35 matches found
CVE-2026-1446
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
CVE-2026-1446
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
CVE-2026-1446
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
CVE-2026-1446 XSS issue is Esri ArcGIS Pro versions 3.6.0 and earlier
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
EUVD-2026-4668
There is a Cross Site Scripting issue in Esri ArcGIS Pro versions 3.6.0 and earlier. A local attacker could supply malicious strings into ArcGIS Pro which may execute when a specific dialog is opened. This issue is fixed in ArcGIS Pro 3.6.1...
CVE-2026-1446
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
CVE-2026-1446 XSS issue is Esri ArcGIS Pro versions 3.6.0 and earlier
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
CVE-2026-1446
The CVE-2026-1446 entry describes a Cross-Site Scripting (XSS) flaw in Esri ArcGIS Pro, affecting version 3.6.0 and earlier. The issue arises when a local attacker (with standard local access) supplies malicious strings that are rendered/executed when a specific ArcGIS Pro dialog is opened. Explo...
PT-2026-4787
Name of the Vulnerable Software and Affected Versions Esri ArcGIS Pro versions 3.6.0 and earlier Description A Cross Site Scripting issue exists in Esri ArcGIS Pro. A local attacker could provide malicious strings to ArcGIS Pro, which may execute when a specific dialog is opened. Recommendations...
Esri ArcGIS Pro cross-site scripting vulnerability
Esri ArcGIS Pro is a geographic information system software developed by the American company Esri. Versions of Esri ArcGIS Pro prior to 3.6.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the ability for local attackers to inject malicious strings, potentially...
EUVD-2021-15739
Malware in sbrugna...
EUVD-2025-5364
Malicious code in bioql PyPI...
The vulnerability of the ArcGIS Pro geospatial information system and the ArcGIS AllSource software for analyzing operational data, related to the use of an unreliable search path, allows a perpetrator to execute arbitrary commands.
The vulnerability of the ArcGIS Pro geospatial information system and the ArcGIS AllSource software for analyzing operational data is related to the use of an unreliable search path. Exploiting this vulnerability could allow a attacker to execute arbitrary commands by loading a specially created...
The vulnerability of the ArcGIS Pro geospatial information system and the ArcGIS AllSource software for analyzing operational data, related to the use of an unreliable search path, allows a perpetrator to execute arbitrary commands.
The vulnerability of the ArcGIS Pro geospatial information system and the ArcGIS AllSource software for analyzing operational data is related to the use of an unreliable search path. Exploiting this vulnerability could allow a attacker to execute arbitrary commands by loading a specially created...
ESRI ArcGIS Pro Untrustworthy Search Path Vulnerability
ESRI ArcGIS Pro is a powerful desktop GIS software from ESRI. An untrusted search path vulnerability exists in ESRI ArcGIS Pro, which can be exploited by an attacker to execute malicious commands...
CVE-2025-1067
There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro, the fil...
CVE-2025-1067
There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro, the fil...
CVE-2025-1067
There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro, the fil...
CVE-2025-1067 There is a code injection vulnerability in ArcGIS Pro
There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro, the fil...
CVE-2025-1067
CVE-2025-1067 describes an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4. A low-privileged user with write access to the local filesystem can place a malicious executable that, when a specific ArcGIS Pro action is performed, may execute with the victim’s privileges. The issue...