CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/22 3:26 p.m.•20 views

CVE-2026-9246

CVE-2026-9246 : Improper access control in Devolutions Server’s entry documentation and attachment features allows an authenticated user with vault read access to retrieve documentation and attachments of sealed entries via a crafted API request. Affected: Devolutions Server 2026.1.6.0–2026.1.16....

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/22 3:26 p.m.•7 views

CVE-2026-9246

Cvelist•added 2026/05/22 3:25 p.m.•8 views

CVE-2026-9224

Missing authorization in the user profile update feature in Devolutions Server allows an authenticated Active Directory user to modify their own profile attributes via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and...

0.00152EPSS

Vulnrichment•added 2026/05/22 3:25 p.m.•10 views

CVE-2026-9224

5.8AI score0.00152EPSS

EUVD•added 2026/05/22 3:25 p.m.•10 views

EUVD-2026-31456

ATTACKERKB•added 2026/05/22 3:25 p.m.•4 views

CVE-2026-9224

CVE•added 2026/05/22 3:25 p.m.•24 views

CVE-2026-9224

CVE-2026-9224 : The issue in Devolutions Server allows an authenticated Active Directory user to modify their own profile attributes via a crafted API request due to missing authorization in the user profile update feature. Affected: Devolutions Server 2026.1.6.0–2026.1.16.0 and 2025.3.20.0 and e...

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/22 3:24 p.m.•4 views

CVE-2026-9249

Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and earlier...

3.1CVSS5.8AI score0.00133EPSS

Vulnrichment•added 2026/05/22 3:24 p.m.•8 views

CVE-2026-9249

5.8AI score0.00133EPSS

EUVD•added 2026/05/22 3:24 p.m.•7 views

EUVD-2026-31457

3.1CVSS5.8AI score0.00133EPSS

Cvelist•added 2026/05/22 3:24 p.m.•9 views

CVE-2026-9249

0.00133EPSS

CVE•added 2026/05/22 3:24 p.m.•20 views

CVE-2026-9249

This CVE concerns Devolutions Server where a crafted password-change request allows an attacker to change a user’s password without providing the current one. Affected versions include Devolutions Server 2026.1.6.0–2026.1.16.0 and 2025.3.20.0 and earlier; no root-cause or fix details are provided...

3.1CVSS5.8AI score0.00133EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/22 3:24 p.m.•7 views

CVE-2026-9245

Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions...

5CVSS5.8AI score0.00169EPSS

EUVD•added 2026/05/22 3:24 p.m.•10 views

EUVD-2026-31459

5CVSS5.8AI score0.00169EPSS

Cvelist•added 2026/05/22 3:24 p.m.•8 views

CVE-2026-9245

0.00169EPSS

Vulnrichment•added 2026/05/22 3:24 p.m.•7 views

CVE-2026-9245

5.8AI score0.00169EPSS

Vulnrichment•added 2026/05/22 3:23 p.m.•5 views

CVE-2026-9247

Insufficient logging in the entry export feature in Devolutions Server allows an authenticated user with export permissions to export a sealed entry without triggering the unseal notification to administrators via a crafted export request. This issue affects : Devolutions Server 2026.1.6.0 throug...

5.8AI score0.00207EPSS

EUVD•added 2026/05/22 3:23 p.m.•8 views

EUVD-2026-31453

2.4CVSS5.8AI score0.00207EPSS

Cvelist•added 2026/05/22 3:23 p.m.•9 views

CVE-2026-9247

0.00207EPSS