esri

168 tracked vulnerabilities.

CVE-2026-2813 MEDIUM
Unvalidated Redirect in ArcGIS Server
May 20, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-2812 MEDIUM
Improper Authentication issue in ArcGIS Server
May 20, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33519 CRITICAL
Incorrect privilege assignment in Portal for ArcGIS
Apr 21, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-33518 CRITICAL
Incorrect privilege assignment in Portal for ArcGIS
Apr 21, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-1446 MEDIUM
Esri ArcGIS Pro < 3.6.1 - Cross-Site Scripting via Specific Dialog
Jan 26, 2026
CVSS 5.0
EPSS 0.00
CVE-2025-67711 MEDIUM
Esri ArcGIS Server < 11.5 - Unauthenticated Stored Cross-Site Scripting
Dec 31, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-67710 MEDIUM
Esri ArcGIS Server < 11.5 - Unauthenticated Stored Cross-Site Scripting
Dec 31, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-67709 MEDIUM
Esri ArcGIS Server < 11.5 - Unauthenticated Stored Cross-Site Scripting
Dec 31, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-67708 MEDIUM
Esri ArcGIS Server < 11.5 - Unauthenticated Stored Cross-Site Scripting
Dec 31, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-67707 MEDIUM
ArcGIS Server < 11.5 - Unauthenticated Arbitrary File Upload
Dec 31, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-67706 MEDIUM
ArcGIS Server < 11.5 - Unauthenticated Arbitrary File Upload
Dec 31, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-67705 MEDIUM
Esri ArcGIS Server < 11.5 - Unauthenticated Stored Cross-Site Scripting
Dec 31, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-67704 MEDIUM
Esri ArcGIS Server < 11.5 - Unauthenticated Stored Cross-Site Scripting
Dec 31, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-67703 MEDIUM
Esri ArcGIS Server < 11.5 - Unauthenticated Stored Cross-Site Scripting
Dec 31, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-67712 MEDIUM
Esri ArcGIS Web AppBuilder dev <2.30 - XSS
Dec 19, 2025
CVSS 4.7
EPSS 0.00
CVE-2025-57870 CRITICAL
Esri ArcGIS Server 11.3-11.5 - Unauthenticated SQL Injection via Feature Service Operation
Oct 22, 2025
CVSS 10.0
EPSS 0.00
CVE-2025-57879 MEDIUM
Esri Portal for ArcGIS <= 11.4 - Unauthenticated Open Redirect
Sep 29, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-57878 MEDIUM
Esri Portal for ArcGIS <= 11.4 - Unauthenticated Open Redirect
Sep 29, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-57877 MEDIUM
Esri Portal for ArcGIS <= 11.4 - Authenticated Reflected Cross-Site Scripting
Sep 29, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-57876 MEDIUM
Esri Portal for ArcGIS <= 11.4 - Authenticated Stored Cross-Site Scripting via File Upload
Sep 29, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-57875 MEDIUM
Esri Portal for ArcGIS 11.4 and below - Authenticated Reflected Cross-Site Scripting
Sep 29, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-57874 MEDIUM
Esri Portal for ArcGIS <= 11.4 - Authenticated Reflected Cross-Site Scripting
Sep 29, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-57873 MEDIUM
Esri Portal for ArcGIS <= 11.4 - Authenticated Reflected Cross-Site Scripting
Sep 29, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-57872 MEDIUM
Esri Portal for ArcGIS <= 11.4 - Unauthenticated Open Redirect
Sep 29, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-57871 MEDIUM
Esri Portal for ArcGIS <= 11.4 - Authenticated Reflected Cross-Site Scripting
Sep 29, 2025
CVSS 4.8
EPSS 0.00
Products
portal_for_arcgis 73 arcgis_server 67 arcgis_pro 6 arcreader 6 arcgis_enterprise 5 arcmap 4 arcgis_engine 3 ArcGIS Server 2 Portal for ArcGIS 2 arcgis_allsource 2 arcgis_insights 2 arcinfo_workstation 2 arcsde 2 ArcGIS Enterprise Builder 1 ArcGIS Monitor 1 ArcGIS Web AppBuilder {Developer Edition) 1 arcgis_earth 1 arcgis_for_desktop 1 arcgis_for_engine 1 arcgis_geoevent_server 1 arcgis_quickcapture 1 arcgisruntime_sdk 1 arcpad 1
Quick Filters
Critical CVEs With Exploits In CISA KEV