CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/21 2:32 p.m.•6 views

CVE-2026-9089

The CVE-2026-9089 issue affects the ConnectWise Automate Agent. According to connected sources, the agent does not fully verify the authenticity of components during plugin loading and self-update operations. The underlying impact is risk of tampered or unverified components being loaded during e...

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/21 2:32 p.m.•1 views

CVE-2026-9089

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5...

Vulnrichment•added 2026/05/21 2:32 p.m.•3 views

Exploits0References2

CVE-2026-9089

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5...

CNNVD•added 2026/05/21 12:0 a.m.•2 views

ConnectWise Automate Agent 安全漏洞

ConnectWise Automate Agent is a remote monitoring and management software developed by the American company ConnectWise. There is a security vulnerability in ConnectWise Automate Agent, which stems from an incomplete verification of component authenticity. This vulnerability may affect plugin...

Positive Technologies•added 2026/05/21 12:0 a.m.•3 views

PT-2026-42478

Name of the Vulnerable Software and Affected Versions ConnectWise Automate versions prior to 2026.5 Description The ConnectWise Automate Agent fails to fully verify the authenticity of components obtained during plugin loading and self-update operations. This lack of integrity checks during the...

8.8CVSS6.1AI score0.00004EPSS

Exploits0References14

The Hacker News•added 2026/04/29 8:46 a.m.•3 views

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities are listed below -...

8.4CVSS9.5AI score0.85006EPSS

Exploits8

CISA KEV Catalog•added 2026/04/28 12:0 a.m.•1 views

ConnectWise ScreenConnect Path Traversal Vulnerability

ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems...

8.4CVSS9.3AI score0.85006EPSS

In wildExploits5

NVD•added 2026/04/20 4:16 p.m.•2 views

CVE-2026-6066

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...

7.1CVSS0.0001EPSS

ATTACKERKB•added 2026/04/20 3:26 p.m.•0 views

CVE-2026-6066

Vulnrichment•added 2026/04/20 3:26 p.m.•2 views

Exploits0References2

CVE-2026-6066 Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center

CVE•added 2026/04/20 3:26 p.m.•8 views

CVE-2026-6066

The CVE-2026-6066 entry concerns ConnectWise Automate, specifically the Solution Center component. The vulnerability is described as client-to-server communications potentially occurring without transport-layer encryption, enabling network-based interception of Solution Center traffic in Automate...

Exploits0References1Affected Software1

Cvelist•added 2026/04/20 3:26 p.m.•26 views

CVE-2026-6066 Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center

7.1CVSS0.0001EPSS

Positive Technologies•added 2026/04/20 12:0 a.m.•2 views

PT-2026-33785

CNNVD•added 2026/04/20 12:0 a.m.•4 views

Exploits0References4

ConnectWise Automate 安全漏洞

ConnectWise Automate is a cloud-based local IT automation solution provided by the American company ConnectWise. This product supports functions such as content management, file sharing, and IT asset tracking and management. There is a security vulnerability in ConnectWise Automate, which stems...

7.1CVSS5.8AI score0.0001EPSS

The Hacker News•added 2026/03/23 10:55 a.m.•1 views

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll...

6AI score

Exploits0

CNNVD•added 2026/03/17 12:0 a.m.•3 views

ConnectWise ScreenConnect 安全漏洞

ConnectWise ScreenConnect is a self-hosted remote desktop software application developed by ConnectWise. There is a security vulnerability in ConnectWise ScreenConnect, which arises from the possibility that participants with server-level authentication encryption materials may gain unauthorized...

9CVSS6AI score0.00027EPSS

RedhatCVE•added 2026/01/17 2:6 p.m.•2 views

CVE-2026-0695

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...

8.7CVSS7.1AI score0.00018EPSS

RedhatCVE•added 2026/01/17 2:6 p.m.•3 views

CVE-2026-0696

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...

6.5CVSS6.8AI score0.0002EPSS