Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5114 matches found

CVE
CVEadded 2025/10/30 2:28 p.m.10 views

CVE-2025-5343

CVE-2025-5343 concerns ManageEngine Exchange Reporter Plus, affected up to version 5721. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the Instant Search feature, allowing an attacker to inject scripts that are stored on the server and executed when other users access the affec...

6.3CVSS5.8AI score0.00369EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2025/10/30 2:28 p.m.6 views

EUVD-2025-37003

Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option...

6.3CVSS5.7AI score0.00369EPSS
Exploits0References2
CVE
CVEadded 2025/10/30 2:20 p.m.10 views

CVE-2025-5342

CVE-2025-5342 affects Zohocorp ManageEngine Exchange Reporter Plus up to version 5721, with a Regular Expression Denial of Service (ReDoS) in the search module. The RedHat/CNA/CIRCL and other feeds corroborate this DoS issue. Impact is described as potential service disruption due to resource exh...

6.5CVSS6.5AI score0.00948EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2025/10/30 2:20 p.m.3 views

EUVD-2025-37005

Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module...

4.3CVSS6.4AI score0.00948EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/10/30 12:0 a.m.5 views

PT-2025-44413

Name of the Vulnerable Software and Affected Versions ManageEngine Exchange Reporter Plus versions through 5721 Description The software is susceptible to a Stored Cross Site Scripting issue within the Instant Search functionality. The issue allows for the injection of malicious scripts that are...

6.3CVSS6.2AI score0.00369EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/10/28 1:49 p.m.12 views

CVE-2025-11248

ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token...

4.3CVSS6.3AI score0.0042EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEVadded 2025/10/28 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-28653

Zoho ManageEngine OpManager Stable build before 125203 and Released build before 125233 allows Remote Code Execution via the Smart Update Manager SUM servlet...

9.8CVSS5.9AI score0.787EPSS
In wildExploits5References2
NVD
NVDadded 2025/10/27 1:15 p.m.5 views

CVE-2025-11248

ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token...

4.3CVSS0.0042EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/27 12:56 p.m.10 views

EUVD-2025-36177

ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token...

3.2CVSS5.8AI score0.0042EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/10/27 12:56 p.m.5 views

CVE-2025-11248 Sensitive Information Logged

ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token...

3.2CVSS5.9AI score0.0042EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/10/27 12:56 p.m.15 views

CVE-2025-11248 Sensitive Information Logged

ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token...

3.2CVSS0.0042EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/27 12:0 a.m.5 views

PT-2025-43944

Name of the Vulnerable Software and Affected Versions ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 Description An authenticated user with access to logs may be able to obtain the sensitive agent token. The issue involves sensitive information logging. Recommendations Upda...

4.3CVSS6AI score0.0042EPSS
Exploits0References5
CNNVD
CNNVDadded 2025/10/27 12:0 a.m.3 views

ZOHO ManageEngine Endpoint Central 安全漏洞

ZOHO ManageEngine Endpoint Central is a desktop management system from ZOHO USA. A security vulnerability exists in ZOHO ManageEngine Endpoint Central prior to version 11.4.2528.05, which stems from logging sensitive information and could lead to the acquisition of sensitive proxy tokens...

4.3CVSS6.3AI score0.0042EPSS
Exploits0References1
CNVD
CNVDadded 2025/10/23 12:0 a.m.5 views

ZOHO ManageEngine ADManager Plus Command Injection Vulnerability

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

8.8CVSS7.8AI score0.04721EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/10/22 2:11 p.m.3 views

CVE-2025-6239

Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor...

6.5CVSS6.4AI score0.00873EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/10/22 2:11 p.m.4 views

CVE-2025-10020

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component...

8.8CVSS7.7AI score0.04721EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/10/22 12:12 p.m.16 views

CVE-2025-9428

Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api...

8.8CVSS7.9AI score0.25403EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/10/22 11:12 a.m.10 views

CVE-2025-7473

Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection...

5.3CVSS7AI score0.0031EPSS
Exploits0References1
CNVD
CNVDadded 2025/10/22 12:0 a.m.1 views

ZOHO ManageEngine Applications Manager Information Disclosure Vulnerability (CNVD-2025-29926)

ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product has application performance management, fault management, report generation and SLA management and other functions. An information disclosure...

6.5CVSS6.3AI score0.00873EPSS
Exploits0References1
CNVD
CNVDadded 2025/10/22 12:0 a.m.6 views

ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability (CNVD-2025-29927)

ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO. Get a better view of your IT data with rich visualizations and dashboards. ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability, the vulnerability is due to insufficient input validation. An attacker can...

8.8CVSS8.2AI score0.25403EPSS
Exploits0References1
Rows per page
Query Builder