Filtered by vendor Ivanti
Subscriptions
Filtered by product Endpoint Manager
Subscriptions
Total
111 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10573 | 1 Ivanti | 1 Endpoint Manager | 2025-12-11 | 9.6 Critical |
| Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required. | ||||
| CVE-2025-13662 | 1 Ivanti | 1 Endpoint Manager | 2025-12-10 | 7.8 High |
| Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required. | ||||
| CVE-2025-13659 | 1 Ivanti | 1 Endpoint Manager | 2025-12-10 | 8.8 High |
| Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required. | ||||
| CVE-2025-13661 | 1 Ivanti | 1 Endpoint Manager | 2025-12-10 | 7.1 High |
| Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required. | ||||
| CVE-2025-62391 | 1 Ivanti | 1 Endpoint Manager | 2025-11-25 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62383 | 1 Ivanti | 1 Endpoint Manager | 2025-11-25 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62388 | 1 Ivanti | 1 Endpoint Manager | 2025-11-24 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62387 | 1 Ivanti | 1 Endpoint Manager | 2025-11-24 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62385 | 1 Ivanti | 1 Endpoint Manager | 2025-11-24 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-10918 | 1 Ivanti | 1 Endpoint Manager | 2025-11-17 | 7.1 High |
| Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk | ||||
| CVE-2025-9713 | 1 Ivanti | 1 Endpoint Manager | 2025-11-11 | 8.8 High |
| Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | ||||
| CVE-2025-11622 | 1 Ivanti | 1 Endpoint Manager | 2025-11-11 | 7.8 High |
| Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-29824 | 1 Ivanti | 1 Endpoint Manager | 2025-10-30 | 8.8 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-13159 | 1 Ivanti | 1 Endpoint Manager | 2025-10-24 | 9.8 Critical |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | ||||
| CVE-2024-13160 | 1 Ivanti | 1 Endpoint Manager | 2025-10-24 | 9.8 Critical |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | ||||
| CVE-2024-13161 | 1 Ivanti | 1 Endpoint Manager | 2025-10-24 | 9.8 Critical |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | ||||
| CVE-2025-11623 | 1 Ivanti | 1 Endpoint Manager | 2025-10-20 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62390 | 1 Ivanti | 1 Endpoint Manager | 2025-10-20 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62389 | 1 Ivanti | 1 Endpoint Manager | 2025-10-20 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62392 | 1 Ivanti | 1 Endpoint Manager | 2025-10-20 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||