704 matches found
Ivanti Connect Secure - Stack-based Buffer Overflow
Ivanti Connect Secure 22.7R2.5, Ivanti Policy Secure 22.7R1.2, and Ivanti Neurons for ZTA gateways 22.7R2.3 contain a stack-based buffer overflow in the clientCapabilities parameter handling. This vulnerability allows remote unauthenticated attackers to execute arbitrary code through IF-T TLS...
📄 Ivanti Connect Secure 9.x / 22.x Command Injection
The provided PHP script targets CVE‑2024‑21887, a command injection vulnerability in Ivanti Connect Secure versions 9.x and 22.x It is designed to identify and exploit vulnerable systems through a crafted API request. It initializes a reusable cURL session to send malicious JSON payloads to a...
PT-2026-4277
Edge Crisis: CISA added two critical vulnerabilities to the Known Exploited Vulnerabilities catalog yesterday. CVE-2026-21809 and CVE-2026-21810 target Citrix Workspace and Ivanti Connect Secure. Federal agencies have until February 11 to remediate...
PT-2026-4276
Edge Crisis: CISA added two critical vulnerabilities to the Known Exploited Vulnerabilities catalog yesterday. CVE-2026-21809 and CVE-2026-21810 target Citrix Workspace and Ivanti Connect Secure. Federal agencies have until February 11 to remediate...
CVE-2022-35258
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure ICS in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure IPS in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior...
CVE-2022-35254
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure ICS in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure IPS in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior...
CVE-2024-39711
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-39712
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-39710
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution...
Urgent Reminder to Update Edge Appliances During Peak Holiday Time-off
Customer Alert: Proactive Defense Against Threat Actor Campaigns Targeting Unpatched Network Security Solutions As the holiday season approaches, we are urging all Ivanti customers to ensure that all their network security solutions are updated to their latest versions, regardless of vendor. We...
EUVD-2024-42722
Malicious code in bioql PyPI...
EUVD-2025-24257
Malicious code in bioql PyPI...
EUVD-2024-37700
Malicious code in bioql PyPI...
EUVD-2024-38339
Malicious code in bioql PyPI...
EUVD-2024-19629
Malicious code in bioql PyPI...
EUVD-2024-51757
Malicious code in bioql PyPI...
EUVD-2024-51760
Malicious code in bioql PyPI...
EUVD-2025-20512
Malicious code in bioql PyPI...
EUVD-2024-36636
Malicious code in bioql PyPI...
EUVD-2024-37717
Malicious code in bioql PyPI...