Filtered by vendor Ivanti
Subscriptions
Total
479 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22454 | 1 Ivanti | 1 Secure Access Client | 2026-02-26 | 7.8 High |
| Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2025-0283 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2026-02-26 | 7 High |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-10630 | 1 Ivanti | 2 Application Control, Security Controls | 2026-02-26 | 7.8 High |
| A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality. | ||||
| CVE-2024-10811 | 1 Ivanti | 1 Endpoint Manager | 2026-02-26 | 9.8 Critical |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | ||||
| CVE-2024-13158 | 1 Ivanti | 1 Endpoint Manager | 2026-02-26 | 7.2 High |
| An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-13172 | 1 Ivanti | 1 Endpoint Manager | 2026-02-26 | 7.8 High |
| Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | ||||
| CVE-2024-13171 | 1 Ivanti | 1 Endpoint Manager | 2026-02-26 | 7.8 High |
| Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | ||||
| CVE-2024-13169 | 1 Ivanti | 1 Endpoint Manager | 2026-02-26 | 7.8 High |
| An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-13164 | 1 Ivanti | 1 Endpoint Manager | 2026-02-26 | 7.8 High |
| An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-13163 | 1 Ivanti | 1 Endpoint Manager | 2026-02-26 | 7.8 High |
| Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | ||||
| CVE-2024-13162 | 1 Ivanti | 1 Endpoint Manager | 2026-02-26 | 7.2 High |
| SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848. | ||||
| CVE-2024-47908 | 1 Ivanti | 1 Cloud Services Appliance | 2026-02-26 | 9.1 Critical |
| OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2025-22467 | 1 Ivanti | 1 Connect Secure | 2026-02-26 | 9.9 Critical |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. | ||||
| CVE-2024-10644 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2026-02-26 | 9.1 Critical |
| Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2025-22457 | 1 Ivanti | 3 Connect Secure, Policy Secure, Zero Trust Access Gateway | 2026-02-26 | 9 Critical |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. | ||||
| CVE-2025-22458 | 1 Ivanti | 1 Endpoint Manager | 2026-02-26 | 7.8 High |
| DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System. | ||||
| CVE-2025-22461 | 1 Ivanti | 1 Endpoint Manager | 2026-02-26 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution. | ||||
| CVE-2025-4427 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-02-26 | 5.3 Medium |
| An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. | ||||
| CVE-2025-4428 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-02-26 | 7.2 High |
| Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. | ||||
| CVE-2025-22455 | 1 Ivanti | 1 Workspace Control | 2026-02-26 | 8.8 High |
| A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials. | ||||