VYPR

Vendor CVEs

Manageengine

All CVEs

296 total · sorted by risk
  • CVE-2025-27709Jun 9, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.

  • CVE-2025-3835Jun 9, 2025
    risk 0.00cvss epss 0.02

    Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.

  • CVE-2025-41407May 23, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.

  • CVE-2025-41403May 22, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.

  • CVE-2025-3836May 22, 2025
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.

  • CVE-2025-3444May 22, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded.

  • CVE-2025-3834May 14, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.

  • CVE-2025-3833May 14, 2025
    risk 0.00cvss epss 0.28

    Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports.

  • CVE-2024-50053Mar 21, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.

  • CVE-2025-1723Mar 3, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug.

  • CVE-2024-9097Feb 5, 2025
    risk 0.00cvss epss 0.01

    ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat.

  • CVE-2024-41140Jan 29, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.

  • CVE-2024-52323Nov 27, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.

  • CVE-2024-49574Nov 18, 2024
    risk 0.00cvss epss 0.02

    Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.

  • CVE-2024-10203Nov 7, 2024
    risk 0.00cvss epss 0.00

    Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines.

  • CVE-2024-9459Nov 5, 2024
    risk 0.00cvss epss 0.02

    Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.

  • CVE-2024-36485Nov 4, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.

  • CVE-2024-48878Nov 4, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.

  • CVE-2024-5608Oct 24, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.

  • CVE-2024-38868Aug 30, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15

  • CVE-2024-6204Aug 30, 2024
    risk 0.00cvss epss 0.02

    Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.

  • CVE-2024-5546Aug 28, 2024
    risk 0.00cvss epss 0.03

    Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.

  • CVE-2024-41150Aug 23, 2024
    risk 0.00cvss epss 0.01

    An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus:…

  • CVE-2024-38869Aug 23, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.

  • CVE-2024-5586Aug 23, 2024
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.

  • CVE-2024-5556Aug 23, 2024
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.

  • CVE-2024-5490Aug 23, 2024
    risk 0.00cvss epss 0.04

    Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.

  • CVE-2024-36514Aug 23, 2024
    risk 0.00cvss epss 0.04

    Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.

  • CVE-2024-36515Aug 23, 2024
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.

  • CVE-2024-36516Aug 23, 2024
    risk 0.00cvss epss 0.04

    Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.

  • CVE-2024-36517Aug 23, 2024
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.

  • CVE-2024-5467Aug 23, 2024
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.

  • CVE-2024-36034Aug 12, 2024
    risk 0.00cvss epss 0.07

    Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option.

  • CVE-2024-36035Aug 12, 2024
    risk 0.00cvss epss 0.07

    Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording.

  • CVE-2024-36518Aug 12, 2024
    risk 0.00cvss epss 0.03

    Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard.

  • CVE-2024-5487Aug 12, 2024
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option.

  • CVE-2024-5527Aug 12, 2024
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration.

  • CVE-2024-5678Aug 1, 2024
    risk 0.00cvss epss 0.03

    Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.

  • CVE-2024-38872Jul 26, 2024
    risk 0.00cvss epss 0.03

    Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.

  • CVE-2024-38871Jul 26, 2024
    risk 0.00cvss epss 0.03

    Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.

  • CVE-2024-27311Jul 17, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.

  • CVE-2024-27313May 29, 2024
    risk 0.00cvss epss 0.01

    Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610.

  • CVE-2024-36037May 27, 2024
    risk 0.00cvss epss 0.00

    Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.

  • CVE-2024-36036May 27, 2024
    risk 0.00cvss epss 0.00

    Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.

  • CVE-2024-27310May 27, 2024
    risk 0.00cvss epss 0.02

    Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.

  • CVE-2024-27314May 27, 2024
    risk 0.00cvss epss 0.02

    Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.

  • CVE-2024-21791May 22, 2024
    risk 0.00cvss epss 0.02

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability.

  • CVE-2023-49335May 20, 2024
    risk 0.00cvss epss 0.03

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.

  • CVE-2023-49334May 20, 2024
    risk 0.00cvss epss 0.03

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.

  • CVE-2023-49333May 20, 2024
    risk 0.00cvss epss 0.03

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.

Page 4 of 6