Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CISA KEV Catalog
CISA KEV Catalogadded 2025/06/02 12:0 a.m.10 views

ConnectWise ScreenConnect Improper Authentication Vulnerability

ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised...

8.1CVSS9.7AI score0.06148EPSS
In wildExploits0
VulnCheck KEV
VulnCheck KEVadded 2025/05/30 12:0 a.m.1 views

VulnCheck KEV: CVE-2025-3935

ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised...

8.1CVSS7.9AI score0.06148EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2025/05/30 12:0 a.m.10 views

ConnectWise ScreenConnect < 25.2.4 RCE

According to its version, the ConnectWise ScreenConnect remote access software installed on the remote host is prior to 25.2.4. It is, therefore affected by a remote code execution vulnerability: - ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection...

8.1CVSS9.4AI score0.06148EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/04/27 7:11 p.m.16 views

CVE-2025-3935

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys,...

8.1CVSS8AI score0.06148EPSS
Exploits0References1
NVD
NVDadded 2025/04/25 7:15 p.m.15 views

CVE-2025-3935

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys,...

8.1CVSS0.06148EPSS
Exploits0References3
CVE
CVEadded 2025/04/25 6:27 p.m.295 views

CVE-2025-3935

CVE-2025-3935 affects ScreenConnect 25.2.3 and earlier, where ViewState code injection can enable remote code execution if machine keys are compromised. The vulnerability stems from platform-level ViewState handling in ASP.NET Web Forms rather than a ScreenConnect flaw. ScreenConnect 2025.4 patch...

8.1CVSS8.5AI score0.06148EPSS
In wildExploits0References3Affected Software1
The Hacker News
The Hacker Newsadded 2025/02/07 11:1 a.m.22 views

Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks

Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers' pathway. The tech giant's threat intelligence team said it observed limited...

8.8AI score
Exploits0
Rows per page
Query Builder