Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.14 views

PT-2026-25901

Name of the Vulnerable Software and Affected Versions ScreenConnect versions prior to 26.1 Description A flaw in ScreenConnect could allow an attacker with access to server-level cryptographic material used for authentication to gain unauthorized access, potentially including elevated privileges...

9CVSS6.2AI score0.00362EPSS
Exploits0References25
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-51388

Malicious code in bioql PyPI...

8.1CVSS6.3AI score0.01044EPSS
Exploits0References2
NVD
NVD
added 2025/04/25 7:15 p.m.18 views

CVE-2025-3935

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys,...

8.1CVSS0.03292EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/25 6:27 p.m.15 views

CVE-2025-3935 ScreenConnect Exposure to ASP.NET ViewState Code Injection

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys,...

8.1CVSS8.5AI score0.03292EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/25 6:27 p.m.39 views

CVE-2025-3935 ScreenConnect Exposure to ASP.NET ViewState Code Injection

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys,...

8.1CVSS0.03292EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/24 12:0 a.m.7 views

PT-2025-17934

Name of the Vulnerable Software and Affected Versions ScreenConnect versions 25.2.3 and earlier Description The issue concerns a ViewState code injection attack in ScreenConnect, which uses ASP.NET Web Forms to preserve page and control state. The data is encoded using Base64 and protected by...

8.1CVSS9.5AI score0.03292EPSS
Exploits0References64
Packet Storm
Packet Storm
added 2024/02/24 12:0 a.m.700 views

ConnectWise ScreenConnect 23.9.7 Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ConnectWise ScreenConnect Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an authentication bypass vulnerability...

10CVSS7AI score0.99959EPSS
Exploits9
ATTACKERKB
ATTACKERKB
added 2022/09/28 8:57 a.m.5 views

CVE-2022-36781

ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this vulnerability to gain unauthorized access by repeatedly attempting...

5.3CVSS5.9AI score0.00469EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder