33 matches found
CVE-2026-1446
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
CVE-2026-1446
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
CVE-2026-1446
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
CVE-2026-1446
The CVE-2026-1446 entry describes a Cross-Site Scripting (XSS) flaw in Esri ArcGIS Pro, affecting version 3.6.0 and earlier. The issue arises when a local attacker (with standard local access) supplies malicious strings that are rendered/executed when a specific ArcGIS Pro dialog is opened. Explo...
CVE-2026-1446 XSS issue is Esri ArcGIS Pro versions 3.6.0 and earlier
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
CVE-2026-1446 XSS issue is Esri ArcGIS Pro versions 3.6.0 and earlier
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
EUVD-2026-4668
There is a Cross Site Scripting issue in Esri ArcGIS Pro versions 3.6.0 and earlier. A local attacker could supply malicious strings into ArcGIS Pro which may execute when a specific dialog is opened. This issue is fixed in ArcGIS Pro 3.6.1...
CVE-2026-1446
There is a Cross‑Site Scripting XSS issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A...
Esri ArcGIS Pro cross-site scripting vulnerability
Esri ArcGIS Pro is a geographic information system software developed by the American company Esri. Versions of Esri ArcGIS Pro prior to 3.6.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the ability for local attackers to inject malicious strings, potentially...
PT-2026-4787
Name of the Vulnerable Software and Affected Versions Esri ArcGIS Pro versions 3.6.0 and earlier Description A Cross Site Scripting issue exists in Esri ArcGIS Pro. A local attacker could provide malicious strings to ArcGIS Pro, which may execute when a specific dialog is opened. Recommendations...
EUVD-2021-15739
Malware in sbrugna...
EUVD-2025-5364
Malicious code in bioql PyPI...
ESRI ArcGIS Pro Untrustworthy Search Path Vulnerability
ESRI ArcGIS Pro is a powerful desktop GIS software from ESRI. An untrusted search path vulnerability exists in ESRI ArcGIS Pro, which can be exploited by an attacker to execute malicious commands...
CVE-2025-1067
There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro, the fil...
CVE-2025-1067
There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro, the fil...
CVE-2025-1067
There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro, the fil...
CVE-2025-1067 There is a code injection vulnerability in ArcGIS Pro
There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro, the fil...
CVE-2025-1067
CVE-2025-1067 describes an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4. A low-privileged user with write access to the local filesystem can place a malicious executable that, when a specific ArcGIS Pro action is performed, may execute with the victim’s privileges. The issue...
CVE-2025-1067 There is a code injection vulnerability in ArcGIS Pro
There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro, the fil...
Esri ArcGIS 安全漏洞
ESRI ArcGIS Pro is a powerful desktop GIS software from ESRI. An untrusted search path vulnerability exists in ESRI ArcGIS Pro, which can be exploited by an attacker to execute malicious commands...