1421 matches found
PT-2026-40042
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...
PT-2026-40044
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU6 Description SQL injection in the web console allows a remote authenticated attacker to achieve remote code execution. SQL injection is a type of flaw where an attacker can interfere with the...
Ivanti Endpoint Manager(EPM) SQL注入漏洞
Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU6 contained a SQL injection vulnerability. This vulnerability stemmed from SQL injections in the web console, and could allow remote...
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One...
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile EPMM has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 CVSS score: 7.2, is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0....
Vulnerabilities managed in Ivanti Endpoint Manager Mobile
Ivanti has identified five vulnerabilities in Endpoint Manager Mobile EPMM, also known as MobileIron. One of these vulnerabilities, labeled CVE-2026-6973, allows an authenticated malicious actor with administrative access to remotely execute arbitrary code with administrator privileges. Ivanti...
CVE-2026-5788
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods...
May 2026 Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (Multiple CVEs)
Summary Ivanti has released updates for Ivanti Endpoint Manager Mobile EPMM which addresses five high severity vulnerabilities. We are aware of a very limited number of customers exploited with CVE-2026-6973. Successful exploitation requires Admin authentication. If customers followed Ivanti’s...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-6973link is external Ivanti Endpoint Manager Mobile EPMM Improper Input Validation Vulnerability This type of vulnerability is a frequent attack vector for...
Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
Ivanti Endpoint Manager Mobile EPMM contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-1340link is external Ivanti Endpoint Manager Mobile EPMM Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious...
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager Mobile EPMM contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager Specific for versions prior to 2024 SU5. The vulnerability with attribute CVE-2026-1603 concerns an authentication bypass that allows remote, unauthenticated attackers to gain access to certain stored login credentials, which can lead to...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-22054link is external Omnissa Workspace ONE Server-Side Request Forgery CVE-2025-26399link is external SolarWinds Web Help Desk Deserialization of...
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
Ivanti Endpoint Manager EPM contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data...
CVE-2026-25785
Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...
EUVD-2026-8515
Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...
CVE-2026-25785
Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...
CVE-2026-25785
Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...
Lanscope Endpoint Manager (On-Premises) vulnerable to path traversal
Overview Lanscope Endpoint Manager On-Premises provided by MOTEX Inc. contains the following vulnerability. Path traversal CWE-22 - CVE-2026-25785 The following people reported this vulnerability to MOTEX Inc. and coordinated with the vendor. After the coordination was completed, MOTEX Inc...