21 matches found
EUVD-2026-22278
Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...
CVE-2026-4914
Ivanti N‑ITSM is affected (before version 2025.4) by a Stored XSS vulnerability that requires user interaction and authenticated access. An attacker can remotely obtain limited information from other user sessions, with a Confidentiality impact of Low and no Availability impact (CVSS v3.1 base 5....
CVE-2026-4914
Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required...
CVE-2025-11367
The N-central Software Probe 2025.4 is vulnerable to Remote Code Execution via deserialization...
CVE-2025-11366
N-central 2025.4 is vulnerable to authentication bypass via path traversal...
CVE-2025-11700
N-central versions 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure...
EUVD-2025-131913
N-central 2025.4 is vulnerable to authentication bypass via path traversal...
EUVD-2025-131915
N-central 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4...
CVE-2025-9316
N-central 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4...
CVE-2025-11366
N-central 2025.4 is vulnerable to authentication bypass via path traversal...
CVE-2025-11366
N-central 2025.4 is vulnerable to authentication bypass via path traversal...
CVE-2025-11367
The N-central Software Probe 2025.4 is vulnerable to Remote Code Execution via deserialization...
CVE-2025-11367
The N-central Software Probe 2025.4 is vulnerable to Remote Code Execution via deserialization...
CVE-2025-11367 N-central windows software probe Remote Code Execution
The N-central Software Probe 2025.4 is vulnerable to Remote Code Execution via deserialization...
CVE-2025-11366 N-central Authentication bypass via path traversal
N-central 2025.4 is vulnerable to authentication bypass via path traversal...
CVE-2025-11700 N-central Multiple XXE Injection Vulnerabilities
N-central versions 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure...
CVE-2025-9316
CVE-2025-9316 affects N-able N-Central versions before 2025.4, enabling unauthenticated sessionID generation and potential session hijack. A nuclei template and advisories describe it as an authentication bypass; mitigations cite updating to 2025.4 or later. Some sources also reference combining ...
CVE-2025-9316 N-central unauthenticated sessionID generation
N-central 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4...
N-able N-central 安全漏洞
N-able N-central is an RMM platform from N-able Canada Inc. provides large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central versions prior to 2025.4 that stems from generating session IDs f...
N-able N-central 安全漏洞
N-able N-central is an RMM platform from N-able Canada Inc. provides large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central versions prior to 2025.4 that stems from path traversal leading t...