Filtered by vendor Zohocorp
Subscriptions
Total
543 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11248 | 1 Zohocorp | 1 Manageengine Endpoint Central | 2025-10-28 | 3.2 Low |
| ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token. | ||||
| CVE-2017-17552 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-10-24 | 8.8 High |
| /LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted. | ||||
| CVE-2025-10020 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-10-24 | 8.5 High |
| Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component. | ||||
| CVE-2025-6239 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-10-24 | 6.5 Medium |
| Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor. | ||||
| CVE-2025-7473 | 1 Zohocorp | 1 Manageengine Endpoint Central | 2025-10-23 | 5.2 Medium |
| Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection. | ||||
| CVE-2023-39912 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-10-23 | 4.9 Medium |
| Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed. | ||||
| CVE-2025-9428 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2025-10-23 | 8.3 High |
| Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api. | ||||
| CVE-2024-9097 | 1 Zohocorp | 1 Manageengine Endpoint Central | 2025-10-22 | 3.5 Low |
| ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat. | ||||
| CVE-2025-5494 | 1 Zohocorp | 1 Manageengine Endpoint Central | 2025-10-22 | 3.9 Low |
| ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup. This issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13. | ||||
| CVE-2021-40539 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-10-22 | 9.8 Critical |
| Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. | ||||
| CVE-2020-10189 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-10-22 | 9.8 Critical |
| Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets. | ||||
| CVE-2019-8394 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-10-22 | 7.5 High |
| Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. | ||||
| CVE-2025-3833 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-09-30 | 8.1 High |
| Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports. | ||||
| CVE-2025-27930 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-09-30 | 6.4 Medium |
| Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor. | ||||
| CVE-2025-1723 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-09-30 | 8.1 High |
| Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug. | ||||
| CVE-2024-41140 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-09-29 | 8.1 High |
| Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function. | ||||
| CVE-2025-5966 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2025-09-29 | 8.1 High |
| Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report. | ||||
| CVE-2025-5366 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2025-09-29 | 8.1 High |
| Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report. | ||||
| CVE-2025-3835 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2025-09-29 | 9.6 Critical |
| Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module. | ||||
| CVE-2024-52323 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2025-09-26 | 8.1 High |
| Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account. | ||||