Lucene search
K

5125 matches found

Vulnrichment
Vulnrichment
added 2026/06/23 8:19 a.m.6 views

CVE-2026-11374 Account Takeover via Predictable SSO Ticket Generation

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover...

9CVSS5.8AI score0.01237EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:19 a.m.5 views

CVE-2026-11374

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover...

9CVSS5.8AI score0.01237EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 8:19 a.m.79 views

CVE-2026-11374

CVE-2026-11374 affects ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus. The issue allows unauthenticated users to predict SSO tickets used to authenticate sessions, enabling account takeover. The CVSS v3.1 metrics in the provided data indicate a CRITICAL...

9CVSS5.8AI score0.01237EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/06/23 5:8 a.m.31 views

Zoho ManageEngine ADAudit Plus <7600 - XML Entity Injection/Remote Code Execution

Zoho ManageEngine ADAudit Plus before version 7060 is vulnerable to an unauthenticated XML entity injection attack that can lead to remote code execution. id: CVE-2022-28219 info: name: Zoho ManageEngine ADAudit Plus 7600 - XML Entity Injection/Remote Code Execution author: dwisiswant0 severity:...

9.8CVSS7.6AI score0.97011EPSS
Exploits6References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.6 views

PT-2026-51487

Name of the Vulnerable Software and Affected Versions ADSelfService Plus versions prior to 6529 RecoveryManager Plus versions prior to 6321 M365 Manager Plus versions prior to 4817 ADAudit Plus versions prior to 8703 Description In ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and...

9CVSS5.9AI score0.01237EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/19 11:10 a.m.58 views

Zoho ManageEngine - Remote Code Execution

Zoho ManageEngine Password Manager Pro, PAM 360, and Access Manager Plus are susceptible to unauthenticated remote code execution via XML-RPC. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary...

9.8CVSS8.1AI score0.9994EPSS
Exploits5References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.238 views

ManageEngine Desktop Central Java Deserialization

Zoho ManageEngine Desktop Central before 10.0.474 is vulnerable to a deserialization of untrusted data, which permits remote code execution. id: CVE-2020-10189 info: name: ManageEngine Desktop Central Java Deserialization author: king-alexander severity: critical description: | Zoho ManageEngine...

10CVSS9.2AI score0.99941EPSS
Exploits6References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.72 views

Zoho ManageEngine ServiceDesk Plus - Remote Code Execution

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. id: CVE-2021-44077 info: name: Zoho ManageEngine ServiceDesk Plus - Remote Code Execution author: Adam Crosser,gy741...

9.8CVSS9.2AI score0.93514EPSS
Exploits6References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.35 views

Zoho manageengine - Cross-Site Scripting

Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the...

6.1CVSS5.6AI score0.98463EPSS
Exploits3References4
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.128 views

ManageEngine - Remote Command Execution

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security...

9.8CVSS9.4AI score0.99753EPSS
Exploits15References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.7 views

CVE-2026-3324

Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration...

8.2CVSS5.5AI score0.01323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-5785

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...

8.1CVSS5.6AI score0.01394EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.9 views

CVE-2026-2740

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...

8.4CVSS6AI score0.01702EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/31 12:0 a.m.37 views

ManageEngine ADSelfService Plus < Build 6525 Authenticated RCE

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6525. It is, therefore, affected by an authenticated remote code execution vulnerability. This vulnerability stems from improper access controls to the service used...

8.4CVSS6.5AI score0.01702EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/21 12:36 p.m.7 views

CVE-2026-2740 Remote Code Execution

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...

8.4CVSS6.2AI score0.01702EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 12:36 p.m.25 views

CVE-2026-2740

This CVE affects Zohocorp ManageEngine ADSelfService Plus (before 6525), DataSecurity Plus (before 6264), and RecoveryManager Plus (before 6313). Root cause: a bug in a third‑party dependency leading to Authenticated Remote Code Execution on agent machines. Affected products expose a high impact ...

8.4CVSS6.2AI score0.01702EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 12:36 p.m.40 views

CVE-2026-2740 Remote Code Execution

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...

8.4CVSS0.01702EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

ZOHO多款产品 命令注入漏洞

ZOHO ManageEngine DataSecurity Plus is a product of the American company ZOHO. ZOHO ManageEngine DataSecurity Plus is a sensitive data management solution. ZOHO ManageEngine ADSelfService Plus is an integrated self-service password management and single-sign-on solution for Active Directory and...

8.4CVSS6.2AI score0.01702EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.15 views

PT-2026-42464

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...

8.4CVSS6.2AI score0.01702EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/09 3:32 p.m.136 views

Exploit for Unrestricted Upload of File with Dangerous Type in Zohocorp Manageengine_Applications_Manager

CVE-2020-14008 - ManageEngine Applications Manager RCE Authen...

7.2CVSS5.9AI score0.35773EPSS
Exploits4
Rows per page
Query Builder