ManageEngine ADSelfService Plus < Build 6525 Authenticated RCE

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6525. It is, therefore, affected by an authenticated remote code execution vulnerability. This vulnerability stems from improper access controls to the service used...

CVE-2026-2740

This CVE affects Zohocorp ManageEngine ADSelfService Plus (before 6525), DataSecurity Plus (before 6264), and RecoveryManager Plus (before 6313). Root cause: a bug in a third‑party dependency leading to Authenticated Remote Code Execution on agent machines. Affected products expose a high impact ...

ZOHO多款产品 命令注入漏洞

ZOHO ManageEngine DataSecurity Plus is a product of the American company ZOHO. ZOHO ManageEngine DataSecurity Plus is a sensitive data management solution. ZOHO ManageEngine ADSelfService Plus is an integrated self-service password management and single-sign-on solution for Active Directory and...

CVE-2026-1367

Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option...

CVE-2025-11250

Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations...

CVE-2025-11250 Authentication Bypass

Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations...

CVE-2021-28958

Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password...

EUVD-2020-3903

Malware in sbrugna...

EUVD-2021-23981

Malware in sbrugna...

EUVD-2023-39718

Malicious code in bioql PyPI...

EUVD-2021-7604

Malicious code in bioql PyPI...

CVE-2021-20147

ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists...

ManageEngine ADSelfService Plus < build 6514 SQLi

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6514. It is, therefore, affected by an authenticated SQL injection vulnerability in the MFA reports. Note that Nessus has not tested for this issue but has instead...

Vulnerabilities fixed in Zoho ManageEngine

Zoho has fixed vulnerabilities in ManageEngine ADSelfService Plus versions 6513 and earlier and ManageEngine ADAudit Plus versions 8510 and earlier. The vulnerabilities are in the way the applications process SQL queries. In the case of ADSelfService Plus, authenticated users can execute arbitrar...

CVE-2025-3833

Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports...

ZOHO ManageEngine ADSelfService Plus SQL注入漏洞

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus 6513 and prior versions, which stems from an MFA report of...

The vulnerability of the ManageEngine ADSelfService Plus password reset software, related to deficiencies in authentication procedures, allows a malicious individual to gain access to user accounts.

The vulnerability of the ManageEngine ADSelfService Plus password reset software is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to user accounts remotely...

CVE-2025-1723

Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug...

CVE-2025-1723 Account takeover

Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug...

PT-2025-9278 · Manageengine · Zoho Manageengine Adselfservice Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADSelfService Plus versions 6510 and below Description: The issue is related to session mishandling, which can lead to account takeover. Valid account holders in the setup only have the potential to exploit this bug. The...