Filtered by vendor Ivanti
Subscriptions
Total
470 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4428 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-10-24 | 7.2 High |
| Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. | ||||
| CVE-2024-8963 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-10-24 | 9.4 Critical |
| Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | ||||
| CVE-2024-9379 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-10-24 | 6.5 Medium |
| SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | ||||
| CVE-2024-9380 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-10-24 | 7.2 High |
| An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. | ||||
| CVE-2025-0282 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2025-10-24 | 9 Critical |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. | ||||
| CVE-2024-7593 | 1 Ivanti | 2 Virtual Traffic Management, Virtual Traffic Manager | 2025-10-24 | 9.8 Critical |
| Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | ||||
| CVE-2021-22893 | 1 Ivanti | 1 Connect Secure | 2025-10-22 | 10 Critical |
| Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild. | ||||
| CVE-2019-11539 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Policy Secure, Pulse Policy Secure | 2025-10-22 | 7.2 High |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. | ||||
| CVE-2019-11510 | 1 Ivanti | 1 Connect Secure | 2025-10-22 | 10.0 Critical |
| In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . | ||||
| CVE-2024-29824 | 1 Ivanti | 1 Endpoint Manager | 2025-10-21 | 8.8 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-21893 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2025-10-21 | 8.2 High |
| A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. | ||||
| CVE-2025-10985 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-10-21 | 7.2 High |
| OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2025-62388 | 1 Ivanti | 1 Endpoint Manager | 2025-10-20 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-11623 | 1 Ivanti | 1 Endpoint Manager | 2025-10-20 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-9713 | 1 Ivanti | 1 Endpoint Manager | 2025-10-20 | 8.8 High |
| Path traversal in Ivanti Endpoint Manager allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | ||||
| CVE-2025-62390 | 1 Ivanti | 1 Endpoint Manager | 2025-10-20 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62389 | 1 Ivanti | 1 Endpoint Manager | 2025-10-20 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62392 | 1 Ivanti | 1 Endpoint Manager | 2025-10-20 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-11622 | 1 Ivanti | 1 Endpoint Manager | 2025-10-20 | 7.8 High |
| Insecure deserialization in Ivanti Endpoint Manager allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2025-62387 | 1 Ivanti | 1 Endpoint Manager | 2025-10-20 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||