Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-9248

Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request. This issue affects : Devolutions Server 2026.1.6.0...

2.6CVSS5.5AI score0.00129EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-9247

Insufficient logging in the entry export feature in Devolutions Server allows an authenticated user with export permissions to export a sealed entry without triggering the unseal notification to administrators via a crafted export request. This issue affects : Devolutions Server 2026.1.6.0 throug...

2.4CVSS5.4AI score0.00157EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.7 views

CVE-2026-9249

Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and earlier...

3.1CVSS5.4AI score0.00133EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 4:16 p.m.10 views

CVE-2026-9249

Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and earlier...

3.1CVSS0.00133EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 4:16 p.m.9 views

CVE-2026-9047

Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-factor authentication after the user reconfigures their factors. This issue affects : Devolutions...

7.6CVSS0.00215EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:24 p.m.7 views

CVE-2026-9249

Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and earlier...

3.1CVSS5.8AI score0.00133EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 3:24 p.m.9 views

CVE-2026-9249

Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and earlier...

5.8AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 3:24 p.m.13 views

CVE-2026-9249

Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and earlier...

0.00133EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 3:23 p.m.6 views

CVE-2026-9247

Insufficient logging in the entry export feature in Devolutions Server allows an authenticated user with export permissions to export a sealed entry without triggering the unseal notification to administrators via a crafted export request. This issue affects : Devolutions Server 2026.1.6.0 throug...

5.8AI score0.00157EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 3:18 p.m.8 views

CVE-2026-9047

Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-factor authentication after the user reconfigures their factors. This issue affects : Devolutions...

5.8AI score0.00215EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:18 p.m.7 views

CVE-2026-9047

Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-factor authentication after the user reconfigures their factors. This issue affects : Devolutions...

7.6CVSS5.8AI score0.00215EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.16 views

PT-2026-42795

Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and earlier...

5.8AI score0.00133EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. There were security vulnerabilities in the Devolutions Server version 2026.1.6.0 to 2026.1.16.0. These vulnerabilities...

7.6CVSS5.8AI score0.00215EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42796

Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain access to an entry's data via a crafted status change request. This issue affects : Devolutions Serv...

5.8AI score0.00142EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6.0 to 2026.1.16.0, as well as versions prior to 2025.3.20.0, have security...

2.7CVSS6AI score0.00178EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6.0 to 2026.1.16.0, as well as versions prior to 2025.3.20.0, have security...

3.1CVSS5.8AI score0.00133EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 5:28 p.m.14 views

CVE-2026-5146

CVE-2026-5146 targets Devolutions Server. The issue is improper access control in the notification management endpoints, allowing an unauthenticated attacker to modify or delete arbitrary user notification records due to missing session validation. Affected versions range from Devolutions Server ...

4.3CVSS5.9AI score0.00162EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 5:28 p.m.7 views

CVE-2026-5146

Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session validation. This issue affects the following versions : Devolutions Server 2026.1.6.0 through...

5.9AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/30 8:48 p.m.6 views

CVE-2026-6706

Improper access control in the vault documentation feature in Devolutions Server allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request. This issue affects Server: from 2026.1.6.0 through 2026.1.14.0, through 2025.3.18.0...

6.5CVSS5.2AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder