Ian Lin

3 exploits Active since May 2025
CVE-2026-11596 WRITEUP MEDIUM WRITEUP
Connectwise ScreenConnect - Improper Validation of Specified Quantity in Input
In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens.
CVSS 4.7
CVE-2025-48027 WRITEUP MEDIUM WRITEUP
MutonUfoAI pGina.Fork < 3.9.9.12 - Authentication Bypass via DNS Spoofing
The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary controls DNS resolution for pginaloginserver.
CVSS 5.4
CVE-2025-4876 WRITEUP MEDIUM WRITEUP
ConnectWise Risk Assessment - Info Disclosure
ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files used for authenticated network scanning.
CVSS 6.0