Ivanti has released updates to address multiple security vulnerabilities in Endpoint Manager (EPM), including 10 critical flaws like CVE-2024-29847, a deserialization bug with a CVSS score of 10.0 allowing remote code execution, and several SQL injection vulnerabilities (CVSS scores: 9.1) affecting EPM versions 2024 and 2022 SU5 and earlier. Fixes are available in versions 2024 SU1 and 2022 SU6, though no active exploitation has been reported. The update also addresses high-severity issues in Ivanti Workspace Control and Cloud Service Appliance. In addition, Zyxel has patched a critical OS command injection vulnerability (CVE-2024-6342, CVSS score: 9.8) in its NAS devices, urging users to update to the latest firmware versions.