108 matches found
CVE-2026-13020
A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...
EUVD-2026-42058
Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...
CVE-2026-13019 Missing Authentication
Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...
CVE-2026-13019
Esri Portal for ArcGIS, versions 12.1 and earlier, on Windows/Linux/Kubernetes, has a missing authentication flaw for a critical function, allowing a remote, unauthenticated attacker to access an unprotected API. The CVSSv3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H with base score 9.8 (CRIT...
CVE-2026-13019
Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...
EUVD-2026-42057
A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...
CVE-2026-33518
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...
EUVD-2026-24337
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...
CVE-2026-33519 Incorrect privilege assignment in Portal for ArcGIS
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...
CVE-2026-33518
Esri Portal for ArcGIS 11.5 (Windows and Linux) is affected by an incorrect privilege assignment vulnerability. The issue lets highly privileged users create developer credentials that may grant more privileges than expected. CVSS 3.1 Base Score 9.8 (CRITICAL) with network attack vector, low atta...
CVE-2026-33518 Incorrect privilege assignment in Portal for ArcGIS
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...
CVE-2026-33518
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...
Esri Portal For ArcGIS 安全漏洞
Esri Portal for ArcGIS is a component offered by Esri that allows for sharing maps, scenarios, applications, and other geographic information with others within an organization. Versions 11.4, 11.5, and 12.0 of Esri Portal for ArcGIS have security vulnerabilities. These vulnerabilities stem from...
EUVD-2025-31606
Malicious code in bioql PyPI...
EUVD-2025-31607
Malicious code in bioql PyPI...
EUVD-2022-40784
Malicious code in bioql PyPI...
EUVD-2022-40794
Malicious code in bioql PyPI...
EUVD-2025-31611
Malicious code in bioql PyPI...
EUVD-2025-31610
Malicious code in bioql PyPI...
CVE-2025-57878
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks...