CVE-2016-4787 — CVSS 10.0 (critical): Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read…
CVE-2025-22467 — CVSS 9.9 (critical): A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote…
CVE-2019-11540 — CVSS 9.8 (critical): In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before…
CVE-2018-6320 — CVSS 9.8 (critical): A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and…
CVE-2018-20810 — CVSS 9.8 (critical): Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS)…
CVE-2018-20813 — CVSS 9.8 (critical): An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2.
CVE-2024-21894 — CVSS 9.8 (critical): A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated…
CVE-2024-39710 — CVSS 9.1 (critical): Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a…
CVE-2024-11633 — CVSS 9.1 (critical): Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve…
CVE-2024-38656 — CVSS 9.1 (critical): Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a…
CVE-2024-39711 — CVSS 9.1 (critical): Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a…
CVE-2024-11634 — CVSS 9.1 (critical): Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote…
CVE-2024-11006 — CVSS 9.1 (critical): Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version…
CVE-2024-39712 — CVSS 9.1 (critical): Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a…
CVE-2024-11007 — CVSS 9.1 (critical): Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version…
CVE-2024-10644 — CVSS 9.1 (critical): Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote…
CVE-2024-11005 — CVSS 9.1 (critical): Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version…
CVE-2025-55145 — CVSS 8.9 (high): Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before…
CVE-2021-22908 — CVSS 8.8 (high): A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to…
CVE-2025-55142 — CVSS 8.8 (high): Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before…
CVE-2017-11455 — CVSS 8.8 (high): diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through…
CVE-2025-55141 — CVSS 8.8 (high): Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before…
CVE-2024-9420 — CVSS 8.8 (high): A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a…
CVE-2019-11509 — CVSS 8.8 (high): In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse…
CVE-2025-55147 — CVSS 8.8 (high): CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and…
CVE-2024-37404 — CVSS 8.8 (high): Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before…
CVE-2024-21888 — CVSS 8.8 (high): A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a…
CVE-2016-4791 — CVSS 8.6 (high): The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before…
CVE-2024-22024 — CVSS 8.3 (high): An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x)…
CVE-2024-22053 — CVSS 8.2 (high): A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated…
CVE-2020-8206 — CVSS 8.1 (high): An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to…
CVE-2019-11213 — CVSS 8.1 (high): In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a…
CVE-2024-47906 — CVSS 7.8 (high): Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before…
CVE-2024-39709 — CVSS 7.8 (high): Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version…
CVE-2023-41720 — CVSS 7.8 (high): A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure…
CVE-2019-11538 — CVSS 7.7 (high): In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1…
CVE-2025-55148 — CVSS 7.6 (high): Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before…
CVE-2025-5456 — CVSS 7.5 (high): A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA…
CVE-2018-20809 — CVSS 7.5 (high): A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure…
CVE-2019-11477 — CVSS 7.5 (high): Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when…
CVE-2019-11541 — CVSS 7.5 (high): In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML…
CVE-2021-22965 — CVSS 7.5 (high): A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a…
CVE-2022-35254 — CVSS 7.5 (high): An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to…
CVE-2022-35258 — CVSS 7.5 (high): An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to…
CVE-2023-39340 — CVSS 7.5 (high): A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead…
CVE-2024-22052 — CVSS 7.5 (high): A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an…
CVE-2024-37377 — CVSS 7.5 (high): A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a…
CVE-2024-37400 — CVSS 7.5 (high): An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite…
CVE-2024-37401 — CVSS 7.5 (high): An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial…
CVE-2024-38649 — CVSS 7.5 (high): An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated…
CVE-2024-47907 — CVSS 7.5 (high): A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a…
CVE-2024-8495 — CVSS 7.5 (high): A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a…
CVE-2016-4786 — CVSS 7.5 (high): Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a…
CVE-2025-5462 — CVSS 7.5 (high): A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway…
CVE-2024-38655 — CVSS 7.2 (high): Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and…
CVE-2020-15352 — CVSS 7.2 (high): An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows…
CVE-2021-22938 — CVSS 7.2 (high): A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an…
CVE-2021-22937 — CVSS 7.2 (high): A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously…
CVE-2021-22935 — CVSS 7.2 (high): A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an…
CVE-2023-41719 — CVSS 7.2 (high): A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a…
CVE-2021-22934 — CVSS 7.2 (high): A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device…
CVE-2021-44720 — CVSS 7.2 (high): In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the…
CVE-2019-11542 — CVSS 7.2 (high): In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1…
CVE-2019-11508 — CVSS 7.2 (high): In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an…
CVE-2020-8219 — CVSS 7.2 (high): An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a…
CVE-2024-9844 — CVSS 7.1 (high): Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote…
CVE-2025-0283 — CVSS 7.0 (high): A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti…
CVE-2025-55139 — CVSS 6.8 (medium): SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and…
CVE-2020-8222 — CVSS 6.8 (medium): A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web…
CVE-2024-12058 — CVSS 6.8 (medium): External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a…
CVE-2025-0293 — CVSS 6.6 (medium): CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote…
CVE-2021-22933 — CVSS 6.5 (medium): A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a…
CVE-2020-8220 — CVSS 6.5 (medium): A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection…
CVE-2025-5464 — CVSS 6.5 (medium): Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker…
CVE-2025-5450 — CVSS 6.3 (medium): Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure…
CVE-2024-11004 — CVSS 6.1 (medium): Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote…
CVE-2021-22936 — CVSS 6.1 (medium): A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an…
CVE-2019-11543 — CVSS 6.1 (medium): XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before…
CVE-2020-8238 — CVSS 6.1 (medium): A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to…
CVE-2020-8262 — CVSS 6.1 (medium): A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS)…
CVE-2019-11507 — CVSS 6.1 (medium): In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application…
CVE-2016-4789 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure…
CVE-2018-20807 — CVSS 6.1 (medium): An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x…
CVE-2018-20808 — CVSS 6.1 (medium): An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This…
CVE-2018-14366 — CVSS 6.1 (medium): download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before…
CVE-2020-8204 — CVSS 6.1 (medium): A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.
CVE-2025-55143 — CVSS 6.1 (medium): Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway…
CVE-2018-20814 — CVSS 6.1 (medium): An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS)…
CVE-2024-13830 — CVSS 6.1 (medium): Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote…
CVE-2024-13842 — CVSS 6.0 (medium): A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local…
CVE-2024-13843 — CVSS 6.0 (medium): Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a…
CVE-2016-4788 — CVSS 5.8 (medium): Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an…
CVE-2025-0292 — CVSS 5.5 (medium): SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated…
CVE-2016-4790 — CVSS 5.5 (medium): Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before…
CVE-2020-12880 — CVSS 5.5 (medium): An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a…
CVE-2025-5463 — CVSS 5.5 (medium): Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version…
CVE-2025-5468 — CVSS 5.5 (medium): Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5…
CVE-2025-8712 — CVSS 5.4 (medium): Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before…
CVE-2025-55144 — CVSS 5.4 (medium): Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before…
CVE-2025-8711 — CVSS 5.4 (medium): CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and…
CVE-2020-8217 — CVSS 5.4 (medium): A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.
CVE-2022-21826 — CVSS 5.4 (medium): Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST…
CVE-2018-20811 — CVSS 5.3 (medium): A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12.
CVE-2024-22023 — CVSS 5.3 (medium): An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an…
CVE-2019-11478 — CVSS 5.3 (medium): Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when…
CVE-2016-4792 — CVSS 5.3 (medium): Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors.
CVE-2020-8221 — CVSS 4.9 (medium): A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the…
CVE-2025-5451 — CVSS 4.9 (medium): A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a…
CVE-2024-47905 — CVSS 4.9 (medium): A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a…
CVE-2024-47909 — CVSS 4.9 (medium): A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a…
CVE-2024-38657 — CVSS 4.9 (medium): External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a…
CVE-2025-55146 — CVSS 4.9 (medium): An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway…
CVE-2020-8256 — CVSS 4.9 (medium): A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file…
CVE-2025-5466 — CVSS 4.9 (medium): XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and…
CVE-2020-8261 — CVSS 4.3 (medium): A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
CVE-2020-8216 — CVSS 4.3 (medium): An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting…