Lucene search
K

47 matches found

The Hacker News
The Hacker News
added 2026/02/12 7:32 a.m.15 views

83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile EPMM can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitati...

10CVSS7.1AI score0.98871EPSS
Exploits77
Tenable Nessus
Tenable Nessus
added 2026/01/30 12:0 a.m.9 views

Ivanti Endpoint Manager Mobile < 12.6.1.1 / 12.7.0.1 / 12.8.0.1 Multiple Vulnerabilities

The version of Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is prior to 12.6.1.1, 12.7.0.1, or 12.8.0.1. It is, therefore, affected by multiple vulnerabilities: - A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticat...

9.8CVSS8.9AI score0.8404EPSS
Exploits6References3
OSV
OSV
added 2026/01/29 10:15 p.m.12 views

CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

9.8CVSS6.2AI score0.8404EPSS
Exploits6References1
CVE
CVE
added 2026/01/29 9:33 p.m.73 views

CVE-2026-1340

CVE-2026-1340 affects Ivanti Endpoint Manager Mobile (EPMM) with a code-injection flaw that could allow unauthenticated remote code execution. The CVSS v3.1 base score is 9.8 (CRITICAL) with network attack vector, no privileges required, no user interaction, and high impact to confidentiality, in...

9.8CVSS6.2AI score0.8404EPSS
In wildExploits6References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.42 views

EUVD-2025-20528

Malicious code in bioql PyPI...

7.2CVSS6.3AI score0.14809EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/09/19 4:10 a.m.13 views

CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday released details of two sets of malware that were discovered in an unnamed organization's network following the exploitation of security flaws in Ivanti Endpoint Manager Mobile EPMM. "Each set contains loaders for maliciou...

8.8CVSS9AI score0.99891EPSS
Exploits10
CNVD
CNVD
added 2025/07/15 12:0 a.m.10 views

Ivanti Endpoint Manager Mobile OS Command Injection Vulnerability

Ivanti Endpoint Manager Mobile is an enterprise-grade mobile device management MDM solution designed to provide comprehensive mobile device lifecycle management capabilities for organizations. Ivanti Endpoint Manager Mobile suffers from an OS command injection vulnerability that stems from...

7.2CVSS8.7AI score0.12306EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/07/11 12:0 a.m.7 views

Ivanti Endpoint Manager Mobile 12.5.0.x < 12.5.0.2 / 12.4.0.x < 12.4.0.3 / 12.x < 12.3.0.3 Multiple Vulnerabilities

The version of Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is 12.5.0.x prior to 12.5.0.2, 12.4.0.x prior to 12.4.0.3, or 12.x prior to 12.3.0.3. It is, therefore, affected by multiple vulnerabilities: - OS command injection in Ivanti Endpoint Manager Mobil...

7.2CVSS6.2AI score0.14809EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/10 4:28 p.m.4 views

CVE-2025-6771

OS command injection in Ivanti Endpoint Manager Mobile EPMM before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution...

7.2CVSS8AI score0.14809EPSS
Exploits0References1
OSV
OSV
added 2025/07/08 4:15 p.m.1 views

CVE-2025-6771

OS command injection in Ivanti Endpoint Manager Mobile EPMM before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution...

7.2CVSS6.4AI score0.14809EPSS
Exploits0References1
CVE
CVE
added 2025/07/08 3:38 p.m.31 views

CVE-2025-6771

Ivanti Endpoint Manager Mobile (EPMM) is affected by CVE-2025-6771 due to OS command injection in the EPMM component. The vulnerability allows a remote authenticated attacker with high privileges to achieve remote code execution, stemming from improper input parameter filtering. Affected versions...

7.2CVSS7.7AI score0.14809EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/07/08 3:2 p.m.33 views

CVE-2025-6770

CVE-2025-6770 concerns Ivanti Endpoint Manager Mobile (EPMM). The vulnerability is an OS command injection in EPMM prior to version 12.5.0.2 that allows a remote authenticated attacker with high privileges to achieve remote code execution. Several connected sources corroborate affected versions (...

7.2CVSS8.2AI score0.14809EPSS
Exploits0References1Affected Software1
Ivanti
Ivanti
added 2025/07/08 2:35 p.m.33 views

Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2025-6770, CVE-2025-6771)

Security Advisory Ivanti Endpoint Manager Mobile EPMM CVE-2025-6770, CVE-2025-6771 Summary Ivanti has released updates for Ivanti Endpoint Manager Mobile which addresses two high severity vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of...

7.2CVSS7.7AI score0.14809EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.8 views

PT-2025-28486

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager Mobile EPMM versions prior to 12.5.0.2 Ivanti Endpoint Manager Mobile EPMM version 12.4.0.3 Ivanti Endpoint Manager Mobile EPMM version 12.3.0.3 Description: The issue allows a remote authenticated attacker with high...

9CVSS6.4AI score0.14809EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.7 views

PT-2025-28479

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager Mobile EPMM versions prior to 12.5.0.2 Description: The issue allows a remote authenticated attacker with high privileges to achieve remote code execution through OS command injection. Recommendations: For versions pri...

9CVSS6.4AI score0.14809EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/05/22 12:0 a.m.10 views

Ivanti Endpoint Manager Mobile < 11.12.0.5 / < 12.3.0.2 / < 12.4.0.2 / < 12.5.0.1 Authentication Bypass

Ivanti Endpoint Manager Mobile EPMM, formerly MobileIron Core, versions prior to 11.12.0.5 or 12.3.x prior to 12.3.0.2 or 12.4.x prior to 12.4.0.2 or 12.5.x prior to 12.5.0.1 suffer from an authentication bypass vulnerability, allowing unauthorized users to access restricted functionality or...

8.8CVSS7.5AI score0.99891EPSS
Exploits10References3
CISA KEV Catalog
CISA KEV Catalog
added 2025/05/19 12:0 a.m.140 views

Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source...

8.8CVSS7.9AI score0.83641EPSS
In wildExploits10
CISA KEV Catalog
CISA KEV Catalog
added 2025/05/19 12:0 a.m.16 views

Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework...

7.5CVSS7.2AI score0.99891EPSS
In wildExploits8
Rapid7 Blog
Rapid7 Blog
added 2025/05/16 11:0 a.m.18 views

Ivanti Endpoint Manager Mobile exploit chain exploited in the wild

On May 13, 2025, Ivanti disclosed an exploited in the wild exploit chain, comprising of two new vulnerabilities affecting Ivanti Endpoint Manager Mobile EPMM: CVE-2025-4427 and CVE-2025-4428. Ivanti EPMM is an enterprise-focused software suite for IT teams to manage mobile devices, applications,...

8.8CVSS7.4AI score0.99891EPSS
Exploits10
Rapid7 Blog
Rapid7 Blog
added 2025/05/16 11:0 a.m.9 views

Ivanti Endpoint Manager Mobile exploit chain exploited in the wild

On May 13, 2025, Ivanti disclosed an exploited in the wild exploit chain, comprising of two new vulnerabilities affecting Ivanti Endpoint Manager Mobile EPMM: CVE-2025-4427 and CVE-2025-4428. Ivanti EPMM is an enterprise-focused software suite for IT teams to manage mobile devices, applications,...

8.8CVSS9.4AI score0.99891EPSS
Exploits10
Rows per page
Query Builder