Lucene search
K

1234 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Devolutions Server 2026.2.4.0 <= 2026.2.9.0 MFA Bypass (DEVO-2026-0023)

The version of Devolutions Server installed on the remote host is 2026.2.4.0 prior or equal to 2026.2.9.0 and is, therefore, affected by an authentication bypass vulnerability: - Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 8:16 p.m.6 views

CVE-2026-14536

Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an...

8.8CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 7:23 p.m.13 views

CVE-2026-14536

CVE-2026-14536 affects Devolutions Server 2026.2.9.0. The issue is improper enforcement of a mandatory multi-factor authentication policy, allowing an attacker with valid credentials to bypass MFA and authenticate without completing MFA due to an invalid default MFA value. The available sources d...

8.8CVSS6AI score0.00231EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/06 7:23 p.m.6 views

EUVD-2026-41905

Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an...

6AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 7:23 p.m.37 views

CVE-2026-14536

Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an...

0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.5 views

PT-2026-55970

Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.9.0 Description Improper enforcement of a mandatory multi-factor authentication policy allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing...

8.8CVSS6.1AI score0.00231EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

Devolutions Server 2026.2.4 <= 2026.2.7 Credential Exposure (DEVO-2026-0020)

The version of Devolutions Server installed on the remote host is 2026.2.4 through 2026.2.7. It is, therefore, affected by a vulnerability: - Improper input validation in the PAM AD discovery endpoints allows an authenticated user with the UserGroupsView permission to coerce server-side...

2.7CVSS6AI score0.00216EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.6 views

Devolutions Remote Desktop Manager 2026.2.5 < 2026.2.12 Code Execution (DEVO-2026-0021)

The version of Devolutions Remote Desktop Manager installed on the remote host is 2026.2.5 through 2026.2.11. It is, therefore, affected by a code execution vulnerability: - Incorrect link resolution by display name in the custom PowerShell VPN editor allows an authenticated attacker with write...

7.2CVSS6.5AI score0.00278EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 3:23 p.m.6 views

EUVD-2026-40127

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.15 views

PT-2026-53303

Name of the Vulnerable Software and Affected Versions Devolutions PowerShell Universal version 2026.2.0 Description An information disclosure issue exists in the AI Agent job API. An authenticated user with AI Agent read access can obtain reusable, potentially higher-privileged authentication...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References7
CVE
CVE
added 2026/06/26 6:22 p.m.16 views

CVE-2026-13372

The CVE-2026-13372 vulnerability affects Devolutions Remote Desktop Manager 2026.2.5–2026.2.11, where incorrect link resolution by display name in the custom PowerShell VPN editor can enable an authenticated user with write access to a shared workspace to execute a PowerShell script in another us...

7.2CVSS5.8AI score0.00278EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

Devolutions UniGetUI < 2026.2.1 Arbitrary Code Execution (DEVO-2026-0019)

The version of Devolutions UniGetUI installed on the remote host is 2026.2.0 or earlier. It is, therefore, affected by an arbitrary code execution vulnerability: - Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet...

7.5CVSS6.5AI score0.00268EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 2:16 p.m.8 views

CVE-2026-12755

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

2.7CVSS0.00216EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.14 views

CVE-2026-12755

CVE-2026-12755 affects Devolutions Server 2026.2.4.0–2026.2.7.0. It is caused by improper input validation in the PAM AD discovery endpoints. An authenticated user with the UserGroupsView permission can coerce server-side authentication to an attacker-controlled host, exposing PAM provider creden...

2.7CVSS5.8AI score0.00216EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/25 1:12 p.m.4 views

EUVD-2026-39386

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

2.7CVSS5.8AI score0.00216EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.5 views

Devolutions Server <= 2026.1.21 / 2026.2.0 <= 2026.2.5 Multiple Vulnerabilities (DEVO-2026-0017)

The version of Devolutions Server installed on the remote host is prior or equal to 2026.1.21 or 2026.2.0 prior or equal to 2026.2.5. It is, therefore, affected by multiple vulnerabilities, including: - Improper access control in PAM account discovery results in Devolutions Server 2026.2.5,...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 6:43 p.m.10 views

EUVD-2026-37781

Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attacker-controlled catalog package and to execute an...

7.5CVSS5.4AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 9:32 p.m.13 views

EUVD-2026-37200

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results...

5.2AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.14 views

EUVD-2026-37202

Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request...

5.2AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.11 views

EUVD-2026-37203

Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions...

5.2AI score0.00201EPSS
Exploits0References2
Rows per page
Query Builder