cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-38657,https://securityvulnerability.io/vulnerability/CVE-2024-38657,File Write Vulnerability in Ivanti Connect Secure and Policy Secure Products,"This vulnerability allows an authenticated remote attacker with admin privileges to exploit flaws in Ivanti Connect Secure and Policy Secure. Specifically, it permits the attacker to control file names, enabling arbitrary file writing on the systems. Versions earlier than 22.7R2.4 for Connect Secure and 22.7R1.3 for Policy Secure are particularly vulnerable, presenting significant security risks that could lead to unauthorized data access and manipulation.",Ivanti,"Connect Secure,Policy Secure",9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-21T01:25:43.552Z,0
CVE-2024-13843,https://securityvulnerability.io/vulnerability/CVE-2024-13843,Cleartext Data Exposure in Ivanti Connect Secure and Policy Secure,"This vulnerability involves the cleartext storage of sensitive data in Ivanti Connect Secure and Ivanti Policy Secure, allowing local authenticated attackers with admin privileges to read this information. Versions prior to 22.7R2.6 for Connect Secure and 22.7R1.3 for Policy Secure are impacted, exposing user data to potential compromise. It is crucial for organizations using these products to assess their systems and implement updates to mitigate this risk.",Ivanti,"Connect Secure,Policy Secure",4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T15:26:32.029Z,0
CVE-2024-13842,https://securityvulnerability.io/vulnerability/CVE-2024-13842,Hardcoded Key Vulnerability in Ivanti Connect Secure and Policy Secure Products,"A vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure due to a hardcoded key, which allows a local authenticated attacker with admin privileges to access and read sensitive data. This could lead to unauthorized information disclosure and pose serious risks to user privacy and data security. Organizations using these products are advised to review their configurations and promptly update to versions that mitigate this issue.",Ivanti,"Connect Secure,Policy Secure",4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T15:25:49.528Z,0
CVE-2024-13830,https://securityvulnerability.io/vulnerability/CVE-2024-13830,Reflected XSS Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure,"A reflected cross-site scripting vulnerability exists in the Ivanti Connect Secure and Ivanti Policy Secure products prior to specified versions. This vulnerability could allow a remote unauthenticated attacker to leverage it to obtain administrative privileges, provided that user interaction takes place. It is essential for users to implement necessary precautions and apply the recommended updates to safeguard against potential exploitation.",Ivanti,"Connect Secure,Policy Secure",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-02-11T15:22:15.945Z,0
CVE-2024-12058,https://securityvulnerability.io/vulnerability/CVE-2024-12058,File Name Control Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure,"A security vulnerability present in Ivanti Connect Secure prior to version 22.7R2.6 and Ivanti Policy Secure prior to version 22.7R1.3 allows a remote authenticated attacker with administrative privileges to manipulate file names. This could lead to unauthorized reading of arbitrary files, potentially exposing sensitive data. Organizations using these products should evaluate their security postures and apply available patches to mitigate risks.",Ivanti,"Connect Secure,Policy Secure",6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T15:21:18.279Z,0
CVE-2024-10644,https://securityvulnerability.io/vulnerability/CVE-2024-10644,Code Injection Vulnerability in Ivanti Connect Secure and Policy Secure,"A vulnerability in Ivanti Connect Secure and Ivanti Policy Secure allows remote authenticated attackers with administrative privileges to execute arbitrary code on the affected systems. This issue exists in versions prior to 22.7R2.4 for Ivanti Connect Secure and 22.7R1.3 for Ivanti Policy Secure. If exploited, this vulnerability can lead to unauthorized control over the affected environments, potentially compromising sensitive data and system integrity.",Ivanti,"Connect Secure,Policy Secure",9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T15:20:46.680Z,0
CVE-2025-22467,https://securityvulnerability.io/vulnerability/CVE-2025-22467,Remote Code Execution Vulnerability in Ivanti Connect Secure,"A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure prior to version 22.7R2.6, which may allow an authenticated remote attacker to execute arbitrary code on the affected system. This flaw could potentially lead to unauthorized access or manipulation of sensitive data within the application, underlining the importance of timely updates to mitigate the risks associated with this vulnerability.",Ivanti,Connect Secure,8.8,HIGH,0.00046999999904073775,false,,true,false,true,2025-02-12T08:43:56.000Z,false,false,false,,2025-02-11T15:20:16.514Z,965
CVE-2025-0283,https://securityvulnerability.io/vulnerability/CVE-2025-0283,"Stack-Based Buffer Overflow in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA Gateways","A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA Gateways before specified versions. This flaw enables a local authenticated attacker to exploit the overflow condition, potentially leading to privilege escalation and unauthorized access to sensitive functionalities within the affected platforms.",Ivanti,"Connect Secure,Policy Secure,Neurons For Zta Gateways",7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-08T22:15:59.822Z,0
CVE-2025-0282,https://securityvulnerability.io/vulnerability/CVE-2025-0282,Stack-Based Buffer Overflow in Ivanti Connect Secure and Policy Secure,"A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways, prior to designated versions. This flaw allows a remote unauthenticated attacker to execute arbitrary code on the affected systems, posing significant risks to security and data integrity. Users are advised to upgrade to the latest versions of these products to mitigate potential exploitation.",Ivanti,"Connect Secure,Policy Secure,Neurons For Zta Gateways",9,CRITICAL,0.15324999392032623,true,2025-01-08T00:00:00.000Z,true,true,true,2025-01-08T00:00:00.000Z,true,true,true,2025-01-09T13:52:02.562Z,2025-01-08T22:15:09.386Z,31760
CVE-2024-37377,https://securityvulnerability.io/vulnerability/CVE-2024-37377,Heap-Based Buffer Overflow in Ivanti Connect Secure Allows Remote Denial of Service,"A vulnerability exists in Ivanti Connect Secure due to a heap-based buffer overflow in the IPsec component. This flaw can be exploited by remote unauthenticated attackers to trigger a denial of service, leading to service interruptions for users. Organizations using Ivanti Connect Secure should evaluate their systems to ensure they are running a version that mitigates this risk.",Ivanti,Connect Secure,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-12T01:55:00.000Z,0
CVE-2024-37401,https://securityvulnerability.io/vulnerability/CVE-2024-37401,Remote Unauth. Denial of Service via IPsec OOBR Vulnerability,"An out-of-bounds read vulnerability exists in Ivanti Connect Secure prior to version 22.7R2.1, which can be exploited by a remote unauthenticated attacker. This flaw can lead to a denial of service situation, affecting the availability of services reliant on the impacted product. Users are advised to update to the latest version to mitigate potential risks associated with this vulnerability.",Ivanti,Connect Secure,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-12T01:55:00.000Z,0
CVE-2024-9844,https://securityvulnerability.io/vulnerability/CVE-2024-9844,Insufficient Server-Side Controls in Ivanti Connect Secure,"A vulnerability in the Secure Application Manager component of Ivanti Connect Secure allows a remote authenticated attacker to bypass essential security restrictions. This issue arises from insufficient server-side controls, which can potentially lead to unauthorized access to sensitive functionalities. Organizations using affected versions should take proactive measures to implement security patches or updates to mitigate these risks and ensure their environments remain secure.",Ivanti,Connect Secure,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-12-10T19:15:00.000Z,0
CVE-2024-11634,https://securityvulnerability.io/vulnerability/CVE-2024-11634,Remote Code Execution Vulnerability Affects Ivanti Connect Secure,"A command injection vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure that allows an authenticated remote attacker with administrative privileges to execute arbitrary commands on the server. This can lead to unauthorized access or manipulation of sensitive data, significantly compromising the integrity and confidentiality of the affected systems. The issue is associated with specific versions, prompting urgent action to mitigate potential risks. It is critical for administrators to review their deployments and apply the necessary updates to safeguard against this vulnerability.",Ivanti,"Connect Secure,Policy Secure",7.2,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-12-10T18:48:29.024Z,0
CVE-2024-11633,https://securityvulnerability.io/vulnerability/CVE-2024-11633,Remote Code Execution Vulnerability in Ivanti Connect Secure Prior to 22.7R2.4,"A security vulnerability in Ivanti Connect Secure prior to version 22.7R2.4 allows remote authenticated attackers, equipped with administrative privileges, to exploit an argument injection flaw. This vulnerability can lead to remote code execution, potentially enabling an attacker to execute arbitrary commands on the affected system. Administrators should prioritize updating to the latest version to mitigate the risks associated with this vulnerability.",Ivanti,Connect Secure,7.2,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-12-10T18:47:55.575Z,0
CVE-2024-11006,https://securityvulnerability.io/vulnerability/CVE-2024-11006,Command Injection Vulnerability in Ivanti Connect Secure and Policy Secure,A command injection vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure. This security flaw allows a remote authenticated attacker with administrative privileges to execute arbitrary code on the affected systems. Organizations utilizing these products are urged to update to the latest versions to mitigate potential exploitation. Failure to act could lead to unauthorized access and control over critical systems.,Ivanti,"Connect Secure,Policy Secure",7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-12T17:15:00.000Z,0
CVE-2024-11005,https://securityvulnerability.io/vulnerability/CVE-2024-11005,Command Injection Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure,"A command injection vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure prior to specified versions, allowing remote authenticated attackers with administrative privileges to execute arbitrary commands on the affected system. This vulnerability poses a significant risk as it may lead to unauthorized system access and control, emphasizing the importance of updating to the latest secure versions.",Ivanti,"Connect Secure,Policy Secure",7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-12T17:15:00.000Z,0
CVE-2024-11004,https://securityvulnerability.io/vulnerability/CVE-2024-11004,Reflected XSS Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure,"A reflected XSS vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure, where an unauthenticated remote attacker can exploit the flaw to gain administrative control. The attack requires user interaction, thereby posing a significant risk to users who may unknowingly interact with a malicious link crafted by an attacker.",Ivanti,"Connect Secure,Policy Secure",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-12T17:15:00.000Z,0
CVE-2024-11007,https://securityvulnerability.io/vulnerability/CVE-2024-11007,Remote Code Execution Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure,"A command injection vulnerability exists in Ivanti Connect Secure prior to version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1. This flaw permits a remote authenticated attacker, possessing administrative privileges, to execute arbitrary code on the affected systems. Notably, this vulnerability does not impact versions 9.1Rx. Given the nature of this vulnerability, attackers could exploit it to gain unauthorized access and manipulate sensitive operations, making it critical for organizations using these Ivanti products to implement the necessary updates and security measures promptly.",Ivanti,"Connect Secure,Policy Secure",7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-12T16:15:00.000Z,0
CVE-2024-47905,https://securityvulnerability.io/vulnerability/CVE-2024-47905,Stack-Based Buffer Overflow in Ivanti Connect Secure and Ivanti Policy Secure,"A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure, specifically in versions prior to 22.7R2.3 and 22.7R1.2, respectively. This flaw permits a remote authenticated attacker with administrative privileges to exploit the vulnerability, potentially leading to a denial of service condition. Organizations using these Ivanti products should take immediate action to mitigate this risk by upgrading to the patched versions to ensure their systems remain secure.",Ivanti,Connect Secure,4.9,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-12T16:15:00.000Z,0
CVE-2024-47906,https://securityvulnerability.io/vulnerability/CVE-2024-47906,Security Flaw in Ivanti Connect Secure and Ivanti Policy Secure,"A vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure that enables a local authenticated attacker to escalate privileges due to excessive binary privileges. This issue impacts versions prior to Ivanti Connect Secure 22.7R2.3 and Ivanti Policy Secure 22.7R1.2, with the exception of version 9.1Rx. Organizations using these affected versions may be at risk, as the flaw could allow an attacker with local access to gain elevated privileges within the affected systems, potentially compromising sensitive data and access controls.",Ivanti,"Connect Secure,Policy Secure",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-12T16:15:00.000Z,0
CVE-2024-47907,https://securityvulnerability.io/vulnerability/CVE-2024-47907,Stack-Based Buffer Overflow in Ivanti Connect Secure Product by Ivanti,"A vulnerability exists within Ivanti Connect Secure due to a stack-based buffer overflow in the IPsec component. This flaw allows a remote unauthenticated attacker to exploit the vulnerability effectively, resulting in a denial of service condition. Users of Ivanti Connect Secure should update to the latest version, 22.7R2.3 or later, to mitigate risks associated with this security issue.",Ivanti,Connect Secure,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-12T16:15:00.000Z,0
CVE-2024-47909,https://securityvulnerability.io/vulnerability/CVE-2024-47909,Stack-Based Buffer Overflow in Ivanti Connect Secure and Policy Secure Products,"A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure, affecting versions prior to 22.7R2.3 and 22.7R1.2, respectively. This issue permits a remote authenticated attacker with administrative privileges to exploit the flaw, leading to potential denial of service conditions. Prompt updates are recommended to mitigate risks associated with this vulnerability.",Ivanti,"Connect Secure,Policy Secure",4.9,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-12T16:15:00.000Z,0
CVE-2024-8495,https://securityvulnerability.io/vulnerability/CVE-2024-8495,Null Pointer Dereference in Ivanti Connect Secure and Ivanti Policy Secure Products,"A null pointer dereference vulnerability exists in Ivanti Connect Secure prior to version 22.7R2.1 and Ivanti Policy Secure prior to version 22.7R1.1. This flaw permits remote unauthenticated attackers to exploit the vulnerability, potentially leading to a denial of service condition. Organizations are urged to update their systems to the latest versions to mitigate the risk associated with this vulnerability.",Ivanti,"Connect Secure,Policy Secure",7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-12T16:15:00.000Z,0
CVE-2024-9420,https://securityvulnerability.io/vulnerability/CVE-2024-9420,Use-After-Free Vulnerability in Ivanti Connect Secure and Policy Secure,"A use-after-free vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure, which allows remote authenticated attackers to execute arbitrary code remotely. This flaw affects versions prior to 22.7R2.3 for Ivanti Connect Secure and below 22.7R1.2 for Ivanti Policy Secure. Due to this vulnerability, an attacker can exploit the flaw to manipulate system memory, potentially leading to unauthorized access and control over affected systems. Organizations using these products should prioritize patching to mitigate potential risks associated with this vulnerability.",Ivanti,"Connect Secure,Policy Secure",8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-11-12T16:15:00.000Z,0
CVE-2023-38551,https://securityvulnerability.io/vulnerability/CVE-2023-38551,CRLF Injection Vulnerability in Ivanti Connect Secure Allows Cross-Site Scripting Attacks,"A CRLF Injection vulnerability exists in Ivanti Connect Secure versions 9.x and 22.x, allowing an authenticated user with high privileges to insert malicious code into the victim's browser. This vulnerability can lead to cross-site scripting (XSS) attacks, where an attacker exploits the trust of users by executing arbitrary scripts in their browsers. Organizations utilizing these versions of Ivanti Connect Secure should take immediate steps to mitigate the risk associated with this vulnerability, ensuring their systems are secured against unauthorized access and potential exploitation.",Ivanti,Connect Secure,8.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-31T17:38:31.360Z,0