ZoHo Patches Zero-day in ManageEngine Exploited in the Wild...

ZoHo Patches Zero-day in ManageEngine Exploited in the Wild

On December 3, ZoHo issued a security advisory and patches for CVE-2021-44515, an authentication bypass vulnerability in its ManageEngine Desktop Central product that has been exploited in the wild.

This follows months of reports and alerts regarding active exploitation of two other vulnerabilities in ManageEngine products, CVE-2021-44077 and CVE-2021-40539. The attacks exploiting these vulnerabilities have been linked to advanced persistent threat (APT) groups. At the time of publication, specific information has not been provided about the attacks exploiting CVE-2021-44515.

For more information, please visit our blog.

Vulnerability Watch

Forum Discussion

ZoHo Patches Zero-day in ManageEngine Exploited in the Wild...

Recent Discussions

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

Microsoft Patch Tuesday 2025 Year in Review

Americas

Europe

Asia / Australia