827 matches found
CVE-2025-6741
Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature This issue affects the following versions : Devolutions Server 2025.2.2.0 through 2025.2.4.0 Devolutions Server...
CVE-2025-6741
Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature This issue affects the following versions : Devolutions Server 2025.2.2.0 through 2025.2.4.0 Devolutions Server...
CVE-2025-6741
CVE-2025-6741 describes improper access control in the Devolutions Server secure message component, enabling an authenticated user to steal unauthorized entries via the secure message entry attachment feature. Affected are Devolutions Server 2025.2.2.0–2025.2.4.0 and 2025.1.11.0 and earlier. Root...
CVE-2025-6523
CVE-2025-6523 affects Devolutions Server, where the emergency authentication component allows unauthenticated bypass via brute-forcing short emergency codes. Affected are Devolutions Server 2025.2.2.0–2025.2.3.0 and 2025.1.11.0 and earlier. Root cause is use of weak credentials in the emergency a...
CVE-2025-6523
Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe. This issue affects the following versions : Devolutions...
CVE-2025-6523
Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe. This issue affects the following versions : Devolutions...
PT-2025-30445 · Devolutions · Devolutions Server
Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2025.1.11.0 and earlier Devolutions Server versions 2025.2.2.0 through 2025.2.4.0 Description: Improper access control in the secure message component of Devolutions Server allows an authenticated user to steal...
Devolutions Server 访问控制错误漏洞
Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server versions 2025.2.4.0 and earlier and 2025.1.11.0 and earlier, which stems from improper access contro...
PT-2025-30444 · Devolutions · Devolutions Server
Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2025.1.11.0 through 2025.2.3.0 Description: The use of weak credentials in the emergency authentication component allows an unauthenticated attacker to bypass authentication by brute-forcing the short emergency cod...
Devolutions Server 安全漏洞
Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server versions 2025.2.3.0 and earlier and 2025.1.11.0 and earlier, which stems from the use of weak...
CVE-2025-5382
Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA...
CVE-2025-3768
Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable...
CVE-2025-0691
Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation...
Devolutions Server < 2025.1.9.0 Improper Access Control (DEVO-2025-0010)
The version of Devolutions Server installed on the remote host is prior to 2025.1.9.0 and is, therefore, affected by an improper access control vulnerability allowing a non-administrative user with both User Management and User Group Management permissions to perform privilege escalation by addin...
CVE-2025-5382
Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA...
CVE-2025-5382
Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA...
CVE-2025-3768
Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable...
CVE-2025-3768
Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable...
CVE-2025-0691
Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation...
CVE-2025-0691
Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation...