Lucene search
K

5125 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:39 p.m.10 views

CVE-2023-29443

Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint...

4.9CVSS6.7AI score0.03026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:38 p.m.10 views

CVE-2023-29084

Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings...

7.2CVSS7.1AI score0.98388EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:38 p.m.7 views

CVE-2023-29442

Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS...

6.1CVSS7AI score0.0941EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:33 p.m.8 views

CVE-2023-31099

Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers...

8.8CVSS7.7AI score0.81555EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.7 views

CVE-2023-31492

Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users...

6.5CVSS6.7AI score0.05312EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:11 p.m.10 views

CVE-2018-18980

An XML External Entity injection XXE vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrar...

7.5CVSS7.2AI score0.24995EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:9 p.m.6 views

CVE-2018-18949

Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings...

9.8CVSS8.3AI score0.24498EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:0 p.m.8 views

CVE-2018-19921

Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller...

6.1CVSS6.1AI score0.01931EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:51 a.m.5 views

CVE-2009-4387

The cross-site scripting XSS protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro PMP before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and oth...

4.3CVSS5.9AI score0.01328EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:36 a.m.6 views

CVE-2021-41827

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive...

7.5CVSS7.2AI score0.04579EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:36 a.m.5 views

CVE-2021-41081

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search...

9.8CVSS8AI score0.69173EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:36 a.m.3 views

CVE-2021-41829

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key...

7.5CVSS6.9AI score0.03108EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.8 views

CVE-2021-27956

Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html/directory-search user search page via the e-mail address field...

6.1CVSS5.9AI score0.01606EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.16 views

CVE-2021-33055

Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions...

10CVSS8.1AI score0.18062EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.8 views

CVE-2021-33617

Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName= username enumeration, because the response to a failed login request is null only when the username is invalid...

5.3CVSS6.9AI score0.02055EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.6 views

CVE-2021-33911

Zoho ManageEngine ADManager Plus before 7110 allows remote code execution...

9.8CVSS7.6AI score0.05261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.4 views

CVE-2021-28958

Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password...

9.8CVSS7.6AI score0.73126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.6 views

CVE-2021-28960

Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations...

9.8CVSS7.7AI score0.01971EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.6 views

CVE-2021-28959

Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution...

9.8CVSS7.6AI score0.16912EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.15 views

CVE-2021-31857

In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types...

5.9CVSS6.8AI score0.02671EPSS
Exploits0References1
Rows per page
Query Builder