CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

RedhatCVE•added 2026/06/05 7:47 p.m.•8 views

CVE-2026-9248

Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request. This issue affects : Devolutions Server 2026.1.6.0...

2.6CVSS5.5AI score0.00129EPSS

Exploits0References1

NVD•added 2026/05/22 4:16 p.m.•10 views

CVE-2026-9248

2.6CVSS0.00129EPSS

Exploits0References1

Vulnrichment•added 2026/05/22 3:22 p.m.•6 views

CVE-2026-9248

5.8AI score0.00129EPSS

Exploits0References1

ATTACKERKB•added 2026/05/22 3:22 p.m.•5 views

CVE-2026-9248

2.6CVSS5.8AI score0.00129EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/22 3:22 p.m.•5 views

CVE-2026-9248

0.00129EPSS

Exploits0References1

EUVD•added 2026/05/22 3:22 p.m.•8 views

EUVD-2026-31454

2.6CVSS5.8AI score0.00129EPSS

Exploits0References1

CVE•added 2026/05/22 3:22 p.m.•19 views

CVE-2026-9248

CVE-2026-9248 details an authorization bypass in Devolutions Server’s entry-duplication feature. An authenticated user with write access to any vault can craft a save request to copy documentation and attachments from an entry in a vault they cannot access. Affected versions include Devolutions S...

2.6CVSS5.8AI score0.00129EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/05/22 12:0 a.m.•7 views

PT-2026-42794

5.8AI score0.00129EPSS

Exploits0References1

Github Security Blog•added 2026/03/03 9:5 p.m.•6 views

Craft CMS has Permission Bypass and IDOR in Duplicate Entry Action

Description The "Duplicate" entry action does not properly verify if the user has permission to perform this action on the specific target elements. Even with only "View Entries" permission where the "Duplicate" action is restricted in the UI, a user can bypass this restriction by sending a direc...

5.3CVSS6AI score0.00234EPSS

Exploits1References4Affected Software1

IBM Security Bulletins•added 2025/09/02 4:4 p.m.•4 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Improper Input Validation (CVE-2025-31672)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the improper input validation security vulnerability Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files...

5.3CVSS6AI score0.01146EPSS

Exploits0Affected Software1

OSV•added 2023/08/21 7:15 p.m.•4 views

CVE-2023-4417

Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in th...

6.5CVSS5.8AI score0.00448EPSS

Exploits0References1

CVE•added 2023/08/21 6:38 p.m.•51 views

CVE-2023-4417

The CVE-2023-4417 issue affects Devolutions Remote Desktop Manager for Windows up to 2023.2.19, caused by improper access controls in the entry duplication component. An authenticated user can, under certain conditions, share a personal vault entry with shared vaults via an incorrect vault during...

6.5CVSS6.4AI score0.00448EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/08/21 6:38 p.m.•9 views

CVE-2023-4417

6.8AI score0.00448EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by