EUVD-2026-17642

A denial-of-service DoS vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive...

CVE-2026-3469

A denial-of-service DoS vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive...

CVE-2026-3470

A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could exploit this issue by providing crafted input that corrupts application database...

CVE-2026-3469

A denial-of-service DoS vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive...

CVE-2025-40603

A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data...

EUVD-2020-3844

Malware in sbrugna...

EUVD-2025-20514

Malicious code in bioql PyPI...

CVE-2025-57874

The CVE describes a reflected cross-site scripting (XSS) vulnerability in Esri Portal for ArcGIS, affecting version 11.4 and earlier. A remote authenticated attacker with administrative access can supply a crafted string that executes arbitrary JavaScript in the victim’s browser. Affected compone...

CVE-2025-55139

SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with admin privileges to enumerate internal...

PT-2025-36749

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.9 Ivanti Connect Secure versions prior to 22.8R2 Ivanti Policy Secure versions prior to 22.7R1.6 Ivanti ZTA Gateway versions prior to 2.8R2.3-723 Ivanti Neurons for Secure Access versions prior t...

PT-2025-34115 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine affected versions not specified Description: A vulnerability in the GUI of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative privileges to upload files to an...

CVE-2025-5466

XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with admin privileges to trigger a denial of...

CVE-2025-8297

Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2025-5466

XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with admin privileges to trigger a denial of...

CVE-2025-5466

CVE-2025-5466 is an XML External Entity (XEE) vulnerability affecting Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. The issue allows a remote authenticated attacker with admin privileges to trigger a denial of service. Affected versions before the stated fixes ...

CVE-2025-8297

Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2025-8297

CVE-2025-8297 affects Ivanti Avalanche prior to version 6.4.8.8008. Multiple sources describe an incomplete configuration restriction that enables a remote authenticated attacker with admin privileges to achieve remote code execution. The confirmed impact is remote code execution with high severi...

PT-2025-32679 · Ivanti · Ivanti Connect Secure +3

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.8 and 22.8R2 Ivanti Policy Secure versions prior to 22.7R1.5 Ivanti ZTA Gateway versions prior to 22.8R2.3-723 Ivanti Neurons for Secure Access versions prior to 22.8R1.4 Description: An XML...

CVE-2025-5451

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service...

CVE-2025-5450

Ivanti Connect Secure and Ivanti Policy Secure are affected by CVE-2025-5450 due to improper access control in the certificate management component. A remote authenticated admin with read-only rights can modify settings that should be restricted on versions prior to 22.7R2.8 (ICS) and 22.7R1.5 (I...