Lucene search
+L

1421 matches found

Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40042

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...

6.5CVSS5.8AI score0.00701EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.18 views

PT-2026-40044

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU6 Description SQL injection in the web console allows a remote authenticated attacker to achieve remote code execution. SQL injection is a type of flaw where an attacker can interfere with the...

8.8CVSS6.2AI score0.00883EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Ivanti Endpoint Manager(EPM) SQL注入漏洞

Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU6 contained a SQL injection vulnerability. This vulnerability stemmed from SQL injections in the web console, and could allow remote...

8.8CVSS6AI score0.00883EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/11 12:36 p.m.14 views

⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More

Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One...

9.8CVSS6.9AI score0.32074EPSS
Exploits6
The Hacker News
The Hacker News
added 2026/05/07 5:55 p.m.12 views

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile EPMM has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 CVSS score: 7.2, is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0....

8.8CVSS6.3AI score0.34454EPSS
Exploits0
NCSC
NCSC
added 2026/05/07 4:17 p.m.13 views

Vulnerabilities managed in Ivanti Endpoint Manager Mobile

Ivanti has identified five vulnerabilities in Endpoint Manager Mobile EPMM, also known as MobileIron. One of these vulnerabilities, labeled CVE-2026-6973, allows an authenticated malicious actor with administrative access to remotely execute arbitrary code with administrator privileges. Ivanti...

9.8CVSS6.3AI score0.34454EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 3:29 p.m.32 views

CVE-2026-5788

An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods...

7CVSS0.00819EPSS
Exploits0References1
Ivanti
Ivanti
added 2026/05/07 2:11 p.m.163 views

May 2026 Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (Multiple CVEs)

Summary Ivanti has released updates for Ivanti Endpoint Manager Mobile EPMM which addresses five high severity vulnerabilities. We are aware of a very limited number of customers exploited with CVE-2026-6973. Successful exploitation requires Admin authentication. If customers followed Ivanti’s...

9.8CVSS6.1AI score0.34454EPSS
Exploits0
CISA
CISA
added 2026/05/07 12:0 p.m.9 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-6973link is external Ivanti Endpoint Manager Mobile EPMM Improper Input Validation Vulnerability This type of vulnerability is a frequent attack vector for...

7.2CVSS6AI score0.34454EPSS
In wildExploits0References6
CISA KEV Catalog
CISA KEV Catalog
added 2026/05/07 12:0 a.m.12 views

Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution...

7.2CVSS6.2AI score0.34454EPSS
In wildExploits0
CISA
CISA
added 2026/04/08 12:0 p.m.8 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-1340link is external Ivanti Endpoint Manager Mobile EPMM Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious...

9.8CVSS7.3AI score0.8404EPSS
In wildExploits6References6
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/08 12:0 a.m.9 views

Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution...

9.8CVSS7.6AI score0.8404EPSS
In wildExploits6
NCSC
NCSC
added 2026/03/10 2:20 p.m.9 views

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager Specific for versions prior to 2024 SU5. The vulnerability with attribute CVE-2026-1603 concerns an authentication bypass that allows remote, unauthenticated attackers to gain access to certain stored login credentials, which can lead to...

8.6CVSS6.3AI score0.8056EPSS
Exploits0References2
CISA
CISA
added 2026/03/09 12:0 p.m.32 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-22054link is external Omnissa Workspace ONE Server-Side Request Forgery CVE-2025-26399link is external SolarWinds Web Help Desk Deserialization of...

9.8CVSS5.8AI score0.97713EPSS
In wildExploits2References8
CISA KEV Catalog
CISA KEV Catalog
added 2026/03/09 12:0 a.m.9 views

Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability

Ivanti Endpoint Manager EPM contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data...

8.6CVSS5.8AI score0.8056EPSS
In wildExploits0
RedhatCVE
RedhatCVE
added 2026/02/26 10:14 a.m.11 views

CVE-2026-25785

Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...

9.8CVSS6.1AI score0.00566EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/25 6:31 a.m.5 views

EUVD-2026-8515

Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...

9.8CVSS6.1AI score0.00566EPSS
Exploits0References3
NVD
NVD
added 2026/02/25 6:16 a.m.11 views

CVE-2026-25785

Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...

9.8CVSS0.00566EPSS
Exploits0References2
OSV
OSV
added 2026/02/25 6:16 a.m.8 views

CVE-2026-25785

Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...

9.3CVSS6.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/02/25 6:14 a.m.5 views

Lanscope Endpoint Manager (On-Premises) vulnerable to path traversal

Overview Lanscope Endpoint Manager On-Premises provided by MOTEX Inc. contains the following vulnerability. Path traversal CWE-22 - CVE-2026-25785 The following people reported this vulnerability to MOTEX Inc. and coordinated with the vendor. After the coordination was completed, MOTEX Inc...

9.8CVSS6.5AI score0.00566EPSS
Exploits0References4
Rows per page
Query Builder