Filtered by vendor Ivanti
Subscribe
Total
453 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8190 | 1 Ivanti | 1 Cloud Services Appliance | 2025-10-24 | N/A | 7.2 HIGH |
| An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability. | |||||
| CVE-2024-13159 | 1 Ivanti | 1 Endpoint Manager | 2025-10-24 | N/A | 9.8 CRITICAL |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | |||||
| CVE-2024-13160 | 1 Ivanti | 1 Endpoint Manager | 2025-10-24 | N/A | 9.8 CRITICAL |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | |||||
| CVE-2024-13161 | 1 Ivanti | 1 Endpoint Manager | 2025-10-24 | N/A | 9.8 CRITICAL |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | |||||
| CVE-2025-22457 | 1 Ivanti | 3 Connect Secure, Policy Secure, Zero Trust Access Gateway | 2025-10-24 | N/A | 9.0 CRITICAL |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. | |||||
| CVE-2025-4427 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-10-24 | N/A | 5.3 MEDIUM |
| An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. | |||||
| CVE-2025-4428 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-10-24 | N/A | 7.2 HIGH |
| Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. | |||||
| CVE-2024-8963 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-10-24 | N/A | 9.4 CRITICAL |
| Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | |||||
| CVE-2024-9379 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-10-24 | N/A | 6.5 MEDIUM |
| SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | |||||
| CVE-2024-9380 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-10-24 | N/A | 7.2 HIGH |
| An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. | |||||
| CVE-2025-0282 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2025-10-24 | N/A | 9.0 CRITICAL |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. | |||||
| CVE-2024-7593 | 1 Ivanti | 1 Virtual Traffic Management | 2025-10-24 | N/A | 9.8 CRITICAL |
| Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | |||||
| CVE-2025-11623 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62383 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62385 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62386 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62387 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62388 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62389 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62390 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||