909 matches found
Ivanti Endpoint Manager - Authentication Bypass
Ivanti Endpoint Manager 2024 SU5 contains an authentication bypass caused by improper access control, letting remote unauthenticated attackers leak stored credential data, exploit requires no special privileges. id: CVE-2026-1603 info: name: Ivanti Endpoint Manager - Authentication Bypass author:...
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard
A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForWildcard endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC pat...
Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-10727)
Update 11 June: FAQ Updated Summary Ivanti has released updates for Ivanti Endpoint Manager Mobile EPMM which addresses one high severity vulnerability. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details CVE Number | Descriptio...
CVE-2026-8109
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...
CVE-2026-8111
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...
CVE-2026-8110
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...
Ivanti Endpoint Manager < 2024 SU6 Multiple Vulnerabilities
The version of Ivanti Endpoint Manager running on the remote host is prior to 2024 SU6. It is, therefore, affected by multiple vulnerabilities: - An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access...
EUVD-2026-29490
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...
EUVD-2026-29491
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...
EUVD-2026-29489
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...
CVE-2026-8111
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...
CVE-2026-8109
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...
CVE-2026-8110
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...
CVE-2026-8111
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...
CVE-2026-8111
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...
CVE-2026-8111
CVE-2026-8111 describes an SQL injection in the web console of Ivanti Endpoint Manager prior to 2024 SU6. The vulnerability allows a remote authenticated attacker to achieve remote code execution via the web console, as indicated by the description and CVSS metrics (High, 8.8). Affected product: ...
CVE-2026-8111
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...
CVE-2026-8110
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...
CVE-2026-8110
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...
CVE-2026-8110
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...