361 matches found
CVE-2026-6066 Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center
ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...
CVE-2026-6066 Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center
ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...
CVE-2026-6066
The CVE-2026-6066 entry concerns ConnectWise Automate, specifically the Solution Center component. The vulnerability is described as client-to-server communications potentially occurring without transport-layer encryption, enabling network-based interception of Solution Center traffic in Automate...
CVE-2026-6066
ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...
PT-2026-33785
ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...
ConnectWise Automate 安全漏洞
ConnectWise Automate is a cloud-based local IT automation solution provided by the American company ConnectWise. This product supports functions such as content management, file sharing, and IT asset tracking and management. There is a security vulnerability in ConnectWise Automate, which stems...
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll...
ConnectWise ScreenConnect 安全漏洞
ConnectWise ScreenConnect is a self-hosted remote desktop software application developed by ConnectWise. There is a security vulnerability in ConnectWise ScreenConnect, which arises from the possibility that participants with server-level authentication encryption materials may gain unauthorized...
CVE-2026-0695
In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...
CVE-2026-0696
In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...
CVE-2026-0696
In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...
CVE-2026-0695
In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...
CVE-2026-0696
In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...
CVE-2026-0695
In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...
CVE-2026-0696 Session Cookies Missing HttpOnly Attribute
In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...
CVE-2026-0696
In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...
CVE-2026-0696 Session Cookies Missing HttpOnly Attribute
In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...
CVE-2026-0696
CVE-2026-0696 affects ConnectWise PSA: in versions older than 2026.1, certain session cookies were not set with HttpOnly. This could allow client-side scripts to access session cookie values, enabling potential exposure of session data. Affected software: ConnectWise PSA prior to 2026.1. Root cau...
CVE-2026-0695
In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content, which can allow stored script code to execute in the context of a user’s browser when the affected content is displayed. Affect...
CVE-2026-0695 Stored XSS in Time Entry Audit Trail
In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...