Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.
Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module.
Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report.
Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option.
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report.
Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details.
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report.
Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104, from 128151 before 128238, from 128247 before 128250 are vulnerable to Stored XS
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.
ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain th
Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration.
Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token.
Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account
Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report.
Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.
Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.
Zohocorp ManageEngine OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer and OpUtils versions 128565 and below are vulnerable to Reflected XSS on the login page.
A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software.