Lucene search
K

11 matches found

vulnersOsv
vulnersOsv
added 2025/06/03 9:30 p.m.11 views

com.github.jinahya:jsonrpc-bind-tests (=0.7.1), org.amebastack.container:ameba-container-grizzly (>=0.1.6c <=0.1.6e) +185 more potentially affected by CVE-2020-5245 +3 more via org.hibernate.validator:hibernate-validator (>=7.0.0.Alpha1 <=7.0.0.Alpha6)

org.hibernate.validator:hibernate-validator MAVEN version =7.0.0.Alpha1, =0.1.6c, =0.1.2, =0.1.2, =0.1.2, =0.1.6c, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0-RC1 and more Source cves: CVE-2020-5245, CVE-2025-35036, CVE-2025-4427, CVE-2025-4428 Source advisory: OSV:GHSA-7V6M-28JR-RG84...

9CVSS7.3AI score0.99891EPSS
Exploits11
Rapid7 Blog
Rapid7 Blog
added 2025/05/16 11:0 a.m.9 views

Ivanti Endpoint Manager Mobile exploit chain exploited in the wild

On May 13, 2025, Ivanti disclosed an exploited in the wild exploit chain, comprising of two new vulnerabilities affecting Ivanti Endpoint Manager Mobile EPMM: CVE-2025-4427 and CVE-2025-4428. Ivanti EPMM is an enterprise-focused software suite for IT teams to manage mobile devices, applications,...

8.8CVSS9.4AI score0.99891EPSS
Exploits10
Packet Storm News
Packet Storm News
added 2025/05/16 12:0 a.m.10 views

Ivanti EPMM Pre-Auth RCE Chain 1day Detection Artifact Generator Tool

This script attempts to detect if Ivanti EPMM is vulnerable to CVE-2025-4427 and CVE-2025-4428. It affects versions 11.12.0.4 and prior, 12.3.0.1 and prior, 12.4.0.1 and prior, and 12.5.0.0 and prior...

8.8CVSS7AI score0.99891EPSS
Exploits10
RedhatCVE
RedhatCVE
added 2025/05/15 4:34 p.m.25 views

CVE-2025-4428

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests...

8.8CVSS8.3AI score0.83641EPSS
Exploits10References1
GithubExploit
GithubExploit
added 2025/05/15 1:59 p.m.410 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Ivanti Endpoint_Manager_Mobile

CVE-2025-4427 and CVE-2025-4428 Ivanti EPMM Chain Ivanti EPMM...

8.8CVSS8.7AI score0.99891EPSS
Exploits10
Circl
Circl
added 2025/05/13 4:30 p.m.25 views

CVE-2025-4428

creationtimestamp| type| source ---|---|--- 2025-05-13 16:30:39+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2vhy3fbjz2 2025-05-13 16:30:50+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16168 2025-05-13 16:48:00+00:00| seen|...

8.8CVSS7.4AI score0.83641EPSS
Exploits10References178
NVD
NVD
added 2025/05/13 4:15 p.m.22 views

CVE-2025-4428

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests...

8.8CVSS0.83641EPSS
Exploits10References2
Cvelist
Cvelist
added 2025/05/13 3:46 p.m.28 views

CVE-2025-4428 Remote Code Execution

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests...

7.2CVSS0.83641EPSS
Exploits10References1
CVE
CVE
added 2025/05/13 3:46 p.m.282 views

CVE-2025-4428

Ivanti Endpoint Manager Mobile (EPMM) Code Injection vulnerability (CVE-2025-4428). An authenticated attacker can remotely execute arbitrary code via crafted API requests in the API component. Root cause cited as insecure implementation/interpolation involving the Hibernate Validator library, wit...

8.8CVSS7.4AI score0.83641EPSS
In wildExploits10References2Affected Software1
Ivanti
Ivanti
added 2025/05/13 3:36 p.m.37 views

Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428)

Ivanti has released updates for Endpoint Manager Mobile EPMM which addresses one medium and one high severity vulnerability. When chained together, successful exploitation could lead to unauthenticated remote code execution. We are aware of a very limited number of customers whose solution has be...

8.8CVSS9.2AI score0.99891EPSS
Exploits10
ATTACKERKB
ATTACKERKB
added 2025/05/13 12:0 a.m.29 views

CVE-2025-4428

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. Recent assessments: remmons-r7 at May 22, 2025 5:27am UTC reported: On May 13, 2025, Ivanti...

8.8CVSS9.2AI score0.99891EPSS
In wildExploits10References2
Rows per page
Query Builder