EUVD-2025-5535

Malicious code in bioql PyPI...

EUVD-2022-40789

Malicious code in bioql PyPI...

EUVD-2022-40795

Malicious code in bioql PyPI...

EUVD-2025-5542

Malicious code in bioql PyPI...

EUVD-2025-5515

Malicious code in bioql PyPI...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05072)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A security vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create specially crafted links that, when clicked, may execute...

CVE-2024-51958

There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to integrity or...

CVE-2024-51959

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-51961

There is a local file inclusion vulnerability in ArcGIS Server 11.3 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files from the remote server. Due to the nature of the files...

CVE-2024-51944

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-51963

CVE-2024-51963 is a stored cross-site scripting vulnerability in Esri ArcGIS Server Web Platform affecting versions 10.9.1–11.3. An authenticated, high-privilege attacker (publisher) can craft a link that executes arbitrary JavaScript in a victim’s browser. Impact is described as low to confident...

CVE-2024-51961

CVE-2024-51961 affects Esri ArcGIS Server versions 10.9.1 through 11.3. It describes a local file inclusion (LFI) vulnerability where a remote, unauthenticated attacker can craft a URL to read internal files and disclose sensitive configuration information. The underlying issue is insufficient fi...

CVE-2024-51948

CVE-2024-51948 is a stored XSS vulnerability in Esri ArcGIS Server (versions 11.3 and earlier). The issue arises from a flaw where an authenticated, high-privilege user (publisher) can craft a link that, when clicked by a victim, may execute arbitrary JavaScript in the browser. Impact is describe...

CVE-2024-10904 Stored XSS in Server Admin API

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

Vulnerability fixed in Esri ArcGIS Server

A vulnerability has been fixed in Esri ArcGis Server. This vulnerability allows an unauthenticated malicious person through path traversal to view system information from the server on which the application is running. Esri has released updates to fix the vulnerability. For more information, see:...

Esri ArcGIS Server Reuse After Release Vulnerability

ArcGIS Server is the back-end server software component of ArcGIS Enterprise from Esri that makes your geographic information available to others in your organization, and optionally makes it available to anyone with an Internet connection. A post-release reuse vulnerability exists in Esri ArcGIS...

ArcGIS Server has an Arbitrary File Read Vulnerability

ArcGIS Server is ESRI released to provide Web-oriented spatial data services for an enterprise-class GIS software platform. ArcGIS Server has an arbitrary file read vulnerability that can be exploited by an attacker to obtain sensitive information...

Esri Arcgis Server 代码问题漏洞

Esri Arcgis Server is the United States Esri company's a Web-oriented can be used to provide geographic location services, enterprise-class software platform. A security vulnerability exists in Esri ArcGIS Server versions prior to 10.8, which stems from a configuration that does not adequately...