831 matches found
CVE-2025-13765
CVE-2025-13765 affects Devolutions Server, where email service credentials are exposed to non-administrative users. Public details in connected documents specify affected versions as before 2025.2.21 and before 2025.3.9. The issue’s root cause is credential exposure in the email service, with mul...
PT-2025-48272
Name of the Vulnerable Software and Affected Versions Devolutions Server versions prior to 2025.2.21 Devolutions Server versions prior to 2025.3.9 Description The email service credentials were exposed to users lacking administrative privileges in Devolutions Server. Recommendations Update...
PT-2025-48271
Name of the Vulnerable Software and Affected Versions Devolutions Server versions through 2025.2.20 Devolutions Server versions through 2025.3.8 Description The software exhibits a flaw where credentials may be exposed in unintended requests. Recommendations Update Devolutions Server to a version...
PT-2025-48270
Name of the Vulnerable Software and Affected Versions Devolutions Server versions through 2025.2.20 and through 2025.3.8 Description Devolutions Server is affected by a SQL Injection issue within the last usage logs functionality. The flaw allows authenticated attackers to potentially steal all...
Devolutions Server 安全漏洞
Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server suffers from an SQL injection vulnerability that stems from the...
Devolutions Server 安全漏洞
Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server has an unspecified vulnerability that originates from exposing credentials...
Devolutions Server 安全漏洞
Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. An unspecified vulnerability exists in Devolutions Server that stems from a non-administrativ...
Devolutions Server <= 2025.2.12.0 Improper authorization (DEVO-2025-0015) (CVE-2025-11957)
The version of Devolutions Server installed on the remote host is prior or equal to 2025.2.12.0 and is, therefore, affected by an improper authorization vulnerability: - Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated...
Devolutions Server <= 2025.2.15.0 Improper Input Validation (DEVO-2025-0015) (CVE-2025-11958)
The version of Devolutions Server installed on the remote host is prior or equal to 2025.2.15.0 and is, therefore, affected by an improper authorization vulnerability: - An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server 2025.2.15.0 and earlier allows a...
CVE-2025-12485
Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions :...
EUVD-2025-38050
Improper privilege management during pre-MFA cookie handling in Devolutions Server 2025.3.5.0 and earlier allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step...
EUVD-2025-38051
Improper access control in Devolutions Server 2025.3.5.0 and earlier allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure...
CVE-2025-12485
Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions :...
CVE-2025-12808
Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...
CVE-2025-12808
Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...
CVE-2025-12485
CVE-2025-12485 affects Devolutions Server, with vulnerable cookie handling in pre-MFA flow. A low-privileged authenticated user can impersonate another account by replaying the pre-MFA cookie; MFA verification is not bypassed. Affected versions include Devolutions Server 2025.3.2.0–2025.3.5.0 and...
CVE-2025-12485
Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions :...
CVE-2025-12485
Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions :...
CVE-2025-12808
Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...
CVE-2025-12808
Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...