24h | 7d | 30d

CVE-2026-1281

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
19.39%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 20 Posts
  • 4 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture
Anonymous :verified: @youranonnewsirc

Latest News (Jan 29-30, 2026):

Tech: Apple plans "Apple Intelligence" with Google Gemini integration, coinciding with Google's Chrome "auto browse" launch. China approved Nvidia H200 chip sales to its tech giants.

Cybersecurity: The FBI launched "Operation Winter SHIELD" to protect critical infrastructure. A major ShinyHunters phishing campaign targets Okta SSO accounts, and Ivanti EPMM (CVE-2026-1281) is a newly exploited vulnerability.

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • 14h ago
Profile picture
CERT-FR @cert_fr

⚠️ Alerte CERT-FR ⚠️

Les vulnérabilités critiques CVE-2026-1281 et CVE-2026-1340 affectant Ivanti Endpoint Manager Mobile sont activement exploitées dans le cadre d'attaques ciblées.
cert.ssi.gouv.fr/alerte/CERTFR

  • 2
  • 0
  • 1
  • 23h ago
Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CVE-2026-1281 & CVE-2026-1340: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Zero-Day: Yes
CVSS: Both 9.8
CVE Published: January 29th, 2026
KEV Catalog: January 29th, 2026

Affected Vendor: Ivanti
Vulnerability Type: Remote Code Execution (RCE)

Advisory: forums.ivanti.com/s/article/Se

  • 1
  • 1
  • 0
  • 15h ago
Profile picture
ekiledjian @edwardk

Ivanti warns of two EPMM flaws exploited in zero-day attacks
bleepingcomputer.com/news/secu
Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that have been exploited in zero-day attacks. Both are unauthenticated remote code execution flaws with a CVSS score of 9.8.
Ivanti confirmed a limited number of customers were impacted at the time of disclosure.
Successful exploitation could allow attackers to execute arbitrary code on vulnerable EPMM appliances and potentially access sensitive administrative, user and device data.
Mitigations are available via RPM scripts:
• RPM 12.x.0.x for EPMM 12.5.0.x, 12.6.0.x and 12.7.0.x
• RPM 12.x.1.x for EPMM 12.5.1.0 and 12.6.1.0
Ivanti states the updates require no downtime and have no functional impact. Organizations should apply the mitigations immediately.
CISA has added CVE-2026-1281 to its Known Exploited Vulnerabilities catalogue, reinforcing the urgency of remediation.

  • 0
  • 0
  • 1
  • 22h ago
Profile picture
ekiledjian @edwardk

Ivanti Provides Temporary Patches for Actively Exploited EPMM Zero-Day
helpnetsecurity.com/2026/01/30
Ivanti issued provisional patches for two critical EPMM vulnerabilities (including one exploited in the wild). Security teams should apply these immediately and plan for permanent updates in upcoming releases.

  • 0
  • 0
  • 0
  • 21h ago
Profile picture
TechNadu @technadu

Ivanti confirms active exploitation of EPMM zero-day RCE flaws (CVE-2026-1281, CVE-2026-1340).
Emergency patches released—apply immediately.

🔗 technadu.com/ivanti-epmm-zero-

  • 0
  • 0
  • 0
  • 21h ago
Profile picture
CyberNetsecIO @netsecio

📰 CRITICAL: Ivanti Patches Two Actively Exploited RCE Zero-Days in EPMM

🚨 CRITICAL UPDATE: Ivanti patches two actively exploited zero-day RCEs (CVE-2026-1281, CVE-2026-1340) in EPMM. Both are CVSS 9.8. Unauthenticated attackers can gain full control. Patch immediately! #Ivanti #ZeroDay #CyberSecurity #RCE

🔗 cyber.netsecops.io/articles/iv

  • 0
  • 0
  • 0
  • 16h ago
Profile picture
schrotthaufen @schrotthaufen

Not sure I like that I didn’t need the explanation about variable expansion to understand wtf happened 😅

labs.watchtowr.com/someone-kno

  • 0
  • 0
  • 0
  • 14h ago

Bluesky

Profile picture
/r/netsec @r-netsec-bot.bsky.social
Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340) - watchTowr Labs
  • 0
  • 0
  • 4
  • 17h ago
Profile picture
Rapid7 @rapid7.com
🚨 On 1/29/26, #Ivanti disclosed 2 new critical vulnerabilities affecting Endpoint Manager Mobile (EPMM): CVE-2026-1281 & CVE-2026-1340. The vendor has indicated that exploitation in the wild has already occurred prior to disclosure. More in our blog: r-7.co/4qZBsaH
  • 0
  • 0
  • 0
  • 18h ago
Profile picture
Kevin Poireault @leekthehack.bsky.social
🔓 𝗩𝘂𝗹𝗻𝗪𝗮𝘁𝗰𝗵 𝗙𝗿𝗶𝗱𝗮𝘆: 𝗖𝗩𝗘-𝟮𝟬𝟮𝟲-𝟭𝟮𝟴𝟭 Ivanti announced emergency patches for two critical vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340, in EPMM that have been exploited in the wild as zero-days.
  • 0
  • 0
  • 0
  • 17h ago
Profile picture
CyberHub @cyberhub.blog
📌 Expert Bash Exploitation Uncovered in Ivanti EPMM Pre-Auth RCE Vulnerabilities (CVE-2026-1281 & CVE-2026-1340) https://www.cyberhub.blog/article/18811-expert-bash-exploitation-uncovered-in-ivanti-epmm-pre-auth-rce-vulnerabilities-cve-2026-1281-cve-2026-1340
  • 0
  • 0
  • 0
  • 14h ago
Profile picture
Information Security Briefly @infosecbriefly.bsky.social
Ivanti patched two critical EPMM zero-day RCE vulnerabilities (CVE-2026-1281, CVE-2026-1340) that were being exploited in the wild.
  • 0
  • 0
  • 0
  • 12h ago
Profile picture
OpsMatters @opsmatters.com
The latest update for #ArcticWolf includes "CVE-2026-1281 and CVE-2026-1340: Unauthenticated RCE Zero-Day Vulnerabilities in Ivanti Endpoint Manager Mobile" and "CVE-2026-24858: FortiCloud SSO Authentication Bypass Vulnerability Exploited". #cybersecurity #infosec https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-1340

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.16%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 19 Posts
  • 4 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture
CERT-FR @cert_fr

⚠️ Alerte CERT-FR ⚠️

Les vulnérabilités critiques CVE-2026-1281 et CVE-2026-1340 affectant Ivanti Endpoint Manager Mobile sont activement exploitées dans le cadre d'attaques ciblées.
cert.ssi.gouv.fr/alerte/CERTFR

  • 2
  • 0
  • 1
  • 23h ago
Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CVE-2026-1281 & CVE-2026-1340: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Zero-Day: Yes
CVSS: Both 9.8
CVE Published: January 29th, 2026
KEV Catalog: January 29th, 2026

Affected Vendor: Ivanti
Vulnerability Type: Remote Code Execution (RCE)

Advisory: forums.ivanti.com/s/article/Se

  • 1
  • 1
  • 0
  • 15h ago
Profile picture
ekiledjian @edwardk

Ivanti warns of two EPMM flaws exploited in zero-day attacks
bleepingcomputer.com/news/secu
Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that have been exploited in zero-day attacks. Both are unauthenticated remote code execution flaws with a CVSS score of 9.8.
Ivanti confirmed a limited number of customers were impacted at the time of disclosure.
Successful exploitation could allow attackers to execute arbitrary code on vulnerable EPMM appliances and potentially access sensitive administrative, user and device data.
Mitigations are available via RPM scripts:
• RPM 12.x.0.x for EPMM 12.5.0.x, 12.6.0.x and 12.7.0.x
• RPM 12.x.1.x for EPMM 12.5.1.0 and 12.6.1.0
Ivanti states the updates require no downtime and have no functional impact. Organizations should apply the mitigations immediately.
CISA has added CVE-2026-1281 to its Known Exploited Vulnerabilities catalogue, reinforcing the urgency of remediation.

  • 0
  • 0
  • 1
  • 22h ago
Profile picture
ekiledjian @edwardk

Ivanti Provides Temporary Patches for Actively Exploited EPMM Zero-Day
helpnetsecurity.com/2026/01/30
Ivanti issued provisional patches for two critical EPMM vulnerabilities (including one exploited in the wild). Security teams should apply these immediately and plan for permanent updates in upcoming releases.

  • 0
  • 0
  • 0
  • 21h ago
Profile picture
TechNadu @technadu

Ivanti confirms active exploitation of EPMM zero-day RCE flaws (CVE-2026-1281, CVE-2026-1340).
Emergency patches released—apply immediately.

🔗 technadu.com/ivanti-epmm-zero-

  • 0
  • 0
  • 0
  • 21h ago
Profile picture
CyberNetsecIO @netsecio

📰 CRITICAL: Ivanti Patches Two Actively Exploited RCE Zero-Days in EPMM

🚨 CRITICAL UPDATE: Ivanti patches two actively exploited zero-day RCEs (CVE-2026-1281, CVE-2026-1340) in EPMM. Both are CVSS 9.8. Unauthenticated attackers can gain full control. Patch immediately! #Ivanti #ZeroDay #CyberSecurity #RCE

🔗 cyber.netsecops.io/articles/iv

  • 0
  • 0
  • 0
  • 16h ago
Profile picture
schrotthaufen @schrotthaufen

Not sure I like that I didn’t need the explanation about variable expansion to understand wtf happened 😅

labs.watchtowr.com/someone-kno

  • 0
  • 0
  • 0
  • 14h ago

Bluesky

Profile picture
/r/netsec @r-netsec-bot.bsky.social
Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340) - watchTowr Labs
  • 0
  • 0
  • 4
  • 17h ago
Profile picture
Rapid7 @rapid7.com
🚨 On 1/29/26, #Ivanti disclosed 2 new critical vulnerabilities affecting Endpoint Manager Mobile (EPMM): CVE-2026-1281 & CVE-2026-1340. The vendor has indicated that exploitation in the wild has already occurred prior to disclosure. More in our blog: r-7.co/4qZBsaH
  • 0
  • 0
  • 0
  • 18h ago
Profile picture
Kevin Poireault @leekthehack.bsky.social
🔓 𝗩𝘂𝗹𝗻𝗪𝗮𝘁𝗰𝗵 𝗙𝗿𝗶𝗱𝗮𝘆: 𝗖𝗩𝗘-𝟮𝟬𝟮𝟲-𝟭𝟮𝟴𝟭 Ivanti announced emergency patches for two critical vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340, in EPMM that have been exploited in the wild as zero-days.
  • 0
  • 0
  • 0
  • 17h ago
Profile picture
CyberHub @cyberhub.blog
📌 Expert Bash Exploitation Uncovered in Ivanti EPMM Pre-Auth RCE Vulnerabilities (CVE-2026-1281 & CVE-2026-1340) https://www.cyberhub.blog/article/18811-expert-bash-exploitation-uncovered-in-ivanti-epmm-pre-auth-rce-vulnerabilities-cve-2026-1281-cve-2026-1340
  • 0
  • 0
  • 0
  • 14h ago
Profile picture
Information Security Briefly @infosecbriefly.bsky.social
Ivanti patched two critical EPMM zero-day RCE vulnerabilities (CVE-2026-1281, CVE-2026-1340) that were being exploited in the wild.
  • 0
  • 0
  • 0
  • 12h ago
Profile picture
OpsMatters @opsmatters.com
The latest update for #ArcticWolf includes "CVE-2026-1281 and CVE-2026-1340: Unauthenticated RCE Zero-Day Vulnerabilities in Ivanti Endpoint Manager Mobile" and "CVE-2026-24858: FortiCloud SSO Authentication Bypass Vulnerability Exploited". #cybersecurity #infosec https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • 9h ago

CVE-2025-8088

Overview

  • win.rar GmbH
  • WinRAR
08 Aug 2025
Published
21 Oct 2025
Updated
CVSS v4.0
HIGH (8.4)
EPSS
3.53%
KEV

Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 15 hours ago

Bluesky

Profile picture
Kootek Consulting @kooteksec.bsky.social
NEW OUTBREAK ALERT: CVE-2025-8088 is a high-severity path traversal vulnerability in WinRAR that attackers exploit by leveraging Alternate Data Streams (ADS). #Explore our managed security and compliance solutions: kootek-consulting-ltd145108215.hubspotpagebuilder.eu
  • 0
  • 1
  • 0
  • 21h ago
Profile picture
CyberVeille @cyberveille-ch.bsky.social
📢 Exploitation massive de la faille WinRAR CVE-2025-8088 par des acteurs étatiques et criminels 📝 Source: Google Threat Intelligence Gro… https://cyberveille.ch/posts/2026-01-29-exploitation-massive-de-la-faille-winrar-cve-2025-8088-par-des-acteurs-etatiques-et-criminels/ #CVE_2025_8088 #Cyberveille
  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-0921

Overview

  • Mitsubishi Electric Corporation
  • GENESIS64
15 May 2025
Published
09 Jan 2026
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
0.02%
KEV

Description

Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS version 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric BizViz all versions, and Mitsubishi Electric Iconics Digital Solutions BizViz all versions allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.

Statistics

  • 2 Posts
Last activity: 3 hours ago

Fediverse

Profile picture
HackerWorkspace @hackerworkspace

Privileged File System Vulnerability Present in a SCADA System

unit42.paloaltonetworks.com/ic

  • 0
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture
piggo @pigondrugs.bsky.social
~Paloalto~ A privileged file system vulnerability in Iconics Suite allows local attackers to corrupt critical files, leading to a denial-of-service condition. - IOCs: CVE-2025-0921 - #CVE20250921 #SCADA #ThreatIntel
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-0755

Overview

  • Gemini MCP Tool
  • gemini-mcp-tool
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v3.0
CRITICAL (9.8)
EPSS
1.27%
KEV

Description

gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the execAsync method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27783.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 15 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CVE-2026-0755: Reported Zero-Day in Gemini MCP Tool Could Allow Remote Code Execution

Zero-Day: Yes
CVSS: 9.8
CVE Published: January 23rd, 2026

Affected Vendor: Gemini MCP Tool
Vulnerability Type: Remote Code Execution (RCE)

Advisory: github.com/advisories/GHSA-28q

  • 2
  • 2
  • 0
  • 15h ago

CVE-2022-37393

Overview

  • Synacor
  • Zimbra Server
16 Aug 2022
Published
17 Sep 2024
Updated
CVSS
Pending
EPSS
5.12%
KEV

Description

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture
Ron Bowes @iagox86

@Weld When I was at Rapid7, we were firm that we wouldn't sign anything preventing us from disclosing. Sometimes that made it real difficult to talk to the company

Sadly the link to the disclosure is dead now, but this was my favourite: attackerkb.com/topics/92AeLOE1

  • 0
  • 4
  • 0
  • 12h ago

CVE-2026-1686

Overview

  • Totolink
  • A3600R
30 Jan 2026
Published
30 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 2 Posts
Last activity: 18 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-1686 - High (8.8)

A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 18h ago

CVE-2025-4686

Overview

  • Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co.
  • Online Exam and Assessment
30 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
HIGH (8.6)
EPSS
Pending
KEV

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment allows SQL Injection.This issue affects Online Exam and Assessment: through 30012026.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 2 Posts
Last activity: 18 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-4686 - High (8.6)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment allows SQL Injection.This issue affects On...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 18h ago

CVE-2026-25130

Overview

  • aliasrobotics
  • cai
30 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.7)
EPSS
Pending
KEV

Description

Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via `subprocess.Popen()` with `shell=True`, allowing attackers to execute arbitrary commands on the host system. The `find_file()` tool executes without requiring user approval because find is considered a "safe" pre-approved command. This means an attacker can achieve Remote Code Execution (RCE) by injecting malicious arguments (like -exec) into the args parameter, completely bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contains a fix.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2026-25130 - Critical (9.6)

Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-60021

Overview

  • Apache Software Foundation
  • Apache bRPC
16 Jan 2026
Published
17 Jan 2026
Updated
CVSS
Pending
EPSS
0.23%
KEV

Description

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service (/pprof/heap) does not validate the user-provided extra_options parameter and executes it as a command-line argument. Attackers can execute remote commands using the extra_options parameter.. Affected scenarios: Use the built-in bRPC heap profiler service to perform jemalloc memory profiling. How to Fix: we provide two methods, you can choose one of them: 1. Upgrade bRPC to version 1.15.0. 2. Apply this patch ( https://github.com/apache/brpc/pull/3101 ) manually.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture
Kaldata.com @kaldata.bsky.social
Изследовател от CyberArk Labs е открил критична уязвимост в популярния фреймуърк Apache bRPC, която позволява изпълнението на произволни команди на отдалечени сървъри. Уязвимостта е получила идентификатор CVE-2025-60021 и максимална оценка от 9,8 по скалата на CVSS...
  • 0
  • 0
  • 0
  • 16h ago
Showing 1 to 10 of 30 CVEs