Signal

SolarWinds and ivanti ship urgent fixes for critical and exploited flaws

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-01-29 09:00 UTCUpdated 2026-01-30 04:43 UTC

rss

vulnerabilitiespatchesrceauth_bypasszero_daykev

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (3)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released

The Hacker News · News · thehackernews.com · 2026-01-30 04:43 UTC

SolarWinds Patches Critical Web Help Desk Vulnerabilities

SecurityWeek · News · securityweek.com · 2026-01-29 13:18 UTC

limited source diversity in top sources

View all evidence

Overview

A fresh round of enterprise patching is underway as SolarWinds and Ivanti disclosed and fixed high-impact vulnerabilities in widely deployed IT management products. SolarWinds issued updates for Web Help Desk flaws enabling unauthenticated remote code execution and authentication bypass, while Ivanti released fixes for two EPMM zero-days reported as actively exploited, including one tracked in CISA’s KEV catalog.

Entities

SolarWindsIvantiCISASolarWinds Web Help DeskIvanti Endpoint Manager Mobile (EPMM)Known Exploited Vulnerabilities (KEV) catalog

Score total

1.08

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

SolarWinds disclosed and patched four critical Web Help Desk flaws
Ivanti issued updates for two EPMM zero-days described as actively exploited
One Ivanti flaw was added to CISA’s KEV catalog

Why it matters

Unauthenticated RCE/auth bypass in help desk tooling can enable rapid compromise
Actively exploited mobile management zero-days raise immediate enterprise risk
KEV listing signals prioritized remediation expectations for defenders

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

SolarWinds patched four critical Web Help Desk vulnerabilities that could enable unauthenticated RCE or authentication bypass.
Ivanti released updates for two EPMM vulnerabilities described as zero-days under active exploitation, with one added to CISA’s KEV catalog.

How sources frame it

The Hacker News: neutral
SecurityWeek: neutral

Two vendor patch releases lead the cluster; Ivanti item notes active exploitation and KEV listing.

All evidence

Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released

The Hacker News · thehackernews.com · 2026-01-30 04:43 UTC

SolarWinds Patches Critical Web Help Desk Vulnerabilities

SecurityWeek · securityweek.com · 2026-01-29 13:18 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

The Hacker News (1)
SecurityWeek (1)

Top origin domains (this list)

thehackernews.com (1)
securityweek.com (1)