Skip to main content
CVE-2026-1281 CRITICAL POC KEV EUVD KEV PATCH THREAT Act Now

Ivanti Endpoint Manager Mobile (EPMM) contains a critical code injection vulnerability (CVE-2026-1281, CVSS 9.8) that allows unauthenticated remote attackers to execute arbitrary code. With EPSS 64.8% and KEV listing, this vulnerability in the mobile device management platform threatens the security of every managed mobile device in the organization, as EPMM has the ability to push configurations, certificates, and apps to enrolled devices.

Ivanti RCE Code Injection Endpoint Manager Mobile
NVD VulDB
CVSS 3.1
9.8
EPSS
64.8%
Threat
6.9
CVE-2026-1340 CRITICAL POC KEV EUVD KEV THREAT Emergency

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that allows unauthenticated attackers to achieve remote code execution on the mobile device management server. Compromising the MDM server provides access to all managed mobile device configurations, policies, and potentially the ability to push malicious profiles to enrolled devices.

Ivanti RCE Code Injection
NVD VulDB
CVSS 3.1
9.8
EPSS
50.9%
Threat
6.5
CVE-2026-24054 CRITICAL POC PATCH Act Now

Sandbox escape in Kata Containers allowing guest VM to access host resources. CVSS 10.0 — undermines the core security guarantee of hardware-isolated containers. PoC and patch available.

DNS Kata Containers Red Hat
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2020-37012 CRITICAL POC Act Now

Unauthenticated RCE in Tea LaTeX 1.0 via command injection in /api endpoint. EPSS 0.29% with PoC available.

PHP RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2020-37000 CRITICAL POC Act Now

Stack buffer overflow in Free MP3 CD Ripper 2.8 allows remote code execution via crafted WAV files. PoC available.

Windows RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-69929 CRITICAL POC Act Now

Client-side password hashing in N3uron Web UI v1.21.7 allows privilege escalation. Weak hashing enables attackers to forge authentication credentials. PoC available.

Privilege Escalation Web User Interface
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37010 CRITICAL POC Act Now

Buffer overflow in BearShare Lite 5.2.5 Advanced Search keywords input allows code execution. PoC available.

Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-36997 CRITICAL POC Act Now

Buffer overflow in BacklinkSpeed 2.4 allows code execution via SEH chain corruption through malicious input. PoC available.

Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-1453 CRITICAL Act Now

Missing authentication in KiloView Encoder Series allows unauthenticated attackers to create or delete admin accounts on video encoding equipment.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-1188 CRITICAL PATCH Act Now

Buffer size miscalculation in Eclipse OMR port library since 0.2.0. An API function returning processor feature names has incorrect size allocation. Patch available.

Buffer Overflow Omr Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-22806 CRITICAL Act Now

Authorization bypass in vCluster Platform Kubernetes virtual cluster management before 4.6.0/4.5.4/4.4.4. Users can access resources outside their authorized virtual cluster scope.

Kubernetes
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy