CVE-2026-50209

Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...

CVE-2026-49185 Instruction Injection via FieldX MDM

The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...

CVE-2026-7821

Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of...

PT-2026-38456

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager Mobile versions prior to 12.6.1.1 Ivanti Endpoint Manager Mobile versions prior to 12.7.0.1 Ivanti Endpoint Manager Mobile versions prior to 12.8.0.1 Description An improper input validation issue in Ivanti Endpoint...

Ivanti EPMM 信任管理问题漏洞

Ivanti EPMM is a product developed by the American company Ivanti that allows IT departments to establish policies for mobile devices, applications, and content. Versions of Ivanti EPMM prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1 contained vulnerabilities related to trust management. These...

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session in the MDM command processing while handling SyncML status code. An attacker can obtain sensitive configuration data belonging to other devices such as WiFi credentials, VPN secrets, and...

CVE-2026-34391

Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets...

CVE-2026-34385

CVE-2026-34385 affects Fleet open source device management software. A second‑order SQL injection in Fleet’s Apple MDM profile delivery pipeline prior to 4.81.0 could allow a user with a valid MDM enrollment certificate to exfiltrate or modify the Fleet database contents, including user credentia...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Version 2.7.6 of Open5GS contains a security vulnerability. This vulnerability stems from incorrect operations on the function mmes11handlecreatesessionresponse in the...

PT-2026-8295

A flaw has been found in Open5GS 2.7.6. The impacted element is the function mme s11 handle create session response of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of t...

Ivanti Endpoint Manager Mobile code injection vulnerability

Ivanti Endpoint Manager Mobile is a mobile management software engine developed by the American company Ivanti. Ivanti Endpoint Manager Mobile has a code injection vulnerability, which stems from code injection and may allow unauthenticated remote code execution...

GHSA-63M5-974W-448V Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment

Summary A vulnerability in Fleet’s Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized...

CVE-2024-2146

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /?p=products. The manipulation of the argument search leads to cross site scripting. The attack can be launch...

CVE-2024-2145

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the...

CVE-2024-2153

A vulnerability, which was classified as critical, was found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /admin/orders/vieworder.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2024-2151

A vulnerability classified as problematic was found in SourceCodester Online Mobile Management Store 1.0. Affected by this vulnerability is an unknown functionality of the component Product Price Handler. The manipulation of the argument quantity with the input -1 leads to business logic errors...

CVE-2024-2152

A vulnerability, which was classified as critical, has been found in SourceCodester Online Mobile Management Store 1.0. Affected by this issue is some unknown functionality of the file /admin/product/manageproduct.php. The manipulation of the argument id leads to sql injection. The attack may be...

EUVD-2014-8324

Malware in sbrugna...

EUVD-2017-14749

Malware in sbrugna...

EUVD-2023-40947

Malicious code in bioql PyPI...