Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog Docs About Contact

arcgis vulnerabilities and exploits

(subscribe to this query)
6.1
CVSSv3

CVE-2022-38199

A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated malicious user to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers p...
Esri Arcgis ServerEsri Arcgis Server 10.7.1Esri Arcgis Server 10.8.1Esri Arcgis Server 10.9.1
7.5
CVSSv3

CVE-2024-38040

There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated malicious user to craft a URL that could potentially disclose sensitive configuration information by reading internal files.
Esri Portal For Arcgis 10.8.1Esri Portal For Arcgis 10.9.1Esri Portal For Arcgis 11.1Esri Portal For Arcgis 11.2Esri Portal For ArcgisEsri Portal For Arcgis 11.0
4.3
CVSSv2

CVE-2014-9741

Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Esri Arcgis For DesktopEsri Arcgis For EngineEsri Arcgis Server
6.1
CVSSv3

CVE-2024-25691

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated malicious user to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Esri Portal For Arcgis -Esri Portal For ArcgisEsri Portal For Arcgis 10.8.1Esri Portal For Arcgis 10.9.1Esri Portal For Arcgis 11.1
6.1
CVSSv3

CVE-2024-38038

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated malicious user to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Esri Portal For Arcgis -Esri Portal For ArcgisEsri Portal For Arcgis 10.7.1Esri Portal For Arcgis 10.8.1Esri Portal For Arcgis 10.9.1
5.4
CVSSv3

CVE-2024-38036

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated malicious user to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Esri Portal For Arcgis -Esri Portal For Arcgis Enterprise Experience BuilderEsri Portal For Arcgis 10.7.1Esri Portal For Arcgis 10.8.1Esri Portal For Arcgis 10.9.1
7.8
CVSSv3

CVE-2021-29096

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and previous versions) and ArcGIS Pro 2.7 (and previous versions) allows an unauthenticated malicious user to achieve arbitrary code execution in the cont...
Esri ArcreaderEsri Arcgis DesktopEsri Arcgis EngineEsri Arcgis Desktop Background GeoprocessingEsri Arcgis Engine Background GeoprocessingEsri Arcgis ProEsri Arcmap
6.1
CVSSv3

CVE-2023-25830

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticated malicious user to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Esri Portal For ArcgisEsri Portal For Arcgis 10.7.1Esri Portal For Arcgis 10.8.1Esri Portal For Arcgis 10.9.1
6.1
CVSSv3

CVE-2023-25831

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated malicious user to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Esri Portal For ArcgisEsri Portal For Arcgis 10.7.1Esri Portal For Arcgis 10.8.1Esri Portal For Arcgis 10.9.1
7.3
CVSSv3

CVE-2025-1067

There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS Ar...
Esri Arcgis ProEsri Arcgis Allsource 1.2Esri Arcgis Allsource 1.3Esri Arcgis Pro 3.3Esri Arcgis Pro 3.4
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-3248thanhtungtntremote code executioncodepen embed blockCVE-2025-6354chris coyierCVE-2025-50025nitin yawalkarcode executionCVE-2025-50038CVE-2023-0386cross-site scriptingCVE-2025-6351
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook