EUVD-2025-27852

Malicious code in bioql PyPI...

CVE-2025-41444

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module...

CVE-2025-36528

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports...

CVE-2025-36527

Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports...

CVE-2025-3836

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report...

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is used by ZOHO USA to simplify auditing, prove compliance and detect threats. A security vulnerability exists in ZOHO ManageEngine ADAudit Plus 8510 and prior versions that originates from SQL injection after authentication...

Vulnerabilities fixed in Zoho ManageEngine

Zoho has fixed vulnerabilities in ManageEngine ADSelfService Plus versions 6513 and earlier and ManageEngine ADAudit Plus versions 8510 and earlier. The vulnerabilities are in the way the applications process SQL queries. In the case of ADSelfService Plus, authenticated users can execute arbitrar...

CVE-2025-3834

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report...

CVE-2024-36517

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module...

CVE-2024-36514

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option...

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. A SQL injection vulnerability exists in ZOHO ManageEngine ADAudit Plus prior to version 8121, which can be exploited by an attacker to execute custom queries and access database tab...

CVE-2024-5487

Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option...

CVE-2023-49335

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details...

CVE-2023-49332

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares...

CVE-2024-0269

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271...

ManageEngine SQL Injection Vulnerability

ManageEngine is a family of IT management solutions from ManageEngine, Inc. A security vulnerability exists in ManageEngine ADAudit Plus 7270 and prior versions that stems from vulnerability to authenticated SQL injection attacks...

ZOHO ManageEngine ADAudit Plus SQL Injection Vulnerability

ZOHO ManageEngine ADAudit Plus is used by ZOHO to simplify auditing, demonstrate compliance and detect threats. A SQL injection vulnerability exists in ZOHO ManageEngine ADAudit Plus prior to Build 7271, which stems from a vulnerability in the aggregate report feature that is susceptible to SQL...

PT-2024-13653 · Zoho · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADAudit Plus versions through 7250 Description: The issue allows SQL Injection in the aggregate report feature. There is no information provided about the estimated number of potentially affected devices worldwide or details...

Vulnerability fixed in ManageEngine ADAudit Plus

ManageEngine has fixed a vulnerability in ADAudit Plus. A unauthenticated malicious person could exploit the vulnerability to execute arbitrary code on the system on which ADAudit Plus is installed. Horizon researchers have published a write-up and proof-of-concept code published. They indicate...

CVE-2022-24978

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response...