Endpoint manager
This hub aggregates every CVE we track for Endpoint manager, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.
116
CVEs tracked
13
Critical
78
High
5
In CISA KEV
Severity distribution
HIGH78MEDIUM25CRITICAL13
Monthly trend
1
0
16
0
18
1
16
0
0
6
0
0
3
0
2
13
1
4
0
2
0
0
3
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Endpoint manager.
- CVE-2026-8111SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution.8.8
- CVE-2026-8110Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges.7.8
- CVE-2026-8109An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials.6.5
- CVE-2026-1603An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.KEV8.6
- CVE-2026-1602SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-13662Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbi...7.8
- CVE-2025-13661Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.7.1
- CVE-2025-13659Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, pot...8.8
- CVE-2025-10573Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interac...9.6
- CVE-2025-10918Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk7.1
- CVE-2025-62384SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62386SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62383SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62391SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62385SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
Product normalization is registry-driven with AI assist and human review. How it works