VYPR

Adaudit Plus

by Manageengine

CVEs (41)

  • CVE-2022-28219Apr 5, 2022
    risk 0.11cvss epss 0.97

    Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.

  • CVE-2025-36527May 23, 2025
    risk 0.01cvss epss 0.20

    Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.

  • CVE-2023-48792Feb 2, 2024
    risk 0.01cvss epss 0.07

    Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.

  • CVE-2020-24786Aug 31, 2020
    risk 0.01cvss epss 0.13

    An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer…

  • CVE-2018-19118Dec 13, 2018
    risk 0.01cvss epss 0.07

    Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain.

  • CVE-2026-11374Jun 23, 2026
    risk 0.00cvss epss 0.01

    In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover.

  • CVE-2025-41444Jun 9, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.

  • CVE-2025-36528Jun 9, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.

  • CVE-2025-27709Jun 9, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.

  • CVE-2025-41407May 23, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.

  • CVE-2025-41403May 22, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.

  • CVE-2025-3836May 22, 2025
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.

  • CVE-2025-3834May 14, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.

  • CVE-2024-49574Nov 18, 2024
    risk 0.00cvss epss 0.02

    Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.

  • CVE-2024-36485Nov 4, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.

  • CVE-2024-5608Oct 24, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.

  • CVE-2024-5586Aug 23, 2024
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.

  • CVE-2024-5556Aug 23, 2024
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.

  • CVE-2024-5490Aug 23, 2024
    risk 0.00cvss epss 0.04

    Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.

  • CVE-2024-36514Aug 23, 2024
    risk 0.00cvss epss 0.04

    Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.

Page 1 of 3