Filtered by vendor Ivanti
Subscribe
Total
466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13161 | 1 Ivanti | 1 Endpoint Manager | 2025-10-24 | N/A | 9.8 CRITICAL |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | |||||
| CVE-2025-22457 | 1 Ivanti | 3 Connect Secure, Policy Secure, Zero Trust Access Gateway | 2025-10-24 | N/A | 9.0 CRITICAL |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. | |||||
| CVE-2025-4427 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-10-24 | N/A | 5.3 MEDIUM |
| An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. | |||||
| CVE-2025-4428 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-10-24 | N/A | 7.2 HIGH |
| Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. | |||||
| CVE-2024-8963 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-10-24 | N/A | 9.4 CRITICAL |
| Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | |||||
| CVE-2024-9379 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-10-24 | N/A | 6.5 MEDIUM |
| SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | |||||
| CVE-2024-9380 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-10-24 | N/A | 7.2 HIGH |
| An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. | |||||
| CVE-2025-0282 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2025-10-24 | N/A | 9.0 CRITICAL |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. | |||||
| CVE-2024-7593 | 1 Ivanti | 1 Virtual Traffic Management | 2025-10-24 | N/A | 9.8 CRITICAL |
| Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | |||||
| CVE-2019-11539 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Policy Secure, Pulse Policy Secure | 2025-10-22 | 6.5 MEDIUM | 7.2 HIGH |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. | |||||
| CVE-2019-11510 | 1 Ivanti | 1 Connect Secure | 2025-10-22 | 7.5 HIGH | 10.0 CRITICAL |
| In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . | |||||
| CVE-2025-11623 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62383 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62385 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62386 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62387 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62388 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62389 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62390 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62391 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||