Lucene search
K

124 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.7 views

ManageEngine ADSelfService Plus < Build 6529 Account Takeover (CVE-2026-11374)

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6529. It is, therefore, affected by an account takeover vulnerability: - The SSO tickets generated to authenticate a session could be predicted by an unauthenticate...

9CVSS5.8AI score0.01237EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 8:19 a.m.38 views

CVE-2026-11374 Account Takeover via Predictable SSO Ticket Generation

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover...

9CVSS0.01237EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/31 12:0 a.m.32 views

ManageEngine ADSelfService Plus < Build 6525 Authenticated RCE

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6525. It is, therefore, affected by an authenticated remote code execution vulnerability. This vulnerability stems from improper access controls to the service used...

8.4CVSS6.5AI score0.01702EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/21 12:36 p.m.7 views

CVE-2026-2740 Remote Code Execution

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...

8.4CVSS6.2AI score0.01702EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 12:36 p.m.24 views

CVE-2026-2740

This CVE affects Zohocorp ManageEngine ADSelfService Plus (before 6525), DataSecurity Plus (before 6264), and RecoveryManager Plus (before 6313). Root cause: a bug in a third‑party dependency leading to Authenticated Remote Code Execution on agent machines. Affected products expose a high impact ...

8.4CVSS6.2AI score0.01702EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

ZOHO多款产品 命令注入漏洞

ZOHO ManageEngine DataSecurity Plus is a product of the American company ZOHO. ZOHO ManageEngine DataSecurity Plus is a sensitive data management solution. ZOHO ManageEngine ADSelfService Plus is an integrated self-service password management and single-sign-on solution for Active Directory and...

8.4CVSS6.2AI score0.01702EPSS
Exploits0References1
NVD
NVD
added 2026/02/23 8:16 a.m.10 views

CVE-2026-1367

Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option...

8.3CVSS0.0787EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/23 6:54 a.m.4 views

CVE-2026-1367 SQL Injection

Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option...

8.3CVSS5.8AI score0.0787EPSS
Exploits0References1
NVD
NVD
added 2026/01/13 2:16 p.m.7 views

CVE-2025-11250

Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations...

9.1CVSS0.01418EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/13 1:35 p.m.20 views

CVE-2025-11250 Authentication Bypass

Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations...

9.1CVSS0.01418EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.4 views

CVE-2021-28958

Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password...

9.8CVSS7.6AI score0.73126EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/13 12:0 a.m.2 views

ManageEngine ADSelfService Plus Installed (Windows)

Binary data manageengineadselfservicepluswininstalled.nbin...

7AI score
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-23981

Malware in sbrugna...

6.1CVSS6.2AI score0.02934EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-3903

Malware in sbrugna...

10CVSS9.2AI score0.07403EPSS
Exploits4References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-39718

Malicious code in bioql PyPI...

6.8CVSS6.7AI score0.26426EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-7604

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.069EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 p.m.6 views

CVE-2021-20148

ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another...

4.3CVSS7AI score0.01116EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:5 p.m.7 views

CVE-2021-37424

ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover...

9.8CVSS6.9AI score0.04622EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:6 p.m.9 views

CVE-2021-20147

ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists...

5.3CVSS7AI score0.069EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/05/15 12:0 a.m.5 views

ManageEngine ADSelfService Plus < build 6514 SQLi

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6514. It is, therefore, affected by an authenticated SQL injection vulnerability in the MFA reports. Note that Nessus has not tested for this issue but has instead...

8.1CVSS5.8AI score0.27766EPSS
Exploits0References2
Rows per page
Query Builder