CVE-2026-8110

Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...

CVE-2026-8111

CVE-2026-8111 describes an SQL injection in the web console of Ivanti Endpoint Manager prior to 2024 SU6. The vulnerability allows a remote authenticated attacker to achieve remote code execution via the web console, as indicated by the description and CVSS metrics (High, 8.8). Affected product: ...

CVE-2026-8111

SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...

CVE-2026-8110

Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...

CVE-2026-8110

CVE-2026-8110 affects the Ivanti Endpoint Manager agent prior to 2024 SU6. The issue is an incorrect permissions assignment in the agent that allows a local authenticated attacker to escalate privileges (local, low complexity, no user interaction). The impact is elevated confidentiality, integrit...

CVE-2026-8109

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...

PT-2026-40043

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU6 Description Incorrect permissions assignment in the agent allows a local authenticated attacker to escalate their privileges. Recommendations Update to version 2024 SU6 or later...

PT-2026-40042

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...

CVE-2026-1602

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

CVE-2026-1603

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data...

CVE-2026-1602

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

CVE-2026-1603

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data...

CVE-2026-1602

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU5 contained security vulnerabilities. These vulnerabilities were due to authentication bypass vulnerabilities, which could allow...

Ivanti Endpoint Manager SQL注入漏洞

Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU5 contained a SQL injection vulnerability. This vulnerability allows remote authentication attackers to access arbitrary data in the...

PT-2026-7270

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU5 Description An authentication bypass exists in Ivanti Endpoint Manager that allows a remote, unauthenticated attacker to leak stored credential data. This flaw is actively exploited in the wil...

CVE-2025-10573

Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required...

CVE-2025-13662

Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required...

CVE-2025-13659

Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required...

CVE-2025-10573

Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required...