cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-13165,https://securityvulnerability.io/vulnerability/CVE-2024-13165,Out-of-Bounds Write Vulnerability in Ivanti EPM,"An out-of-bounds write vulnerability exists in Ivanti Endpoint Manager (EPM) prior to the January 2025 Security Update for both EPM 2024 and EPM 2022 SU6. This vulnerability can be exploited by remote unauthenticated attackers, potentially leading to a denial of service. Organizations utilizing affected versions are urged to apply the necessary updates to mitigate potential risks from exploitation.",Ivanti,Endpoint Manager,7.5,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13160,https://securityvulnerability.io/vulnerability/CVE-2024-13160,Absolute Path Traversal in Ivanti Endpoint Manager,"An absolute path traversal vulnerability exists in Ivanti Endpoint Manager versions prior to the January 2025 Security Update. This allows a remote unauthenticated attacker to exploit the flaw, gaining access to sensitive information stored on the server. Attackers can leverage this vulnerability to traverse the file system and expose critical data, leading to potential compromises of sensitive information.",Ivanti,Endpoint Manager,9.8,CRITICAL,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13162,https://securityvulnerability.io/vulnerability/CVE-2024-13162,SQL Injection Vulnerability in Ivanti Endpoint Manager Products,"A SQL injection flaw exists in Ivanti Endpoint Manager versions prior to the January 2025 Security Update. This vulnerability allows a remote authenticated attacker, possessing admin privileges, to achieve remote code execution by exploiting incomplete fixes from a previous vulnerability. Organizations using affected versions must update their systems promptly to mitigate the potential risk of unauthorized system control.",Ivanti,,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13172,https://securityvulnerability.io/vulnerability/CVE-2024-13172,Remote Code Execution Vulnerability in Ivanti EPM Software,"This vulnerability in Ivanti EPM prior to the January 2025 Security Update allows remote unauthenticated attackers to execute code remotely. Although local user interaction is necessary to exploit this flaw, it poses a significant threat to systems utilizing versions of Ivanti EPM affected by this issue.",Ivanti,Endpoint Manager,7.8,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13171,https://securityvulnerability.io/vulnerability/CVE-2024-13171,Remote Code Execution Vulnerability in Ivanti EPM Software,"A vulnerability in Ivanti EPM prior to the January 2025 Security Update allows remote unauthenticated attackers to exploit insufficient filename validation, potentially leading to unauthorized remote code execution. While local user interaction is necessary for the attack to succeed, this flaw poses a significant security risk to affected systems, emphasizing the need for immediate security measures.",Ivanti,Endpoint Manager,7.8,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13163,https://securityvulnerability.io/vulnerability/CVE-2024-13163,Remote Code Execution Vulnerability in Ivanti Endpoint Manager Products,"A deserialization vulnerability has been identified in Ivanti Endpoint Manager versions released before the January 2025 Security Update, which may allow remote unauthenticated attackers to execute arbitrary code without user interaction. Local user interaction is necessary to exploit this vulnerability, posing significant risks to organizations using the affected versions. It is crucial for users to apply the latest security updates to mitigate potential threats.",Ivanti,,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13158,https://securityvulnerability.io/vulnerability/CVE-2024-13158,Remote Code Execution Vulnerability in Ivanti Endpoint Manager,"An unbounded resource search path vulnerability exists in Ivanti Endpoint Manager prior to the January-2025 Security Update. This flaw enables a remote authenticated attacker, possessing admin privileges, to execute arbitrary code on the system, potentially compromising the integrity and confidentiality of sensitive information. It is vital for users to update their systems promptly to mitigate this risk.",Ivanti,Endpoint Manager,7.2,HIGH,0.0004400000034365803,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13170,https://securityvulnerability.io/vulnerability/CVE-2024-13170,Out-of-Bounds Write in Ivanti Endpoint Manager Affects Security Updates,"A critical vulnerability exists in Ivanti Endpoint Manager versions prior to the January 2025 Security Update, and in the 2022 SU6 January 2025 Security Update. This out-of-bounds write flaw allows a remote unauthorized attacker to manipulate memory, potentially leading to a denial of service condition. Attackers can exploit this vulnerability without prior authentication, posing significant risk to the stability and availability of affected systems.",Ivanti,Endpoint Manager,7.5,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13161,https://securityvulnerability.io/vulnerability/CVE-2024-13161,Absolute Path Traversal Vulnerability in Ivanti Endpoint Manager,"An absolute path traversal vulnerability exists in Ivanti Endpoint Manager, allowing a remote unauthenticated attacker to exploit the flaw. This vulnerability can potentially enable attackers to access sensitive information stored on the server. The issue affects Ivanti EPM prior to the January 2025 Security Update and the 2022 SU6 January 2025 Security Update. Organizations using these affected versions should apply the necessary security updates to mitigate potential risks.",Ivanti,Endpoint Manager,9.8,CRITICAL,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13164,https://securityvulnerability.io/vulnerability/CVE-2024-13164,Privilege Escalation Vulnerability in Ivanti Endpoint Manager,"Ivanti Endpoint Manager (EPM) is vulnerable due to an uninitialized resource that exists in versions prior to the January 2025 security update. This flaw allows local authenticated attackers to exploit the vulnerability for privilege escalation, potentially gaining enhanced access to system resources and sensitive data. Users are advised to upgrade to the latest versions to mitigate risks associated with this security issue.",Ivanti,Endpoint Manager,7.8,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13169,https://securityvulnerability.io/vulnerability/CVE-2024-13169,Local Privilege Escalation Vulnerability in Ivanti EPM Products,"A local authenticated attacker can exploit an out-of-bounds read vulnerability in Ivanti Endpoint Manager versions prior to the January 2025 security standards. This flaw enables an attacker to escalate their privileges within the affected system, potentially allowing them to gain unauthorized access to sensitive resources and systems.",Ivanti,Endpoint Manager,7.8,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13166,https://securityvulnerability.io/vulnerability/CVE-2024-13166,Out-of-Bounds Write Vulnerability in Ivanti EPM,"An out-of-bounds write vulnerability in Ivanti Endpoint Manager allows adversaries to exploit the software versions predating the January 2025 Security Update. This vulnerability enables remote unauthenticated attackers to trigger a denial of service, impacting the availability of the software. It’s crucial for organizations using the affected versions to apply the necessary updates to mitigate risks associated with this vulnerability.",Ivanti,Endpoint Manager,7.5,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13167,https://securityvulnerability.io/vulnerability/CVE-2024-13167,Out-of-Bounds Write Vulnerability in Ivanti EPM Software,"An out-of-bounds write vulnerability in Ivanti Endpoint Manager (EPM) enables a remote, unauthenticated attacker to exploit the software prior to specific January 2025 Security Updates. This flaw may lead to potential service disruptions, as it allows for manipulation that could result in a denial of service. Users must update their EPM software to the latest security patches to mitigate the risks associated with this vulnerability.",Ivanti,Endpoint Manager,7.5,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13159,https://securityvulnerability.io/vulnerability/CVE-2024-13159,Path Traversal Vulnerability in Ivanti Endpoint Manager Products,Ivanti Endpoint Manager is impacted by an absolute path traversal vulnerability that enables remote unauthenticated attackers to access and leak sensitive information. This issue affects Ivanti EPM versions released prior to the January 2025 security update. It is crucial for users of these products to apply the necessary security updates to mitigate the risks associated with this vulnerability.,Ivanti,Endpoint Manager,9.8,CRITICAL,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13168,https://securityvulnerability.io/vulnerability/CVE-2024-13168,Out-of-Bounds Write Vulnerability in Ivanti EPM Software,"A vulnerability exists in Ivanti Endpoint Manager (EPM) that permits a remote unauthenticated attacker to exploit an out-of-bounds write condition. This flaw enables the attacker to disrupt service availability, potentially leading to a denial of service. Affected versions include Ivanti EPM prior to the January 2025 Security Update and Ivanti EPM 2022 SU6, also before the January 2025 update. System administrators are advised to apply the latest security updates to mitigate risks.",Ivanti,Endpoint Manager,7.5,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-10811,https://securityvulnerability.io/vulnerability/CVE-2024-10811,Path Traversal Vulnerability in Ivanti Endpoint Manager,"A path traversal vulnerability in Ivanti Endpoint Manager allows unauthenticated remote attackers to access sensitive information by manipulating absolute paths. This flaw affects versions prior to the January 2025 Security Update, posing a significant risk of data exposure.",Ivanti,Endpoint Manager,9.8,CRITICAL,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T17:15:00.000Z,0
CVE-2024-10630,https://securityvulnerability.io/vulnerability/CVE-2024-10630,Race Condition Vulnerability in Ivanti Application Control Engine,"A race condition in Ivanti Application Control Engine prior to version 10.14.4.0 exposes the system to potential exploitation by local authenticated attackers. This vulnerability allows these attackers to bypass critical application blocking functionalities, potentially leading to unauthorized actions within the system. Organizations using the affected versions are encouraged to update to the latest release to mitigate the risks associated with this vulnerability.",Ivanti,Application Control Engine,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T17:15:00.000Z,0
CVE-2024-13179,https://securityvulnerability.io/vulnerability/CVE-2024-13179,Path Traversal Vulnerability in Ivanti Avalanche by Ivanti,"A path traversal vulnerability has been identified in Ivanti Avalanche, allowing remote unauthenticated attackers to exploit the flaw and potentially bypass authentication mechanisms. This vulnerability impacts all versions prior to 6.4.7, posing a significant security risk to organizations using this product. Users are advised to upgrade to the latest version to mitigate threats and ensure the integrity of their systems.",Ivanti,Avalanche,9.8,CRITICAL,0.000910000002477318,false,false,false,false,false,false,false,2025-01-14T17:15:00.000Z,0
CVE-2024-13180,https://securityvulnerability.io/vulnerability/CVE-2024-13180,Path Traversal Vulnerability in Ivanti Avalanche Affects Sensitive Data Security,"Ivanti Avalanche versions prior to 6.4.7 are susceptible to a path traversal vulnerability that enables remote unauthenticated attackers to access restricted files, potentially leading to the unauthorized disclosure of sensitive information. This vulnerability arises from incomplete mitigations implemented in a prior CVE, highlighting the need for users to promptly update to the latest version to ensure their data remains secure.",Ivanti,Avalanche,7.5,HIGH,0.0008999999845400453,false,false,false,false,false,false,false,2025-01-14T17:15:00.000Z,0
CVE-2024-13181,https://securityvulnerability.io/vulnerability/CVE-2024-13181,Path Traversal Vulnerability in Ivanti Avalanche Software,"Ivanti Avalanche versions earlier than 6.4.7 are susceptible to a path traversal vulnerability, allowing remote unauthenticated attackers to bypass authentication procedures. This vulnerability is a result of incomplete patches from a prior security issue, necessitating immediate updates to the affected versions to ensure system integrity.",Ivanti,Avalanche,9.8,CRITICAL,0.000910000002477318,false,false,false,false,false,false,false,2025-01-14T17:15:00.000Z,0
CVE-2025-0283,https://securityvulnerability.io/vulnerability/CVE-2025-0283,"Stack-Based Buffer Overflow in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA Gateways","A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA Gateways before specified versions. This flaw enables a local authenticated attacker to exploit the overflow condition, potentially leading to privilege escalation and unauthorized access to sensitive functionalities within the affected platforms.",Ivanti,"Connect Secure,Policy Secure,Neurons For Zta Gateways",7,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-08T22:15:59.822Z,0
CVE-2025-0282,https://securityvulnerability.io/vulnerability/CVE-2025-0282,Stack-Based Buffer Overflow in Ivanti Connect Secure and Policy Secure,"A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways, prior to designated versions. This flaw allows a remote unauthenticated attacker to execute arbitrary code on the affected systems, posing significant risks to security and data integrity. Users are advised to upgrade to the latest versions of these products to mitigate potential exploitation.",Ivanti,"Connect Secure,Policy Secure,Neurons For Zta Gateways",9,CRITICAL,0.15324999392032623,true,true,true,true,true,true,true,2025-01-08T22:15:09.386Z,31760
CVE-2024-37377,https://securityvulnerability.io/vulnerability/CVE-2024-37377,Heap-Based Buffer Overflow in Ivanti Connect Secure Allows Remote Denial of Service,"A vulnerability exists in Ivanti Connect Secure due to a heap-based buffer overflow in the IPsec component. This flaw can be exploited by remote unauthenticated attackers to trigger a denial of service, leading to service interruptions for users. Organizations using Ivanti Connect Secure should evaluate their systems to ensure they are running a version that mitigates this risk.",Ivanti,Connect Secure,7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-12-12T01:55:00.000Z,0
CVE-2024-37401,https://securityvulnerability.io/vulnerability/CVE-2024-37401,Remote Unauth. Denial of Service via IPsec OOBR Vulnerability,"An out-of-bounds read vulnerability exists in Ivanti Connect Secure prior to version 22.7R2.1, which can be exploited by a remote unauthenticated attacker. This flaw can lead to a denial of service situation, affecting the availability of services reliant on the impacted product. Users are advised to update to the latest version to mitigate potential risks associated with this vulnerability.",Ivanti,Connect Secure,7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-12-12T01:55:00.000Z,0
CVE-2024-8496,https://securityvulnerability.io/vulnerability/CVE-2024-8496,Local Privilege Escalation Vulnerability in Ivanti Workspace Control,"In Ivanti Workspace Control, versions prior to 10.18.40.0 exhibit a vulnerability where insecure permissions can be exploited under certain conditions. This flaw allows a local authenticated attacker to escalate their privileges, potentially enabling unauthorized actions within the system. This type of vulnerability underscores the importance of strict permission management and regular updates to security practices to mitigate risks associated with privilege escalation.",Ivanti,Workspace Control,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-12-11T17:15:00.000Z,0