Lucene search
K

157 matches found

euvd
euvd
added 2026/03/17 3:36 p.m.3 views

EUVD-2026-12574

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

9CVSS5.8AI score0.00362EPSS
Exploits0References2
nvd
nvd
added 2026/03/17 3:16 p.m.2 views

CVE-2026-3564

A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently...

9CVSS0.00362EPSS
Exploits0References1
cvelist
cvelist
added 2026/03/17 2:48 p.m.20 views

CVE-2026-3564 ScreenConnect Instance Level Cryptographic Material Exposure

A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently...

9CVSS0.00362EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/03/17 2:48 p.m.3 views

CVE-2026-3564 ScreenConnect Instance Level Cryptographic Material Exposure

A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently...

9CVSS6.1AI score0.00362EPSS
Exploits0References1
cve
cve
added 2026/03/17 2:48 p.m.59 views

CVE-2026-3564

CVE-2026-3564 affects ConnectWise ScreenConnect. A condition in ScreenConnect may allow an attacker who already has access to server‑level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. Red Hat, EUVD, NVD, and CVE...

9CVSS6.1AI score0.00362EPSS
In wildExploits0References1
attackerkb
attackerkb
added 2026/03/17 2:48 p.m.8 views

CVE-2026-3564

A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently...

9CVSS6.1AI score0.00362EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2026/03/17 12:0 a.m.11 views

ConnectWise ScreenConnect 安全漏洞

ConnectWise ScreenConnect is a self-hosted remote desktop software application developed by ConnectWise. There is a security vulnerability in ConnectWise ScreenConnect, which arises from the possibility that participants with server-level authentication encryption materials may gain unauthorized...

9CVSS6AI score0.00362EPSS
Exploits0References1
vulncheck_kev
vulncheck_kev
added 2026/03/17 12:0 a.m.11 views

VulnCheck KEV: CVE-2026-3564

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

9CVSS5.8AI score0.00362EPSS
In wildExploits0References4
ptsecurity
ptsecurity
added 2026/03/17 12:0 a.m.12 views

PT-2026-25901

Name of the Vulnerable Software and Affected Versions ScreenConnect versions prior to 26.1 Description A flaw in ScreenConnect could allow an attacker with access to server-level cryptographic material used for authentication to gain unauthorized access, potentially including elevated privileges...

9CVSS6.2AI score0.00362EPSS
Exploits0References25
mssecure
mssecure
added 2026/03/03 9:11 p.m.10 views

Signed malware impersonating workplace apps deploys RMM backdoors

In February 2026, Microsoft Defender Experts identified multiple phishing campaigns attributed to an unknown threat actor. The campaigns used workplace meeting lures, PDF attachments, and abuse of legitimate binaries to deliver signed malware. Phishing emails directed users to download malicious...

6AI score
Exploits0
hackread
hackread
added 2026/02/17 4:48 a.m.8 views

Hackers Abuse ScreenConnect to Hijack PCs via Fake Social Security Emails

Forcepoint X-labs reveals how hackers use fake SSA emails and hijacked ScreenConnect tools to bypass Windows security to target UK, US, and Canadian organisations...

5.5AI score
Exploits0
malwarebytes
malwarebytes
added 2026/02/02 10:18 a.m.12 views

How fake party invitations are being used to install remote access tools

“You’re invited!” It sounds friendly, familiar and quite harmless. But in a scam we recently spotted, that simple phrase is being used to trick victims into installing a full remote access tool on their Windows computers—giving attackers complete control of the system. What appears to be a casual...

5.9AI score
Exploits0
redhatcve
redhatcve
added 2025/12/19 4:23 p.m.16 views

CVE-2025-14823

In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored a...

5.3CVSS6.8AI score0.00133EPSS
Exploits0References1
euvd
euvd
added 2025/12/18 6:30 p.m.5 views

EUVD-2025-204299

In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored a...

5.3CVSS6.3AI score0.00133EPSS
Exploits0References2
nvd
nvd
added 2025/12/18 4:15 p.m.5 views

CVE-2025-14823

In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored a...

5.3CVSS0.00133EPSS
Exploits0References1
osv
osv
added 2025/12/18 4:15 p.m.4 views

CVE-2025-14823

In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored a...

5.3CVSS5.8AI score0.00133EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/12/18 3:50 p.m.7 views

CVE-2025-14823 Certificate Signing Extension Returns Encrypted Values

In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored a...

5.3CVSS6.4AI score0.00133EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/12/18 12:0 a.m.5 views

PT-2025-52259

Name of the Vulnerable Software and Affected Versions ScreenConnect versions prior to 1.0.12 Description In deployments utilizing the Certificate Signing Extension, encrypted configuration values, potentially including an Azure Key Vault-related key, could be disclosed to unauthenticated users vi...

5.3CVSS6.7AI score0.00133EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/12/18 12:0 a.m.5 views

ConnectWise ScreenConnect 安全漏洞

ConnectWise ScreenConnect is a self-hosted remote desktop software application from ConnectWise. A security vulnerability exists in ConnectWise ScreenConnect that stems from mishandling of the certificate signing extension configuration, which could lead to the disclosure of encrypted configurati...

5.3CVSS6.5AI score0.00133EPSS
Exploits0References1
nvd
nvd
added 2025/12/11 3:15 p.m.11 views

CVE-2025-14265

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...

9.1CVSS0.0033EPSS
Exploits0References1
Rows per page
Query Builder