Manager
by Manager Io
Source repositories
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-64180 | Cri | 0.65 | 10.0 | 0.00 | Nov 7, 2025 | Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check… | ||
| CVE-2025-54122 | Cri | 0.58 | 10.0 | 0.01 | Jul 21, 2025 | Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.7.18.2519. This… | ||
| CVE-2025-34165 | Hig | 0.57 | — | 0.00 | Aug 30, 2025 | A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory. | ||
| CVE-2025-34180 | Hig | 0.55 | — | 0.00 | Dec 15, 2025 | NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file… | ||
| CVE-2025-50691 | Med | 0.34 | 5.3 | 0.00 | Aug 22, 2025 | MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data (including tokens and terminal content) is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to… | ||
| CVE-2010-1603 | 0.04 | — | 0.07 | Apr 29, 2010 | Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to… | |||
| CVE-2008-7167 | 0.03 | — | 0.04 | Sep 8, 2009 | Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||
| CVE-2026-25803 | 0.00 | — | 0.00 | Feb 6, 2026 | 3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials (admin/admin) upon the first initialization. Attackers with network access to the application's login… | |||
| CVE-2025-61583 | 0.00 | — | 0.00 | Oct 1, 2025 | TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where malicious scripts embedded… | |||
| CVE-2025-61582 | 0.00 | — | 0.00 | Oct 1, 2025 | TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A Denial of Dervice vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability permits an unauthenticated actor to crash the application through the submission of specially crafted… | |||
| CVE-2011-1597 | 0.00 | — | 0.02 | Feb 5, 2020 | OpenVAS Manager v2.0.3 allows plugin remote code execution. | |||
| CVE-2007-5291 | 0.00 | — | 0.01 | Oct 9, 2007 | Cross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
- risk 0.65cvss 10.0epss 0.00
Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check…
- risk 0.58cvss 10.0epss 0.01
Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.7.18.2519. This…
- risk 0.57cvss —epss 0.00
A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.
- risk 0.55cvss —epss 0.00
NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file…
- risk 0.34cvss 5.3epss 0.00
MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data (including tokens and terminal content) is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to…
- CVE-2010-1603Apr 29, 2010risk 0.04cvss —epss 0.07
Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to…
- CVE-2008-7167Sep 8, 2009risk 0.03cvss —epss 0.04
Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
- CVE-2026-25803Feb 6, 2026risk 0.00cvss —epss 0.00
3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials (admin/admin) upon the first initialization. Attackers with network access to the application's login…
- CVE-2025-61583Oct 1, 2025risk 0.00cvss —epss 0.00
TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where malicious scripts embedded…
- CVE-2025-61582Oct 1, 2025risk 0.00cvss —epss 0.00
TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A Denial of Dervice vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability permits an unauthenticated actor to crash the application through the submission of specially crafted…
- CVE-2011-1597Feb 5, 2020risk 0.00cvss —epss 0.02
OpenVAS Manager v2.0.3 allows plugin remote code execution.
- CVE-2007-5291Oct 9, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.