Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.
Zohocorp ManageEngine OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer and OpUtils versions 128565 and below are vulnerable to Reflected XSS on the login page.
Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor.
Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor.
Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account
Zohocorp ManageEngine Applications Manager versions 177400 and below are vulnerable to Stored Cross-Site Scripting vulnerability in the NOC view.
An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions:
Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines.
Cross-Site Request Forgery (CSRF) vulnerability in Zoho Mail Zoho ZeptoMail transmail allows Stored XSS.This issue affects Zoho ZeptoMail: from n/a through <= 3.3.1.
A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a mali
Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token.
URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed w
A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /us
ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.
CVE-2025-54299
CRITICAL CVSS 9.4
Find Similar
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.
A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Zimbra Collaboration Suite (ZCS) 8.8.15, affecting one of the webmail calendar endpoints. This arises from improper handling
A reflected cross-site scripting (XSS) vulnerability in the component dl_liuyan_save.php of ZZCMS v2023 allows attackers to execute arbitrary code in the context of a user's browser via injecting a cr
A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allo
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.