Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials.
Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges.
Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation.
Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.
Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authent
Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution
Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.
An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access.
A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.
An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function.
An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory ca
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.
Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification.
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.
Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
VMware NSX contains a local privilege escalation vulnerability.  An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assig