CVE-2021-38298

Same vendor

• CVE-2021-41075 — The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API (9.8 CRITICAL)
• CVE-2021-40493 — Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module (9.8 CRITICAL)
• CVE-2021-41288 — Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API (9.8 CRITICAL)
• CVE-2021-41829 — Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key (7.5 HIGH)
• CVE-2021-41828 — Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml (7.5 HIGH)

Same CWE

• CVE-2026-49875 — Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening c... (9.8 CRITICAL)
• CVE-2026-40998 — Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled X... (8.2 HIGH)
• CVE-2026-40991 — When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who comp... (5.9 MEDIUM)
• CVE-2026-47960 — ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerab... (7.4 HIGH)
• CVE-2026-8045 — CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side...