Lucene search
K

3534 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.6 views

CVE-2022-37024

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution...

8.8CVSS7.5AI score0.78326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:43 a.m.11 views

CVE-2022-26777

Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details...

5.3CVSS6.9AI score0.02088EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.9 views

CVE-2022-26653

Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details such as the username and GUID of an administrator...

5.3CVSS6.9AI score0.02088EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:40 a.m.8 views

CVE-2022-35403

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. This also affects Asset Explorer before 6977 with authentication...

7.5CVSS6.8AI score0.05768EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:19 a.m.7 views

CVE-2019-18781

An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site...

6.1CVSS6.7AI score0.01843EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:12 a.m.8 views

CVE-2019-11678

The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection...

9.8CVSS7.5AI score0.0948EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.11 views

CVE-2019-11511

Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API...

6.1CVSS5.9AI score0.0209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.8 views

CVE-2019-11676

The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks...

6.1CVSS5.8AI score0.01929EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:10 a.m.8 views

CVE-2019-11469

Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Actions" feature...

10CVSS8.2AI score0.18362EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:10 a.m.8 views

CVE-2019-11448

An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a PopupSLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file...

10CVSS8.2AI score0.12428EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:9 a.m.7 views

CVE-2019-11677

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity XXE Injection...

9.8CVSS6.9AI score0.09358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:29 a.m.18 views

CVE-2023-29505

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking...

8.8CVSS6.9AI score0.00894EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:29 a.m.6 views

CVE-2023-50891

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1...

6.5CVSS6.7AI score0.01076EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:9 a.m.9 views

CVE-2019-20474

An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role read-only access to use and abuse it. One of the abuses allows performing network and port scan...

4.3CVSS7AI score0.01441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.18 views

CVE-2023-49331

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option...

8.8CVSS8AI score0.03005EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.17 views

CVE-2023-49333

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature...

8.8CVSS8AI score0.03005EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.21 views

CVE-2023-49330

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data...

8.8CVSS8.2AI score0.02288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.7 views

CVE-2023-49332

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares...

8.8CVSS8AI score0.03005EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.11 views

CVE-2019-16268

Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen...

4.8CVSS7.2AI score0.0181EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.8 views

CVE-2019-12543

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter...

6.1CVSS5.7AI score0.06056EPSS
Exploits5References1
Rows per page
Query Builder