CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/06/10 5:15 p.m.•8 views

EUVD-2026-36079

4.7CVSS5.4AI score0.00221EPSS

Vulnrichment•added 2026/06/10 5:15 p.m.•7 views

CVE-2026-11596

4.7CVSS5.4AI score0.00221EPSS

CVE•added 2026/06/10 5:15 p.m.•17 views

CVE-2026-11596

Affected software: ScreenConnect™ (before version 26.2). The vulnerability concerns input validation in the Host Pass creation flow, where an authenticated user with Host Pass creation privileges could set a delegated access token expiration longer than the intended maximum. Impact, as described,...

4.7CVSS5.5AI score0.00221EPSS

Cvelist•added 2026/06/10 5:15 p.m.•24 views

CVE-2026-11596

4.7CVSS0.00221EPSS

Positive Technologies•added 2026/06/10 12:0 a.m.•7 views

PT-2026-48490

Name of the Vulnerable Software and Affected Versions ScreenConnect versions prior to 26.2 Description Insufficient input validation within the Host Pass creation functionality allows an authenticated user with Host Pass creation privileges to specify a token expiration duration that exceeds the...

4.7CVSS5.2AI score0.00221EPSS

Exploits0References3

CNNVD•added 2026/06/10 12:0 a.m.•17 views

ConnectWise ScreenConnect 安全漏洞

ConnectWise ScreenConnect is a self-hosted remote desktop software application developed by ConnectWise. Versions of ConnectWise ScreenConnect prior to version 26.2 contained a security vulnerability. This vulnerability stemmed from the lack of input validation for the token expiration duration...

4.7CVSS5.4AI score0.00221EPSS

The Hacker News•added 2026/05/27 7:45 a.m.•16 views

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence AI chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique extends social engineering beyond conventional search results and increases the...

8.8CVSS7.8AI score0.64315EPSS

Exploits6

Microsoft Secure•added 2026/05/26 9:35 p.m.•8 views

From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Defender Experts identified an active cryptojacking campaign in which malicious download sites are surfaced not only through traditional search engine poisoning, but also through A...

Microsoft Secure•added 2026/05/26 9:35 p.m.•11 views

From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

The Hacker News•added 2026/05/04 6:6 p.m.•15 views

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management RMM software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUSHELPER , has impacted over 80...

The Hacker News•added 2026/04/29 8:46 a.m.•4 views

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities are listed below -...

8.4CVSS9.5AI score0.87624EPSS

Exploits8

CISA KEV Catalog•added 2026/04/28 12:0 a.m.•2 views

ConnectWise ScreenConnect Path Traversal Vulnerability

ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems...

8.4CVSS9.3AI score0.87624EPSS

In wildExploits5

RedhatCVE•added 2026/03/26 3:4 p.m.•3 views

CVE-2026-3564

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

9CVSS6AI score0.00362EPSS

The Hacker News•added 2026/03/24 5:5 p.m.•7 views

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own...

5.9AI score

Tenable Nessus•added 2026/03/24 12:0 a.m.•4 views

ConnectWise ScreenConnect < 26.1 Authentication Bypass

According to its version, the ConnectWise ScreenConnect remote access software installed on the remote host is prior to 26.1. It is, therefore, affected by an authentication bypass vulnerability: - A condition in ScreenConnect may allow an actor with access to server-level cryptographic material...

9CVSS6.1AI score0.00362EPSS

Exploits0References2

The Hacker News•added 2026/03/23 10:55 a.m.•4 views

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll...