4371 matches found
Ivanti EPM - Remote Code Execution
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. id: CVE-2024-29824 info: name: Ivanti EPM - Remote Code Execution author: DhiyaneshDK severity: critical description: | ...
Ivanti Sentry - OS Command Injection
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution id: CVE-2026-10520 info: name: Ivanti Sentry - OS Command Injection author: DhiyaneshDk severity: critical...
Ivanti Endpoint Manager Mobile < 12.7.0.2 / 12.8 < 12.8.0.3 / 12.9 < 12.9.0.1 OS Command Injection (CVE-2026-10727)
The version of Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is prior to 12.7.0.2, 12.8.x prior to 12.8.0.3, or 12.9.x prior to 12.9.0.1. It is, therefore, affected by an OS command injection vulnerability: - An OS command injection vulnerability in Ivanti...
Ivanti Sentry < R10.5.2 / R10.6.2 / R10.7.1 Multiple Vulnerabilities
The version of Ivanti Sentry formerly MobileIron Sentry running on the remote host is prior to R10.5.2, R10.6.2, or R10.7.1. It is, therefore, affected by multiple vulnerabilities : - An OS command injection vulnerability allows a remote, unauthenticated attacker to achieve root-level remote code...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-10520link is external Ivanti Sentry OS Command Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and...
Ivanti Sentry handleMessage authentication bypass and command execution
Added: 06/11/2026 Background Ivanti Sentry, formerly MobileIron Sentry, is an in-line gateway that manages, encrypts, and secures traffic between the mobile device and back-end enterprise systems. Problem An authentication bypass and command execution vulnerability in the handleMessage endpoint...
Ivanti Sentry OS Command Injection Vulnerability
Ivanti Sentry formerly known as MobileIron Sentry contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged sta...
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox...
CVE-2026-10520
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...
CVE-2026-10523
An Authentication Bypass vulnerability CWE-288 in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access...
CVE-2026-10727
An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root...
CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry
Overview On June 9, 2026, Ivanti published a security advisory for two critical vulnerabilities affecting Ivanti Sentry formerly known as MobileIron Sentry, which per the vendor website is an “in-line gateway that manages, encrypts, and secures traffic between the mobile device and back-end...
Exploit for CVE-2026-10520
CVE-2026-10520 — Ivanti Sentry Mass Scanner Detection scanner...
VulnCheck KEV: CVE-2026-10520
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...
PT-2026-48577
Ivanti disclosed that certain versions of Sentry are susceptible to two vulnerabilities: CVE-2026-10520 and CVE-2026-1052...
The vulnerability of the built-in mobile security firewall Ivanti Sentry lies in the lack of measures to neutralize specific elements, allowing a intruder to execute arbitrary commands with root privileges.
The vulnerability of the built-in mobile security firewall, Ivanti Sentry, is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands with root privileges...
Exploit for CVE-2026-10520
CVE-2026-10520 and CVE-2026-10523 An Ivanti Sentry Authentica...
EUVD-2026-35444
An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root...
EUVD-2026-35441
An Authentication Bypass vulnerability CWE-288 in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access...
EUVD-2026-35440
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...