Filtered by vendor Ivanti
Subscribe
Total
473 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-1281 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-01-30 | N/A | 9.8 CRITICAL |
| A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | |||||
| CVE-2023-35081 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-01-14 | N/A | 7.2 HIGH |
| A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance. | |||||
| CVE-2025-8310 | 1 Ivanti | 1 Virtual Application Delivery Controller | 2026-01-12 | N/A | 6.5 MEDIUM |
| Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticated attacker to take over admin accounts by resetting the password | |||||
| CVE-2021-22894 | 1 Ivanti | 1 Connect Secure | 2025-12-18 | 9.0 HIGH | 8.8 HIGH |
| A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. | |||||
| CVE-2020-8243 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-12-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. | |||||
| CVE-2020-8260 | 1 Ivanti | 1 Connect Secure | 2025-12-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. | |||||
| CVE-2021-22900 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2025-12-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. | |||||
| CVE-2021-22899 | 1 Ivanti | 1 Connect Secure | 2025-12-18 | 6.5 MEDIUM | 8.8 HIGH |
| A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature | |||||
| CVE-2019-11510 | 1 Ivanti | 1 Connect Secure | 2025-12-18 | 7.5 HIGH | 10.0 CRITICAL |
| In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . | |||||
| CVE-2021-22893 | 1 Ivanti | 1 Connect Secure | 2025-12-18 | 7.5 HIGH | 10.0 CRITICAL |
| Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild. | |||||
| CVE-2025-10573 | 1 Ivanti | 1 Endpoint Manager | 2025-12-11 | N/A | 9.6 CRITICAL |
| Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required. | |||||
| CVE-2025-13659 | 1 Ivanti | 1 Endpoint Manager | 2025-12-11 | N/A | 8.8 HIGH |
| Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required. | |||||
| CVE-2025-13661 | 1 Ivanti | 1 Endpoint Manager | 2025-12-11 | N/A | 7.1 HIGH |
| Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required. | |||||
| CVE-2025-13662 | 1 Ivanti | 1 Endpoint Manager | 2025-12-11 | N/A | 7.8 HIGH |
| Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required. | |||||
| CVE-2025-10918 | 1 Ivanti | 1 Endpoint Manager | 2025-11-17 | N/A | 7.1 HIGH |
| Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk | |||||
| CVE-2025-9713 | 1 Ivanti | 1 Endpoint Manager | 2025-11-11 | N/A | 8.8 HIGH |
| Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | |||||
| CVE-2025-11622 | 1 Ivanti | 1 Endpoint Manager | 2025-11-11 | N/A | 7.8 HIGH |
| Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2019-11539 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Policy Secure, Pulse Policy Secure | 2025-11-06 | 6.5 MEDIUM | 7.2 HIGH |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. | |||||
| CVE-2021-44529 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). | |||||
| CVE-2023-46805 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-10-31 | N/A | 8.2 HIGH |
| An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. | |||||