CVE-2024-36037
published 2024-05-27CVE-2024-36037: Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.
PriorityP424medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.46%
36.4th percentile
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| manageengine | adaudit_plus | < 7270 | 7270 |
| zohocorp | manageengine_adaudit_plus | < 7.2 | 7.2 |
| zohocorp | manageengine_adaudit_plus | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-1367 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-1367 [MEDIUM] CVE-2026-1367 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1367 :
Zoho ManageEngine ADSelfService Plus vulnerability analysis and mitigation
Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option.
Source : NVD
## 8.3
Score
Published February 23, 2026
Severity HIGH
CNA Score 8.3
Affected Technologies
Zoho ManageEngine ADSelfService Plus
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 54.7
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus
Sources
NVD
Windows Severity HIGH Has Fix Added at: Feb 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your clou
Wiz
CVE-2025-11250 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-11250 [MEDIUM] CVE-2025-11250 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-11250 :
Zoho ManageEngine ADSelfService Plus vulnerability analysis and mitigation
Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations.
Source : NVD
## 9.1
Score
Published January 13, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
Zoho ManageEngine ADSelfService Plus
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 30.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 14, 2026
Windows Severity CRITICAL Has Fix Added at: Jan 30, 2026
## Get a CVE
2024-05-27
Published