Filtered by vendor Ivanti
Subscribe
Total
477 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-3483 | 1 Ivanti | 1 Desktop \& Server Management | 2026-03-12 | N/A | 7.8 HIGH |
| An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2026-1603 | 1 Ivanti | 1 Endpoint Manager | 2026-03-10 | N/A | 8.6 HIGH |
| An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data. | |||||
| CVE-2026-1340 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-02-20 | N/A | 9.8 CRITICAL |
| A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | |||||
| CVE-2026-1602 | 1 Ivanti | 1 Endpoint Manager | 2026-02-12 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62392 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62391 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62390 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62389 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62388 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62387 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62386 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62385 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62384 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62383 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-11623 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2026-1281 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-01-30 | N/A | 9.8 CRITICAL |
| A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | |||||
| CVE-2023-35081 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-01-14 | N/A | 7.2 HIGH |
| A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance. | |||||
| CVE-2025-8310 | 1 Ivanti | 1 Virtual Application Delivery Controller | 2026-01-12 | N/A | 6.5 MEDIUM |
| Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticated attacker to take over admin accounts by resetting the password | |||||
| CVE-2025-10573 | 1 Ivanti | 1 Endpoint Manager | 2025-12-11 | N/A | 9.6 CRITICAL |
| Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required. | |||||
| CVE-2025-13659 | 1 Ivanti | 1 Endpoint Manager | 2025-12-11 | N/A | 8.8 HIGH |
| Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required. | |||||