Lucene search
K

996 matches found

NVD
NVD
added 2026/07/07 5:16 p.m.10 views

CVE-2026-13020

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...

9.8CVSS0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/07 4:40 p.m.37 views

CVE-2026-13019 Missing Authentication

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...

9.8CVSS0.0041EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 4:40 p.m.9 views

CVE-2026-13019

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...

9.8CVSS6AI score0.0041EPSS
Exploits0References2
CVE
CVE
added 2026/07/07 4:40 p.m.19 views

CVE-2026-13019

Esri Portal for ArcGIS, versions 12.1 and earlier, on Windows/Linux/Kubernetes, has a missing authentication flaw for a critical function, allowing a remote, unauthenticated attacker to access an unprotected API. The CVSSv3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H with base score 9.8 (CRIT...

9.8CVSS6AI score0.0041EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/07 4:40 p.m.7 views

EUVD-2026-42058

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...

9.8CVSS6AI score0.0041EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 4:39 p.m.7 views

EUVD-2026-42057

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...

8.1CVSS6AI score0.00234EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.12 views

PT-2026-56204

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions prior to 12.2 Description Esri Portal for ArcGIS on Windows, Linux, and Kubernetes contains a flaw where a critical function lacks proper authentication. This allows a remote, unauthenticated attacker to access ...

9.8CVSS6AI score0.0041EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/27 1:45 p.m.11 views

Security Bulletin: Location Service for ESRI Component uses urllib3-2.6.3 library which was vulnerable to CVE-2026-44431 and CVE-2026-44432

Summary Location Service for ESRI Component uses urllib3-2.6.3 library which was vulnerable to CVE-2026-44431 and CVE-2026-44432. Vulnerability Details CVEID:CVE-2026-44431 DESCRIPTION: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from t...

8.9CVSS5.8AI score0.0068EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

Esri ArcGIS Server 授权问题漏洞

Esri ArcGIS Server is a web-based enterprise-level software platform provided by Esri that can deliver geographic services. Versions of Esri ArcGIS Server 12.0 and earlier had an authorization vulnerability. This vulnerability stemmed from improperly configured authentication for unrecorded...

5.3CVSS5.8AI score0.0036EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 3:1 a.m.10 views

Security Bulletin: Location Service for ESRI Component uses cryptography-46.0.6, pyasn1-0.6.2, requests-2.32.5 and cryptography-46.0.5 library which were vulnerable to multiple CVEs

Summary Location Service for ESRI Component uses cryptography-46.0.6, pyasn1-0.6.2, requests-2.32.5 and cryptography-46.0.5 library which were vulnerable to CVE-2026-39892, CVE-2026-30922, CVE-2026-25645 and CVE-2026-34073 respectively. Vulnerability Details CVEID:CVE-2026-30922 DESCRIPTION: pyas...

9.8CVSS6.8AI score0.00652EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/23 7:22 a.m.7 views

CVE-2026-33518

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

9.8CVSS5.8AI score0.00295EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/23 7:22 a.m.9 views

CVE-2026-33519

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...

9.8CVSS5.8AI score0.00312EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.5 views

Esri Portal for ArcGIS 11.4 / 11.5 / 12.0 < Security 2026 Update 1 Incorrect Authorization (CVE-2026-33519)

The version of Esri Portal for ArcGIS installed is 11.4, 11.5, or 12.0 and is missing Security 2026 Update 1. It is, therefore, affected by a vulnerability: - An incorrect authorization vulnerability exists in Portal for ArcGIS that did not correctly check permissions assigned to developer...

9.8CVSS5.4AI score0.00312EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 9:31 p.m.10 views

EUVD-2026-24337

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

9.8CVSS5.8AI score0.00295EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 9:16 p.m.10 views

CVE-2026-33518

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

9.8CVSS0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 9:16 p.m.5 views

CVE-2026-33519

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...

9.8CVSS0.00312EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 8:38 p.m.5 views

CVE-2026-33519

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...

9.8CVSS5.8AI score0.00312EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/21 8:37 p.m.38 views

CVE-2026-33518 Incorrect privilege assignment in Portal for ArcGIS

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

9.8CVSS0.00295EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 8:37 p.m.4 views

CVE-2026-33518

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

9.8CVSS5.8AI score0.00295EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.10 views

PT-2026-34089

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS version 11.5 Description An incorrect privilege assignment issue exists in Windows and Linux environments. This allows highly privileged users to create developer credentials that may grant more privileges than expected...

9.8CVSS5.8AI score0.00295EPSS
Exploits0References6
Rows per page
Query Builder