Filtered by vendor Zohocorp
Subscribe
Total
521 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3833 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-09-30 | N/A | 8.1 HIGH |
| Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports. | |||||
| CVE-2025-27930 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-09-30 | N/A | 6.4 MEDIUM |
| Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor. | |||||
| CVE-2025-1723 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-09-30 | N/A | 8.1 HIGH |
| Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug. | |||||
| CVE-2024-41140 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-09-29 | N/A | 8.1 HIGH |
| Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function. | |||||
| CVE-2025-5966 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2025-09-29 | N/A | 8.1 HIGH |
| Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report. | |||||
| CVE-2025-5366 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2025-09-29 | N/A | 8.1 HIGH |
| Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report. | |||||
| CVE-2025-3835 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2025-09-29 | N/A | 9.6 CRITICAL |
| Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module. | |||||
| CVE-2024-52323 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2025-09-26 | N/A | 8.1 HIGH |
| Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account. | |||||
| CVE-2022-36923 | 1 Zohocorp | 7 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 4 more | 2025-09-24 | N/A | 7.5 HIGH |
| Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs. | |||||
| CVE-2021-40539 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-07-30 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. | |||||
| CVE-2023-39912 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-06-26 | N/A | 4.9 MEDIUM |
| Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed. | |||||
| CVE-2025-3444 | 1 Zohocorp | 2 Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2025-06-17 | N/A | 6.5 MEDIUM |
| Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded. | |||||
| CVE-2024-27314 | 1 Zohocorp | 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2025-06-17 | N/A | 2.4 LOW |
| Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users. | |||||
| CVE-2025-3834 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.1 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report. | |||||
| CVE-2025-3836 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report. | |||||
| CVE-2025-41403 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data. | |||||
| CVE-2025-36527 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports. | |||||
| CVE-2025-41407 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report. | |||||
| CVE-2025-27709 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports. | |||||
| CVE-2025-36528 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports. | |||||