PT-2025-24423 · Zoho · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior Description: The issue concerns an authenticated SQL injection vulnerability in the Service Account Auditing reports of the affected software. Recommendations: For Zohocorp ManageEngi...

PT-2025-24422 · Zohocorp · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior Description: The issue is related to authenticated SQL injection in the Service Account Auditing reports. Recommendations: For versions 8510 and prior, update to a version later than...

PT-2025-24424 · Zoho · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior Description: The issue is related to authenticated SQL injection in the alerts module. Recommendations: For versions 8510 and prior, consider disabling the alerts module until a patch...

PT-2025-22457 · Manageengine · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: ManageEngine ADAudit Plus versions 8510 and prior Description: The issue is related to authenticated SQL injection when fetching service account audit data. Recommendations: For ManageEngine ADAudit Plus versions 8510 and prior, update to a...

Zohocorp ManageEngine ADManager Plus 7210 - Elevation of Privilege

Exploit Title: ManageEngine ADManager Plus Build 7210 Elevation of Privilege Vulnerability Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/ad-manager/ Details:...

CVE-2024-50053

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...

CVE-2024-50053

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...

CVE-2024-50053

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...

CVE-2024-50053 Stored XSS

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...

CVE-2024-50053

CVE-2024-50053 affects ManageEngine ServiceDesk Plus (and MSP/SupportCentre Plus) prior to version 14920 (and MSP/SupportCentre prior to 14910). The vulnerability is a stored XSS in the Task feature, allowing an attacker-supplied payload to be stored and executed when a user accesses the task. Th...

CVE-2024-50053 Stored XSS

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...

PT-2025-12393 · Zoho · Manageengine Supportcenter Plus +1

Name of the Vulnerable Software and Affected Versions: ManageEngine ServiceDesk Plus versions below 14920 ManageEngine ServiceDesk Plus MSP versions below 14910 ManageEngine SupportCentre Plus versions below 14910 Description: The issue concerns a Stored XSS vulnerability in the task feature. Thi...

ZOHO ManageEngine ServiceDesk Plus 安全漏洞

ZOHO ManageEngine ServiceDesk Plus SDP is a set of IT service management software based on the ITIL architecture from ZOHO. The software integrates Incident Management, Problem Management, Asset Management IT Project Management, Procurement and Contract Management and other functional modules. A...

CVE-2025-1724

Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token...

CVE-2025-1724

Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token...

CVE-2025-1724 Account Takeover

Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token...

CVE-2025-1724

Affected products: Zohocorp’s ManageEngine Analytics Plus and Zoho Analytics on‑premise, versions older than 6130. Root cause: hardcoded sensitive token leading to an AD‑only account takeover. Impact: potential unauthorized AD account access; impact details are as described in the sources. Exploi...

ZOHO ManageEngine Analytics Plus和ZOHO ManageEngine Analytics on-premise 安全漏洞

ZOHO ManageEngine Analytics Plus and ZOHO ManageEngine Analytics on-premise are both products of ZOHO, Inc. ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution. Get a better view of your IT data with rich visualizations and dashboards.ZOHO ManageEngine Analytics on-premise is...

ManageEngine ServiceDesk Plus MSP < 14.9 Build 14910

The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.9 Build 14910. It is, therefore, affected by a vulnerability as referenced in the service-desk-mspCVE-2024-50053 advisory. - A stored cross-site scripting XSS vulnerability allowed authenticated technicia...

The vulnerability of the ManageEngine ADSelfService Plus password reset software, related to deficiencies in authentication procedures, allows a malicious individual to gain access to user accounts.

The vulnerability of the ManageEngine ADSelfService Plus password reset software is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to user accounts remotely...