Lucene search
K

281 matches found

Positive Technologies
Positive Technologies
added 6 days ago12 views

PT-2026-56204

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions prior to 12.2 Description Esri Portal for ArcGIS on Windows, Linux, and Kubernetes contains a flaw where a critical function lacks proper authentication. This allows a remote, unauthenticated attacker to access ...

9.8CVSS6AI score0.0041EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.8 views

Esri ArcGIS Server 授权问题漏洞

Esri ArcGIS Server is a web-based enterprise-level software platform provided by Esri that can deliver geographic services. Versions of Esri ArcGIS Server 12.0 and earlier had an authorization vulnerability. This vulnerability stemmed from improperly configured authentication for unrecorded...

5.3CVSS5.8AI score0.0036EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/26 5:24 p.m.5 views

EUVD-2026-4668

There is a Cross Site Scripting issue in Esri ArcGIS Pro versions 3.6.0 and earlier. A local attacker could supply malicious strings into ArcGIS Pro which may execute when a specific dialog is opened. This issue is fixed in ArcGIS Pro 3.6.1...

5CVSS5.9AI score0.0015EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.8 views

Esri ArcGIS Pro cross-site scripting vulnerability

Esri ArcGIS Pro is a geographic information system software developed by the American company Esri. Versions of Esri ArcGIS Pro prior to 3.6.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the ability for local attackers to inject malicious strings, potentially...

5CVSS5.8AI score0.0015EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:45 a.m.9 views

CVE-2022-38202

There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclosure of sensitive...

7.5CVSS6.4AI score0.01333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.6 views

CVE-2025-1726

There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted queries. While it is possible to enumerate some...

4.3CVSS6.9AI score0.00379EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/01 10:28 p.m.7 views

CVE-2025-67711

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.7AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/01 10:28 p.m.8 views

CVE-2025-67703

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.7AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/01 10:28 p.m.8 views

CVE-2025-67708

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.7AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/01 12:31 a.m.4 views

EUVD-2025-206096

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.2AI score0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/01 12:31 a.m.5 views

EUVD-2025-206097

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.2AI score0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/01 12:31 a.m.5 views

EUVD-2025-206098

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.2AI score0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/01 12:31 a.m.8 views

EUVD-2025-206104

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.2AI score0.00193EPSS
Exploits0References2
NVD
NVD
added 2025/12/31 11:15 p.m.4 views

CVE-2025-67709

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS0.00197EPSS
Exploits0References1
OSV
OSV
added 2025/12/31 11:15 p.m.5 views

CVE-2025-67711

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS5.4AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 2025/12/31 11:15 p.m.5 views

CVE-2025-67711

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS0.00197EPSS
Exploits0References1
OSV
OSV
added 2025/12/31 11:15 p.m.4 views

CVE-2025-67710

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS5.5AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 2025/12/31 11:15 p.m.12 views

CVE-2025-67708

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS0.00197EPSS
Exploits0References1
OSV
OSV
added 2025/12/31 11:15 p.m.4 views

CVE-2025-67704

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS5.4AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2025/12/31 11:15 p.m.5 views

CVE-2025-67705

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS5.4AI score0.00193EPSS
Exploits0References1
Rows per page
Query Builder