ReportizFlow
Filtered by vendor Ivanti
Subscriptions
Filtered by product Endpoint Manager
Subscriptions
Total
106 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11623 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62383 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62385 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62386 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62387 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62388 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62389 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62390 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62391 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62392 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62384 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-9713 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | 8.8 High |
| Path traversal in Ivanti Endpoint Manager allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | ||||
| CVE-2025-11622 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | 7.8 High |
| Insecure deserialization in Ivanti Endpoint Manager allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2025-9712 | 1 Ivanti | 1 Endpoint Manager | 2025-10-10 | 8.8 High |
| Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | ||||
| CVE-2025-9872 | 1 Ivanti | 1 Endpoint Manager | 2025-10-10 | 8.8 High |
| Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | ||||
| CVE-2024-10256 | 1 Ivanti | 6 Endpoint Manager, Neurons Agent Platform, Neurons For Patch Management and 3 more | 2025-08-12 | 7.1 High |
| Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files. | ||||
| CVE-2024-13158 | 1 Ivanti | 1 Endpoint Manager | 2025-08-12 | 7.2 High |
| An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-29824 | 1 Ivanti | 1 Endpoint Manager | 2025-07-30 | 8.8 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-13161 | 1 Ivanti | 1 Endpoint Manager | 2025-07-30 | 9.8 Critical |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | ||||
| CVE-2024-13160 | 1 Ivanti | 1 Endpoint Manager | 2025-07-30 | 9.8 Critical |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | ||||