952 matches found
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard
A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForWildcard endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC pat...
Ivanti Endpoint Manager - Authentication Bypass
Ivanti Endpoint Manager 2024 SU5 contains an authentication bypass caused by improper access control, letting remote unauthenticated attackers leak stored credential data, exploit requires no special privileges. id: CVE-2026-1603 info: name: Ivanti Endpoint Manager - Authentication Bypass author:...
CVE-2026-8109
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...
CVE-2026-8111
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...
CVE-2026-8110
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...
Ivanti Endpoint Manager < 2024 SU6 Multiple Vulnerabilities
The version of Ivanti Endpoint Manager running on the remote host is prior to 2024 SU6. It is, therefore, affected by multiple vulnerabilities: - An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access...
EUVD-2026-29491
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...
EUVD-2026-29490
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...
EUVD-2026-29489
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...
CVE-2026-8111
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...
CVE-2026-8109
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...
CVE-2026-8110
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...
CVE-2026-8111
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...
CVE-2026-8111
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...
CVE-2026-8111
CVE-2026-8111 describes an SQL injection in the web console of Ivanti Endpoint Manager prior to 2024 SU6. The vulnerability allows a remote authenticated attacker to achieve remote code execution via the web console, as indicated by the description and CVSS metrics (High, 8.8). Affected product: ...
CVE-2026-8111
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...
CVE-2026-8110
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...
CVE-2026-8110
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...
CVE-2026-8110
CVE-2026-8110 affects the Ivanti Endpoint Manager agent prior to 2024 SU6. The issue is an incorrect permissions assignment in the agent that allows a local authenticated attacker to escalate privileges (local, low complexity, no user interaction). The impact is elevated confidentiality, integrit...
CVE-2026-8110
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...