447 matches found
Devolutions Remote Desktop Manager 2026.2.5 < 2026.2.12 Code Execution (DEVO-2026-0021)
The version of Devolutions Remote Desktop Manager installed on the remote host is 2026.2.5 through 2026.2.11. It is, therefore, affected by a code execution vulnerability: - Incorrect link resolution by display name in the custom PowerShell VPN editor allows an authenticated attacker with write...
CVE-2026-13372
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...
CVE-2026-13372
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...
EUVD-2026-39832
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...
PT-2026-52892
Name of the Vulnerable Software and Affected Versions Devolutions Remote Desktop Manager versions 2026.2.5 through 2026.2.11 Description An issue exists in the custom PowerShell VPN editor where incorrect link resolution by display name allows an authenticated attacker with write access to a shar...
Devolutions Remote Desktop Manager <= 2026.2.7 Command Injection (DEVO-2026-0018)(CVE-2026-12161)
The version of Devolutions Remote Desktop Manager installed on the remote host is 2025.2.7 or earlier. It is, therefore, affected by a command injection vulnerability: - Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticat...
Devolutions Remote Desktop Manager <= 2026.2.8 Improper Host Validation (DEVO-2026-0018)(CVE-2026-12162)
The version of Devolutions Remote Desktop Manager installed on the remote host is 2025.2.8 or earlier. It is, therefore, affected by an improper host validation vulnerability: - Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an...
EUVD-2026-37023
Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alterna...
EUVD-2026-37024
Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain...
CVE-2026-12162
Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain...
CVE-2026-12162
Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain...
CVE-2026-12162
The CVE-2026-12162 entry affects Devolutions Remote Desktop Manager 2026.2.8, due to an improper host validation in the social login autofill feature. The underlying issue allows an attacker to disclose stored social login credentials by pointing a crafted web entry to a provider domain that look...
PT-2026-49549
Name of the Vulnerable Software and Affected Versions Devolutions Remote Desktop Manager version 2026.2.7 Description Improper input validation in the SSH Elevate Shell feature allows an authenticated user with permissions to create or modify a shared SSH entry to execute arbitrary commands on a...
PT-2026-49550
Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain...
CVE-2026-44813
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-42983
CVE-2026-42983 is a Windows vulnerability described across multiple sources as a use-after-free in the DWM Core Library that allows an authorized, local attacker to elevate privileges. The issue is identified consistently in Microsoft’s MSRC page and NVD records; no public exploit details or defa...
CVE-2026-34336
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
CVE-2026-34336
Buffer over-read in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
Devolutions Remote Desktop Manager < 2025.3.32 / 2026.1 < 2026.1.6 Sensitive Information Exposure (DEVO-2026-0005)
The version of Devolutions Remote Desktop Manager installed on the remote host is prior to 2025.3.32 or 2026.1 prior to 2026.1.6. It is, therefore, affected by a sensitive information exposure vulnerability: - Improper enforcement of the Disable password saving in vaults setting in the connection...
CVE-2026-2590
Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users, by...