373 matches found
Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration
Zoho ManageEngine ADSelfService Plus 6121 is vulnerable to username enumeration CVE-2022-28987. The Forgot Password functionality responds differently for existing and non-existing users, allowing attackers to enumerate valid usernames. id: CVE-2022-28987 info: name: Zoho ManageEngine ADSelfServi...
ManageEngine ADSelfService Plus < Build 6525 Authenticated RCE
According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6525. It is, therefore, affected by an authenticated remote code execution vulnerability. This vulnerability stems from improper access controls to the service used...
Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution
Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution. id: CVE-2021-40539 info: name: Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution author:...
CVE-2026-2740
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...
EUVD-2026-31283
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...
CVE-2026-2740
This CVE affects Zohocorp ManageEngine ADSelfService Plus (before 6525), DataSecurity Plus (before 6264), and RecoveryManager Plus (before 6313). Root cause: a bug in a third‑party dependency leading to Authenticated Remote Code Execution on agent machines. Affected products expose a high impact ...
ZOHO多款产品 命令注入漏洞
ZOHO ManageEngine DataSecurity Plus is a product of the American company ZOHO. ZOHO ManageEngine DataSecurity Plus is a sensitive data management solution. ZOHO ManageEngine ADSelfService Plus is an integrated self-service password management and single-sign-on solution for Active Directory and...
PT-2026-42464
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...
VulnCheck KEV: CVE-2022-28987
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login...
CVE-2026-1367
Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option...
CVE-2026-1367
Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option...
CVE-2026-1367 SQL Injection
Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option...
CVE-2026-1367
Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option...
CVE-2026-1367 SQL Injection
Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option...
ZOHO ManageEngine ADSelfService Plus 安全漏洞
ZOHO ManageEngine ADSelfService Plus is an integrated self-service password management and single-sign-on solution for Active Directory and cloud applications developed by ZOHO Corporation. ZOHO ManageEngine ADSelfService Plus versions 6522 and earlier contain a security vulnerability caused by a...
PT-2026-21502
Name of the Vulnerable Software and Affected Versions ManageEngine ADSelfService Plus versions 6522 and below Description ManageEngine ADSelfService Plus versions 6522 and below are susceptible to an authenticated SQL Injection issue in the search report option. An attacker with valid credentials...
CVE-2025-11250
Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations...
CVE-2025-11250
Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations...
CVE-2025-11250 Authentication Bypass
Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations...
CVE-2025-11250 Authentication Bypass
Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations...