Lucene search
K

564 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago4 views

ArcGIS Server <= 12.0 Multiple Vulnerabilities (Security 2026 Update 2)

The version of ArcGIS Server installed on the remote host is 12.0 or prior. It is, therefore, affected by multiple vulnerabilities: - ArcGIS Server contains a directory traversal vulnerability. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful...

9.8CVSS6.3AI score0.00727EPSS
Exploits0References3
NVD
NVD
added 2026/07/06 7:17 p.m.8 views

CVE-2026-9182

Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload, potentially allowing for other attacks. This issue impacts a...

9.8CVSS0.00352EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 7:17 p.m.9 views

CVE-2026-9181

Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this...

9.8CVSS0.00727EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/06 6:22 p.m.7 views

CVE-2026-9181 Directory Traversal in ArcGIS Server

Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this...

9.8CVSS6AI score0.00727EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 6:22 p.m.4 views

EUVD-2026-41897

ArcGIS Server contains a directory traversal vulnerability. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow access to sensitive files on the system. This issue impacts all versions of ArcGIS Server 12.0 and prior...

9.8CVSS6AI score0.00727EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 6:22 p.m.29 views

CVE-2026-9181

ArcGIS Server is affected by a directory traversal vulnerability. An unauthenticated attacker can exploit it by sending crafted path parameters, potentially enabling access to sensitive files on the system. The issue affects all versions up to and including 12.0. The connected sources confirm the...

9.8CVSS6AI score0.00727EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/06 6:22 p.m.34 views

CVE-2026-9181 Directory Traversal in ArcGIS Server

Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this...

9.8CVSS0.00727EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:22 p.m.7 views

CVE-2026-9181

Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this...

9.8CVSS6AI score0.00727EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/06 6:21 p.m.5 views

EUVD-2026-41896

ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload...

5.3CVSS6.1AI score0.00352EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 6:21 p.m.34 views

CVE-2026-9182 Unvalidated File Upload vulnerability in ArcGIS Server.

Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload, potentially allowing for other attacks. This issue impacts a...

9.8CVSS0.00352EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:21 p.m.6 views

CVE-2026-9182

Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload, potentially allowing for other attacks. This issue impacts a...

9.8CVSS6.1AI score0.00352EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/06 6:21 p.m.9 views

CVE-2026-9182 Unvalidated File Upload vulnerability in ArcGIS Server.

ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload...

9.8CVSS6.1AI score0.00352EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 6:21 p.m.20 views

CVE-2026-9182

CVE-2026-9182 affects ArcGIS Server with an unrestricted file upload vulnerability. An unauthenticated attacker could upload a crafted file to the vulnerable endpoint, potentially enabling arbitrary file upload. The provided sources describe the vulnerability consistently but do not specify affec...

9.8CVSS6.1AI score0.00352EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-55968

Name of the Vulnerable Software and Affected Versions ArcGIS Server versions prior to 12.0 Description An unrestricted file upload issue exists where an unauthenticated attacker can upload a crafted file to the affected endpoint. This could allow for arbitrary file upload, potentially enabling...

9.8CVSS6.2AI score0.00352EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55967

Name of the Vulnerable Software and Affected Versions ArcGIS Server versions prior to 12.1 Description An unauthenticated attacker can exploit a directory traversal issue by sending crafted path parameters. This allows the attacker to access sensitive files on the system. Directory traversal is a...

9.8CVSS6AI score0.00727EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-2812

ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This...

5.3CVSS5.5AI score0.0036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-2813

ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulti...

4.7CVSS5.2AI score0.003EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 8:16 p.m.13 views

CVE-2026-2813

ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulti...

4.7CVSS0.003EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 8:16 p.m.9 views

CVE-2026-2812

ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This...

5.3CVSS0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 5:51 p.m.30 views

CVE-2026-2813 Unvalidated Redirect in ArcGIS Server

ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulti...

4.7CVSS0.003EPSS
Exploits0References1
Rows per page
Query Builder