Skip to main content

Zoho

455 CVEs product

Monthly

CVE-2019-19306 MEDIUM POC This Month

The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho WordPress Lead Magnet
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-17421 HIGH POC PATCH This Week

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Zoho Manageengine Firewall Analyzer Manageengine Opmanager
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-18411 HIGH This Week

Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho CSRF Manageengine Adselfservice Plus
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2019-17602 CRITICAL Act Now

An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
CVSS 3.1
9.8
EPSS
81.5%
CVE-2019-17112 MEDIUM This Month

An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zoho Information Disclosure Manageengine Datasecurity Plus
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2019-15645 HIGH This Week

The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho WordPress CSRF Salesiq
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15644 MEDIUM This Month

The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho WordPress Salesiq
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15045 MEDIUM POC This Month

AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Servicedesk Plus
NVD
CVSS 3.0
5.3
EPSS
4.9%
CVE-2019-15106 CRITICAL POC THREAT Act Now

An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zoho Manageengine Opmanager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
25.5%
CVE-2019-15105 HIGH POC This Week

An issue was discovered in Zoho ManageEngine Application Manager through 14.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
7.8%
CVE-2019-15104 HIGH POC This Week

An issue was discovered in Zoho ManageEngine OpManager through 12.4x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
7.8%
CVE-2019-15046 HIGH POC This Week

Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zoho Manageengine Servicedesk Plus
NVD
CVSS 3.1
7.5
EPSS
5.3%
CVE-2019-14693 HIGH This Week

Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Assetexplorer
NVD
CVSS 3.0
8.1
EPSS
4.2%
CVE-2019-12994 CRITICAL Act Now

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Assetexplorer
NVD
CVSS 3.0
9.1
EPSS
4.4%
CVE-2019-12959 HIGH This Week

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Assetexplorer
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2019-12876 HIGH POC This Week

Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zoho Manageengine Admanager Plus Manageengine Adselfservice Plus Manageengine Desktop Central
NVD
CVSS 3.0
7.3
EPSS
4.6%
CVE-2019-12597 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-12596 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-12595 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-12540 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub
CVSS 3.0
6.1
EPSS
2.3%
CVE-2019-12539 MEDIUM POC This Month

An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub
CVSS 3.1
6.1
EPSS
2.5%
CVE-2019-12537 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-5963 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho CSRF Salesiq
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-5962 MEDIUM This Month

Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Salesiq
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2019-12133 HIGH This Week

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zoho Manageengine Analytics Plus Manageengine Browser Security Plus Manageengine Desktop Central +15
NVD GitHub
CVSS 3.0
7.8
EPSS
1.8%
CVE-2019-12476 MEDIUM POC This Month

An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zoho Manageengine Adselfservice Plus
NVD GitHub
CVSS 3.0
6.8
EPSS
1.5%
CVE-2019-12196 CRITICAL Act Now

A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
9.8
EPSS
69.1%
CVE-2019-12543 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
6.1%
CVE-2019-12542 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
6.0%
CVE-2019-12541 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
6.0%
CVE-2019-12538 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
6.0%
CVE-2019-8346 MEDIUM This Month

In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.0
6.1
EPSS
3.5%
CVE-2019-12252 MEDIUM POC This Month

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
8.4%
CVE-2019-12189 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
5.9%
CVE-2019-8929 MEDIUM POC THREAT This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
11.2%
CVE-2019-8928 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
6.3%
CVE-2019-8927 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
6.3%
CVE-2019-8926 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
6.3%
CVE-2019-8925 MEDIUM POC THREAT This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
11.8%
CVE-2019-7427 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.8%
CVE-2019-7426 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.8%
CVE-2019-11678 CRITICAL Act Now

The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Firewall Analyzer
NVD
CVSS 3.0
9.8
EPSS
9.5%
CVE-2019-11677 CRITICAL Act Now

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Firewall Analyzer
NVD
CVSS 3.0
9.8
EPSS
9.4%
CVE-2019-11676 MEDIUM This Month

The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Firewall Analyzer
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2019-11511 MEDIUM This Month

Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.0
6.1
EPSS
2.1%
CVE-2019-10008 HIGH POC THREAT This Week

Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Session Fixation Zoho Servicedesk Plus
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
19.7%
CVE-2019-11469 CRITICAL POC THREAT Act Now

Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
18.4%
CVE-2019-11448 CRITICAL POC THREAT Act Now

An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
12.4%
CVE-2019-10273 MEDIUM POC This Month

Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zoho Manageengine Servicedesk Plus
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
7.8%
CVE-2019-7425 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.1
6.1
EPSS
2.7%
CVE-2019-7424 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters:. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.7%
CVE-2019-7423 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.7%
CVE-2019-7422 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.7%
CVE-2019-7161 HIGH PATCH This Week

An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.0
7.5
EPSS
5.6%
CVE-2019-8395 CRITICAL Act Now

An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Zoho Manageengine Servicedesk Plus
NVD
CVSS 3.0
9.8
EPSS
7.1%
CVE-2019-8394 MEDIUM POC KEV THREAT This Month

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoho Manageengine Servicedesk Plus
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
64.1%
CVE-2019-3905 CRITICAL Act Now

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.0
10.0
EPSS
3.3%
CVE-2018-20485 MEDIUM POC This Month

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Adselfservice Plus
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
5.3%
CVE-2018-20484 MEDIUM POC This Month

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Adselfservice Plus
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
5.3%
CVE-2018-20339 MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
CVSS 3.0
6.1
EPSS
2.4%
CVE-2018-20338 CRITICAL Act Now

Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
CVSS 3.0
9.8
EPSS
11.5%
CVE-2018-20173 CRITICAL Act Now

Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
CVSS 3.0
9.8
EPSS
24.5%
CVE-2018-19118 HIGH This Week

Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Memory Corruption Denial Of Service Buffer Overflow Manageengine Adaudit Plus
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2018-19921 MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-18716 MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
CVSS 3.0
6.1
EPSS
2.8%
CVE-2018-18715 MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
CVSS 3.0
6.1
EPSS
2.8%
CVE-2018-19288 MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
CVSS 3.0
6.1
EPSS
2.4%
CVE-2018-18980 HIGH POC THREAT This Week

An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XXE Manageengine Network Configuration Manager Manageengine Opmanager
NVD GitHub
CVSS 3.0
7.5
EPSS
25.0%
CVE-2018-18949 CRITICAL Act Now

Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
CVSS 3.0
9.8
EPSS
24.5%
CVE-2018-18475 CRITICAL Act Now

Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho File Upload Manageengine Opmanager
NVD
CVSS 3.0
9.8
EPSS
22.1%
CVE-2018-18262 MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-17596 MEDIUM This Month

In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Assetexplorer
NVD
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-16364 HIGH POC THREAT This Week

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zoho Microsoft Deserialization RCE Manageengine Applications Manager
NVD
CVSS 3.1
8.1
EPSS
15.1%
CVE-2018-16965 MEDIUM This Month

In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Supportcenter Plus
NVD
CVSS 3.0
6.1
EPSS
2.5%
CVE-2018-16833 MEDIUM This Month

Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Desktop Central
NVD
CVSS 3.0
6.1
EPSS
65.4%
CVE-2018-17283 HIGH POC THREAT This Week

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD GitHub
CVSS 3.0
7.5
EPSS
66.3%
CVE-2018-17243 CRITICAL Act Now

Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
CVSS 3.0
9.8
EPSS
74.4%
CVE-2018-13412 HIGH This Week

An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Zoho Privilege Escalation Manageengine Desktop Central
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-13411 HIGH POC This Week

An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Privilege Escalation Manageengine Desktop Central
NVD GitHub
CVSS 3.0
8.8
EPSS
3.5%
CVE-2018-15740 MEDIUM POC This Month

Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Admanager Plus
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
6.1%
CVE-2018-15608 MEDIUM POC This Month

Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Admanager Plus
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.5%
CVE-2018-15169 MEDIUM POC This Month

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Applications Manager
NVD GitHub
CVSS 3.0
6.1
EPSS
1.7%
CVE-2018-15168 CRITICAL POC Act Now

A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD GitHub
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-11717 CRITICAL POC Act Now

An issue was discovered in Zoho ManageEngine Desktop Central before 100251. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Zoho Information Disclosure Manageengine Desktop Central
NVD
CVSS 3.0
9.8
EPSS
8.6%
CVE-2018-11716 CRITICAL POC THREAT Act Now

An issue was discovered in Zoho ManageEngine Desktop Central before 100230. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD
CVSS 3.0
9.8
EPSS
14.3%
CVE-2018-10076 MEDIUM This Month

An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Eventlog Analyzer
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-10075 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Eventlog Analyzer
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-13050 CRITICAL POC THREAT Act Now

A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD GitHub
CVSS 3.0
9.8
EPSS
38.2%
CVE-2018-12999 HIGH POC This Week

Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD GitHub
CVSS 3.0
7.5
EPSS
8.6%
CVE-2018-12998 MEDIUM POC THREAT This Month

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager +2
NVD GitHub
CVSS 3.1
6.1
EPSS
98.5%
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho WordPress +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Zoho Manageengine Firewall Analyzer +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho CSRF Manageengine Adselfservice Plus
NVD GitHub
EPSS 82% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zoho Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho WordPress CSRF +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho WordPress +1
NVD
EPSS 5% CVSS 5.3
MEDIUM POC This Month

AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Servicedesk Plus
NVD
EPSS 25% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zoho Manageengine Opmanager
NVD Exploit-DB
EPSS 8% CVSS 8.8
HIGH POC This Week

An issue was discovered in Zoho ManageEngine Application Manager through 14.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD Exploit-DB
EPSS 8% CVSS 8.8
HIGH POC This Week

An issue was discovered in Zoho ManageEngine OpManager through 12.4x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD Exploit-DB
EPSS 5% CVSS 7.5
HIGH POC This Week

Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zoho Manageengine Servicedesk Plus
NVD
EPSS 4% CVSS 8.1
HIGH This Week

Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Assetexplorer
NVD
EPSS 4% CVSS 9.1
CRITICAL Act Now

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Assetexplorer
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Assetexplorer
NVD
EPSS 5% CVSS 7.3
HIGH POC This Week

Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zoho Manageengine Admanager Plus +2
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub
EPSS 3% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho CSRF Salesiq
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Salesiq
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zoho Manageengine Analytics Plus +17
NVD GitHub
EPSS 2% CVSS 6.8
MEDIUM POC This Month

An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zoho Manageengine Adselfservice Plus
NVD GitHub
EPSS 69% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Netflow Analyzer
NVD
EPSS 6% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
EPSS 6% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
EPSS 6% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
EPSS 6% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
EPSS 3% CVSS 6.1
MEDIUM This Month

In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Adselfservice Plus
NVD
EPSS 8% CVSS 6.5
MEDIUM POC This Month

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
EPSS 6% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
EPSS 11% CVSS 6.1
MEDIUM POC THREAT This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
EPSS 6% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
EPSS 6% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
EPSS 6% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
EPSS 12% CVSS 4.3
MEDIUM POC THREAT This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
EPSS 3% CVSS 6.1
MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
EPSS 3% CVSS 6.1
MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Firewall Analyzer
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Firewall Analyzer
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Firewall Analyzer
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Adselfservice Plus
NVD
EPSS 20% CVSS 8.8
HIGH POC THREAT This Week

Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Session Fixation Zoho +1
NVD Exploit-DB
EPSS 18% CVSS 9.8
CRITICAL POC THREAT Act Now

Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD Exploit-DB
EPSS 12% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD Exploit-DB
EPSS 8% CVSS 4.3
MEDIUM POC This Month

Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zoho Manageengine Servicedesk Plus
NVD Exploit-DB
EPSS 3% CVSS 6.1
MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
EPSS 3% CVSS 6.1
MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters:. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
EPSS 3% CVSS 6.1
MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
EPSS 3% CVSS 6.1
MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Zoho Manageengine Adselfservice Plus
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Zoho Manageengine Servicedesk Plus
NVD
EPSS 64% CVSS 6.5
MEDIUM POC KEV THREAT This Month

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoho Manageengine Servicedesk Plus
NVD Exploit-DB
EPSS 3% CVSS 10.0
CRITICAL Act Now

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Adselfservice Plus
NVD
EPSS 5% CVSS 6.1
MEDIUM POC This Month

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Adselfservice Plus
NVD Exploit-DB
EPSS 5% CVSS 6.1
MEDIUM POC This Month

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Adselfservice Plus
NVD Exploit-DB
EPSS 2% CVSS 6.1
MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
EPSS 12% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
EPSS 24% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
EPSS 7% CVSS 7.5
HIGH This Week

Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Memory Corruption Denial Of Service +2
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
EPSS 3% CVSS 6.1
MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
EPSS 3% CVSS 6.1
MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
EPSS 25% CVSS 7.5
HIGH POC THREAT This Week

An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XXE Manageengine Network Configuration Manager +1
NVD GitHub
EPSS 24% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
EPSS 22% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho File Upload Manageengine Opmanager
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Assetexplorer
NVD
EPSS 15% CVSS 8.1
HIGH POC THREAT This Week

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zoho Microsoft Deserialization +2
NVD
EPSS 3% CVSS 6.1
MEDIUM This Month

In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Supportcenter Plus
NVD
EPSS 65% CVSS 6.1
MEDIUM This Month

Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Desktop Central
NVD
EPSS 66% CVSS 7.5
HIGH POC THREAT This Week

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD GitHub
EPSS 74% CVSS 9.8
CRITICAL Act Now

Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Zoho Privilege Escalation Manageengine Desktop Central
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Privilege Escalation Manageengine Desktop Central
NVD GitHub
EPSS 6% CVSS 6.1
MEDIUM POC This Month

Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Admanager Plus
NVD Exploit-DB
EPSS 2% CVSS 6.1
MEDIUM POC This Month

Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Admanager Plus
NVD Exploit-DB
EPSS 2% CVSS 6.1
MEDIUM POC This Month

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Applications Manager
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD GitHub
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in Zoho ManageEngine Desktop Central before 100251. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Zoho Information Disclosure +1
NVD
EPSS 14% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered in Zoho ManageEngine Desktop Central before 100230. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Eventlog Analyzer
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Eventlog Analyzer
NVD
EPSS 38% CVSS 9.8
CRITICAL POC THREAT Act Now

A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD GitHub
EPSS 9% CVSS 7.5
HIGH POC This Week

Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD GitHub
EPSS 98% CVSS 6.1
MEDIUM POC THREAT This Month

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Firewall Analyzer +4
NVD GitHub
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy