70 matches found
EUVD-2026-29489
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...
CVE-2026-8110
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...
CVE-2026-8109
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...
CVE-2026-8109
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...
Ivanti Endpoint Manager 安全漏洞
Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU6 contained security vulnerabilities. These vulnerabilities were due to improper delegation of permissions by agents, which could...
Ivanti Endpoint Manager(EPM) SQL注入漏洞
Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU6 contained a SQL injection vulnerability. This vulnerability stemmed from SQL injections in the web console, and could allow remote...
CVE-2026-1602
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
Ivanti Endpoint Manager SQL注入漏洞
Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU5 contained a SQL injection vulnerability. This vulnerability allows remote authentication attackers to access arbitrary data in the...
CVE-2025-13662
Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required...
PT-2025-50086
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU4 SR1 Description A flaw exists in Ivanti Endpoint Manager due to improper control of dynamically managed code resources. A remote, unauthenticated attacker can write arbitrary files on the...
EUVD-2025-84339
Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk...
Security Advisory EPM November 2025 for EPM 2024
Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses three high vulnerabilities. Successful exploitation could allow a local authenticated attacker to write arbitrary files anywhere on disk. Two of the resolved vulnerabilities, CVE-2025-9713 and CVE-2025-11622, were...
CVE-2025-62389
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-62383
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-9713
Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required...
EUVD-2024-37150
Malicious code in bioql PyPI...
CVE-2024-20884
Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API...
CVE-2024-55564
The POSIX::2008 package before 0.24 for Perl has a potential execve50c env buffer overflow...
CVE-2024-12233
creationtimestamp| type| source ---|---|--- 2024-12-05 16:34:41+00:00| seen| https://infosec.exchange/users/cve/statuses/113601182484335124 2024-12-05 19:32:43+00:00| seen| https://t.me/cvedetector/12126...
CVE-2024-53863
Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for...