Lucene search
K

4371 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.139 views

Ivanti EPM - Remote Code Execution

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. id: CVE-2024-29824 info: name: Ivanti EPM - Remote Code Execution author: DhiyaneshDK severity: critical description: | ...

9.6CVSS9.4AI score0.99951EPSS
Exploits5References4
Nuclei
Nuclei
added 2026/06/13 1:20 p.m.14 views

Ivanti Sentry - OS Command Injection

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution id: CVE-2026-10520 info: name: Ivanti Sentry - OS Command Injection author: DhiyaneshDk severity: critical...

10CVSS6.2AI score0.99041EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

Ivanti Endpoint Manager Mobile < 12.7.0.2 / 12.8 < 12.8.0.3 / 12.9 < 12.9.0.1 OS Command Injection (CVE-2026-10727)

The version of Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is prior to 12.7.0.2, 12.8.x prior to 12.8.0.3, or 12.9.x prior to 12.9.0.1. It is, therefore, affected by an OS command injection vulnerability: - An OS command injection vulnerability in Ivanti...

7.2CVSS5.6AI score0.01634EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.28 views

Ivanti Sentry < R10.5.2 / R10.6.2 / R10.7.1 Multiple Vulnerabilities

The version of Ivanti Sentry formerly MobileIron Sentry running on the remote host is prior to R10.5.2, R10.6.2, or R10.7.1. It is, therefore, affected by multiple vulnerabilities : - An OS command injection vulnerability allows a remote, unauthenticated attacker to achieve root-level remote code...

10CVSS6.3AI score0.99041EPSS
Exploits6References3
CISA
CISA
added 2026/06/11 12:0 p.m.99 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-10520link is external Ivanti Sentry OS Command Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and...

10CVSS5.8AI score0.99041EPSS
In wildExploits6References7
Saint
Saint
added 2026/06/11 12:0 a.m.39 views

Ivanti Sentry handleMessage authentication bypass and command execution

Added: 06/11/2026 Background Ivanti Sentry, formerly MobileIron Sentry, is an in-line gateway that manages, encrypts, and secures traffic between the mobile device and back-end enterprise systems. Problem An authentication bypass and command execution vulnerability in the handleMessage endpoint...

10CVSS6.5AI score0.99041EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/11 12:0 a.m.12 views

Ivanti Sentry OS Command Injection Vulnerability

Ivanti Sentry formerly known as MobileIron Sentry contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged sta...

10CVSS6.3AI score0.99041EPSS
In wildExploits6
The Hacker News
The Hacker News
added 2026/06/10 3:10 p.m.19 views

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox...

10CVSS9.6AI score0.99041EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.16 views

CVE-2026-10520

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...

10CVSS6.2AI score0.99041EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.16 views

CVE-2026-10523

An Authentication Bypass vulnerability CWE-288 in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access...

9.9CVSS6AI score0.4719EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.12 views

CVE-2026-10727

An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root...

7.2CVSS6AI score0.01634EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2026/06/10 10:21 a.m.12 views

CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry

Overview On June 9, 2026, Ivanti published a security advisory for two critical vulnerabilities affecting Ivanti Sentry formerly known as MobileIron Sentry, which per the vendor website is an “in-line gateway that manages, encrypts, and secures traffic between the mobile device and back-end...

10CVSS7.3AI score0.99041EPSS
Exploits6
GithubExploit
GithubExploit
added 2026/06/10 8:33 a.m.94 views

Exploit for CVE-2026-10520

CVE-2026-10520 — Ivanti Sentry Mass Scanner Detection scanner...

10CVSS5.5AI score0.99041EPSS
Exploits6
VulnCheck KEV
VulnCheck KEV
added 2026/06/10 12:0 a.m.16 views

VulnCheck KEV: CVE-2026-10520

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...

10CVSS6.6AI score0.99041EPSS
In wildExploits6References23
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48577

Ivanti disclosed that certain versions of Sentry are susceptible to two vulnerabilities: CVE-2026-10520 and CVE-2026-1052...

10CVSS5.8AI score0.99041EPSS
Exploits6References1
BDU FSTEC
BDU FSTEC
added 2026/06/10 12:0 a.m.4 views

The vulnerability of the built-in mobile security firewall Ivanti Sentry lies in the lack of measures to neutralize specific elements, allowing a intruder to execute arbitrary commands with root privileges.

The vulnerability of the built-in mobile security firewall, Ivanti Sentry, is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands with root privileges...

10CVSS6.4AI score0.99041EPSS
Exploits6References5Affected Software1
GithubExploit
GithubExploit
added 2026/06/09 9:55 p.m.48 views

Exploit for CVE-2026-10520

CVE-2026-10520 and CVE-2026-10523 An Ivanti Sentry Authentica...

10CVSS6.7AI score0.99041EPSS
Exploits6
EUVD
EUVD
added 2026/06/09 6:30 p.m.10 views

EUVD-2026-35444

An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root...

7.2CVSS6.3AI score0.34454EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.14 views

EUVD-2026-35441

An Authentication Bypass vulnerability CWE-288 in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access...

10CVSS5.6AI score0.99041EPSS
Exploits6References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.10 views

EUVD-2026-35440

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...

10CVSS6.3AI score0.99041EPSS
Exploits6References2
Rows per page
Query Builder