Zohocorp Manageengine_adaudit_plus
53 CVEs affecting Zohocorp Manageengine_adaudit_plus. Latest disclosed: 2026-06-23. Critical: 9, High: 38.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-48793 | Critical | 9.8 | 2024-02-02 | Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. |
CVE-2023-48792 | Critical | 9.8 | 2024-02-02 | Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option. |
CVE-2022-47966 | Critical | 9.8 | 2023-01-18 | Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka… |
CVE-2022-28219 | Critical | 9.8 | 2022-04-05 | Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. |
CVE-2021-42847 | Critical | 9.8 | 2021-11-11 | Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. |
CVE-2020-24786 | Critical | 9.8 | 2020-08-31 | An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build n… |
CVE-2020-11532 | Critical | 9.8 | 2020-05-08 | Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to byp… |
CVE-2018-10466 | Critical | 9.8 | 2018-05-29 | Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection. |
CVE-2026-11374 | Critical | 9.0 | 2026-06-23 | In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be… |
CVE-2022-29457 | High | 8.8 | 2022-04-18 | Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certa… |
CVE-2022-24978 | High | 8.8 | 2022-04-05 | Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in… |
CVE-2020-11531 | High | 8.8 | 2020-05-08 | The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCH… |
CVE-2025-41444 | High | 8.3 | 2025-06-09 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module. |
CVE-2025-36528 | High | 8.3 | 2025-06-09 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports. |
CVE-2025-27709 | High | 8.3 | 2025-06-09 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports. |
CVE-2025-41407 | High | 8.3 | 2025-05-23 | Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report. |
CVE-2025-36527 | High | 8.3 | 2025-05-23 | Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports. |
CVE-2025-41403 | High | 8.3 | 2025-05-22 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data. |
CVE-2025-3836 | High | 8.3 | 2025-05-22 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report. |
CVE-2024-49574 | High | 8.3 | 2024-11-18 | Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module. |