Vulnerabilities
Vulnerable Software
Ivanti:  Security Vulnerabilities
CVE-2026-10520
Known exploited
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
CVSS Score
10.0
EPSS Score
0.99
Published
2026-06-09
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access
CVSS Score
9.9
EPSS Score
0.472
Published
2026-06-09
An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.006
Published
2026-05-22
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution.
CVSS Score
8.8
EPSS Score
0.009
Published
2026-05-12
A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM
CVSS Score
7.8
EPSS Score
0.003
Published
2026-05-12
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.
CVSS Score
9.6
EPSS Score
0.009
Published
2026-05-12
OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
7.2
EPSS Score
0.019
Published
2026-05-12
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials.
CVSS Score
6.5
EPSS Score
0.007
Published
2026-05-12
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges.
CVSS Score
7.8
EPSS Score
0.002
Published
2026-05-12
An incorrect permission assignment for critical resource of Ivanti Secure Access Client   before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section.
CVSS Score
4.4
EPSS Score
0.002
Published
2026-05-12


Contact Us

Shodan ® - All rights reserved