200 matches found
Zoho ManageEngine - Remote Code Execution
Zoho ManageEngine Password Manager Pro, PAM 360, and Access Manager Plus are susceptible to unauthenticated remote code execution via XML-RPC. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary...
Zoho ManageEngine - Access Control Bypass
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...
CVE-2026-2740
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...
WordPress WPC Badge Management for WooCommerce plugin <= 3.1.6 - Authenticated (Shop Manager+) Stored Cross-Site Scripting vulnerability
Authenticated Shop Manager+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin WPC Badge Management for WooCommerce versions = 3.1.6...
PT-2026-24766
NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script test.jsp endpoint. Attackers can send POST requests with shell commands embedded in the 'content'...
CVE-2025-11669
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality...
CVE-2025-11669
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality...
CVE-2025-11669
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality...
CVE-2025-11669 Broken Access Control
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality...
CVE-2025-11669 Broken Access Control
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality...
CVE-2025-11669
The vulnerability CVE-2025-11669 affects Zohocorp ManageEngine PAM360 (versions before 8202), Password Manager Pro (before 13221), and Access Manager Plus (before 4401). It is described as an authorization issue in the initiate remote session functionality. Remediation: upgrade PAM360 to 8202 or ...
ZOHO多款产品 安全漏洞
ZOHO Password Manager Pro PMP and so on are products of ZOHO USA company.ZOHO Password Manager Pro is a password manager.ZOHO ManageEngine Access Manager Plus is the ZOHO ManageEngine PAM360 is a complete PAM software. A security vulnerability exists in several ZOHO products, which stems from an...
PT-2026-2436
Name of the Vulnerable Software and Affected Versions ManageEngine PAM360 versions prior to 8202 Password Manager Pro versions prior to 13221 Access Manager Plus versions prior to 4401 Description The software is subject to an authorization issue within the initiate remote session functionality...
EUVD-2008-0703
Malware in sbrugna...
EUVD-2022-44546
Malicious code in bioql PyPI...
EUVD-2023-33797
Malicious code in bioql PyPI...
EUVD-2024-33323
Malicious code in bioql PyPI...
EUVD-2022-29329
Malicious code in bioql PyPI...
EUVD-2021-31470
Malicious code in bioql PyPI...
CVE-2022-43672
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection in a different software component relative to CVE-2022-43671...