1421 matches found
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data...
CVE-2026-1602
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2026-1602
Ivanti Endpoint Manager prior to 2024 SU5 is affected by an SQL injection vulnerability that allows a remote authenticated attacker to read arbitrary data from the database. The CVSSv3.1 base score is 6.5 (Medium) with Network attack vector, Low attack complexity, Privileges Required: Low, No use...
CVE-2026-1602
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data
The Netherlands' Dutch Data Protection Authority AP and the Council for the Judiciary confirmed both agencies Rvdr have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile EPMM, according to a notice se...
Ivanti Endpoint Manager 安全漏洞
Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU5 contained security vulnerabilities. These vulnerabilities were due to authentication bypass vulnerabilities, which could allow...
Ivanti Endpoint Manager SQL注入漏洞
Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU5 contained a SQL injection vulnerability. This vulnerability allows remote authentication attackers to access arbitrary data in the...
PT-2026-7269
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU5 Description A SQL injection issue exists in Ivanti Endpoint Manager. A remote authenticated attacker can potentially read arbitrary data from the database through this flaw. Recommendations...
Security Advisory EPM February 2026 for EPM 2024
Update 18 Feb: Added FAQ on patching Agents. Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses one high severity vulnerability and one medium severity vulnerability. Successful exploitation could allow a remote authenticated attacker to leak arbitrary data or...
PT-2026-7270
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU5 Description An authentication bypass exists in Ivanti Endpoint Manager that allows a remote, unauthenticated attacker to leak stored credential data. This flaw is actively exploited in the wil...
Exploit for Code Injection in Ivanti Endpoint_Manager_Mobile
CVE-2026-1281 & CVE-2026-1340 - Ivanti EPMM Pre-Auth RCE !L...
VulnCheck KEV: CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...
Sangoma FreePBX OS Command Injection Vulnerability
Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known user via the testconnection - checksshconnect function. An attacker can leverage this vulnerability to potentially obtain remote...
Ivanti EPMM remote code execution
Added: 02/02/2026 CVE: CVE-2026-1281 Background Ivanti Endpoint Manager Mobile, formerly MobileIron Core, is a security and Unified Endpoint Management UEM tool. Problem A command injection vulnerability in Ivanti EPMM could allow an unauthenticated attacker to execute arbitrary commands by sendi...
The vulnerability of the Ivanti Endpoint Manager Mobile (EPMM) application for managing the lifecycle of mobile devices and applications lies in improper code generation. This allows an attacker to execute arbitrary code.
The vulnerability of the Ivanti Endpoint Manager Mobile EPMM application for managing the lifecycle of mobile devices and applications is related to improper code generation. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...
EUVD-2026-4936
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...
Ivanti Endpoint Manager Mobile < 12.6.1.1 / 12.7.0.1 / 12.8.0.1 Multiple Vulnerabilities
The version of Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is prior to 12.6.1.1, 12.7.0.1, or 12.8.0.1. It is, therefore, affected by multiple vulnerabilities: - A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticat...
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...