CVE-2026-8109

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU6 contained security vulnerabilities. These vulnerabilities were due to improper delegation of permissions by agents, which could...

Ivanti Endpoint Manager（EPM） SQL注入漏洞

Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU6 contained a SQL injection vulnerability. This vulnerability stemmed from SQL injections in the web console, and could allow remote...

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager Specific for versions prior to 2024 SU5. The vulnerability with attribute CVE-2026-1603 concerns an authentication bypass that allows remote, unauthenticated attackers to gain access to certain stored login credentials, which can lead to...

TON 安全漏洞

TON is a blockchain software developed under open source. Versions of TON prior to v2024.09 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of external parameters, which could allow attackers to exploit the system through specially crafted Continuation...

CVE-2025-10573

Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required...

Ivanti Endpoint Manager < 2024 SU4 Multiple Vulnerabilities

The version of Ivanti Endpoint Manager running on the remote host is prior to 2024 SU34. It is, therefore, affected by multiple vulnerabilities: - Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary...

CVE-2025-10918

Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk...

CVE-2024-14003

Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution (RCE) through NRDP server plugins, due to insufficient validation of inbound NRDP request parameters that can reach command execution paths on the underlying host in the context of the web/Nagios service. Connected advis...

CVE-2023-7322

Affected software: Nagios Log Server, versions prior to 2024R1. Vulnerability: incorrect authorization in API handling could allow authenticated but non-privileged users to read or modify resources via the API beyond their rights. Root cause: insufficient authorization checks on API endpoints. Im...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI prior to version 2024R1, which stems from a lack of access...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.1.3 that stems from a password change th...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.1.3 that stems from insufficient...

CVE-2025-62389

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

PT-2025-15433 · Ivanti · Ivanti Endpoint Manager

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 SU1 Ivanti Endpoint Manager versions prior to 2022 SU7 Description: The issue concerns improper certificate validation, allowing a remote unauthenticated attacker to intercept limited traffic...

MeetMe 安全漏洞

MeetMe is a dating software from MeetMe, Inc. A security vulnerability exists in versions prior to MeetMe 2024-09, which stems from a call forwarding configuration module credential disclosure that could allow access to critical assets via configuration files...

Akamai ASE 安全漏洞

Akamai ASE is an adaptive security engine from Akamai. A security vulnerability exists in Akamai ASE versions prior to 2024-12-10, which stems from Rule 3000216 not properly handling JavaScript variable assignments...

Progress Telerik Report Server 信任管理问题漏洞

Progress Telerik Report Server is an enterprise-class report management and distribution solution from Progress, Inc. A trust management issue vulnerability exists in versions of Progress Telerik Report Server prior to 2024 Q4, which stems from an older algorithm used to encrypt local asset data,...

Shields 注入漏洞

Shields is a project of Shields open source. An injection vulnerability exists in versions prior to Shields server-2024-09-25, which stems from the JSONPath library used via dynamic JSON/Toml/Yaml badges that can be used against Shields.io instances...

CVE-2024-8316

In Progress Telerik UI for WPF versions prior to 2024 Q3 2024.3.924, a code execution attack is possible through an insecure deserialization vulnerability...