Export limit exceeded: 19328 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (563 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-3273 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-04-11 | N/A |
| ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult. | ||||
| CVE-2010-3274 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action. | ||||
| CVE-2010-3272 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-04-11 | N/A |
| accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action. | ||||
| CVE-2011-5105 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274. | ||||
| CVE-2022-47523 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2025-04-09 | 9.8 Critical |
| Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection. | ||||
| CVE-2023-22624 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2025-04-04 | 7.5 High |
| Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. | ||||
| CVE-2023-22964 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2025-04-03 | 9.1 Critical |
| Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled. | ||||
| CVE-2023-23078 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-03-27 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. | ||||
| CVE-2023-23077 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-03-27 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. | ||||
| CVE-2023-23076 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2025-03-27 | 9.8 Critical |
| OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. | ||||
| CVE-2023-23075 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2025-03-27 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. | ||||
| CVE-2023-23074 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-03-27 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. | ||||
| CVE-2023-23073 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-03-27 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. | ||||
| CVE-2023-0169 | 1 Zohocorp | 1 Zoho Forms | 2025-03-21 | 5.4 Medium |
| The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2022-48362 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-03-11 | 8.8 High |
| Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.) | ||||
| CVE-2023-38333 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-03-07 | 6.1 Medium |
| Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. | ||||
| CVE-2023-26600 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2025-03-06 | 6.5 Medium |
| ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. | ||||
| CVE-2023-26601 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2025-03-06 | 7.5 High |
| Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). | ||||
| CVE-2022-36413 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-02-25 | 9.1 Critical |
| Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications. | ||||
| CVE-2022-41978 | 1 Zohocorp | 1 Zoho Crm Lead Magnet | 2025-02-20 | 8.8 High |
| Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress. | ||||