Filtered by vendor Ivanti
Subscriptions
Total
496 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9614 | 1 Ivanti | 2 Neurons For Itsm, Neurons For Itsm (on-premises) | 2026-06-02 | 8.8 High |
| An Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticated attacker to gain administrative access. | ||||
| CVE-2026-1340 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-05-31 | 9.8 Critical |
| A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | ||||
| CVE-2026-1603 | 1 Ivanti | 1 Endpoint Manager | 2026-05-23 | 8.6 High |
| An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data. | ||||
| CVE-2026-8992 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2026-05-23 | 8.8 High |
| An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code. | ||||
| CVE-2026-1281 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-05-22 | 9.8 Critical |
| A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | ||||
| CVE-2026-8051 | 1 Ivanti | 1 Virtual Traffic Manager | 2026-05-15 | 7.2 High |
| OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2026-8043 | 1 Ivanti | 1 Xtraction | 2026-05-13 | 9.6 Critical |
| External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks. | ||||
| CVE-2026-7431 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2026-05-12 | 4.4 Medium |
| An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section. | ||||
| CVE-2026-7432 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2026-05-12 | 7.8 High |
| A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM | ||||
| CVE-2026-8109 | 1 Ivanti | 1 Endpoint Manager | 2026-05-12 | 6.5 Medium |
| An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials. | ||||
| CVE-2026-8110 | 1 Ivanti | 1 Endpoint Manager | 2026-05-12 | 7.8 High |
| Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2026-8111 | 1 Ivanti | 1 Endpoint Manager | 2026-05-12 | 8.8 High |
| SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution. | ||||
| CVE-2026-6973 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-05-08 | 7.2 High |
| An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution. | ||||
| CVE-2026-5786 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-05-07 | 8.8 High |
| An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access. | ||||
| CVE-2026-5787 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-05-07 | 8.9 High |
| An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates. | ||||
| CVE-2026-7821 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-05-07 | 7.4 High |
| Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity. | ||||
| CVE-2026-5788 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-05-07 | 7 High |
| An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods. | ||||
| CVE-2026-1602 | 1 Ivanti | 1 Endpoint Manager | 2026-04-17 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2026-4914 | 1 Ivanti | 1 Neurons For Itsm | 2026-04-17 | 5.4 Medium |
| Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required. | ||||
| CVE-2026-4913 | 1 Ivanti | 1 Neurons For Itsm | 2026-04-17 | 5.7 Medium |
| Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled. | ||||