386
CVEs
57
Critical
246
High
25
KEV
52
PoC
291
Unpatched C/H
4.4%
Patch Rate
13.1%
Avg EPSS
Severity Breakdown
CRITICAL
57
HIGH
246
MEDIUM
78
LOW
5
Monthly CVE Trend
Affected Products (30)
Endpoint Manager
92
Connect Secure
80
Avalanche
67
Policy Secure
59
Workspace Control
18
Zero Trust Access Gateway
17
Neurons For Secure Access
15
Pulse Secure Desktop Client
15
Pulse Connect Secure
15
Secure Access Client
12
Pulse Policy Secure
11
Endpoint Manager Mobile
9
Cloud Services Appliance
7
Landesk Management Suite
5
Neurons For Itsm
5
Ive Os
5
Junos Pulse Secure Access Service
5
Endpoint Manager Cloud Services Appliance
5
Desktop Server Management
4
Neurons For Zero Trust Access
4
Security Controls
3
Pulse Secure Desktop
3
Junos Pulse Access Control Service
3
Virtual Traffic Manager
3
Sentry
2
Open Redirect
2
Mobileiron
2
Xtraction
2
Application Control
2
Fips Secure Access 6500
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2024-7593 | Authentication bypass in Ivanti Virtual Traffic Manager (vTM) admin panel allows remote unauthenticated attackers to gain administrative access to the appliance due to a flawed authentication algorithm implementation. The flaw is confirmed actively exploited (CISA KEV) with an EPSS score of 94.44% (100th percentile), placing it among the highest-risk vulnerabilities currently tracked. All vTM releases other than 22.2R1 and 22.7R2 are affected. | CRITICAL | 9.8 | 94.4% | 213 |
KEV
PoC
|
| CVE-2024-13159 | Ivanti Endpoint Manager contains an absolute path traversal vulnerability allowing unauthenticated remote attackers to leak sensitive information from the EPM server, one of three related Ivanti EPM path traversal CVEs. | CRITICAL | 9.8 | 94.2% | 213 |
KEV
PoC
No patch
|
| CVE-2024-13160 | Ivanti Endpoint Manager contains a second absolute path traversal vulnerability for unauthenticated information disclosure, part of the triple path traversal affecting EPM's January 2025 security update. | CRITICAL | 9.8 | 93.5% | 212 |
KEV
PoC
No patch
|
| CVE-2024-13161 | Ivanti Endpoint Manager contains a third absolute path traversal vulnerability for unauthenticated information disclosure, completing the triple path traversal set in the January 2025 security update. | CRITICAL | 9.8 | 92.5% | 212 |
KEV
PoC
No patch
|
| CVE-2025-0282 | Ivanti Connect Secure, Policy Secure, and Neurons for ZTA contain a stack-based buffer overflow allowing unauthenticated remote code execution, the second major Ivanti VPN zero-day in twelve months. | CRITICAL | 9.0 | 94.1% | 209 |
KEV
PoC
No patch
|
| CVE-2025-4427 | An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | MEDIUM | 5.3 | 91.6% | 203 |
KEV
PoC
No patch
|
| CVE-2026-1281 | Ivanti Endpoint Manager Mobile (EPMM) contains a critical code injection vulnerability (CVE-2026-1281, CVSS 9.8) that allows unauthenticated remote attackers to execute arbitrary code. With EPSS 64.8% and KEV listing, this vulnerability in the mobile device management platform threatens the security of every managed mobile device in the organization, as EPMM has the ability to push configurations, certificates, and apps to enrolled devices. | CRITICAL | 9.8 | 64.8% | 199 |
KEV
PoC
|
| CVE-2026-1340 | Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that allows unauthenticated attackers to achieve remote code execution on the mobile device management server. Compromising the MDM server provides access to all managed mobile device configurations, policies, and potentially the ability to push malicious profiles to enrolled devices. | CRITICAL | 9.8 | 50.9% | 185 |
KEV
PoC
No patch
|
| CVE-2025-22457 | Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow enabling unauthenticated remote code execution, the third major Ivanti VPN zero-day within fifteen months, exploited by UNC5221. | CRITICAL | 9.0 | 53.7% | 184 |
KEV
PoC
No patch
|
| CVE-2025-4428 | Ivanti Endpoint Manager Mobile (EPMM) contains an authenticated code injection in the API component, allowing authenticated attackers to execute arbitrary code through crafted API requests. | HIGH | 7.2 | 45.3% | 166 |
KEV
PoC
No patch
|
| CVE-2026-1603 | Ivanti Endpoint Manager before 2024 SU5 contains an authentication bypass (CVE-2026-1603, CVSS 8.6) that allows unauthenticated remote attackers to leak stored credential data. KEV-listed with EPSS 43.9%, this vulnerability exposes credentials stored in the endpoint management platform — potentially including service accounts, deployment credentials, and other secrets used to manage the entire endpoint fleet. | HIGH | 8.6 | 43.9% | 157 |
KEV
PoC
No patch
|
| CVE-2026-10520 | Remote code execution in Ivanti Sentry before R10.5.2, R10.6.2, and R10.7.1 allows unauthenticated remote attackers to achieve root-level command execution via OS command injection. With a maximum CVSS score of 10.0 and a network-accessible, no-interaction attack vector, this represents a critical exposure for any internet-facing Sentry appliance, though no public exploit has been identified at time of analysis. | CRITICAL | 10.0 | 0.2% | 140 |
KEV
PoC
No patch
|
| CVE-2026-6973 | Remote code execution in Ivanti Endpoint Manager Mobile (EPMM) allows authenticated administrators to execute arbitrary code on the server. Affects EPMM versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1 through improper input validation vulnerabilities. While requiring high-privilege administrator credentials (CVSS PR:H), the vulnerability enables complete system compromise once authenticated, with high impact to confidentiality, integrity, and availability. No public exploit or active exploitation confirmed at time of analysis. | HIGH | 7.2 | 5.0% | 131 |
KEV
PoC
No patch
|
| CVE-2025-22467 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 42.0% and no vendor patch available. | CRITICAL | 9.9 | 42.0% | 92 |
No patch
|
| CVE-2024-47908 | OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 44.0% and no vendor patch available. | CRITICAL | 9.1 | 44.0% | 89 |
No patch
|