s guidance to apply vendor mitigations or discontinue use of the product if mitigations are unavailable. CISA added the entry on 2024-07-15 and set a remediation due date of 2024-08-05 in the supplied timeline.
CVE-2022-24816 is a code injection vulnerability in OSGeo JAI-EXT and is listed in CISA’s Known Exploited Vulnerabilities catalog. Because CISA has placed it in KEV, organizations using JAI-EXT or products that bundle it should treat remediation as urgent. CISA notes that the patched JAI-EXT release is 1.1.22 and advises applying vendor mitigations or discontinuing use if mitigations are not available.