4369 matches found
CVE-2026-10523
An Authentication Bypass vulnerability CWE-288 in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access...
CVE-2026-10727
An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root...
CVE-2026-10727
An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root...
CVE-2026-10727
Ivanti EPMM (Ivanti Endpoint Manager/Mobile EPMM) is affected by an OS command injection in versions before 12.9.0.1, 12.8.0.3, and 12.7.0.2. A remote authenticated attacker can execute arbitrary commands as root. The CVSS (3.1) vectors indicate network access, high impact on confidentiality, int...
CVE-2026-10727
An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root...
CVE-2026-10523
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-10523
An Authentication Bypass vulnerability CWE-288 in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access...
CVE-2026-10523
An Authentication Bypass vulnerability CWE-288 in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access...
CVE-2026-10520
Ivanti Sentry (formerly MobileIron Sentry) is affected by CVE-2026-10520, an OS Command Injection vulnerability that allows an unauthenticated remote attacker to execute arbitrary commands as root. The issue resides in the ConfigServiceController via the unauthenticated POST to /mics/api/v2/sentr...
CVE-2026-10520
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...
CVE-2026-10520
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...
Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523)
Last Modified Date Jun 16, 2026 12:48:48 AM...
Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-10727)
Update 11 June: FAQ Updated Summary Ivanti has released updates for Ivanti Endpoint Manager Mobile EPMM which addresses one high severity vulnerability. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details CVE Number | Descriptio...
CVE-2026-10727
creationtimestamp| type| source ---|---|--- 2026-06-09 08:30:20+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/ivanti-security-advisory-av26-567 2026-06-10 02:18:20+00:00| seen| https://www.acn.gov.it/portale/w/ivanti-june-security-update-1 2026-06-10 13:15:21+00:00| seen|...
CVE-2026-10520
creationtimestamp| type| source ---|---|--- 2026-06-09 08:30:20+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/ivanti-security-advisory-av26-567 2026-06-09 20:34:10+00:00| published-proof-of-concept|...
PT-2026-47808
Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.9.0.1 Ivanti EPMM versions prior to 12.8.0.3 Ivanti EPMM versions prior to 12.7.0.2 Description An OS command injection issue allows a remote authenticated attacker to execute arbitrary commands with root...
PT-2026-47807
Name of the Vulnerable Software and Affected Versions Ivanti Sentry versions prior to R10.5.2 Ivanti Sentry versions prior to R10.6.2 Ivanti Sentry versions prior to R10.7.1 Description An authentication bypass allows a remote unauthenticated attacker to create arbitrary administrative accounts a...
PT-2026-47806
Name of the Vulnerable Software and Affected Versions Ivanti Sentry versions prior to R10.5.2 Ivanti Sentry versions prior to R10.6.2 Ivanti Sentry versions prior to R10.7.1 Description An OS command injection flaw allows a remote unauthenticated user to execute arbitrary code with root privilege...
Ivanti Sentry 操作系统命令注入漏洞
Ivanti Sentry is an online gateway provided by the American company Ivanti. It is used to manage, encrypt, and protect traffic between mobile devices and backend enterprise systems. Versions of Ivanti Sentry prior to R10.5.2, R10.6.2, and R10.7.1 contained an operating system command injection...
Ivanti Sentry 安全漏洞
Ivanti Sentry is an online gateway provided by the American company Ivanti. It is used to manage, encrypt, and protect traffic between mobile devices and backend enterprise systems. There are security vulnerabilities in versions of Ivanti Sentry prior to R10.5.2, R10.6.2, and R10.7.1. These...