Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Esri — Vulnerabilities & Security Advisories 147

Browse all 147 CVE security advisories affecting Esri. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Esri:ArcGIS ServerPortal for ArcGISArcGIS EnterpriseArcReaderPortal for ArcGIS Enterprise SitesArcGIS Enterprise Web App BuilderArcGIS Enterprise ServerPortal for ArcGIS SitesArcGIS QuickcapturePortal for ArcGIS Enterprise Experience BuilderArcGIS ProArcGIS InsightsArcGIS GeoEvent ServerPortal for ArcGIS ArcGIS Enterprise BuilderEnterprise Web App BuilderArcGIS AllSourceArcGIS MonitorArcGIS EarthPortal for ArcGIS Enterprise Experience SitesArcGIS Web AppBuilder {Developer Edition)
CVE IDTitleCVSSSeverityPublished
CVE-2026-33519 Incorrect privilege assignment in Portal for ArcGIS — Portal for ArcGISCWE-266 9.8 Critical2026-04-21
CVE-2026-33518 Incorrect privilege assignment in Portal for ArcGIS — Portal for ArcGISCWE-266 9.8 Critical2026-04-21
CVE-2026-1446 XSS issue is Esri ArcGIS Pro versions 3.6.0 and earlier — ArcGIS ProCWE-79 5.0 Medium2026-01-26
CVE-2025-67711 Reflected XSS vulnerability in ArcGIS Server. — ArcGIS ServerCWE-79 6.1 Medium2025-12-31
CVE-2025-67710 Stored XSS vulnerability in ArcGIS Server — ArcGIS ServerCWE-79 6.1 Medium2025-12-31
CVE-2025-67709 There is a cross site scripting issue in ArcGIS Server. — ArcGIS ServerCWE-79 6.1 Medium2025-12-31
CVE-2025-67708 Reflected cross-site scripting (XSS) vulnerability in ArcGIS Server. — ArcGIS ServerCWE-79 6.1 Medium2025-12-31
CVE-2025-67707 Unvalidated File Upload vulnerability in ArcGIS Server. — ArcGIS ServerCWE-434 5.6 Medium2025-12-31
CVE-2025-67706 Unvalidated File Upload vulnerability in ArcGIS Server. — ArcGIS ServerCWE-434 5.6 Medium2025-12-31
CVE-2025-67705 Reflected XSS vulnerability in ArcGIS Server. — ArcGIS ServerCWE-79 6.1 Medium2025-12-31
CVE-2025-67704 Stored XSS vulnerability in ArcGIS Server. — ArcGIS ServerCWE-79 6.1 Medium2025-12-31
CVE-2025-67703 Stored XSS vulnerability in ArcGIS Server. — ArcGIS ServerCWE-79 6.1 Medium2025-12-31
CVE-2025-67712 HTML injection issue in ArcGIS Web App Builder — ArcGIS Web AppBuilder {Developer Edition)CWE-79 4.7 Medium2025-12-19
CVE-2025-57870 BUG-000179884 - There is a security vulnerability in ArcGIS Server Feature Services. — ArcGIS ServerCWE-89 10.0 Critical2025-10-22
CVE-2025-57871 BUG-000174020 - Reflected XSS vulnerability identified in Portal for ArcGIS. (11.3, 11.1, 10.9.1) — Portal for ArcGISCWE-79 4.8 Medium2025-09-29
CVE-2025-57872 BUG-000174150 - Unvalidated redirect in Portal for ArcGIS. — Portal for ArcGISCWE-601 6.1 Medium2025-09-29
CVE-2025-57873 BUG-000175222 - Reflected XSS vulnerability in Portal for ArcGIS. — Portal for ArcGISCWE-79 4.8 Medium2025-09-29
CVE-2025-57874 BUG-000161627 - Reflected XSS vulnerability in Portal for ArcGIS.  (11.3, 11.1, 10.9.1) — Portal for ArcGISCWE-79 4.8 Medium2025-09-29
CVE-2025-57875 BUG-000164122 - Reflected XSS vulnerability in Portal for ArcGIS. — Portal for ArcGISCWE-79 4.8 Medium2025-09-29
CVE-2025-57877 Reflected XSS vulnerability in Portal for ArcGIS. — Portal for ArcGISCWE-79 4.8 Medium2025-09-29
CVE-2025-57878 BUG-000174149 - The Portal for ArcGIS has an unvalidated redirect. — Portal for ArcGISCWE-601 6.1 Medium2025-09-29
CVE-2025-57879 BUG-000171009 - URL manipulation vulnerability in Portal for ArcGIS. — Portal for ArcGISCWE-601 6.1 Medium2025-09-29
CVE-2025-57876 Stored XSS vulnerability in Portal for ArcGIS — Portal for ArcGISCWE-79 4.8 Medium2025-09-29
CVE-2025-55107 BUG-000177335 ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability. — Portal for ArcGIS Enterprise SitesCWE-79 4.8 Medium2025-08-21
CVE-2025-55106 BUG-000173171 ArcGIS Enterprise Sites has a Cross-site Scripting vulnerability. — Portal for ArcGIS Enterprise SitesCWE-79 4.8 Medium2025-08-21
CVE-2025-55105 BUG-000177336 - ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability. — Portal for ArcGIS Enterprise Experience SitesCWE-79 4.8 Medium2025-08-21
CVE-2025-55104 BUG-000173918 - ArcGIS Enterprise Sites has a security vulnerability. — Portal for ArcGIS Enterprise SitesCWE-79 4.8 Medium2025-08-21
CVE-2025-55103 BUG-000177333 - ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability. — Portal for ArcGIS Enterprise SitesCWE-79 4.8 Medium2025-08-21
CVE-2025-4967 Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS — Portal for ArcGISCWE-918 9.1 Critical2025-05-29
CVE-2025-2538 BUG-000174336 — Portal for ArcGISCWE-798 9.8 Critical2025-03-20

This page lists every published CVE security advisory associated with Esri. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.