CISA · government feed
Known Exploited Vulnerabilities
Vulnerabilities under active exploitation, mandated by CISA for federal patching.
33 total matches · showing 33
| CVE | Vendor / Product | Status | ||
|---|---|---|---|---|
| CVE-2026-1340 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability | 2026-04-08 | Active |
| CVE-2026-1603 | Ivanti Endpoint Manager (EPM) | Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability | 2026-03-09 | Active |
| CVE-2026-1281 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability | 2026-01-29 | Active |
| CVE-2025-4427 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability | 2025-05-19 | Active |
| CVE-2025-4428 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability | 2025-05-19 | Active |
| CVE-2025-22457 | Ivanti Connect Secure, Policy Secure, and ZTA Gateways | Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability | 2025-04-04 | Ransomware |
| CVE-2024-13159 | Ivanti Endpoint Manager (EPM) | Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability | 2025-03-10 | Active |
| CVE-2024-13160 | Ivanti Endpoint Manager (EPM) | Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability | 2025-03-10 | Active |
| CVE-2024-13161 | Ivanti Endpoint Manager (EPM) | Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability | 2025-03-10 | Active |
| CVE-2025-0282 | Ivanti Connect Secure, Policy Secure, and ZTA Gateways | Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability | 2025-01-08 | Ransomware |
| CVE-2024-9379 | Ivanti Cloud Services Appliance (CSA) | Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability | 2024-10-09 | Active |
| CVE-2024-9380 | Ivanti Cloud Services Appliance (CSA) | Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability | 2024-10-09 | Active |
| CVE-2024-29824 | Ivanti Endpoint Manager (EPM) | Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability | 2024-10-02 | Active |
| CVE-2024-7593 | Ivanti Virtual Traffic Manager | Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability | 2024-09-24 | Active |
| CVE-2024-8963 | Ivanti Cloud Services Appliance (CSA) | Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability | 2024-09-19 | Active |
| CVE-2024-8190 | Ivanti Cloud Services Appliance | Ivanti Cloud Services Appliance OS Command Injection Vulnerability | 2024-09-13 | Active |
| CVE-2021-44529 | Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) | Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability | 2024-03-25 | Ransomware |
| CVE-2024-21893 | Ivanti Connect Secure, Policy Secure, and Neurons | Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability | 2024-01-31 | Ransomware |
| CVE-2023-35082 | Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core | Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability | 2024-01-18 | Ransomware |
| CVE-2024-21887 | Ivanti Connect Secure and Policy Secure | Ivanti Connect Secure and Policy Secure Command Injection Vulnerability | 2024-01-10 | Ransomware |
| CVE-2023-46805 | Ivanti Connect Secure and Policy Secure | Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability | 2024-01-10 | Ransomware |
| CVE-2023-38035 | Ivanti Sentry | Ivanti Sentry Authentication Bypass Vulnerability | 2023-08-22 | Ransomware |
| CVE-2023-35081 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability | 2023-07-31 | Active |
| CVE-2023-35078 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability | 2023-07-25 | Ransomware |
| CVE-2019-11539 | Ivanti Pulse Connect Secure and Pulse Policy Secure | Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability | 2021-11-03 | Ransomware |
| CVE-2019-11510 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability | 2021-11-03 | Ransomware |
| CVE-2021-22899 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Command Injection Vulnerability | 2021-11-03 | Active |
| CVE-2020-8260 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Code Execution Vulnerability | 2021-11-03 | Active |
| CVE-2021-22894 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability | 2021-11-03 | Active |
| CVE-2021-22900 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability | 2021-11-03 | Active |
| CVE-2020-8243 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Code Execution Vulnerability | 2021-11-03 | Active |
| CVE-2021-22893 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Use-After-Free Vulnerability | 2021-11-03 | Ransomware |
| CVE-2020-15505 | Ivanti MobileIron Multiple Products | Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability | 2021-11-03 | Active |
Feedback
How was this page?
Spotted something off, or have an idea? Let us know.