VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
Multiple NetApp products incorporate Oracle Java Platform, Standard Edition (Java SE). Java SE versions 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, and 25 are susceptible to vulnerabilities that when successfully exploited could allow unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Refer to “Oracle Critical Patch Update Advisory - October 2025” for additional details. Successful attacks of these vulnerabilities can result in unauthorized creation, deletion, modification, or access to critical data or complete access to all Oracle Java SE accessible data. Affected products: Active IQ Unified Manager for VMware vSphere, Brocade SAN Navigator (SANnav), E-Series SANtricity Unified Manager and Web Services Proxy, OnCommand Insight, SANtricity Storage Plugin for vCenter. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate Pypi/Setuptools. Pypi/Setuptools versions through 69.1.1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). Affected products: Active IQ Unified Manager for Linux, Active IQ Unified Manager for Microsoft Windows, Active IQ Unified Manager for VMware vSphere. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Ivanti releases standard security patches on the second Tuesday of every month. Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates. To that end, today Ivanti is disclosing vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) and Neurons for MDM. It is important for customers to know: We have no evidence of any of these vulnerabilities being exploited in the wild. These vulnerabilities do not impact any other Ivanti solutions. Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).
Multiple NetApp products incorporate Apache Netty. Apache Netty versions prior to 4.2.4.Final and prior to 4.1.124.Final are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). Affected products: Active IQ Unified Manager for Linux. NetApp states there is no workaround available at this time.
Ivanti releases standard security patches on the second Tuesday of every month. Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. At the core, we believe that responsible transparency helps protect our customers. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates. To that end, today Ivanti is disclosing vulnerabilities in Ivanti Endpoint Manager (EPM) and Ivanti Connect Secure, Policy Secure, ZTA Gateways and Neurons for Secure Access. It is important for customers to know: We have no evidence of any of these vulnerabilities being exploited in the wild. These vulnerabilities do not impact any other Ivanti solutions.
Ivanti releases standard security patches on the second Tuesday of every month. Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. At the core, we believe that responsible transparency helps protect our customers. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates. To that end, today Ivanti is disclosing vulnerabilities in Ivanti Avalanche, Ivanti Virtual Application Delivery Control (vADC) (previously known as vTM) and Ivanti Connect Secure, Policy Secure, ZTA Gateways and Neurons for Secure Access. It is important for customers to know: We have no evidence of any of these vulnerabilities being exploited in the wild. These vulnerabilities do not impact any other Ivanti solutions.
Multiple NetApp products incorporate the Oracle Java Platform, Standard Edition (Java SE). Java SE versions 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1 are susceptible to vulnerabilities which when successfully exploited could allow an unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Refer to “Oracle Critical Patch Update Advisory - July 2025” for additional details. Successful attacks of this vulnerability can result in takeover of Oracle Java SE or unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as unauthorized read access to a subset of Oracle Java SE accessible data. Affected products: Active IQ Unified Manager for VMware vSphere. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Ivanti releases standard security patches on the second Tuesday of every month. Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates. To that end, today Ivanti is disclosing vulnerabilities in Ivanti Connect Secure and Policy Secure, Ivanti EPM, and Ivanti EPMM. It is important for customers to know: We have no evidence of any of these vulnerabilities being exploited in the wild. These vulnerabilities do not impact any other Ivanti solutions. Cases can be logged via the Success portal (login credentials required). Want to stay up to date on Ivanti Security Advisories?
Multiple NetApp products incorporate GNU C Library. GNU C Library versions 2.27 through 2.38 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). Affected products: Active IQ Unified Manager for VMware vSphere, Brocade Fabric Operating System Firmware, NetApp HCI Baseboard Management Controller (BMC) - H610S, NetApp HCI Compute Node (Bootstrap OS). NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Ivanti releases standard security patches on the second Tuesday of every month. It is our philosophy that responsible transparency helps protect our customers. CVE disclosures are an essential and effective tool for communicating software vulnerabilities and necessary actions to customers. A CVE serves as a beacon to security teams and signals the need for urgent updates. Today, Ivanti is disclosing vulnerabilities in Ivanti Workspace Control. It is important for customers to know: We have no evidence of any of these vulnerabilities being exploited in the wild. These vulnerabilities do not impact any other Ivanti solutions. More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories: Ivanti Workspace Control (IWC) Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required). Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.
Ivanti releases standard security patches on the second Tuesday of every month. For many of our customers, the predictable schedule facilitates better planning and management of IT resources, allowing them to allocate time and personnel efficiently for the timely updates. Today, Ivanti is disclosing vulnerabilities in Ivanti ITSM (on-premises only), Cloud Security Application (CSA) and Neurons for MDM. It is important for customers to know: We have no evidence of any of these vulnerabilities being exploited in the wild. These vulnerabilities do not impact any other Ivanti solutions. Cases can be logged via the Success portal (login credentials required). Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.
At Ivanti, transparency is a cornerstone of our commitment to customer security and trust. It is through such transparency that vulnerabilities are swiftly addressed, allowing our customers and the broader ecosystem to take proactive measures to safeguard their environments amidst a rapidly evolving and highly sophisticated threat landscape. To this end, we are issuing an important security update addressing vulnerabilities associated with open-source libraries used in Ivanti Endpoint Manager Mobile (EPMM). We have provided an FAQ below and in the Security Advisory. At the time of disclosure, we are aware of a very limited number of customers whose solution has been exploited. The issue only affects the on-prem EPMM product. It is not present in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti Sentry, or any other Ivanti products. We urge all customers using the on-prem EPMM product to promptly install the patch. We have made additional resources and support teams available to assist customers in implementing the patch and addressing any concerns. Detailed information is available in our Security Advisory so that customers can protect their environment. Thank you to our customers and security partners for their engagement and support, which enabled our swift response to this issue.
CVE.Org link: CVE-2025-3928 Save as PDF A vulnerability has been identified and remediated in all supported versions of the Commvault software. Webservers can be compromised through bad actors creating and executing webshells. Exploiting this vulnerability requires a bad actor to have authenticated user credentials within the Commvault Software environment. Unauthenticated access is not exploitable. For software customers, this means your environment must be: (i) accessible via the internet, (ii) compromised through an unrelated avenue, and (iii) accessed leveraging legitimate user credentials.
Ivanti’s vulnerability management program is a central part of our commitment to security. We employ rigorous testing and validation methodologies to enable swift identification, patching, and disclosure of vulnerabilities in collaboration with the broader security ecosystem. Our priority is to provide responsible and transparent communication to our customers, so they are empowered to defend their environments. In recent months, we have intensified our internal scanning, manual exploitation and testing capabilities, and have also made enhancements to our responsible disclosure process so that we promptly discover and address potential issues, and so that our customers are best equipped to take action. Ivanti releases standard security patches on the second Tuesday of every month. For many of our customers, the predictable schedule facilitates better planning and management of IT resources, allowing them to allocate time and personnel efficiently for the timely updates. Today, Ivanti is disclosing vulnerabilities in Ivanti Endpoint Manager (EPM). It is important for customers to know: We have no evidence of any of these vulnerabilities being exploited in the wild. These vulnerabilities do not impact any other Ivanti solutions. More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisory.
** The following has been updated to make clear the vulnerability was fully patched in Ivanti Connect Secure 22.7R2.6 (released February 11, 2025). At Ivanti, our mission is to empower customers to defend their environments in an evolving and increasingly sophisticated threat landscape.
Multiple NetApp products incorporate urllib3. Urllib3 versions prior to 1.26.17 and prior to 2.0.6 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information or addition or modification of data. Affected products: Active IQ Unified Manager for VMware vSphere, NetApp SolidFire & HCI Storage Node (Element Software), ONTAP Mediator. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate Python. Python versions prior to 3.7.17, 3.8.17, 3.9.17, 3.10.12 and 3.11.4 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data. Successful exploitation of this vulnerability could lead to addition or modification of data. Affected products: Active IQ Unified Manager for Microsoft Windows, Active IQ Unified Manager for VMware vSphere, Management Services for Element Software and NetApp HCI, NetApp HCI Compute Node (Bootstrap OS), ONTAP Select Deploy administration utility. NetApp states there is no workaround available at this time.
Local Privilege Escalation Vulnerability in Polkit's pkexec Utility