Security Advisory EPM February 2026 for EPM 2024

Update 18 Feb: Added FAQ on patching Agents. Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses one high severity vulnerability and one medium severity vulnerability. Successful exploitation could allow a remote authenticated attacker to leak arbitrary data or...

EUVD-2011-3267

Malware in sbrugna...

Malicious code in @zalastax/nolb-ils (npm)

The package @zalastax/nolb-ils was found to contain malicious code...

MAL-2025-12029 Malicious code in @zalastax/nolb-ils (npm)

The package @zalastax/nolb-ils was found to contain malicious code...

CVE-2024-28740

Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component...

CVE-2024-28739

An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter...

CVE-2024-28739

An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter...

CVE-2024-28740

Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component...

CVE-2024-28740

CVE-2024-28740 affects Koha ILS versions 23.05 and earlier. The vulnerability is a Cross Site Scripting issue that allows a remote attacker to execute arbitrary code via the additonal-contents.pl component. Evidence across multiple sources confirms the affected product/version and the exploitatio...

CVE-2024-28740

Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component...

CVE-2024-28739

An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter...

CVE-2024-28739

Koha ILS 23.05 and earlier is described in multiple sources as vulnerable to remote code execution via a crafted script to the format parameter. The vulnerability affects Koha ILS versions up to and including 23.05. Concrete exploit details beyond the high-level description (e.g., exact payloads ...

CVE-2024-28739

An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter...

PT-2024-22552 · Koha Ils · Koha Ils

Name of the Vulnerable Software and Affected Versions: Koha ILS versions 23.05 and earlier Description: The issue allows a remote attacker to execute arbitrary code. This is achieved via the additonal-contents.pl component. Recommendations: For versions 23.05 and earlier, consider disabling acces...

CVE-2024-28740

Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component...

EFB Tampering. The Human Factor

Like most people, pilots want to expedite things and generally make their work easier. A common conception about aviation is that its a leading industry with technology at its forefront. While this is generally true some of the systems in use today are rather dated to put it mildly. A great examp...

DEF CON 28: ILS and TCAS Spoofing

This post is a companion to the DEF CON 28 video available here The purpose here is to give some practical demonstrations of two kinds of radio frequency spoofing attack against two different types of cockpit instruments that are found in virtually every single commercial aircraft flying today...

CVE-2013-7435

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fmIDL.xml...

canada-ils.com XSS vulnerability

Open Bug Bounty ID: OBB-222858 Description| Value ---|--- Affected Website:| canada-ils.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Koha ILS 3.20.x CSRF / XSS / Traversal / SQL Injection

=============================================================================================== SBA Research Vulnerability Disclosure =============================================================================================== title: Koha Unauthenticated SQL injection product: Koha ILS affecte...