Lucene search
+L

1421 matches found

Cvelist
Cvelist
added 2026/02/10 3:9 p.m.579 views

CVE-2026-1603

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data...

8.6CVSS0.8056EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/10 3:7 p.m.26 views

CVE-2026-1602

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

6.5CVSS0.00685EPSS
Exploits0References1
CVE
CVE
added 2026/02/10 3:7 p.m.22 views

CVE-2026-1602

Ivanti Endpoint Manager prior to 2024 SU5 is affected by an SQL injection vulnerability that allows a remote authenticated attacker to read arbitrary data from the database. The CVSSv3.1 base score is 6.5 (Medium) with Network attack vector, Low attack complexity, Privileges Required: Low, No use...

6.5CVSS6.1AI score0.00685EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/10 3:7 p.m.4 views

CVE-2026-1602

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

6.5CVSS6.1AI score0.00685EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/02/10 8:22 a.m.13 views

Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data

The Netherlands' Dutch Data Protection Authority AP and the Council for the Judiciary confirmed both agencies Rvdr have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile EPMM, according to a notice se...

9.8CVSS9AI score0.8404EPSS
Exploits6
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.8 views

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU5 contained security vulnerabilities. These vulnerabilities were due to authentication bypass vulnerabilities, which could allow...

8.6CVSS7.5AI score0.8056EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.8 views

Ivanti Endpoint Manager SQL注入漏洞

Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU5 contained a SQL injection vulnerability. This vulnerability allows remote authentication attackers to access arbitrary data in the...

6.5CVSS7.3AI score0.00685EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.9 views

PT-2026-7269

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU5 Description A SQL injection issue exists in Ivanti Endpoint Manager. A remote authenticated attacker can potentially read arbitrary data from the database through this flaw. Recommendations...

6.5CVSS6AI score0.00685EPSS
Exploits0References9
Ivanti
Ivanti
added 2026/02/09 8:55 p.m.38 views

Security Advisory EPM February 2026 for EPM 2024

Update 18 Feb: Added FAQ on patching Agents. Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses one high severity vulnerability and one medium severity vulnerability. Successful exploitation could allow a remote authenticated attacker to leak arbitrary data or...

8.6CVSS6.4AI score0.8056EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.12 views

PT-2026-7270

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU5 Description An authentication bypass exists in Ivanti Endpoint Manager that allows a remote, unauthenticated attacker to leak stored credential data. This flaw is actively exploited in the wil...

8.6CVSS7.4AI score0.8056EPSS
Exploits0References81
GithubExploit
GithubExploit
added 2026/02/07 11:28 a.m.228 views

Exploit for Code Injection in Ivanti Endpoint_Manager_Mobile

CVE-2026-1281 & CVE-2026-1340 - Ivanti EPMM Pre-Auth RCE !L...

9.8CVSS5.5AI score0.8404EPSS
Exploits6
VulnCheck KEV
VulnCheck KEV
added 2026/02/04 12:0 a.m.3 views

VulnCheck KEV: CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

9.8CVSS6.1AI score0.8404EPSS
In wildExploits6References11
CISA KEV Catalog
CISA KEV Catalog
added 2026/02/03 12:0 a.m.9 views

Sangoma FreePBX OS Command Injection Vulnerability

Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known user via the testconnection - checksshconnect function. An attacker can leverage this vulnerability to potentially obtain remote...

8.6CVSS5.7AI score0.84618EPSS
In wildExploits4
Saint
Saint
added 2026/02/02 12:0 a.m.106 views

Ivanti EPMM remote code execution

Added: 02/02/2026 CVE: CVE-2026-1281 Background Ivanti Endpoint Manager Mobile, formerly MobileIron Core, is a security and Unified Endpoint Management UEM tool. Problem A command injection vulnerability in Ivanti EPMM could allow an unauthenticated attacker to execute arbitrary commands by sendi...

9.8CVSS6AI score0.8404EPSS
Exploits6
BDU FSTEC
BDU FSTEC
added 2026/02/02 12:0 a.m.8 views

The vulnerability of the Ivanti Endpoint Manager Mobile (EPMM) application for managing the lifecycle of mobile devices and applications lies in improper code generation. This allows an attacker to execute arbitrary code.

The vulnerability of the Ivanti Endpoint Manager Mobile EPMM application for managing the lifecycle of mobile devices and applications is related to improper code generation. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

10CVSS7.9AI score0.81231EPSS
Exploits6References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/31 3:19 a.m.9 views

CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

9.8CVSS6.2AI score0.8404EPSS
Exploits6References1
EUVD
EUVD
added 2026/01/30 12:31 a.m.7 views

EUVD-2026-4936

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

9.8CVSS6.2AI score0.8404EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2026/01/30 12:0 a.m.9 views

Ivanti Endpoint Manager Mobile < 12.6.1.1 / 12.7.0.1 / 12.8.0.1 Multiple Vulnerabilities

The version of Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is prior to 12.6.1.1, 12.7.0.1, or 12.8.0.1. It is, therefore, affected by multiple vulnerabilities: - A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticat...

9.8CVSS8.9AI score0.8404EPSS
Exploits6References3
OSV
OSV
added 2026/01/29 10:15 p.m.12 views

CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

9.8CVSS6.2AI score0.8404EPSS
Exploits6References1
OSV
OSV
added 2026/01/29 10:15 p.m.4 views

CVE-2026-1281

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

9.8CVSS6.1AI score0.8404EPSS
Exploits6References2
Rows per page
Query Builder