Joey Melo

2 exploits Active since May 2025
CVE-2026-11596 WRITEUP MEDIUM WRITEUP
Connectwise ScreenConnect - Improper Validation of Specified Quantity in Input
In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens.
CVSS 4.7
CVE-2025-4876 WRITEUP MEDIUM WRITEUP
ConnectWise Risk Assessment - Info Disclosure
ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files used for authenticated network scanning.
CVSS 6.0