23 matches found
CVE-2026-0695
In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...
CVE-2026-0696
In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...
CVE-2026-0695
In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...
CVE-2026-0696
In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...
CVE-2026-0696 Session Cookies Missing HttpOnly Attribute
In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...
CVE-2026-0696
CVE-2026-0696 affects ConnectWise PSA: in versions older than 2026.1, certain session cookies were not set with HttpOnly. This could allow client-side scripts to access session cookie values, enabling potential exposure of session data. Affected software: ConnectWise PSA prior to 2026.1. Root cau...
CVE-2026-0696
In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...
CVE-2026-0696 Session Cookies Missing HttpOnly Attribute
In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...
CVE-2026-0695
In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content, which can allow stored script code to execute in the context of a user’s browser when the affected content is displayed. Affect...
CVE-2026-0695 Stored XSS in Time Entry Audit Trail
In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...
CVE-2026-0695 Stored XSS in Time Entry Audit Trail
In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...
PT-2026-3252
Name of the Vulnerable Software and Affected Versions ConnectWise PSA versions prior to 2026.1 Description Certain session cookies were not configured with the HttpOnly attribute in affected versions. This could potentially allow client-side scripts to access session cookie values. Recommendation...
ConnectWise PSA security vulnerabilities
ConnectWise PSA is a professional service automation software developed by ConnectWise in the United States. Versions of ConnectWise PSA prior to 2026.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of output encoding for Time Entry notes in the Time Entry Audit...
ConnectWise PSA security vulnerabilities
ConnectWise PSA is a professional service automation software developed by ConnectWise in the United States. Versions of ConnectWise PSA prior to 2026.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of the HttpOnly attribute on certain session cookies, allowing...
EUVD-2025-20827
Malicious code in bioql PyPI...
CVE-2025-7204
In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly verbose user object, which included encrypted password hashes for other users. Authenticated users...
CVE-2025-7204
In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly verbose user object, which included encrypted password hashes for other users. Authenticated users...
CVE-2025-7204
In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly verbose user object, which included encrypted password hashes for other users. Authenticated users...
CVE-2025-7204 Exposure of password hashes via API responses in ConnectWise PSA
In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly verbose user object, which included encrypted password hashes for other users. Authenticated users...
CVE-2025-7204 Exposure of password hashes via API responses in ConnectWise PSA
In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly verbose user object, which included encrypted password hashes for other users. Authenticated users...