Lucene search
K

157 matches found

OSV
OSV
added 2025/12/11 3:15 p.m.8 views

CVE-2025-14265

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...

9.1CVSS6AI score0.0033EPSS
Exploits0References1
CVE
CVE
added 2025/12/11 2:21 p.m.20 views

CVE-2025-14265

CVE-2025-14265 (ScreenConnect) affects the ScreenConnect server component (not host/guest clients). The issue is due to insufficient server-side validation and integrity checks within the extension subsystem, allowing the installation and execution of untrusted or arbitrary extensions by authoriz...

9.1CVSS6.9AI score0.0033EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/11 2:21 p.m.4 views

EUVD-2025-202687

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...

9.1CVSS6.8AI score0.0033EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/11 2:21 p.m.26 views

CVE-2025-14265 Improper server-side validation in ScreenConnect extension framework

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...

9.1CVSS0.0033EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/11 2:21 p.m.5 views

CVE-2025-14265 Improper server-side validation in ScreenConnect extension framework

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...

9.1CVSS6.9AI score0.0033EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.5 views

ConnectWise ScreenConnect 安全漏洞

ConnectWise ScreenConnect is a self-hosted remote desktop software application from ConnectWise. A security vulnerability exists in ConnectWise ScreenConnect versions prior to 25.8 that stems from insufficient validation of the extension subsystem and could lead to the execution of arbitrary code...

9.1CVSS7AI score0.0033EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.6 views

PT-2025-50611

Name of the Vulnerable Software and Affected Versions ScreenConnect versions prior to 25.8 Description The ScreenConnect server component, in versions prior to 25.8, has insufficient server-side validation and integrity checks within its extension subsystem. This allows the installation and...

9.1CVSS7.9AI score0.0033EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-39481

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00469EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-51388

Malicious code in bioql PyPI...

8.1CVSS6.3AI score0.01044EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/09/16 6:59 p.m.276 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Connectwise Screenconnect

ScreenConnect CVE-2024-1709 Exploit Tool A Python tool to che...

10CVSS8.4AI score0.99959EPSS
Exploits9
The Hacker News
The Hacker News
added 2025/09/11 6:2 a.m.7 views

AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto

Cybersecurity researchers have disclosed details of a new campaign that leverages ConnectWise ScreenConnect, a legitimate Remote Monitoring and Management RMM software, to deliver a fleshless loader that drops a remote access trojan RAT called AsyncRAT to steal sensitive data from compromised...

7.1AI score
Exploits0
HackRead
HackRead
added 2025/09/10 4:3 p.m.6 views

New Fileless Malware Attack Uses AsyncRAT for Credential Theft

LevelBlue Labs reports AsyncRAT delivered through a fileless attack chain using ScreenConnect, enabling credential theft and persistence...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/12 7:42 a.m.15 views

ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

ConnectWise has disclosed that it's planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management RMM executables due to security concerns. The company said it's doing so "due to concerns raised by a...

8.1CVSS7.7AI score0.03292EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/06/02 12:0 a.m.8 views

The vulnerability of the ViewState mechanism of the ConnectWise ScreenConnect remote access software allows a perpetrator to execute arbitrary code.

The vulnerability of the ViewState mechanism of the ConnectWise ScreenConnect remote access software lies in the deficiencies of the authentication process. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted ViewState request...

8.1CVSS8.6AI score0.03292EPSS
Exploits0References2Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2025/06/02 12:0 a.m.14 views

ConnectWise ScreenConnect Improper Authentication Vulnerability

ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised...

8.1CVSS9.7AI score0.03292EPSS
In wildExploits0
VulnCheck KEV
VulnCheck KEV
added 2025/05/30 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-3935

ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised...

8.1CVSS7.9AI score0.03292EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/30 12:0 a.m.13 views

ConnectWise ScreenConnect < 25.2.4 RCE

According to its version, the ConnectWise ScreenConnect remote access software installed on the remote host is prior to 25.2.4. It is, therefore affected by a remote code execution vulnerability: - ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection...

8.1CVSS9.4AI score0.03292EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/27 12:0 a.m.9 views

PT-2025-23026

Warning: High severity vulnerabilities in @Citrix XenServer VM Tools for Windows CVE-2025-27462, CVE-2025-27463, CVE-2025-27464 impact Windows VMs on XenServer 8.4 & Citrix Hypervisor 8.2 CU1 LTSR, risking sandbox escapes. Act now! Patch https://t.co/SF4q8mMyxr...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References31
RedhatCVE
RedhatCVE
added 2025/05/23 5:16 a.m.11 views

CVE-2023-47256

ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings...

5.5CVSS6.8AI score0.00445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:7 a.m.12 views

CVE-2023-47257

ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages...

8.1CVSS7.8AI score0.01044EPSS
Exploits0
Rows per page
Query Builder