15 matches found
CVE-2026-9248
Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request. This issue affects : Devolutions Server 2026.1.6.0...
PT-2026-42794
Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request. This issue affects : Devolutions Server 2026.1.6.0...
Devolutions Remote Desktop Manager <= 2025.3.30 Sensitive Information Exposure (DEVO-2026-0005)
The version of Devolutions Remote Desktop Manager installed on the remote host is 2025.3.30 or earlier. It is, therefore, affected by a sensitive information exposure vulnerability: - Improper enforcement of the Disable password saving in vaults setting in the connection entry component in...
EUVD-2026-9331
Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users, by...
CVE-2026-2590
Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users, by...
CVE-2026-2590
Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users, by...
CVE-2026-2590
Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users, by...
PT-2026-22827
Name of the Vulnerable Software and Affected Versions Devolutions Remote Desktop Manager versions 2025.3.30 and earlier Description An issue exists in the connection entry component of the software where the 'Disable password saving in vaults' setting is not properly enforced. This allows an...
CVE-2025-1987
A Cross-Site Scripting XSS vulnerability has been identified in Psono-Client’s handling of vault entries of type websitepassword and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a result, an attacker can craft a malicious...
CVE-2025-1987
A Cross-Site Scripting XSS vulnerability has been identified in Psono-Client’s handling of vault entries of type websitepassword and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a result, an attacker can craft a malicious...
CVE-2025-1987
A Cross-Site Scripting XSS vulnerability has been identified in Psono-Client’s handling of vault entries of type websitepassword and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a result, an attacker can craft a malicious...
CVE-2025-1987 Stored XSS in Psono-Client via Malicious Vault Entry URLs
A Cross-Site Scripting XSS vulnerability has been identified in Psono-Client’s handling of vault entries of type websitepassword and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a result, an attacker can craft a malicious...
CVE-2025-1987 Stored XSS in Psono-Client via Malicious Vault Entry URLs
A Cross-Site Scripting XSS vulnerability has been identified in Psono-Client’s handling of vault entries of type websitepassword and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a result, an attacker can craft a malicious...
CVE-2024-2921
Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions...
Apple Safari 安全漏洞
Apple Safari is a web browser from Apple Inc. and is the default browser that comes with the Mac OS X and iOS operating systems. A security vulnerability exists in the Apple Safari extension 1Password, which stems from the ease with which authorizations in the software can be bypassed.By targetin...