Ivanti Connect Secure - XXE

Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. id: CVE-2024-22024 info: name: Ivanti Connect Secure - XXE author: watchTowr severity: high description: | Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. impact: | Successful exploitation of this...

CVE-2026-22024

creationtimestamp| type| source ---|---|--- 2026-01-10 01:49:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbzvgqkdje2e 2026-01-10 02:04:07+00:00| published-proof-of-concept| Telegram/rdcJ-eVVBzDoFwL5TR2qJvsWI6XIYotV57lHh9Pxh3U8ZQE...

Linux Distros Unpatched Vulnerability : CVE-2025-22024

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: nfsd: fix management of listener transports Currently, when no active threads are running, a...

CVE-2023-22024

In the Unbreakable Enterprise Kernel UEK, the RDS module in UEK has two setsockopt2 options, RDSCONNRESET and RDS6CONNRESET, that are not re-entrant. A malicious local user with CAPNETADMIN can use this to crash the kernel. CVSS 3.1 Base Score 5.5 Availability impacts. CVSS Vector:...

CVE-2025-22024

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix management of listener transports Currently, when no active threads are running, a root user using nfsdctl command can try to remove a particular listener from the list of previously added ones, then start the server by...

CVE-2025-22024

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix management of listener transports Currently, when no active threads are running, a root user using nfsdctl command can try to remove a particular listener from the list of previously added ones, then start the server by...

CVE-2025-22024 nfsd: fix management of listener transports

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix management of listener transports Currently, when no active threads are running, a root user using nfsdctl command can try to remove a particular listener from the list of previously added ones, then start the server by...

CVE-2025-22024

CVE-2025-22024 : Linux kernel nfsd has a vulnerability in managing listener transports. When no threads are active, a root user using nfsdctl can remove a listener from the old list and then start more threads, which may lead to a refcount bug (use-after-free) in svc_recv/nfsd. The fix changes th...

CVE-2025-22024

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix management of listener transports Currently, when no active threads are running, a root user using nfsdctl command can try to remove a particular listener from the list of previously added ones, then start the server by...

CVE-2023-51578

CVE-2023-51578 affects Voltronic Power ViewPower MonitorConsole. The flaw is an exposed dangerous method in the MonitorConsole class enabling remote DoS without authentication. Public sources (ZDI-23-1884) confirm the issue, but no concrete remediation/version fix is provided in the connected doc...

CVE-2023-51578 Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Denial-of-Service Vulnerability

Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerabilit...

Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries

A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring the challenge of securing software supply chains. Eclypsiusm, which acquired firmware version 9.1.18.2-24467.1 as part of the process, said the base operating...

Updated: New Software Updates and Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways

Note: CISA will update this Alert with more information as it becomes available. Updated Feb. 15, 2024: On Feb. 14, 2024, Ivanti released new software updates for Ivanti Connect Secure and Ivanti Policy Secure. Review Ivanti's updated KB articlelink is external for more information. End of Feb. 1...

Scanning Activity for CVE-2024-22024 (XXE) Vulnerability in Ivanti

...

Imperva defends customers against CVE-2024-22024 in Ivanti products

Ivanti recently published an urgent warning about an authentication bypass in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways, tracked as CVE-2024-22024. The bug, which carries a severity score of 8.3, was discovered during an internal review. Since its announcement on February 8,...

CVE-2024-22024

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x, Ivanti Policy Secure 9.x, 22.x and ZTA gateways which allows an attacker to access certain restricted resources without authentication...

Ivanti Addresses Yet Another VPN Flaw Within a Month

Summary: Ivanti has addressed a newly discovered vulnerability impacting ZTA, Policy, and Connect Secure gateways. Tracked as CVE-2024-22024, this vulnerability stems from a weakness in the SAML component of the gateways related to XXE XML eXternal Entities, enabling remote attackers to access...

Exploit for Improper Restriction of XML External Entity Reference in Ivanti Connect_Secure

CVE-2024-22024 Check for CVE-2024-22024 vulnerability in Ivant...

Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways

Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication. The issue, tracked as CVE-2024-22024, is rated 8.3 out of 10 on the CVSS scoring system. "An XML external enti...

CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure

Executive Summary: As part of the ongoing investigation, we discovered a new vulnerability as part of our internal review and testing of our code, which was also responsibly disclosed by watchTowr. This vulnerability only affects a limited number of supported versions – Ivanti Connect Secure...