Skip to main content

Zoho

455 CVEs product

Monthly

CVE-2023-28342 HIGH This Week

Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.1
7.5
EPSS
79.7%
CVE-2023-26601 HIGH This Week

Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zoho Manageengine Assetexplorer Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +1
NVD
CVSS 3.1
7.5
EPSS
34.1%
CVE-2023-26600 MEDIUM This Month

ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zoho Manageengine Assetexplorer Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +1
NVD
CVSS 3.1
6.5
EPSS
6.3%
CVE-2023-0169 MEDIUM POC This Month

The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Zoho Zoho Forms
NVD WPScan
CVSS 3.1
5.4
EPSS
1.6%
CVE-2023-23078 MEDIUM This Month

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD
CVSS 3.1
6.1
EPSS
2.8%
CVE-2023-23077 MEDIUM This Month

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD
CVSS 3.1
6.1
EPSS
2.8%
CVE-2023-23075 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD
CVSS 3.1
6.1
EPSS
2.6%
CVE-2023-23074 MEDIUM This Month

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD
CVSS 3.1
6.1
EPSS
83.6%
CVE-2023-23073 MEDIUM This Month

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD
CVSS 3.1
6.1
EPSS
2.8%
CVE-2023-22964 CRITICAL Act Now

Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Servicedesk Plus Msp
NVD
CVSS 3.1
9.1
EPSS
2.4%
CVE-2023-22624 HIGH This Week

Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Zoho Microsoft Manageengine Exchange Reporter Plus
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2022-47578 HIGH POC This Week

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Device Control Plus
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-47577 HIGH POC This Week

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zoho Microsoft Authentication Bypass Manageengine Device Control Plus
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-40772 MEDIUM PATCH This Month

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zoho Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp Manageengine Supportcenter Plus +1
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2022-40771 MEDIUM PATCH This Month

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Information Disclosure Zoho XXE Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +2
NVD
CVSS 3.1
4.9
EPSS
3.5%
CVE-2022-40770 HIGH This Week

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Command Injection Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp Manageengine Supportcenter Plus
NVD
CVSS 3.1
7.2
EPSS
82.5%
CVE-2022-42904 HIGH This Week

Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Command Injection Manageengine Admanager Plus
NVD
CVSS 3.1
7.2
EPSS
7.7%
CVE-2022-42903 LOW Monitor

Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Supportcenter Plus
NVD
CVSS 3.1
3.3
EPSS
0.5%
CVE-2022-43672 CRITICAL Act Now

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SQLi Manageengine Access Manager Plus Manageengine Pam360 Manageengine Password Manager Pro
NVD
CVSS 3.1
9.8
EPSS
67.1%
CVE-2022-43671 CRITICAL Act Now

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SQLi Manageengine Access Manager Plus Manageengine Pam360 Manageengine Password Manager Pro
NVD
CVSS 3.1
9.8
EPSS
74.8%
CVE-2022-41339 HIGH This Week

In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Zoho Privilege Escalation Manageengine Mobile Device Manager Plus
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-40773 HIGH This Week

Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zoho Privilege Escalation Manageengine Servicedesk Plus Msp Manageengine Supportcenter Plus
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2022-41978 MEDIUM This Month

Auth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Privilege Escalation WordPress Zoho Crm Lead Magnet
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2022-40300 CRITICAL PATCH Act Now

Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Zoho SQLi Manageengine Access Manager Plus Manageengine Pam360 Manageengine Password Manager Pro
NVD
CVSS 3.1
9.8
EPSS
99.3%
CVE-2022-38772 HIGH This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Netflow Analyzer Manageengine Network Configuration Manager Manageengine Opmanager +3
NVD
CVSS 3.1
8.8
EPSS
77.6%
CVE-2022-37024 HIGH This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager +4
NVD
CVSS 3.1
8.8
EPSS
78.3%
CVE-2022-36923 HIGH POC This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager +4
NVD
CVSS 3.1
7.5
EPSS
7.9%
CVE-2022-36412 CRITICAL Act Now

In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zoho Manageengine Supportcenter Plus
NVD
CVSS 3.1
9.8
EPSS
5.8%
CVE-2022-35404 HIGH PATCH This Week

ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Zoho Manageengine Opmanager Manageengine Network Configuration Manager Manageengine Netflow Analyzer +1
NVD
CVSS 3.1
8.2
EPSS
3.8%
CVE-2022-35403 HIGH PATCH This Week

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Zoho Information Disclosure Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp Manageengine Supportcenter Plus +1
NVD
CVSS 3.1
7.5
EPSS
5.8%
CVE-2022-34829 HIGH PATCH This Week

Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2022-32551 HIGH This Week

Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Path Traversal Manageengine Servicedesk Plus Msp
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2022-23050 HIGH POC This Week

ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries'. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Applications Manager
NVD
CVSS 3.1
7.2
EPSS
4.6%
CVE-2022-28987 MEDIUM POC This Month

Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Adselfservice Plus
NVD GitHub
CVSS 3.1
5.3
EPSS
9.7%
CVE-2022-29535 CRITICAL PATCH Act Now

Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Zoho SQLi Manageengine Opmanager
NVD
CVSS 3.1
9.8
EPSS
93.4%
CVE-2022-29081 CRITICAL POC THREAT Act Now

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Path Traversal Manageengine Access Manager Plus Manageengine Pam360 Manageengine Password Manager Pro
NVD
CVSS 3.1
9.8
EPSS
83.3%
CVE-2022-29457 HIGH POC This Week

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Microsoft Information Disclosure Manageengine Adaudit Plus Manageengine Admanager Plus +2
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
7.9%
CVE-2022-28810 MEDIUM POC KEV PATCH THREAT This Month

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Zoho Command Injection Manageengine Adselfservice Plus
NVD GitHub
CVSS 3.1
6.8
EPSS
70.5%
CVE-2022-27908 HIGH PATCH This Week

Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Zoho SQLi Manageengine Opmanager
NVD
CVSS 3.1
8.8
EPSS
37.7%
CVE-2022-26777 MEDIUM POC This Month

Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Remote Access Plus
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2022-26653 MEDIUM POC This Month

Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Remote Access Plus
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2022-24681 MEDIUM POC PATCH This Month

Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Zoho XSS Manageengine Adselfservice Plus
NVD
CVSS 3.1
6.1
EPSS
3.6%
CVE-2022-28219 CRITICAL POC PATCH THREAT Act Now

Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Zoho RCE XXE Manageengine Adaudit Plus
NVD
CVSS 3.1
9.8
EPSS
97.0%
CVE-2022-25373 MEDIUM POC This Month

Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Supportcenter Plus
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-25245 MEDIUM PATCH This Month

Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Zoho Manageengine Servicedesk Plus
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2022-24978 HIGH PATCH This Week

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-24447 MEDIUM This Month

An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Key Manager Plus
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-24306 CRITICAL Act Now

Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Zoho Manageengine Sharepoint Manager Plus
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-24305 CRITICAL Act Now

Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Zoho Microsoft Information Disclosure Manageengine Sharepoint Manager Plus
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-23779 MEDIUM POC THREAT This Month

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD
CVSS 3.1
5.3
EPSS
15.1%
CVE-2022-24446 MEDIUM This Month

An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Key Manager Plus
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-44526 CRITICAL Act Now

Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Servicedesk Plus
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-44525 CRITICAL Act Now

Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Pam360
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-44676 CRITICAL Act Now

Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Access Manager Plus
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2021-44675 CRITICAL Act Now

Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho Authentication Bypass Manageengine Servicedesk Plus Msp
NVD
CVSS 3.1
9.8
EPSS
6.5%
CVE-2021-44515 CRITICAL POC KEV THREAT Act Now

Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Zoho Authentication Bypass Manageengine Desktop Central
NVD
CVSS 3.1
9.8
EPSS
99.9%
CVE-2021-44514 CRITICAL Act Now

OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Opmanager
NVD
CVSS 3.1
9.8
EPSS
5.4%
CVE-2021-43319 CRITICAL Act Now

Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Command Injection Manageengine Network Configuration Manager
NVD
CVSS 3.1
9.8
EPSS
21.4%
CVE-2021-43296 HIGH This Week

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SSRF Manageengine Supportcenter Plus
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-43295 MEDIUM This Month

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Supportcenter Plus
NVD
CVSS 3.1
6.1
EPSS
2.7%
CVE-2021-43294 MEDIUM This Month

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Supportcenter Plus
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-42099 CRITICAL Act Now

Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine M365 Manager Plus
NVD
CVSS 3.1
9.8
EPSS
6.5%
CVE-2021-44077 CRITICAL POC KEV PATCH THREAT Act Now

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Zoho Authentication Bypass Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +1
NVD
CVSS 3.1
9.8
EPSS
93.5%
CVE-2021-42955 HIGH POC This Week

Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Zoho Authentication Bypass Manageengine Remote Access Plus
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42954 HIGH POC This Week

Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Zoho Information Disclosure Manageengine Remote Access Plus
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42956 HIGH POC This Week

Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Zoho Information Disclosure Manageengine Remote Access Plus Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-42847 CRITICAL POC THREAT Emergency

Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Adaudit Plus
NVD
CVSS 3.1
9.8
EPSS
70.3%
CVE-2021-42002 CRITICAL Act Now

Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
7.2%
CVE-2021-41833 CRITICAL PATCH Act Now

Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE Zoho File Upload Manageengine Patch Connect Plus
NVD
CVSS 3.1
9.8
EPSS
7.8%
CVE-2021-41081 CRITICAL Act Now

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Network Configuration Manager
NVD
CVSS 3.1
9.8
EPSS
63.1%
CVE-2021-41080 CRITICAL Act Now

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Network Configuration Manager
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2021-20136 CRITICAL POC THREAT Act Now

ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Zoho Authentication Bypass Manageengine Log360
NVD
CVSS 3.1
9.8
EPSS
10.5%
CVE-2021-35512 MEDIUM POC This Month

An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho SSRF Manageengine Applications Manager
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-41075 CRITICAL Act Now

The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-40493 CRITICAL Act Now

Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
CVSS 3.1
9.8
EPSS
50.2%
CVE-2021-20131 HIGH This Week

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
8.8
EPSS
16.0%
CVE-2021-20130 HIGH This Week

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
8.8
EPSS
31.6%
CVE-2021-38298 CRITICAL Act Now

Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XXE Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-37931 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-37930 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-37929 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-37928 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-37926 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
73.6%
CVE-2021-37924 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37923 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37922 MEDIUM This Month

Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Zoho Manageengine Admanager Plus
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-37921 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37920 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37919 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37918 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
73.6%
EPSS 80% CVSS 7.5
HIGH This Week

Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zoho Manageengine Adselfservice Plus
NVD
EPSS 34% CVSS 7.5
HIGH This Week

Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zoho Manageengine Assetexplorer +3
NVD
EPSS 6% CVSS 6.5
MEDIUM This Month

ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zoho Manageengine Assetexplorer +3
NVD
EPSS 2% CVSS 5.4
MEDIUM POC This Month

The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Zoho +1
NVD WPScan
EPSS 3% CVSS 6.1
MEDIUM This Month

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD
EPSS 3% CVSS 6.1
MEDIUM This Month

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD
EPSS 3% CVSS 6.1
MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD
EPSS 84% CVSS 6.1
MEDIUM This Month

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD
EPSS 3% CVSS 6.1
MEDIUM This Month

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Servicedesk Plus Msp
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Zoho Microsoft +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Device Control Plus
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zoho Microsoft Authentication Bypass +1
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zoho Manageengine Servicedesk Plus +3
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Information Disclosure Zoho XXE +4
NVD
EPSS 83% CVSS 7.2
HIGH This Week

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Command Injection Manageengine Servicedesk Plus +2
NVD
EPSS 8% CVSS 7.2
HIGH This Week

Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Command Injection Manageengine Admanager Plus
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Supportcenter Plus
NVD
EPSS 67% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SQLi Manageengine Access Manager Plus +2
NVD
EPSS 75% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SQLi Manageengine Access Manager Plus +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Zoho Privilege Escalation Manageengine Mobile Device Manager Plus
NVD
EPSS 5% CVSS 8.8
HIGH This Week

Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zoho Privilege Escalation +2
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

Auth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Privilege Escalation WordPress +1
NVD
EPSS 99% CVSS 9.8
CRITICAL PATCH Act Now

Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Zoho SQLi Manageengine Access Manager Plus +2
NVD
EPSS 78% CVSS 8.8
HIGH This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Netflow Analyzer +5
NVD
EPSS 78% CVSS 8.8
HIGH This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Firewall Analyzer +6
NVD
EPSS 8% CVSS 7.5
HIGH POC This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Firewall Analyzer +6
NVD
EPSS 6% CVSS 9.8
CRITICAL Act Now

In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zoho Manageengine Supportcenter Plus
NVD
EPSS 4% CVSS 8.2
HIGH PATCH This Week

ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Zoho Manageengine Opmanager +3
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Zoho Information Disclosure Manageengine Servicedesk Plus +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Zoho Manageengine Adselfservice Plus
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Path Traversal Manageengine Servicedesk Plus Msp
NVD
EPSS 5% CVSS 7.2
HIGH POC This Week

ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries'. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Applications Manager
NVD
EPSS 10% CVSS 5.3
MEDIUM POC This Month

Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Adselfservice Plus
NVD GitHub
EPSS 93% CVSS 9.8
CRITICAL PATCH Act Now

Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Zoho SQLi Manageengine Opmanager
NVD
EPSS 83% CVSS 9.8
CRITICAL POC THREAT Act Now

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Path Traversal Manageengine Access Manager Plus +2
NVD
EPSS 8% CVSS 8.8
HIGH POC This Week

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Microsoft Information Disclosure +4
NVD Exploit-DB
EPSS 71% CVSS 6.8
MEDIUM POC KEV PATCH THREAT This Month

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Zoho Command Injection Manageengine Adselfservice Plus
NVD GitHub
EPSS 38% CVSS 8.8
HIGH PATCH This Week

Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Zoho SQLi Manageengine Opmanager
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Remote Access Plus
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Remote Access Plus
NVD
EPSS 4% CVSS 6.1
MEDIUM POC PATCH This Month

Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Zoho XSS Manageengine Adselfservice Plus
NVD
EPSS 97% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Zoho RCE XXE +1
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Supportcenter Plus
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Zoho Manageengine Servicedesk Plus
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Zoho Manageengine Adaudit Plus
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Key Manager Plus
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Zoho +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Zoho Microsoft +2
NVD
EPSS 15% CVSS 5.3
MEDIUM POC THREAT This Month

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Key Manager Plus
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Servicedesk Plus
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Pam360
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Access Manager Plus
NVD
EPSS 6% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho Authentication Bypass +1
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Zoho Authentication Bypass +1
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Opmanager
NVD
EPSS 21% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Command Injection Manageengine Network Configuration Manager
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SSRF Manageengine Supportcenter Plus
NVD
EPSS 3% CVSS 6.1
MEDIUM This Month

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Supportcenter Plus
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Supportcenter Plus
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 94% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Zoho Authentication Bypass +3
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Zoho Authentication Bypass +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Zoho +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Zoho +2
NVD
EPSS 70% CVSS 9.8
CRITICAL POC THREAT Emergency

Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Adaudit Plus
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Admanager Plus
NVD
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE Zoho File Upload +1
NVD
EPSS 63% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Network Configuration Manager
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Network Configuration Manager
NVD
EPSS 10% CVSS 9.8
CRITICAL POC THREAT Act Now

ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Zoho Authentication Bypass +1
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho SSRF Manageengine Applications Manager
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
EPSS 50% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
EPSS 16% CVSS 8.8
HIGH This Week

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 32% CVSS 8.8
HIGH This Week

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XXE Manageengine Admanager Plus
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 74% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Zoho Manageengine Admanager Plus
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 74% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
Prev Page 2 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy