Lucene search
K

860 matches found

NVD
NVD
added last week6 views

CVE-2026-14536

Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an...

8.8CVSS0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added last week36 views

CVE-2026-14536

Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an...

0.00231EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2026-41905

Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an...

6AI score0.00231EPSS
Exploits0References1
CVE
CVE
added last week11 views

CVE-2026-14536

CVE-2026-14536 affects Devolutions Server 2026.2.9.0. The issue is improper enforcement of a mandatory multi-factor authentication policy, allowing an attacker with valid credentials to bypass MFA and authenticate without completing MFA due to an invalid default MFA value. The available sources d...

8.8CVSS6AI score0.00231EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.5 views

PT-2026-55970

Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.9.0 Description Improper enforcement of a mandatory multi-factor authentication policy allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing...

8.8CVSS6.1AI score0.00231EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

Devolutions Server 2026.2.4 <= 2026.2.7 Credential Exposure (DEVO-2026-0020)

The version of Devolutions Server installed on the remote host is 2026.2.4 through 2026.2.7. It is, therefore, affected by a vulnerability: - Improper input validation in the PAM AD discovery endpoints allows an authenticated user with the UserGroupsView permission to coerce server-side...

2.7CVSS6AI score0.00216EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 2:16 p.m.8 views

CVE-2026-12755

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

2.7CVSS0.00216EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.14 views

CVE-2026-12755

CVE-2026-12755 affects Devolutions Server 2026.2.4.0–2026.2.7.0. It is caused by improper input validation in the PAM AD discovery endpoints. An authenticated user with the UserGroupsView permission can coerce server-side authentication to an attacker-controlled host, exposing PAM provider creden...

2.7CVSS5.8AI score0.00216EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/25 1:12 p.m.4 views

EUVD-2026-39386

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

2.7CVSS5.8AI score0.00216EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.5 views

Devolutions Server <= 2026.1.21 / 2026.2.0 <= 2026.2.5 Multiple Vulnerabilities (DEVO-2026-0017)

The version of Devolutions Server installed on the remote host is prior or equal to 2026.1.21 or 2026.2.0 prior or equal to 2026.2.5. It is, therefore, affected by multiple vulnerabilities, including: - Improper access control in PAM account discovery results in Devolutions Server 2026.2.5,...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/16 9:32 p.m.13 views

EUVD-2026-37200

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results...

5.2AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.14 views

EUVD-2026-37202

Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request...

5.2AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.11 views

EUVD-2026-37203

Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions...

5.2AI score0.00201EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 8:16 p.m.10 views

CVE-2026-12105

Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions...

6.5CVSS0.00201EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 8:16 p.m.9 views

CVE-2026-11890

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results...

4.3CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 8:16 p.m.14 views

CVE-2026-12117

Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request...

4.3CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 6:28 p.m.15 views

CVE-2026-12105

CVE-2026-12105 affects Devolutions Server in versions 2026.2.5 and 2026.1.21. The root cause is improper access control that allows an authenticated user to access attachments via folder duplication with inherited permissions. The documented impact is confidential data exposure (high) with a CVSS...

6.5CVSS5.3AI score0.00201EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/16 6:28 p.m.25 views

CVE-2026-12105

Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions...

0.00201EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 6:25 p.m.27 views

CVE-2026-12117

CVE-2026-12117 affects Devolutions Server 2026.2.5: improper access control in the social login connection endpoint allows an authenticated vault member to enumerate social login entry metadata they are not authorized to access via a crafted API request. CVSSv3.1 base score is 4.3 (Medium). The p...

4.3CVSS5.3AI score0.0018EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/16 6:25 p.m.28 views

CVE-2026-12117

Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request...

0.0018EPSS
Exploits0References1
Rows per page
Query Builder