Total
113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-1603 | 1 Ivanti | 1 Endpoint Manager | 2026-02-12 | N/A | 8.6 HIGH |
|
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
|
|||||
| CVE-2026-1602 | 1 Ivanti | 1 Endpoint Manager | 2026-02-12 | N/A | 6.5 MEDIUM |
|
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
|
|||||
| CVE-2025-62392 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
|
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
|
|||||
| CVE-2025-62391 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
|
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
|
|||||
| CVE-2025-62390 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
|
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
|
|||||
| CVE-2025-62389 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
|
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
|
|||||
| CVE-2025-62388 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
|
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
|
|||||
| CVE-2025-62387 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
|
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
|
|||||
| CVE-2025-62386 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
|
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
|
|||||
| CVE-2025-62385 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
|
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
|
|||||
| CVE-2025-62384 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
|
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
|
|||||
| CVE-2025-62383 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
|
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
|
|||||
| CVE-2025-11623 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
|
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
|
|||||
| CVE-2025-10573 | 1 Ivanti | 1 Endpoint Manager | 2025-12-11 | N/A | 9.6 CRITICAL |
|
Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.
|
|||||
| CVE-2025-13659 | 1 Ivanti | 1 Endpoint Manager | 2025-12-11 | N/A | 8.8 HIGH |
|
Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.
|
|||||
| CVE-2025-13661 | 1 Ivanti | 1 Endpoint Manager | 2025-12-11 | N/A | 7.1 HIGH |
|
Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.
|
|||||
| CVE-2025-13662 | 1 Ivanti | 1 Endpoint Manager | 2025-12-11 | N/A | 7.8 HIGH |
|
Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required.
|
|||||
| CVE-2025-10918 | 1 Ivanti | 1 Endpoint Manager | 2025-11-17 | N/A | 7.1 HIGH |
|
Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk
|
|||||
| CVE-2025-9713 | 1 Ivanti | 1 Endpoint Manager | 2025-11-11 | N/A | 8.8 HIGH |
|
Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
|
|||||
| CVE-2025-11622 | 1 Ivanti | 1 Endpoint Manager | 2025-11-11 | N/A | 7.8 HIGH |
|
Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges.
|
|||||
| CVE-2024-29824 | 1 Ivanti | 1 Endpoint Manager | 2025-10-30 | N/A | 8.8 HIGH |
|
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
|
|||||
| CVE-2024-13159 | 1 Ivanti | 1 Endpoint Manager | 2025-10-24 | N/A | 9.8 CRITICAL |
|
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
|
|||||
| CVE-2024-13160 | 1 Ivanti | 1 Endpoint Manager | 2025-10-24 | N/A | 9.8 CRITICAL |
|
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
|
|||||
| CVE-2024-13161 | 1 Ivanti | 1 Endpoint Manager | 2025-10-24 | N/A | 9.8 CRITICAL |
|
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
|
|||||
| CVE-2025-9712 | 1 Ivanti | 1 Endpoint Manager | 2025-10-10 | N/A | 8.8 HIGH |
|
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
|
|||||
| CVE-2025-9872 | 1 Ivanti | 1 Endpoint Manager | 2025-10-10 | N/A | 8.8 HIGH |
|
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
|
|||||
| CVE-2024-10256 | 1 Ivanti | 6 Endpoint Manager, Neurons Agent Platform, Neurons For Patch Management and 3 more | 2025-08-12 | N/A | 7.1 HIGH |
|
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.
|
|||||
| CVE-2024-13158 | 1 Ivanti | 1 Endpoint Manager | 2025-08-12 | N/A | 7.2 HIGH |
|
An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
|||||
| CVE-2024-13172 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.8 HIGH |
|
Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
|
|||||
| CVE-2024-13171 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.8 HIGH |
|
Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
|
|||||
| CVE-2024-13170 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.5 HIGH |
|
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
|
|||||
| CVE-2024-13169 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.8 HIGH |
|
An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
|
|||||
| CVE-2024-13168 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.5 HIGH |
|
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
|
|||||
| CVE-2024-13164 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.8 HIGH |
|
An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
|
|||||
| CVE-2024-13163 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.8 HIGH |
|
Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
|
|||||
| CVE-2024-13165 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.5 HIGH |
|
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
|
|||||
| CVE-2024-13166 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.5 HIGH |
|
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
|
|||||
| CVE-2024-13167 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.5 HIGH |
|
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
|
|||||
| CVE-2024-13162 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.2 HIGH |
|
SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.
|
|||||
| CVE-2025-6995 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 8.4 HIGH |
|
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
|
|||||