CVE-2025-57870 BUG-000179884 - There is a security vulnerability in ArcGIS Server Feature Services.

A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL commands via a specific ArcGIS Feature Service operation. Successful exploitation can...

CVE-2025-57870 BUG-000179884 - There is a security vulnerability in ArcGIS Server Feature Services.

A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL commands via a specific ArcGIS Feature Service operation. Successful exploitation can...

CVE-2025-57870

The CVE-2025-57870 is a SQL injection vulnerability affecting Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. A remote, unauthenticated attacker can trigger SQL commands via a specific ArcGIS Feature Service operation, potentially enabling unauthorized viewing, m...

CVE-2023-25841

There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 11.0 and below on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

CVE-2023-25841

There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 11.0 and below on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

PT-2023-20348 · Esri · Esri Arcgis Server

Name of the Vulnerable Software and Affected Versions: Esri ArcGIS Server versions 10.8.1 through 11.0 Description: There is a stored Cross-site Scripting issue that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary...

Malicious code in audi-feature-services (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4378ace95d0131430a8ec44844043a44b083551ac436b7ddf03f1444b66b01b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1169 Malicious code in audi-feature-services (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4378ace95d0131430a8ec44844043a44b083551ac436b7ddf03f1444b66b01b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-29116

A stored Cross Site Scripting XSS vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 only feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary...

CVE-2021-29114

A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries...

CVE-2021-29116 BUG-000142180 Hosted feature services vulnerable to stored XSS

A stored Cross Site Scripting XSS vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 only feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary...

MS10-059: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799)

The version of Tracing Feature for Services on the remote host has the following vulnerabilities : - Windows places incorrect ACLs on registry keys, which could allow an attacker to execute code with elevated privileges. CVE-2010-2554 - Memory is allocated in an unspecified, unsafe manner when...

PT-2010-4102 · Microsoft · Windows Vista +3

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Vista versions SP1 through SP2 Microsoft Windows Server 2008 versions Gold through SP2 and R2 Microsoft Windows 7 affected versions not specified Description: The issue arises from incorrect access control lists ACLs on the...

PT-2010-4103 · Microsoft · Windows Vista +3

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Vista versions SP1 through SP2 Microsoft Windows Server 2008 versions Gold through SP2 and R2 Microsoft Windows 7 affected versions not specified Description: The issue arises from the Tracing Feature for Services not proper...