809 matches found
PT-2025-48271
Name of the Vulnerable Software and Affected Versions Devolutions Server versions through 2025.2.20 Devolutions Server versions through 2025.3.8 Description The software exhibits a flaw where credentials may be exposed in unintended requests. Recommendations Update Devolutions Server to a version...
PT-2025-48270
Name of the Vulnerable Software and Affected Versions Devolutions Server versions through 2025.2.20 and through 2025.3.8 Description Devolutions Server is affected by a SQL Injection issue within the last usage logs functionality. The flaw allows authenticated attackers to potentially steal all...
Devolutions Server 安全漏洞
Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. An unspecified vulnerability exists in Devolutions Server that stems from a non-administrativ...
Devolutions Server 安全漏洞
Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server has an unspecified vulnerability that originates from exposing credentials...
Devolutions Server 安全漏洞
Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server suffers from an SQL injection vulnerability that stems from the...
Devolutions Server <= 2025.2.12.0 Improper authorization (DEVO-2025-0015) (CVE-2025-11957)
The version of Devolutions Server installed on the remote host is prior or equal to 2025.2.12.0 and is, therefore, affected by an improper authorization vulnerability: - Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated...
Devolutions Server <= 2025.2.15.0 Improper Input Validation (DEVO-2025-0015) (CVE-2025-11958)
The version of Devolutions Server installed on the remote host is prior or equal to 2025.2.15.0 and is, therefore, affected by an improper authorization vulnerability: - An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server 2025.2.15.0 and earlier allows a...
CVE-2025-12485
Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions :...
EUVD-2025-38050
Improper privilege management during pre-MFA cookie handling in Devolutions Server 2025.3.5.0 and earlier allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step...
EUVD-2025-38051
Improper access control in Devolutions Server 2025.3.5.0 and earlier allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure...
CVE-2025-12485
Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions :...
CVE-2025-12808
Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...
CVE-2025-12808
Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...
CVE-2025-12485
CVE-2025-12485 affects Devolutions Server, with vulnerable cookie handling in pre-MFA flow. A low-privileged authenticated user can impersonate another account by replaying the pre-MFA cookie; MFA verification is not bypassed. Affected versions include Devolutions Server 2025.3.2.0–2025.3.5.0 and...
CVE-2025-12485
Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions :...
CVE-2025-12485
Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions :...
CVE-2025-12808
Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...
CVE-2025-12808
Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...
CVE-2025-12808
CVE-2025-12808 affects Devolutions Server. The vulnerability is due to improper access control that allows a View-only user to retrieve sensitive third-level nested fields (e.g., password lists custom values), potentially leading to password disclosure. Affected versions include Devolutions Serve...
PT-2025-45338
Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.2.15.0 through 2025.3.5.0 Description A flaw exists in Devolutions Server related to improper privilege management during the handling of pre-MFA cookies. A low-privileged authenticated user can potentially...