CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

423 matches found

CVE-2026-11374

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover...

9CVSS0.01237EPSS

Exploits0References1

Cvelist•added yesterday•23 views

CVE-2026-11374 Account Takeover via Predictable SSO Ticket Generation

9CVSS0.01237EPSS

Exploits0References1

Nuclei•added yesterday•10 views

Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration

Zoho ManageEngine ADSelfService Plus 6121 is vulnerable to username enumeration CVE-2022-28987. The Forgot Password functionality responds differently for existing and non-existing users, allowing attackers to enumerate valid usernames. id: CVE-2022-28987 info: name: Zoho ManageEngine ADSelfServi...

5.3CVSS6.1AI score0.09705EPSS

Exploits1References2

Nuclei•added 5 days ago•64 views

Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution

Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution. id: CVE-2021-40539 info: name: Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution author:...

9.8CVSS7.8AI score0.9896EPSS

Exploits8References5

RedhatCVE•added 2026/06/05 7:15 p.m.•8 views

CVE-2026-2740

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...

8.4CVSS6AI score0.01702EPSS

Exploits0References1

Tenable Nessus•added 2026/05/31 12:0 a.m.•27 views

ManageEngine ADSelfService Plus < Build 6525 Authenticated RCE

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6525. It is, therefore, affected by an authenticated remote code execution vulnerability. This vulnerability stems from improper access controls to the service used...

8.4CVSS6.5AI score0.01702EPSS

Exploits0References2

NVD•added 2026/05/21 2:16 p.m.•13 views

CVE-2026-2740

8.4CVSS0.01702EPSS

Exploits0References1

EUVD•added 2026/05/21 12:36 p.m.•7 views

EUVD-2026-31283

8.4CVSS6.2AI score0.01702EPSS

Exploits0References1

Vulnrichment•added 2026/05/21 12:36 p.m.•6 views

CVE-2026-2740 Remote Code Execution

8.4CVSS6.2AI score0.01702EPSS

Exploits0References1

CVE•added 2026/05/21 12:36 p.m.•19 views

CVE-2026-2740

This CVE affects Zohocorp ManageEngine ADSelfService Plus (before 6525), DataSecurity Plus (before 6264), and RecoveryManager Plus (before 6313). Root cause: a bug in a third‑party dependency leading to Authenticated Remote Code Execution on agent machines. Affected products expose a high impact ...

8.4CVSS6.2AI score0.01702EPSS

Exploits0References1

CNNVD•added 2026/05/21 12:0 a.m.•7 views

ZOHO多款产品命令注入漏洞

ZOHO ManageEngine DataSecurity Plus is a product of the American company ZOHO. ZOHO ManageEngine DataSecurity Plus is a sensitive data management solution. ZOHO ManageEngine ADSelfService Plus is an integrated self-service password management and single-sign-on solution for Active Directory and...

8.4CVSS6.2AI score0.01702EPSS

Exploits0References1

Positive Technologies•added 2026/05/21 12:0 a.m.•10 views

PT-2026-42464

8.4CVSS6.2AI score0.01702EPSS

Exploits0References2

VulnCheck KEV•added 2026/04/01 12:0 a.m.•12 views

VulnCheck KEV: CVE-2022-28987

Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login...

5.3CVSS5.8AI score0.09705EPSS

In wildExploits1References2

RedhatCVE•added 2026/02/24 7:29 a.m.•6 views

CVE-2026-1367