Overview
- Esri
- Portal for ArcGIS
21 Apr 2026
Published
23 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%
KEV
Description
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.
Statistics
- 1 Post
Last activity: 11 hours ago
Overview
- Python Software Foundation
- CPython
- http.client
10 Apr 2026
Published
21 Apr 2026
Updated
CVSS v4.0
MEDIUM (5.7)
EPSS
0.06%
KEV
Description
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
Statistics
- 1 Post
Last activity: 6 hours ago
Overview
- Python Software Foundation
- CPython
13 Apr 2026
Published
14 Apr 2026
Updated
CVSS v4.0
HIGH (7.0)
EPSS
0.02%
KEV
Description
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.
Statistics
- 1 Post
Last activity: 6 hours ago