Manageengine applications manager
This hub aggregates every CVE we track for Manageengine applications manager, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
57
CVEs tracked
19
Critical
20
High
0
In CISA KEV
Severity distribution
HIGH20CRITICAL19MEDIUM18
Monthly trend
0
1
0
0
0
0
1
0
0
0
0
0
1
0
0
1
1
1
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Manageengine applications manager.
- CVE-2025-9787Stored XSS6.1
- CVE-2025-9223Command Injection8.8
- CVE-2025-6239Information disclosure6.5
- CVE-2025-27930Stored XSS6.4
- CVE-2024-41140Improper Authorization8.1
- CVE-2024-5678SQL Injection4.7
- CVE-2023-38333Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.6.1
- CVE-2023-29442Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.6.1
- CVE-2023-28340Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.6.5
- CVE-2023-28341Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details ...6.1
- CVE-2022-23050ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' f...7.2
- CVE-2020-28679A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.8.8
- CVE-2020-24743An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.9.8
- CVE-2021-35512An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.6.5
- CVE-2021-31813Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.5.4
Product normalization is registry-driven with AI assist and human review. How it works