Lucene search
K

62 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/29 3:23 p.m.8 views

CVE-2026-13437

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/29 3:23 p.m.18 views

CVE-2026-13437

CVE-2026-13437 affects Devolutions PowerShell Universal 2026.2.0. An attacker with AI Agent read access can exploit the AI Agent job API to receive App Tokens serialized in plaintext within API responses, enabling retrieval of reusable authentication tokens with potential higher privilege. The un...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/29 3:23 p.m.39 views

CVE-2026-13437

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API...

0.00255EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 3:16 p.m.12 views

CVE-2026-8694

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints...

5.3CVSS0.00221EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:11 p.m.30 views

CVE-2026-8694 Improper access control on the API documentation endpoint in PowerShell Universal

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints...

0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:11 p.m.9 views

CVE-2026-8694 Improper access control on the API documentation endpoint in PowerShell Universal

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints...

5.3AI score0.00221EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 2:11 p.m.20 views

CVE-2026-8694

CVE-2026-8694 involves an improper access control flaw in Devolutions PowerShell Universal up to version 2026.1.7, where an unauthenticated remote attacker can obtain the OpenAPI specification of user-defined REST endpoints. The affected component is the OpenAPI/REST endpoint documentation expose...

5.3CVSS5.4AI score0.00221EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48887

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints...

5.4AI score0.00221EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.5 views

CVE-2026-3563

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of...

5.5CVSS5.8AI score0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.6 views

CVE-2026-4064

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and...

8.3CVSS5.8AI score0.00325EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/17 9:31 p.m.7 views

EUVD-2026-12636

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of...

5.5CVSS5.8AI score0.00341EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/17 9:31 p.m.6 views

EUVD-2026-12637

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and...

8.3CVSS5.8AI score0.00325EPSS
Exploits0References2
NVD
NVD
added 2026/03/17 8:16 p.m.12 views

CVE-2026-4064

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and...

8.3CVSS0.00325EPSS
Exploits0References1
NVD
NVD
added 2026/03/17 8:16 p.m.5 views

CVE-2026-3563

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of...

5.5CVSS0.00341EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 7:15 p.m.3 views

CVE-2026-3563

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of...

5.5CVSS5.8AI score0.00341EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/17 7:15 p.m.18 views

CVE-2026-3563

CVE-2026-3563 affects PowerShell Universal prior to version 2026.1.4. The root cause is improper input validation in the apps and endpoints configuration. An authenticated user with permissions to create or modify Apps or Endpoints can override existing application or system routes, producing uni...

5.5CVSS5.8AI score0.00341EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/17 7:15 p.m.2 views

CVE-2026-3563

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of...

5.8AI score0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/17 7:14 p.m.2 views

CVE-2026-4064

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and...

5.8AI score0.00325EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/17 7:14 p.m.23 views

CVE-2026-4064

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and...

0.00325EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 7:14 p.m.3 views

CVE-2026-4064

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and...

8.3CVSS5.8AI score0.00325EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder