Ivanti Security Vulnerabilities (CVEs)
Track 226 security vulnerabilities affecting Ivanti products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary data from the database. It affects all Iv...
Feb 10, 2026An authentication bypass vulnerability in Ivanti Endpoint Manager allows remote unauthenticated attackers to access stored credential data. This affec...
Feb 10, 2026CVE-2026-1281 is a critical code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that allows unauthenticated attackers to execute arb...
Jan 29, 2026This critical vulnerability in Ivanti Endpoint Manager Mobile allows unauthenticated attackers to inject malicious code and execute arbitrary commands...
Jan 29, 2026CVE-2025-13661 is a path traversal vulnerability in Ivanti Endpoint Manager that allows authenticated remote attackers to write arbitrary files outsid...
Dec 9, 2025CVE-2025-13662 is a critical vulnerability in Ivanti Endpoint Manager's patch management component that allows remote unauthenticated attackers to exe...
Dec 9, 2025This vulnerability in Ivanti Endpoint Manager allows remote, unauthenticated attackers to write arbitrary files to the server, which could lead to rem...
Dec 9, 2025This stored cross-site scripting (XSS) vulnerability in Ivanti Endpoint Manager allows unauthenticated remote attackers to inject malicious JavaScript...
Dec 9, 2025This vulnerability allows local authenticated attackers to write arbitrary files anywhere on disk due to insecure default permissions in Ivanti Endpoi...
Nov 11, 2025This vulnerability allows authenticated administrators in Ivanti EPMM to execute arbitrary operating system commands through the admin panel, leading ...
Oct 14, 2025This CVE describes an OS command injection vulnerability in Ivanti EPMM admin panel that allows authenticated administrators to execute arbitrary comm...
Oct 14, 2025This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary database data. Organizations using Ivanti...
Oct 13, 2025This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary data from the database. Organizations usi...
Oct 13, 2025This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary database data. Organizations using Ivanti...
Oct 13, 2025This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary data from the database. Organizations usi...
Oct 13, 2025This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary data from the database. Organizations usi...
Oct 13, 2025This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary database data. Organizations using Ivanti...
Oct 13, 2025This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary database data. Organizations using Ivanti...
Oct 13, 2025This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary database data. Organizations using Ivanti...
Oct 13, 2025This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary data from the database. Organizations usi...
Oct 13, 2025This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary data from the database. Organizations usi...
Oct 13, 2025CVE-2025-9713 is a path traversal vulnerability in Ivanti Endpoint Manager (EPM) that allows remote unauthenticated attackers to achieve remote code e...
Oct 13, 2025This vulnerability allows a local authenticated attacker to exploit insecure deserialization in Ivanti Endpoint Manager to escalate their privileges. ...
Oct 13, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in multiple Ivanti security products that allows an unauthenticated remote attack...
Sep 9, 2025This is a Cross-Site Request Forgery (CSRF) vulnerability affecting multiple Ivanti secure access products. It allows remote unauthenticated attackers...
Sep 9, 2025This CVE describes a missing authorization vulnerability in Ivanti secure access products that allows authenticated users with read-only admin privile...
Sep 9, 2025This vulnerability allows remote unauthenticated attackers to execute arbitrary code on Ivanti Endpoint Manager systems by exploiting insufficient fil...
Sep 9, 2025This reflected text injection vulnerability in Ivanti secure access products allows unauthenticated attackers to inject arbitrary text into HTTP respo...
Sep 9, 2025This CVE describes a missing authorization vulnerability in Ivanti secure access products that allows authenticated users with read-only admin privile...
Sep 9, 2025This vulnerability allows authenticated remote attackers to hijack existing HTML5 connections in Ivanti secure access products. It affects organizatio...
Sep 9, 2025This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in multiple Ivanti security products that allows authenticated administrators to...
Sep 9, 2025This CVE describes a missing authorization vulnerability in Ivanti security products that allows authenticated users with read-only admin privileges t...
Sep 9, 2025This vulnerability allows authenticated local attackers to read arbitrary files on disk through improper symbolic link handling in Ivanti secure acces...
Aug 12, 2025This SQL injection vulnerability in Ivanti Avalanche allows authenticated admin users to execute arbitrary SQL queries, potentially leading to remote ...
Aug 12, 2025This vulnerability allows authenticated remote attackers to reset administrator passwords in Ivanti Virtual Application Delivery Controller (vADC) adm...
Aug 12, 2025A heap-based buffer overflow vulnerability in Ivanti secure access products allows remote unauthenticated attackers to trigger denial of service. This...
Aug 12, 2025This vulnerability allows authenticated administrators on Ivanti Policy Secure to read arbitrary files through specially crafted web requests. It affe...
Jul 12, 2025This is a critical buffer overflow vulnerability in Ivanti Avalanche Manager that allows unauthenticated attackers to potentially execute arbitrary co...
Jul 12, 2025This vulnerability allows authenticated attackers with high privileges in Ivanti Endpoint Manager Mobile (EPMM) to execute arbitrary operating system ...
Jul 8, 2025This SSRF vulnerability in Ivanti Connect Secure and Policy Secure allows authenticated administrators to make requests to internal network services f...
Jul 8, 2025CVE-2025-6770 is an OS command injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that allows authenticated attackers with high privileg...
Jul 8, 2025This vulnerability in Ivanti Endpoint Manager allows a local authenticated attacker to decrypt other users' passwords due to improper encryption imple...
Jul 8, 2025This vulnerability allows local authenticated attackers to access sensitive information that was improperly logged in Ivanti Connect Secure and Policy...
Jul 8, 2025This vulnerability allows authenticated administrators with read-only permissions to modify restricted settings in Ivanti Connect Secure and Ivanti Po...
Jul 8, 2025A hardcoded cryptographic key in Ivanti Workspace Control allows local authenticated attackers to decrypt stored SQL database credentials. This affect...
Jun 10, 2025A hardcoded cryptographic key in Ivanti Workspace Control allows local authenticated attackers to decrypt stored SQL database credentials. This affect...
Jun 10, 2025An authentication bypass vulnerability in Ivanti Endpoint Manager Mobile's API allows attackers to access protected resources without valid credential...
May 13, 2025This vulnerability allows authenticated attackers to execute arbitrary code on Ivanti Endpoint Manager Mobile (EPMM) systems by sending specially craf...
May 13, 2025An authentication bypass vulnerability in Ivanti Neurons for ITSM on-premises deployments allows remote unauthenticated attackers to gain administrati...
May 13, 2025This vulnerability allows local authenticated attackers to escalate privileges in Ivanti Cloud Services Application due to default credentials. Attack...
May 13, 2025Why Monitor Ivanti Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 226+ known vulnerabilities affecting Ivanti products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Ivanti packages in under 60 seconds. No agents required - completely agentless scanning that works across Ivanti deployments.
Free vulnerability database: Access detailed information about every Ivanti CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Ivanti CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
