Lucene search
K

82 matches found

Nuclei
Nuclei
added last week130 views

Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution

An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials. This leads to unauthenticated Remote Code Execution via unsafe userinput in one of the bean validators which is sink for Server-Side Template Injection. id:...

7.5CVSS7.1AI score0.99899EPSS
Exploits8References1
BDU FSTEC
BDU FSTEC
added 2026/06/30 12:0 a.m.3 views

The vulnerability of the Endpoint Manager Mobile app for managing the lifecycle of mobile devices and mobile applications (formerly known as MobileIron Core) arises from the lack of measures taken to neutralize specific elements. This allows a malicious user to execute arbitrary commands on behalf of the root user.

The vulnerability of the Ivanti Endpoint Manager Mobile EPMM application for managing the lifecycle of mobile devices and mobile applications formerly known as MobileIron Core is related to the failure to implement measures to neutralize specific elements. Exploiting this vulnerability allows a...

9CVSS6.1AI score0.01634EPSS
Exploits0References3Affected Software1
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.240 views

Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass

Ivanti Endpoint Manager Mobile EPMM, formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available. id: CVE-2023-35078 info...

10CVSS8.8AI score0.99999EPSS
Exploits14References5
NCSC
NCSC
added 2026/05/07 4:17 p.m.13 views

Vulnerabilities managed in Ivanti Endpoint Manager Mobile

Ivanti has identified five vulnerabilities in Endpoint Manager Mobile EPMM, also known as MobileIron. One of these vulnerabilities, labeled CVE-2026-6973, allows an authenticated malicious actor with administrative access to remotely execute arbitrary code with administrator privileges. Ivanti...

9.8CVSS6.3AI score0.34454EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 3:29 p.m.31 views

CVE-2026-5788

An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods...

7CVSS0.00819EPSS
Exploits0References1
CISA
CISA
added 2026/05/07 12:0 p.m.9 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-6973link is external Ivanti Endpoint Manager Mobile EPMM Improper Input Validation Vulnerability This type of vulnerability is a frequent attack vector for...

7.2CVSS6AI score0.34454EPSS
In wildExploits0References6
CISA KEV Catalog
CISA KEV Catalog
added 2026/05/07 12:0 a.m.10 views

Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution...

7.2CVSS6.2AI score0.34454EPSS
In wildExploits0
NCSC
NCSC
added 2026/02/20 2:47 p.m.21 views

ZeroDay vulnerabilities fixed in Ivanti Endpoint Manager Mobile

Ivanti has fixed two vulnerabilities in Endpoint Manager Mobile EPMM, ok known as MobileIron. The vulnerabilities allow an unauthenticated malicious person to execute arbitrary code on the vulnerable system. Of the vulnerability marked CVE-2026-1281, Ivanti reports that it has been actively...

9.8CVSS6.2AI score0.8404EPSS
Exploits6References2
GithubExploit
GithubExploit
added 2026/02/19 9:29 p.m.196 views

Exploit for Code Injection in Ivanti Endpoint_Manager_Mobile

Ivanti EPMM pre-auth RCE Dummy Target A simple demo applicati...

9.8CVSS5.7AI score0.8404EPSS
Exploits6
The Hacker News
The Hacker News
added 2026/02/12 7:32 a.m.16 views

83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile EPMM can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitati...

10CVSS7.1AI score0.98871EPSS
Exploits77
Saint
Saint
added 2026/02/02 12:0 a.m.101 views

Ivanti EPMM remote code execution

Added: 02/02/2026 CVE: CVE-2026-1281 Background Ivanti Endpoint Manager Mobile, formerly MobileIron Core, is a security and Unified Endpoint Management UEM tool. Problem A command injection vulnerability in Ivanti EPMM could allow an unauthenticated attacker to execute arbitrary commands by sendi...

9.8CVSS6AI score0.8404EPSS
Exploits6
BDU FSTEC
BDU FSTEC
added 2026/02/02 12:0 a.m.3 views

The vulnerability of the Ivanti Endpoint Manager Mobile (EPMM) application for managing the lifecycle of mobile devices and applications lies in improper code generation. This allows an attacker to execute arbitrary code.

The vulnerability of the Ivanti Endpoint Manager Mobile EPMM application for managing the lifecycle of mobile devices and applications is related to improper code generation. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

10CVSS7.9AI score0.81231EPSS
Exploits6References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/31 3:19 a.m.11 views

CVE-2026-1281

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

9.8CVSS6.2AI score0.81231EPSS
Exploits6References1
Tenable Nessus
Tenable Nessus
added 2026/01/30 12:0 a.m.9 views

Ivanti Endpoint Manager Mobile < 12.6.1.1 / 12.7.0.1 / 12.8.0.1 Multiple Vulnerabilities

The version of Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is prior to 12.6.1.1, 12.7.0.1, or 12.8.0.1. It is, therefore, affected by multiple vulnerabilities: - A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticat...

9.8CVSS8.9AI score0.8404EPSS
Exploits6References3
OSV
OSV
added 2026/01/29 10:15 p.m.12 views

CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

9.8CVSS6.2AI score0.8404EPSS
Exploits6References1
OSV
OSV
added 2026/01/29 10:15 p.m.4 views

CVE-2026-1281

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

9.8CVSS6.1AI score0.8404EPSS
Exploits6References2
NVD
NVD
added 2026/01/29 10:15 p.m.10 views

CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

9.8CVSS0.8404EPSS
Exploits6References2
ATTACKERKB
ATTACKERKB
added 2026/01/29 9:33 p.m.8 views

CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

9.8CVSS6.2AI score0.8404EPSS
Exploits6References3
Vulnrichment
Vulnrichment
added 2026/01/29 9:33 p.m.8 views

CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

9.8CVSS6.2AI score0.8404EPSS
Exploits6References1
CVE
CVE
added 2026/01/29 9:33 p.m.75 views

CVE-2026-1340

CVE-2026-1340 affects Ivanti Endpoint Manager Mobile (EPMM) with a code-injection flaw that could allow unauthenticated remote code execution. The CVSS v3.1 base score is 9.8 (CRITICAL) with network attack vector, no privileges required, no user interaction, and high impact to confidentiality, in...

9.8CVSS6.2AI score0.8404EPSS
In wildExploits6References2Affected Software1
Rows per page
Query Builder