CVE-2025-41407

Zohocorp ManageEngine ADAudit Plus, prior to version 8511, has a SQL injection vulnerability in the OU History report. Root cause: improper handling of input in the OU History reporting path leading to SQL injection. Impact: potential unauthorized access or data disclosure from affected installat...

CVE-2025-36527 SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports...

CVE-2025-36527 SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports...

CVE-2025-36527

CVE-2025-36527 affects Zohocorp ManageEngine ADAudit Plus versions below 8511. The issue is a SQL injection during report export , with CVSS 3.1 base score 8.3 (HIGH). Connected sources also reference a fix recommendation: upgrade to version 8511 or later to resolve the vulnerability. A temporary...

CVE-2024-38870

Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104, from 128151 before 128238, from 128247 before 128250 are vulnerable to Stored XSS vulnerability in reports module...

CVE-2024-36038

Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option...

CVE-2024-5678

Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature...

CVE-2024-27313

Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610...

CVE-2024-21791

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability...

CVE-2024-27311

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder...

CVE-2024-9100

Zohocorp ManageEngine Analytics Plus versions before 5410 and Zoho Analytics On-Premise versions before 5410 are vulnerable to Path traversal...

CVE-2024-41150

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800...

CVE-2023-28341

Stored Cross site scripting XSS vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page...

CVE-2023-49943

Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS by a low-privileged technician via a task's name in a time sheet...

CVE-2023-48792

Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option...

CVE-2023-48793

Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature...

CVE-2023-39912

Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed...

CVE-2023-50785

Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal...

CVE-2023-49335

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details...

CVE-2023-48646

Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings...