Filtered by vendor Ivanti
Subscriptions
Total
479 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22024 | 1 Ivanti | 3 Connect Secure, Policy Secure, Zero Trust Access Gateway | 2025-10-31 | 8.3 High |
| An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. | ||||
| CVE-2020-8218 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Policy Secure, Pulse Policy Secure | 2025-10-30 | 7.2 High |
| A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. | ||||
| CVE-2020-8243 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-10-30 | 7.2 High |
| A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. | ||||
| CVE-2020-8260 | 1 Ivanti | 1 Connect Secure | 2025-10-30 | 7.2 High |
| A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. | ||||
| CVE-2021-22893 | 1 Ivanti | 1 Connect Secure | 2025-10-30 | 10 Critical |
| Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild. | ||||
| CVE-2024-21893 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2025-10-30 | 8.2 High |
| A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. | ||||
| CVE-2024-29824 | 1 Ivanti | 1 Endpoint Manager | 2025-10-30 | 8.8 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-8190 | 1 Ivanti | 2 Cloud Services Appliance, Endpoint Manager Cloud Services Appliance | 2025-10-24 | 7.2 High |
| An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability. | ||||
| CVE-2024-13159 | 1 Ivanti | 1 Endpoint Manager | 2025-10-24 | 9.8 Critical |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | ||||
| CVE-2024-13160 | 1 Ivanti | 1 Endpoint Manager | 2025-10-24 | 9.8 Critical |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | ||||
| CVE-2024-13161 | 1 Ivanti | 1 Endpoint Manager | 2025-10-24 | 9.8 Critical |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | ||||
| CVE-2024-8963 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-10-24 | 9.4 Critical |
| Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | ||||
| CVE-2024-9379 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-10-24 | 6.5 Medium |
| SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | ||||
| CVE-2024-9380 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-10-24 | 7.2 High |
| An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. | ||||
| CVE-2025-0282 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2025-10-24 | 9 Critical |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. | ||||
| CVE-2024-7593 | 1 Ivanti | 2 Virtual Traffic Management, Virtual Traffic Manager | 2025-10-24 | 9.8 Critical |
| Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | ||||
| CVE-2025-10986 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-10-20 | 4.7 Medium |
| Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to write data in unintended locations on disk. | ||||
| CVE-2025-8711 | 1 Ivanti | 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more | 2025-09-24 | 5.4 Medium |
| CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute limited actions on behalf of the victim user. User interaction is required. | ||||
| CVE-2025-55148 | 1 Ivanti | 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more | 2025-09-24 | 7.6 High |
| Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings. | ||||
| CVE-2025-55146 | 1 Ivanti | 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more | 2025-09-24 | 4.9 Medium |
| An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service. | ||||