Filtered by vendor Ivanti
Subscribe
Total
490 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-8992 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2026-05-22 | N/A | 8.8 HIGH |
| An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code. | |||||
| CVE-2026-8051 | 1 Ivanti | 1 Virtual Traffic Manager | 2026-05-15 | N/A | 7.2 HIGH |
| OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-7593 | 1 Ivanti | 1 Virtual Traffic Manager | 2026-05-14 | N/A | 9.8 CRITICAL |
| Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | |||||
| CVE-2026-8043 | 1 Ivanti | 1 Xtraction | 2026-05-13 | N/A | 9.6 CRITICAL |
| External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks. | |||||
| CVE-2017-11463 | 1 Ivanti | 1 Endpoint Manager | 2026-05-13 | 6.5 MEDIUM | 8.8 HIGH |
| In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc. | |||||
| CVE-2017-11455 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2026-05-13 | 6.8 MEDIUM | 8.8 HIGH |
| diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens. | |||||
| CVE-2016-3147 | 1 Ivanti | 1 Landesk Management Suite | 2026-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet. | |||||
| CVE-2026-7431 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2026-05-12 | N/A | 4.4 MEDIUM |
| An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section. | |||||
| CVE-2026-7432 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2026-05-12 | N/A | 7.8 HIGH |
| A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM | |||||
| CVE-2026-8109 | 1 Ivanti | 1 Endpoint Manager | 2026-05-12 | N/A | 6.5 MEDIUM |
| An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials. | |||||
| CVE-2026-8110 | 1 Ivanti | 1 Endpoint Manager | 2026-05-12 | N/A | 7.8 HIGH |
| Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2026-8111 | 1 Ivanti | 1 Endpoint Manager | 2026-05-12 | N/A | 8.8 HIGH |
| SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution. | |||||
| CVE-2026-5786 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-05-07 | N/A | 8.8 HIGH |
| An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access. | |||||
| CVE-2026-5787 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-05-07 | N/A | 8.9 HIGH |
| An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates. | |||||
| CVE-2026-5788 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-05-07 | N/A | 7.0 HIGH |
| An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods. | |||||
| CVE-2026-7821 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-05-07 | N/A | 7.4 HIGH |
| Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity. | |||||
| CVE-2026-6973 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-05-07 | N/A | 7.2 HIGH |
| An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution. | |||||
| CVE-2016-4792 | 1 Ivanti | 1 Connect Secure | 2026-05-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors. | |||||
| CVE-2016-4788 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2026-05-06 | 5.0 MEDIUM | 5.8 MEDIUM |
| Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. | |||||
| CVE-2016-4787 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2026-05-06 | 6.4 MEDIUM | 10.0 CRITICAL |
| Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors. | |||||