These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-11374 is a critical vulnerability in ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus. The issue allows an unauthenticated user to predict SSO tickets, potentially leading to account takeover. The vulnerability has a CVSS score of 9 and is considered critical. ManageEngine has released an advisory for this vulnerability. Users of these products should rev [truncated]
The Zoho Mail WordPress plugin contains a Cross-Site Request Forgery (CSRF) vulnerability in versions prior to 1.6.2. CSRF flaws allow attackers to trick authenticated users into performing unintended actions by submitting malicious requests using the victim's established session. The vulnerability is classified as MEDIUM severity with a CVSS 3.1 score of 5.7, indicating moderate risk with network attack [truncated]
CVE-2026-2740 is a high-severity authenticated remote code execution issue affecting ManageEngine ADSelfService Plus before 6525, DataSecurity Plus before 6264, and RecoveryManager Plus before 6313. The supplied NVD record rates it 8.4 and maps it to CWE-77, with a CVSS 3.1 vector of AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L, indicating network-reachable impact that requires authenticated access and high attack complexity.
CVE-2016-6603 is a critical remote authentication bypass in ZOHO WebNMS Framework 5.2 and 5.2 SP1. The flaw allows an unauthenticated attacker to impersonate arbitrary users by sending a crafted UserName HTTP header. NVD rates the issue 9.8/CRITICAL, consistent with network reachability, no required privileges, no user interaction, and high impact to confidentiality, integrity, and availability.
CVE-2016-6602 affects ZOHO WebNMS Framework 5.2 and 5.2 SP1. The issue is a weak password obfuscation design that can let a context-dependent attacker recover cleartext credentials from WEB-INF/conf/securitydbData.xml. NVD rates the issue critical and maps it to CWE-327; it also notes the flaw can be combined with CVE-2016-6601 for remote exploitation.
CVE-2016-6601 describes a directory traversal issue in the file download feature of ZOHO WebNMS Framework 5.2 and 5.2 SP1. The NVD record states that a remote attacker can supply path traversal sequences in the fileName parameter to servlets/FetchFile to read arbitrary files. Because the issue is network-reachable, requires no authentication, and exposes file contents, it is a high-priority confidentialit [truncated]
CVE-2016-6600 is a critical directory traversal flaw in ZOHO WebNMS Framework file upload handling. According to the supplied NVD record, the issue affects WebNMS Framework 5.2 and 5.2 SP1 and can allow remote attackers to upload and execute arbitrary JSP files through the fileName parameter in servlets/FileUploadServlet.
