Ivanti

CVE-2026-1281 is a critical code injection vulnerability in Ivanti Endpoint Manager Mobile that allows unauthenticated remote code execution. The vulnerability …

CVE-2026-1340 is a critical code injection vulnerability (CWE-94) in Ivanti Endpoint Manager Mobile that allows unauthenticated remote code execution. The vulne…

CVE-2026-1603 is a high-severity authentication bypass vulnerability in Ivanti Endpoint Manager versions prior to 2024 SU5, allowing remote unauthenticated atta…

CVE-2026-6973 is a high-severity (CVSS 7.2) remote code execution vulnerability in Ivanti EPMM versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1, caused by imp…

CVE-2019-11510 is a critical path traversal vulnerability affecting Pulse Secure Pulse Connect Secure versions 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 …

CVE-2019-11539 is a command injection vulnerability in Ivanti Pulse Connect Secure and Pulse Policy Secure versions 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, …

CVE-2020-15505 is a critical remote code execution vulnerability affecting Ivanti MobileIron Core, Connector, Sentry, and Monitor and Reporting Database version…

CVE-2020-8243 is a high-severity vulnerability in Ivanti Pulse Connect Secure versions prior to 9.1R8.2 that allows authenticated attackers to upload custom tem…

CVE-2020-8260 is a high-severity vulnerability in Ivanti Pulse Connect Secure versions prior to 9.1R9 that allows authenticated attackers to execute arbitrary c…

CVE-2021-22893 is a critical authentication bypass vulnerability in Ivanti Pulse Connect Secure versions 9.0R3, 9.1R1, and higher, affecting the Windows File Sh…

CVE-2021-22894 is a high-severity buffer overflow vulnerability in Ivanti Pulse Connect Secure versions prior to 9.1R11.4, allowing remote authenticated attacke…

CVE-2021-22899 is a command injection vulnerability (CWE-77) in Ivanti Pulse Connect Secure versions prior to 9.1R11.4, allowing remote authenticated attackers …

CVE-2021-22900 is a HIGH severity vulnerability (CVSS 7.2) in Ivanti Pulse Connect Secure versions prior to 9.1R11.4, allowing authenticated administrators to p…

CVE-2021-44529 is a critical code injection vulnerability in the Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) that allows unauthenticated users to …

CVE-2023-35078 is a critical authentication bypass vulnerability (CWE-287) in Ivanti Endpoint Manager Mobile (EPMM) that allows unauthorized users to access res…

CVE-2023-35081 is a path traversal vulnerability (CWE-22) in Ivanti Endpoint Manager Mobile (EPMM) versions 11.10.x prior to 11.10.0.3, 11.9.x prior to 11.9.1.2…

CVE-2023-35082 is a critical authentication bypass vulnerability (CWE-287) affecting Ivanti EPMM versions 11.10 and older, allowing unauthorized access to restr…

CVE-2023-38035 is a critical authentication bypass vulnerability in Ivanti MobileIron Sentry versions 9.18.0 and below, caused by an insufficiently restrictive …

CVE-2023-46805 is a HIGH severity authentication bypass vulnerability (CVSS 8.2) affecting Ivanti ICS 9.x, 22.x, and Ivanti Policy Secure web components. It all…

CVE-2024-13159 is a critical path traversal vulnerability in Ivanti Endpoint Manager (EPM) versions prior to the 2024 January-2025 Security Update and 2022 SU6 …

CVE-2024-13160 is a critical path traversal vulnerability (CWE-36) in Ivanti Endpoint Manager (EPM) affecting versions prior to the 2024 January-2025 Security U…

CVE-2024-13161 is a critical path traversal vulnerability in Ivanti Endpoint Manager (EPM) versions prior to the 2024 January-2025 Security Update and 2022 SU6 …

CVE-2024-21887 is a critical command injection vulnerability (CWE-77) affecting Ivanti Connect Secure and Ivanti Policy Secure versions 9.x and 22.x. It allows …

CVE-2024-21893 is a server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure, Policy Secure, and Neurons for ZTA versions 9.x an…

CVE-2024-29824 is a critical SQL injection vulnerability in the Core server of Ivanti Endpoint Manager (EPM) 2022 SU5 and prior versions. It allows an unauthent…

CVE-2024-7593 is a critical authentication bypass vulnerability in Ivanti vTM affecting versions other than 22.2R1 and 22.7R2, allowing remote unauthenticated a…

CVE-2024-8190 is a command injection vulnerability (CWE-78) in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and earlier, allowing remote authenticated…

CVE-2024-8963 is a critical path traversal vulnerability (CWE-22) in Ivanti Cloud Services Appliance (CSA) versions prior to 4.6 Patch 519, allowing remote unau…

CVE-2024-9379 is a SQL injection vulnerability (CWE-89) in the admin web console of Ivanti Cloud Services Appliance (CSA) versions prior to 5.0.2. It allows a r…

CVE-2024-9380 is a high-severity command injection vulnerability (CVSS 7.2) in the admin web console of Ivanti Cloud Services Appliance (CSA) versions prior to …

CVE-2025-0282 is a critical stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways prior to spec…

CVE-2025-22457 is a critical stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways prior to specific 22.7/2…

CVE-2025-4427 is a medium severity (CVSS 5.3) authentication bypass vulnerability in the API component of Ivanti Endpoint Manager Mobile versions 12.5.0.0 and p…

CVE-2025-4428 is a high-severity remote code execution vulnerability in the API component of Ivanti Endpoint Manager Mobile versions 12.5.0.0 and prior. It is c…

No NVD or KEV data was available for CVE-2026-8992. Consequently, specific technical details regarding the vulnerability's nature, affected components, and seve…

CVE-2026-9614 is a high-severity improper access control vulnerability (CWE-284) in Ivanti Neurons for ITSM affecting both cloud and on-premises deployments. It…