EUVD-2024-23006

Malicious code in bioql PyPI...

EUVD-2024-37065

Malicious code in bioql PyPI...

EUVD-2024-23025

Malicious code in bioql PyPI...

EUVD-2022-40779

Malicious code in bioql PyPI...

EUVD-2024-23008

Malicious code in bioql PyPI...

EUVD-2024-23023

Malicious code in bioql PyPI...

EUVD-2023-29720

Malicious code in bioql PyPI...

CVE-2025-4967

Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections...

CVE-2025-0020

Violation of Secure Design Principles, Hidden Functionality, Incorrect Provision of Specified Functionality vulnerability in ArcGIS Authentication allows Privilege Abuse, Manipulating Hidden Fields, Configuration/Environment Manipulation. The ArcGIS clientcredentials OAuth 2.0 API implementation...

CVE-2025-0020

Rejected reason: “This CVE ID is Rejected and will not be used. As the CNA of record ESRI has rejected this CVE as it is not a vulnerability”...

CVE-2025-0020

CVE-2025-0020 is marked as rejected in the initial entry, but connected documents describe a vulnerability in ArcGIS’s client_credentials OAuth 2.0 API implementation: it allows undocumented, custom token expiration, enabling privilege abuse and manipulation of hidden fields/configuration. Affect...

CVE-2025-0020

...

PT-2025-21140 · Esri · Arcgis

Name of the Vulnerable Software and Affected Versions: ArcGIS affected versions not specified Description: The ArcGIS client credentials OAuth 2.0 API implementation does not adhere to the RFC/standards, allowing a requestor to request an undocumented, custom token expiration from ArcGIS. This...

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...

EUVD-2024-23009

There is a path traversal in Esri Portal for ArcGIS versions = 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code outside of the intended directory...

CVE-2023-25831 BUG-000154236 There is a reflected cross-site scripting (XSS) vulnerability in Portal for ArcGIS.

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2022-38210 HTML injection in accountswitcher-callback.html (10.9.1, 10.8.1 and 10.7.1 only)

There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser...

Esri Portal For ArcGIS 代码问题漏洞

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A code issue vulnerability exists in Esri Portal for ArcGIS versions 10.8.1 and prior...

CVE-2022-38188

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...