Known Vulnerabilities for products from Ivanti
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ivanti".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-10727 json | Not Provided | 2026-06-09 | 2026-06-09 | |
| CVE-2026-10523 json | An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allow... | Not Provided | 2026-06-09 | 2026-06-22 |
| CVE-2026-10520 json | An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remot... | Not Provided | 2026-06-09 | 2026-06-12 |
| CVE-2026-9614 json | Not Provided | 2026-06-01 | 2026-06-02 | |
| CVE-2026-8111 json | SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker ... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-8110 json | Not Provided | 2026-05-12 | 2026-05-12 | |
| CVE-2026-8109 json | An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote aut... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-8051 json | Not Provided | 2026-05-12 | 2026-05-13 | |
| CVE-2026-8043 json | External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sens... | Not Provided | 2026-05-12 | 2026-05-13 |
| CVE-2026-7821 json | Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthentic... | Not Provided | 2026-05-07 | 2026-05-07 |
| CVE-2026-7432 json | A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to S... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-7431 json | An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local auth... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-6973 json | An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authentica... | Not Provided | 2026-05-07 | 2026-06-11 |
| CVE-2026-5788 json | An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated ... | Not Provided | 2026-05-07 | 2026-05-07 |
| CVE-2026-5787 json | An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenti... | Not Provided | 2026-05-07 | 2026-05-07 |
| CVE-2026-5786 json | An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote auth... | Not Provided | 2026-05-07 | 2026-05-07 |
| CVE-2026-1340 json | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | Not Provided | 2026-01-29 | 2026-04-09 |
| CVE-2024-21893 json | 8.2 - HIGH | 2024-01-31 | 2024-02-01 | |
| CVE-2024-21888 json | 8.8 - HIGH | 2024-01-31 | 2024-01-31 | |
| CVE-2024-21887 json | 9.1 - CRITICAL | 2024-01-12 | 2024-01-22 |
Known software with vulnerabilities from Ivanti
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Ivanti | Avalanche | 4.6 |
| Application | Ivanti | Desktopampserver Management | 2019.1 |
| Application | Ivanti | Dsm Netinst | 5.1 |
| Application | Ivanti | Endpoint Manager | 2016.4 |
| Application | Ivanti | Landesk Management Suite | 10.0.1.168 |
| Application | Ivanti | Service Manager Heat Remote Control | 7.4 |
| Application | Ivanti | Workspace Control | 10.1.0.0 |