2
CVEs
0
Critical
1
High
0
KEV
0
PoC
1
Unpatched C/H
0.0%
Patch Rate
0.8%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
1
MEDIUM
1
LOW
0
Monthly CVE Trend
Affected Products (30)
Endpoint Manager
92
Connect Secure
80
Avalanche
67
Policy Secure
59
Workspace Control
18
Zero Trust Access Gateway
17
Neurons For Secure Access
15
Pulse Secure Desktop Client
15
Pulse Connect Secure
15
Secure Access Client
12
Pulse Policy Secure
11
Endpoint Manager Mobile
9
Cloud Services Appliance
7
Landesk Management Suite
5
Neurons For Itsm
5
Ive Os
5
Junos Pulse Secure Access Service
5
Endpoint Manager Cloud Services Appliance
5
Desktop Server Management
4
Neurons For Zero Trust Access
4
Security Controls
3
Pulse Secure Desktop
3
Junos Pulse Access Control Service
3
Virtual Traffic Manager
3
Sentry
2
Open Redirect
2
Mobileiron
2
Xtraction
2
Application Control
2
Fips Secure Access 6500
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-14903 | Arbitrary file disclosure in Ivanti Xtraction before 2026.2.1 lets a remote, authenticated attacker traverse outside the application's web root and read sensitive files from the underlying host. The CVSS 3.1 score of 7.7 reflects a scope change (S:C), meaning the impact reaches beyond the web application into the host filesystem, though only confidentiality is affected. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; no EPSS score was provided. | HIGH | 7.7 | 1.0% | 38 |
No patch
|
| CVE-2026-14902 | Open redirect in Ivanti Xtraction before 2026.2.1 enables remote unauthenticated attackers to craft URLs that silently forward users to arbitrary external destinations. The vulnerability carries a Scope:Changed rating (S:C) in the CVSS vector, reflecting that the impact extends beyond the vulnerable application to the user's browser environment - a hallmark of effective phishing and credential harvesting campaigns. No public exploit code and no CISA KEV listing exist at time of analysis, and the AC:H metric in the vendor-provided vector suggests exploitation may not be trivially reliable in all configurations. | MEDIUM | 4.0 | 0.5% | 20 |
No patch
|