https://www.bleepingcomputer.com/news/security/ivanti-warns-of-connect-secure-zero-days-exploited-in-attacks/

Ivanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways.

The first security flaw (CVE-2023-46805) is an authentication bypass in the gateways' web component, enabling attackers to access restricted resources by circumventing control checks.