Zohocorp Security Vulnerabilities (CVEs)
Track 125 security vulnerabilities affecting Zohocorp products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows attackers to bypass authorization controls in ManageEngine's privileged access management products when initiating remote se...
Jan 13, 2026A path traversal vulnerability in Zohocorp ManageEngine ADManager Plus allows attackers to access files outside the intended directory through the Use...
Jan 13, 2026This authentication bypass vulnerability in ManageEngine ADSelfService Plus allows attackers to circumvent login protections and gain unauthorized acc...
Jan 13, 2026ManageEngine Applications Manager versions 177400 and below contain a stored cross-site scripting vulnerability in the NOC view. This allows attackers...
Dec 18, 2025ManageEngine ADManager Plus versions before 8025 expose NTLM hashes to technicians with 'Impersonate as Admin' privileges. This allows authenticated t...
Dec 15, 2025This stored cross-site scripting (XSS) vulnerability in ManageEngine Exchange Reporter Plus allows attackers to inject malicious scripts into the Fold...
Nov 11, 2025Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below contain a stored cross-site scripting (XSS) vulnerability in the Public Folders r...
Nov 11, 2025This stored cross-site scripting (XSS) vulnerability in ManageEngine Exchange Reporter Plus allows attackers to inject malicious scripts into custom r...
Nov 11, 2025ManageEngine Exchange Reporter Plus versions 5723 and below contain a stored cross-site scripting (XSS) vulnerability in the 'Mails Deleted or Moved' ...
Nov 11, 2025This CVE describes a ReDOS (Regular Expression Denial of Service) vulnerability in Zohocorp ManageEngine Exchange Reporter Plus. Attackers can cause d...
Oct 30, 2025This stored cross-site scripting vulnerability in ManageEngine Exchange Reporter Plus allows attackers to inject malicious scripts into the Instant Se...
Oct 30, 2025This stored cross-site scripting vulnerability in Zohocorp ManageEngine Exchange Reporter Plus allows attackers to inject malicious scripts into repor...
Oct 30, 2025ManageEngine Applications Manager versions 176800 and below contain an information disclosure vulnerability in the File/Directory monitor component. T...
Oct 21, 2025This vulnerability allows authenticated attackers to execute arbitrary SQL commands through the key update API in ManageEngine Analytics Plus. Attacke...
Oct 21, 2025CVE-2025-7473 is an XML injection vulnerability in Zohocorp ManageEngine EndPoint Central that allows attackers to manipulate XML data processing. Thi...
Oct 21, 2025ManageEngine Applications Manager versions 176600 and prior contain a stored cross-site scripting (XSS) vulnerability in the File/Directory monitor fe...
Jul 23, 2025This vulnerability allows attackers to inject malicious scripts into the 'Attachments by filename keyword' report feature in ManageEngine Exchange Rep...
Jun 26, 2025CVE-2025-41444 is an authenticated SQL injection vulnerability in Zohocorp ManageEngine ADAudit Plus that allows authenticated attackers to execute ar...
Jun 9, 2025This vulnerability allows remote attackers to execute arbitrary code on ManageEngine Exchange Reporter Plus servers through the Content Search module....
Jun 9, 2025CVE-2025-27709 is an authenticated SQL injection vulnerability in Zohocorp ManageEngine ADAudit Plus that allows authenticated attackers to execute ar...
Jun 9, 2025This SQL injection vulnerability in ManageEngine ADAudit Plus allows attackers to execute arbitrary SQL commands through the OU History report feature...
May 23, 2025This SQL injection vulnerability in ManageEngine ADAudit Plus allows attackers to execute arbitrary SQL commands when exporting reports. Organizations...
May 23, 2025This vulnerability allows authenticated attackers to execute arbitrary SQL commands through the logon events aggregate report in ManageEngine ADAudit ...
May 22, 2025This vulnerability allows authenticated attackers to execute arbitrary SQL commands through the OU History report feature in ManageEngine ADAudit Plus...
May 14, 2025ManageEngine ADSelfService Plus versions 6510 and below have a session handling vulnerability that allows account takeover. Only valid account holders...
Mar 3, 2025This vulnerability allows attackers with existing user accounts to escalate privileges by exploiting incorrect authorization checks in the update user...
Jan 29, 2025This vulnerability allows authenticated users in Zohocorp ManageEngine Analytics Plus to retrieve sensitive tokens associated with the org-admin accou...
Nov 27, 2024This SQL injection vulnerability in ManageEngine ADAudit Plus allows attackers to execute arbitrary SQL commands through the reports module. Organizat...
Nov 18, 2024This vulnerability allows authenticated attackers to perform XML External Entity (XXE) attacks through the Management option in ManageEngine SharePoin...
Nov 8, 2024This vulnerability allows authenticated users with limited permissions in ManageEngine ADManager Plus to escalate privileges through the Modify Comput...
Nov 8, 2024This SQL injection vulnerability in ManageEngine ADAudit Plus allows attackers to execute arbitrary SQL commands through the Technician reports option...
Nov 4, 2024This SQL injection vulnerability in ManageEngine ADAudit Plus allows attackers to execute arbitrary SQL commands through the technician reports featur...
Oct 24, 2024This vulnerability allows unauthorized users to isolate devices in ManageEngine Endpoint Central due to incorrect authorization checks. Attackers coul...
Aug 30, 2024This SQL injection vulnerability in Zohocorp ManageEngine Exchange Reporter Plus allows attackers to execute arbitrary SQL commands through the report...
Aug 30, 2024This vulnerability allows authenticated attackers to execute arbitrary SQL commands via the global search feature in ManageEngine Password Manager Pro...
Aug 28, 2024This vulnerability allows attackers to bypass authorization controls in ManageEngine Endpoint Central's remote office deployment configurations. Attac...
Aug 23, 2024This vulnerability allows authenticated attackers to execute arbitrary code remotely on ManageEngine OpManager and Remote Monitoring and Management sy...
Aug 23, 2024This vulnerability allows authenticated attackers to execute arbitrary SQL commands through the aggregate reports feature in ManageEngine ADAudit Plus...
Aug 23, 2024This vulnerability allows authenticated attackers to execute arbitrary SQL commands through the extranet lockouts report feature in ManageEngine ADAud...
Aug 23, 2024This vulnerability allows authenticated attackers to execute arbitrary SQL commands in ManageEngine ADAudit Plus dashboard. Attackers with valid crede...
Aug 23, 2024This vulnerability allows authenticated attackers to execute arbitrary SQL commands through the file summary option in ManageEngine ADAudit Plus. Atta...
Aug 23, 2024This vulnerability allows authenticated attackers to execute arbitrary SQL commands through the attack surface analyzer's export option in ManageEngin...
Aug 12, 2024This vulnerability allows authenticated attackers to execute arbitrary SQL commands through the attack surface analyzer's dashboard in ManageEngine AD...
Aug 12, 2024This vulnerability allows authenticated attackers to execute arbitrary SQL commands through the aggregate reports' search option in ManageEngine ADAud...
Aug 12, 2024This vulnerability allows authenticated administrators in Zohocorp ManageEngine Applications Manager to execute arbitrary SQL commands through the Cre...
Aug 1, 2024This vulnerability allows authenticated attackers to execute arbitrary SQL commands in ManageEngine Exchange Reporter Plus. Attackers with valid crede...
Jul 26, 2024ManageEngine DDI Central versions 4001 and prior contain hard-coded sensitive keys that allow attackers to take over agent communications. This affect...
Jul 17, 2024This vulnerability in Zoho ManageEngine ADAudit Plus allows unauthorized local users on agent machines to view session recordings. It affects organiza...
May 27, 2024This SQL injection vulnerability in Zoho ManageEngine ADAudit Plus allows attackers to execute arbitrary SQL commands when adding file shares. Affecte...
May 20, 2024This SQL injection vulnerability in Zoho ManageEngine ADAudit Plus allows attackers to execute arbitrary SQL commands when exporting full summary repo...
May 20, 2024Why Monitor Zohocorp Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 125+ known vulnerabilities affecting Zohocorp products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Zohocorp packages in under 60 seconds. No agents required - completely agentless scanning that works across Zohocorp deployments.
Free vulnerability database: Access detailed information about every Zohocorp CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Zohocorp CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
