Lucene search
+L

361 matches found

Cvelist
Cvelist
added 2026/04/20 3:26 p.m.33 views

CVE-2026-6066 Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...

7.1CVSS0.00082EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/20 3:26 p.m.4 views

CVE-2026-6066 Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...

7.1CVSS5.7AI score0.00082EPSS
Exploits0References1
CVE
CVE
added 2026/04/20 3:26 p.m.19 views

CVE-2026-6066

The CVE-2026-6066 entry concerns ConnectWise Automate, specifically the Solution Center component. The vulnerability is described as client-to-server communications potentially occurring without transport-layer encryption, enabling network-based interception of Solution Center traffic in Automate...

7.1CVSS5.7AI score0.00082EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/20 3:26 p.m.3 views

CVE-2026-6066

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...

7.1CVSS5.7AI score0.00082EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.12 views

PT-2026-33785

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...

7.1CVSS5.7AI score0.00082EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.11 views

ConnectWise Automate 安全漏洞

ConnectWise Automate is a cloud-based local IT automation solution provided by the American company ConnectWise. This product supports functions such as content management, file sharing, and IT asset tracking and management. There is a security vulnerability in ConnectWise Automate, which stems...

7.1CVSS5.8AI score0.00082EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/03/23 10:55 a.m.4 views

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll...

6AI score
Exploits0
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.13 views

ConnectWise ScreenConnect 安全漏洞

ConnectWise ScreenConnect is a self-hosted remote desktop software application developed by ConnectWise. There is a security vulnerability in ConnectWise ScreenConnect, which arises from the possibility that participants with server-level authentication encryption materials may gain unauthorized...

9CVSS6AI score0.00362EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/17 2:6 p.m.7 views

CVE-2026-0695

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...

8.7CVSS7.1AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/17 2:6 p.m.6 views

CVE-2026-0696

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...

6.5CVSS6.8AI score0.00352EPSS
Exploits0References1
OSV
OSV
added 2026/01/16 2:15 p.m.10 views

CVE-2026-0696

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...

6.5CVSS5.8AI score0.00352EPSS
Exploits0References2
OSV
OSV
added 2026/01/16 2:15 p.m.7 views

CVE-2026-0695

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...

5.4CVSS5.9AI score0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/01/16 2:15 p.m.7 views

CVE-2026-0696

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...

6.5CVSS0.00352EPSS
Exploits0References2
NVD
NVD
added 2026/01/16 2:15 p.m.6 views

CVE-2026-0695

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...

8.7CVSS0.00251EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/16 1:34 p.m.2 views

CVE-2026-0696 Session Cookies Missing HttpOnly Attribute

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...

6.5CVSS6.4AI score0.00352EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/16 1:34 p.m.2 views

CVE-2026-0696

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...

6.5CVSS5.3AI score0.00352EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/16 1:34 p.m.25 views

CVE-2026-0696 Session Cookies Missing HttpOnly Attribute

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...

6.5CVSS0.00352EPSS
Exploits0References2
CVE
CVE
added 2026/01/16 1:34 p.m.22 views

CVE-2026-0696

CVE-2026-0696 affects ConnectWise PSA: in versions older than 2026.1, certain session cookies were not set with HttpOnly. This could allow client-side scripts to access session cookie values, enabling potential exposure of session data. Affected software: ConnectWise PSA prior to 2026.1. Root cau...

6.5CVSS6.4AI score0.00352EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/01/16 1:34 p.m.19 views

CVE-2026-0695

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content, which can allow stored script code to execute in the context of a user’s browser when the affected content is displayed. Affect...

8.7CVSS6.7AI score0.00251EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/16 1:34 p.m.4 views

CVE-2026-0695 Stored XSS in Time Entry Audit Trail

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...

8.7CVSS6.7AI score0.00251EPSS
Exploits0References2
Rows per page
Query Builder