CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/21 12:36 p.m.•3 views

EUVD-2026-31283

CVE•added 2026/05/21 12:36 p.m.•7 views

CVE-2026-2740

This CVE affects Zohocorp ManageEngine ADSelfService Plus (before 6525), DataSecurity Plus (before 6264), and RecoveryManager Plus (before 6313). Root cause: a bug in a third‑party dependency leading to Authenticated Remote Code Execution on agent machines. Affected products expose a high impact ...

Vulnrichment•added 2026/05/21 12:36 p.m.•3 views

CVE-2026-2740 Remote Code Execution

CNNVD•added 2026/05/21 12:0 a.m.•3 views

ZOHO多款产品命令注入漏洞

ZOHO ManageEngine DataSecurity Plus is a product of the American company ZOHO. ZOHO ManageEngine DataSecurity Plus is a sensitive data management solution. ZOHO ManageEngine ADSelfService Plus is an integrated self-service password management and single-sign-on solution for Active Directory and...

Positive Technologies•added 2026/05/21 12:0 a.m.•4 views

PT-2026-42464

EUVD•added 2025/10/07 12:30 a.m.•2 views

Exploits0References2

EUVD-2019-7573

Malware in sbrugna...

4.3CVSS4.8AI score0.00647EPSS

Exploits0References3

RedhatCVE•added 2025/05/22 5:25 p.m.•2 views

CVE-2020-11531

The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot...

8.8CVSS8.5AI score0.00826EPSS

Exploits3References1

RedhatCVE•added 2025/05/22 5:23 p.m.•1 views

CVE-2020-11532

Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user...

10CVSS9.6AI score0.89808EPSS

Exploits7References1

RedhatCVE•added 2025/05/22 4:38 a.m.•4 views

CVE-2019-17112

An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user "Operator" access level to access the configuration file of the mail server except for the password...

4.3CVSS6.9AI score0.00647EPSS

Packet Storm•added 2024/08/31 12:0 a.m.•285 views

ManageEngine DataSecurity Plus Xnode Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine DataSecurity Plus Xnode Enumeration', 'Description' = %q This module exploits default admin credentials for the DataEngine Xnode...

10CVSS9.6AI score0.89808EPSS

Rapid7 Blog•added 2022/09/02 7:39 p.m.•164 views

Metasploit Weekly Wrap-Up

ICPR Certificate Management This week Metasploit has a new ICPR Certificate Management module from Oliver Lyak and our very own Spencer McIntyre, which can be utilized for issuing certificates via Active Directory Certificate Services. It has the capability to issue certificates which is useful i...

10CVSS8.5AI score0.93596EPSS

Exploits92

Metasploit•added 2022/09/01 7:50 p.m.•191 views

ManageEngine DataSecurity Plus Xnode Enumeration

This module exploits default admin credentials for the DataEngine Xnode server in DataSecurity Plus versions prior to 6.0.1 6011 in order to dump the contents of Xnode data repositories tables, which may contain a limited amount of Active Directory information including domain names, host names,...

10CVSS9.1AI score0.89808EPSS

NVD•added 2020/08/31 3:15 p.m.•11 views

CVE-2020-24786

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build numbe...

10CVSS9.5AI score0.0678EPSS

Exploits0References12

Prion•added 2020/08/31 3:15 p.m.•14 views

Authentication flaw

10CVSS9.4AI score0.0678EPSS

Exploits0References12Affected Software11

CVE•added 2020/08/31 2:2 p.m.•54 views

CVE-2020-24786

CVE-2020-24786 affects multiple ManageEngine products (Exchange Reporter Plus, AD360, ADSelfService Plus, DataSecurity Plus, RecoverManager Plus, EventLog Analyzer, ADAudit Plus, O365 Manager Plus, Cloud Security Plus, ADManager Plus, Log360) with a remotely accessible Java servlet (com.manageeng...

10CVSS9.4AI score0.0678EPSS

Exploits0References12Affected Software1

Check Point Advisories•added 2020/06/05 12:0 a.m.•2 views

Zoho ManageEngine DataSecurity Plus Directory Traversal (CVE-2020-11531)

A directory traversal vulnerability exists in Zoho ManageEngine DataSecurity Plus. The vulnerability is due to lack of validation of the database schema name when handling a DR-SCHEMA-SYNC request in DataEngine Xnode Server application...

6.5CVSS1.9AI score0.00826EPSS

Exploits3

Check Point Advisories•added 2020/05/27 12:0 a.m.•3 views

Zoho ManageEngine DataSecurity Plus Authentication Bypass (CVE-2020-11532)

An authentication bypass vulnerability exists in Zoho ManageEngine DataSecurity Plus. The vulnerability is due to the presence of hardcoded default credentials for the Dataengine Xnode server component...

10CVSS2.1AI score0.89808EPSS

CNVD•added 2020/05/11 12:0 a.m.•2 views

Zoho ManageEngine DataSecurity Plus Authorization Issues Vulnerability

Zoho ManageEngine DataSecurity Plus is a sensitive data management solution from Zoho USA. The product features data leakage prevention, data risk assessment and file server auditing. Zoho ManageEngine DataSecurity Plus suffers from an authorization issue vulnerability that arises when the progra...

10CVSS7.2AI score0.89808EPSS

Exploits7References1

0day.today•added 2020/05/09 12:0 a.m.•63 views

ManageEngine DataSecurity Plus Authentication Bypass Vulnerability

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffer from an authentication bypass vulnerability. ManageEngine DataSecurity Plus Authentication Bypass Identifiers ------------------------------------------------- CVE-2020-11532 XL-20-002 CVSSv3...

10CVSS9.4AI score0.89808EPSS