Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Zohocorp — Vulnerabilities & Security Advisories 35

Browse all 35 CVE security advisories affecting Zohocorp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Zohocorp primarily develops and distributes web application servers, most notably the Zimbra Collaboration Suite, which facilitates enterprise email and document management. Security audits have identified thirty-five Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem. Historically, these flaws predominantly involve remote code execution and cross-site scripting, allowing attackers to bypass authentication or inject malicious scripts into web interfaces. Privilege escalation vulnerabilities have also been documented, enabling unauthorized users to gain administrative control over compromised systems. While no single catastrophic incident defines the company’s entire history, the recurring nature of these critical flaws highlights persistent challenges in input validation and access control within its legacy codebase. The accumulation of these CVEs underscores the necessity for rigorous patch management and continuous security monitoring for organizations relying on Zohocorp’s infrastructure, as unaddressed vulnerabilities remain a significant risk vector for data breaches and system compromise.

Top products by Zohocorp: ManageEngine Exchange Reporter Plus Endpoint Central ManageEngine ADManager Plus ManageEngine Applications Manager Analytics Plus ManageEngine OpManager ManageEngine PAM360 ManageEngine ADSelfService Plus ManageEngine Endpoint Central ManageEngine Analytics Plus ManageEngine Log360
CVE IDTitleCVSSSeverityPublished
CVE-2026-3324 Authentication Bypass — ManageEngine Log360CWE-288 8.2 High2026-04-16
CVE-2026-5785 SQL Injection — ManageEngine PAM360CWE-89 8.1 High2026-04-16
CVE-2026-27655 Stored XSS Vulnerability — ManageEngine Exchange Reporter PlusCWE-79 7.3 High2026-04-03
CVE-2026-4108 Stored XSS Vulnerability — ManageEngine Exchange Reporter PlusCWE-79 7.3 High2026-04-03
CVE-2026-4107 Stored XSS Vulnerability — ManageEngine Exchange Reporter PlusCWE-79 7.3 High2026-04-03
CVE-2026-3880 Stored XSS Vulnerability — ManageEngine Exchange Reporter PlusCWE-79 7.3 High2026-04-03
CVE-2026-3879 Stored XSS Vulnerability — ManageEngine Exchange Reporter PlusCWE-79 7.3 High2026-04-03
CVE-2026-28703 Stored XSS Vulnerability — ManageEngine Exchange Reporter PlusCWE-79 7.3 High2026-04-03
CVE-2026-28756 Stored XSS Vulnerability — ManageEngine Exchange Reporter PlusCWE-79 7.3 High2026-04-03
CVE-2026-28754 Stored XSS Vulnerability — ManageEngine Exchange Reporter PlusCWE-79 7.3 High2026-04-03
CVE-2026-1367 SQL Injection — ManageEngine ADSelfService PlusCWE-89 8.3 High2026-02-23
CVE-2025-9226 Stored XSS — ManageEngine OpManagerCWE-79 4.6 Medium2026-01-30
CVE-2025-11669 Broken Access Control — ManageEngine PAM360CWE-862 8.1 High2026-01-13
CVE-2025-11250 Authentication Bypass — ManageEngine ADSelfService PlusCWE-290 9.1 Critical2026-01-13
CVE-2025-9435 Path Traversal — ManageEngine ADManager PlusCWE-22 5.5 Medium2026-01-13
CVE-2025-9787 Stored XSS — ManageEngine Applications ManagerCWE-79 6.1 Medium2025-12-18
CVE-2025-11670 NTLM Hash Exposure Vulnerability — ManageEngine ADManager PlusCWE-200 6.4 Medium2025-12-15
CVE-2025-9227 Stored XSS — ManageEngine OpManagerCWE-79 6.5 Medium2025-11-11
CVE-2025-9223 Command Injection — ManageEngine Applications ManagerCWE-77 8.8 High2025-11-11
CVE-2025-8324 SQL Injection — ManageEngine Analytics PlusCWE-89 9.8 Critical2025-11-11
CVE-2025-7633 Stored XSS — ManageEngine Exchange Reporter PlusCWE-79 7.3 High2025-11-11
CVE-2025-7632 Stored XSS — ManageEngine Exchange Reporter PlusCWE-79 7.3 High2025-11-11
CVE-2025-7430 Stored XSS — ManageEngine Exchange Reporter PlusCWE-79 7.3 High2025-11-11
CVE-2025-7429 Stored XSS — ManageEngine Exchange Reporter PlusCWE-79 7.3 High2025-11-11
CVE-2025-5347 Stored XSS — ManageEngine Exchange Reporter PlusCWE-79 6.3 Medium2025-10-30
CVE-2025-5343 Stored XSS — ManageEngine Exchange Reporter PlusCWE-79 6.3 Medium2025-10-30
CVE-2025-5342 Denial of Service (DoS) — ManageEngine Exchange Reporter PlusCWE-400 4.3 Medium2025-10-30
CVE-2025-11248 Sensitive Information Logged — ManageEngine Endpoint CentralCWE-532 3.2 Low2025-10-27
CVE-2025-6239 Information disclosure — ManageEngine Applications ManagerCWE-200 6.5 Medium2025-10-21
CVE-2025-10020 Command Injection — ManageEngine ADManager PlusCWE-77 8.5 High2025-10-21

This page lists every published CVE security advisory associated with Zohocorp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.