VYPR

Vendor CVEs

Zohocorp

All CVEs

265 total · sorted by risk
  • CVE-2025-41444Jun 9, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.

  • CVE-2025-36528Jun 9, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.

  • CVE-2025-27709Jun 9, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.

  • CVE-2025-3835Jun 9, 2025
    risk 0.00cvss epss 0.02

    Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.

  • CVE-2025-41403May 22, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.

  • CVE-2025-3836May 22, 2025
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.

  • CVE-2025-3444May 22, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded.

  • CVE-2025-3834May 14, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.

  • CVE-2025-3833May 14, 2025
    risk 0.00cvss epss 0.28

    Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports.

  • CVE-2024-50053Mar 21, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.

  • CVE-2025-1723Mar 3, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug.

  • CVE-2024-41140Jan 29, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.

  • CVE-2024-49574Nov 18, 2024
    risk 0.00cvss epss 0.02

    Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.

  • CVE-2024-10839Nov 8, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.

  • CVE-2024-10203Nov 7, 2024
    risk 0.00cvss epss 0.00

    Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines.

  • CVE-2024-9459Nov 5, 2024
    risk 0.00cvss epss 0.02

    Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.

  • CVE-2024-36485Nov 4, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.

  • CVE-2024-48878Nov 4, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.

  • CVE-2024-5608Oct 24, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.

  • CVE-2024-38868Aug 30, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15

  • CVE-2024-6204Aug 30, 2024
    risk 0.00cvss epss 0.02

    Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.

  • CVE-2024-5546Aug 28, 2024
    risk 0.00cvss epss 0.03

    Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.

  • CVE-2024-41150Aug 23, 2024
    risk 0.00cvss epss 0.01

    An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus:…

  • CVE-2024-38869Aug 23, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.

  • CVE-2024-5586Aug 23, 2024
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.

  • CVE-2024-5490Aug 23, 2024
    risk 0.00cvss epss 0.04

    Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.

  • CVE-2024-36514Aug 23, 2024
    risk 0.00cvss epss 0.04

    Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.

  • CVE-2024-36515Aug 23, 2024
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.

  • CVE-2024-36516Aug 23, 2024
    risk 0.00cvss epss 0.04

    Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.

  • CVE-2024-36517Aug 23, 2024
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.

  • CVE-2024-5467Aug 23, 2024
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.

  • CVE-2024-36034Aug 12, 2024
    risk 0.00cvss epss 0.07

    Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option.

  • CVE-2024-36035Aug 12, 2024
    risk 0.00cvss epss 0.07

    Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording.

  • CVE-2024-36518Aug 12, 2024
    risk 0.00cvss epss 0.03

    Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard.

  • CVE-2024-5487Aug 12, 2024
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option.

  • CVE-2024-5527Aug 12, 2024
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration.

  • CVE-2024-5678Aug 1, 2024
    risk 0.00cvss epss 0.03

    Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.

  • CVE-2024-38872Jul 26, 2024
    risk 0.00cvss epss 0.03

    Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.

  • CVE-2024-38871Jul 26, 2024
    risk 0.00cvss epss 0.03

    Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.

  • CVE-2024-27310May 27, 2024
    risk 0.00cvss epss 0.02

    Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.

  • CVE-2024-27314May 27, 2024
    risk 0.00cvss epss 0.02

    Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.

  • CVE-2024-27312May 20, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability.

  • CVE-2024-21775Feb 16, 2024
    risk 0.00cvss epss 0.05

    Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.

  • CVE-2023-49943Jan 18, 2024
    risk 0.00cvss epss 0.02

    Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet.

  • CVE-2023-35785Aug 28, 2023
    risk 0.00cvss epss 0.02

    Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and…

  • CVE-2020-27449Aug 11, 2023
    risk 0.00cvss epss 0.03

    Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.

  • CVE-2023-38333Aug 10, 2023
    risk 0.00cvss epss 0.02

    Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.

  • CVE-2023-34197Jul 7, 2023
    risk 0.00cvss epss 0.03

    Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make…

  • CVE-2023-29443Apr 26, 2023
    risk 0.00cvss epss 0.03

    Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.

  • CVE-2023-29442Apr 26, 2023
    risk 0.00cvss epss 0.09

    Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.

Page 4 of 6