Zohocorp Security Vulnerabilities (CVEs)
Track 123 security vulnerabilities affecting Zohocorp products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2024-27312 is an authorization vulnerability in ManageEngine PAM360 version 6601 that allows low-privileged users to perform administrative action...
May 20, 2024This vulnerability allows authenticated attackers to execute arbitrary SQL commands in ManageEngine ADAudit Plus. Attackers with valid credentials can...
Feb 2, 2024This vulnerability allows attackers to execute arbitrary SQL commands through the report export feature in Zoho ManageEngine ADAudit Plus. Organizatio...
Feb 2, 2024This vulnerability allows authenticated attackers to execute arbitrary code on ManageEngine ADSelfService Plus servers due to improper input handling ...
Jan 11, 2024A directory traversal vulnerability in ManageEngine OpManager's uploadMib functionality allows attackers to create arbitrary files on the system by se...
Jan 8, 2024This vulnerability allows attackers to bypass audit detection in Zoho ManageEngine ADAudit Plus by creating or renaming user accounts with a '$' suffi...
Aug 7, 2023CVE-2023-35854 is an authentication bypass vulnerability in Zoho ManageEngine ADSelfService Plus that allows attackers to steal domain controller sess...
Jun 20, 2023This vulnerability involves hardcoded static credentials in PostgreSQL data used by ManageEngine Access Manager Plus, Password Manager Pro, and PAM360...
Apr 26, 2023This vulnerability allows authenticated users in Zoho ManageEngine ADManager Plus to execute arbitrary commands through proxy settings. Attackers with...
Apr 13, 2023This vulnerability in Zoho ManageEngine ADSelfService Plus allows unauthenticated attackers to cause denial-of-service via the Mobile App Authenticati...
Apr 5, 2023This vulnerability in Zoho ManageEngine ADSelfService Plus allows attackers to perform brute-force attacks against password reset functionality for ID...
Mar 23, 2023CVE-2023-23076 is a critical OS command injection vulnerability in ManageEngine Support Center Plus that allows attackers to execute arbitrary command...
Feb 1, 2023This vulnerability allows unauthenticated attackers to execute arbitrary code on Zoho ManageEngine Password Manager Pro and PAM360 systems through Jav...
Jul 19, 2022This vulnerability allows unauthenticated attackers to read local files on Zoho ManageEngine servers via specially crafted ticket-creation emails. It ...
Jul 12, 2022This vulnerability allows attackers to execute arbitrary SQL commands through default reports in Zoho ManageEngine OPManager. It affects all OPManager...
May 5, 2022This vulnerability allows attackers to bypass access controls on specific REST API endpoints in Zoho ManageEngine products by using '../RestAPI' in UR...
Apr 28, 2022This vulnerability allows authenticated attackers to execute arbitrary SQL commands in Zoho ManageEngine OpManager's Inventory Reports module. Attacke...
Apr 18, 2022This vulnerability in Zoho ManageEngine ADAudit Plus allows authenticated users to escalate privileges on integrated products by extracting passwords ...
Apr 5, 2022CVE-2022-28219 is an unauthenticated XML External Entity (XXE) vulnerability in Cewolf within Zoho ManageEngine ADAudit Plus that allows remote attack...
Apr 5, 2022Zoho ManageEngine SharePoint Manager Plus before version 4329 contains a sensitive data leak vulnerability that allows attackers to access privileged ...
Mar 2, 2022This vulnerability allows authenticated users with access to the Reports module in Zoho ManageEngine Desktop Central to execute arbitrary code remotel...
Jan 10, 2022CVE-2021-44526 is an authentication bypass vulnerability in Zoho ManageEngine ServiceDesk Plus that allows attackers to gain unauthorized administrati...
Dec 23, 2021CVE-2021-44676 is an authentication bypass vulnerability in Zoho ManageEngine Access Manager Plus that allows unauthenticated attackers to view sensit...
Dec 20, 2021This vulnerability allows attackers to perform Server-Side Request Forgery (SSRF) attacks through the ActionExecutor component in Zoho ManageEngine Su...
Nov 30, 2021This vulnerability allows remote attackers to execute arbitrary commands on Zoho ManageEngine Network Configuration Manager servers due to improper in...
Nov 30, 2021This vulnerability allows unauthenticated attackers to upload malicious files to Zoho ManageEngine M365 Manager Plus servers, leading to remote code e...
Nov 30, 2021CVE-2021-44077 is an unauthenticated remote code execution vulnerability in Zoho ManageEngine products. Attackers can exploit this via specific REST A...
Nov 29, 2021This vulnerability allows non-admin users on Windows systems to modify files in Zoho Remote Access Plus installation directory due to overly permissiv...
Nov 17, 2021CVE-2021-41081 is a critical SQL injection vulnerability in Zoho ManageEngine Network Configuration Manager that allows attackers to execute arbitrary...
Nov 11, 2021This vulnerability allows attackers to bypass security filters and upload malicious files to Zoho ManageEngine ADManager Plus servers, leading to remo...
Nov 11, 2021CVE-2021-20136 is an unauthenticated remote code execution vulnerability in ManageEngine Log360. Attackers can overwrite the database configuration to...
Nov 1, 2021This vulnerability allows attackers to perform blind XML External Entity (XXE) attacks against Zoho ManageEngine ADManager Plus. Attackers can exploit...
Oct 7, 2021CVE-2021-37762 is a critical vulnerability in Zoho ManageEngine ADManager Plus that allows attackers to overwrite arbitrary files on the server, leadi...
Oct 7, 2021This vulnerability allows attackers to upload arbitrary files to Zoho ManageEngine ADManager Plus servers, which can lead to remote code execution. It...
Oct 7, 2021CVE-2021-37921 is a critical vulnerability in Zoho ManageEngine ADManager Plus that allows attackers to upload arbitrary files without restrictions, l...
Oct 7, 2021CVE-2021-37923 is a critical vulnerability in Zoho ManageEngine ADManager Plus that allows attackers to upload arbitrary files without restrictions, l...
Oct 7, 2021CVE-2021-37926 is a critical unrestricted file upload vulnerability in Zoho ManageEngine ADManager Plus that allows attackers to upload malicious file...
Oct 7, 2021This vulnerability in Zoho ManageEngine ADManager Plus allows attackers to upload arbitrary files without restrictions, leading to remote code executi...
Oct 7, 2021This vulnerability allows attackers to upload arbitrary files to Zoho ManageEngine ADManager Plus servers, which can lead to remote code execution. It...
Oct 7, 2021CVE-2021-41288 is a critical SQL injection vulnerability in Zoho ManageEngine OpManager's getReportData API. Attackers can execute arbitrary SQL comma...
Sep 30, 2021Zoho ManageEngine Remote Access Plus versions before 10.1.2121.1 contain hardcoded credentials in resetPWD.xml, allowing attackers to bypass authentic...
Sep 30, 2021This vulnerability allows attackers to upload malicious files to Zoho ManageEngine ADManager Plus servers without proper validation, leading to remote...
Sep 27, 2021This vulnerability allows attackers to upload arbitrary files without restrictions in Zoho ManageEngine ADManager Plus, leading to remote code executi...
Sep 27, 2021This vulnerability allows authenticated attackers to execute arbitrary operating system commands on Zoho ManageEngine ADManager Plus servers. Attacker...
Sep 22, 2021This vulnerability in ManageEngine ADSelfService Plus allows attackers to take over domain user accounts without authentication. It affects organizati...
Sep 21, 2021This vulnerability allows attackers to take over linked applications in Zoho ManageEngine ADSelfService Plus. Attackers can potentially gain unauthori...
Sep 10, 2021This vulnerability allows attackers to bypass authentication in Zoho ManageEngine ADSelfService Plus REST API, leading to remote code execution. It af...
Sep 7, 2021CVE-2021-37415 is an authentication bypass vulnerability in Zoho ManageEngine ServiceDesk Plus where certain REST-API URLs don't require authenticatio...
Sep 1, 2021This vulnerability allows attackers to bypass CAPTCHA protection in Zoho ManageEngine ADSelfService Plus, potentially enabling brute-force attacks or ...
Aug 30, 2021CVE-2021-33055 is a critical remote code execution vulnerability in Zoho ManageEngine ADSelfService Plus that allows unauthenticated attackers to exec...
Aug 30, 2021Why Monitor Zohocorp Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 123+ known vulnerabilities affecting Zohocorp products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Zohocorp packages in under 60 seconds. No agents required - completely agentless scanning that works across Zohocorp deployments.
Free vulnerability database: Access detailed information about every Zohocorp CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Zohocorp CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
