CVE-2026-5785

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...

PT-2026-30024

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report...

EUVD-2021-7567

Malicious code in bioql PyPI...

EUVD-2021-7565

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-20110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to matc...

CVE-2021-20078

Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS...

CVE-2024-27314

Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users...

Tarrask malware uses scheduled tasks for defense evasion

As Microsoft continues to track the high-priority state-sponsored threat actor HAFNIUM, new activity has been uncovered that leverages unpatched zero-day vulnerabilities as initial vectors. The Microsoft Detection and Response Team DART in collaboration with the Microsoft Threat Intelligence Cent...

Exploit for CVE-2020-2853

Manage Engine OpManager CVE-2020-28653 Proof of Concept This...

CVE-2021-20108

Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be executed due to...

CVE-2021-20110

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as we...

Memory corruption

Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be executed due to...

Integer overflow

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as we...

CVE-2021-20110

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as we...

CVE-2021-20110

CVE-2021-20110 affects Manage Engine AssetExplorer Agent 1.0.34. According to the provided sources, the agent does not validate HTTPS certificates, enabling an attacker on the network to spoof the Asset Explorer server IP and send a NEWSCAN to a listening agent, potentially obtaining the agent’s ...

CVE-2021-20108

CVE-2021-20108 affects Manage Engine Asset Explorer Agent 1.0.34. The agent listens on TCP port 9000 for HTTPS commands from the Manage Engine Server, but uses unverified HTTPS certificates, allowing arbitrary users on the network to send commands. Although authtoken validation may prevent comman...

CVE-2021-20108

Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be executed due to...

CVE-2021-20078

Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS...

CVE-2021-20078

Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS...

CVE-2021-20078

CVE-2021-20078 affects ManageEngine OpManager (builds below 125346). A path traversal flaw in the spark gateway component enables remote denial of service by deleting arbitrary directories on the OS. Multiple connected sources (Red Hat, CNVD, CVE registries) confirm the same description; no explo...