Vendor Products CVEs KEV Avg EPSS Worst Severity 50 139 0 71.6% CRITICAL
CVE ID Description Severity CVSS KEV EPSS Published CVE-2026-27655 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report. MEDIUM 4.8 — 40.6% Apr 3, 2026 CVE-2026-4108 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report. MEDIUM 4.8 — 41.2% Apr 3, 2026 CVE-2026-4107 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report. MEDIUM 5.4 — 40.2% Apr 3, 2026 CVE-2026-3880 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report. MEDIUM 4.8 — 41.2% Apr 3, 2026 CVE-2026-3879 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report. MEDIUM 4.8 — 40.6% Apr 3, 2026 CVE-2026-28703 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report. MEDIUM 4.8 — 41.2% Apr 3, 2026 CVE-2026-28756 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report. MEDIUM 4.8 — 41.2% Apr 3, 2026 CVE-2026-28754 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report. MEDIUM 4.8 — 41.2% Apr 3, 2026 CVE-2025-9435 Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module MEDIUM 5.5 — 40.3% Jan 13, 2026 CVE-2025-11669 Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality. HIGH 8.1 — 49.4% Jan 13, 2026 CVE-2025-11250 Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations. CRITICAL 9.1 — 69.5% Jan 13, 2026 CVE-2025-9787 Zohocorp ManageEngine Applications Manager versions 177400 and below are vulnerable to Stored Cross-Site Scripting vulnerability in the NOC view. MEDIUM 6.1 — 55.3% Dec 18, 2025 CVE-2025-11670 Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure.
This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled. MEDIUM 4.3 — 28.8% Dec 15, 2025 CVE-2025-7633 Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report. MEDIUM 6.1 — 33.8% Nov 11, 2025 CVE-2025-7632 Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report. MEDIUM 5.4 — 33.4% Nov 11, 2025 CVE-2025-7430 Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report. MEDIUM 5.4 — 33.4% Nov 11, 2025 CVE-2025-7429 Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report. MEDIUM 5.4 — 33.4% Nov 11, 2025 CVE-2025-5347 Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module. MEDIUM 5.4 — 33.2% Oct 30, 2025 CVE-2025-5343 Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option. MEDIUM 5.4 — 33.2% Oct 30, 2025 CVE-2025-5342 Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module. MEDIUM 6.5 — 59.6% Oct 30, 2025
Show all 100+ CVEs