ManageEngine Firewall Analyzer <8.0 - Local File Inclusion

ManageEngine Firewall Analyzer before 8.0 is vulnerable to local file inclusion. id: CVE-2015-7780 info: name: ManageEngine Firewall Analyzer 8.0 - Local File Inclusion author: daffainfo severity: medium description: ManageEngine Firewall Analyzer before 8.0 is vulnerable to local file inclusion...

Zoho ManageEngine - Internal Hostname Disclosure

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. id: CVE-2022-23779 info: name: Zoho ManageEngine - Internal Hostname Disclosure author: cckuailong severity: medium...

Zoho manageengine - Cross-Site Scripting

Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the...

ManageEngine ADManager Plus - Command Injection

Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings. id: CVE-2023-29084 info: name: ManageEngine ADManager Plus - Command Injection author: rootxharsh,iamnoooob,pdresearch severity: high description: | Zoho ManageEngine...

Zoho ManageEngine ADAudit Plus <7600 - XML Entity Injection/Remote Code Execution

Zoho ManageEngine ADAudit Plus before version 7060 is vulnerable to an unauthenticated XML entity injection attack that can lead to remote code execution. id: CVE-2022-28219 info: name: Zoho ManageEngine ADAudit Plus 7600 - XML Entity Injection/Remote Code Execution author: dwisiswant0 severity:...

ManageEngine - Remote Command Execution

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security...

EUVD-2026-23247

Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration...

CVE-2026-3324 Authentication Bypass

Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration...

PT-2026-33319

Name of the Vulnerable Software and Affected Versions ManageEngine PAM360 versions prior to 8531 ManageEngine Password Manager Pro versions 8600 through 13230 Description An authenticated SQL injection exists in the query report module. SQL injection is a type of flaw that allows an attacker to...

PT-2026-30023

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report...

CVE-2025-9226

Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details...

CVE-2024-41140

Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function...

CVE-2025-1723

Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug...

PT-2025-51214

Name of the Vulnerable Software and Affected Versions ManageEngine ADManager Plus versions prior to 8025 Description The software is susceptible to an NTLM Hash Exposure issue. Exploitation of this issue is limited to technicians with the “Impersonate as Admin” option enabled. Recommendations...

EUVD-2025-84350

Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration...

PT-2025-46318

Name of the Vulnerable Software and Affected Versions Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below Description The software contains a Stored Cross-Site Scripting XSS issue within the Folder Message Count and Size report. This allows for the injection of malicious scripts...

PT-2025-46335

Name of the Vulnerable Software and Affected Versions ManageEngine Analytics Plus versions 6170 and below Description ManageEngine Analytics Plus versions 6170 and below are susceptible to an Unauthenticated SQL Injection due to improper filter configuration. This allows an attacker to execute...

CVE-2025-5342

Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module...

EUVD-2025-17452

Malicious code in bioql PyPI...

EUVD-2024-38917

Malicious code in bioql PyPI...