Lucene search
K

1389 matches found

RedhatCVE
RedhatCVE
added 2026/04/01 5:42 p.m.6 views

CVE-2026-34224

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8, an attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple...

4.4CVSS5.8AI score0.00311EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 4:23 p.m.7 views

CVE-2026-5175

Improper access control in the multi-factor authentication MFA management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account protection to password-only authentication via crafted HTTP requests. This issue affects Server: from...

5CVSS0.00254EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 4:23 p.m.5 views

CVE-2026-4925

Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication MFA configuration via a crafted request. This issue affects Server: from 2026.1.6 through 2026.1.11...

5CVSS0.00194EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 4:23 p.m.12 views

CVE-2026-4828

Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request...

8.2CVSS0.0026EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 3:4 p.m.13 views

CVE-2026-5175

The Devolutions Server MFA management API is affected by improper access control (CVE-2026-5175) allowing an authenticated attacker to delete their own MFA factors, lowering protection to password-only authentication. Affected versions are 2026.1.6 through 2026.1.11; remediation per the public ad...

5CVSS5.9AI score0.00254EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/01 3:2 p.m.23 views

CVE-2026-4925

Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication MFA configuration via a crafted request. This issue affects Server: from 2026.1.6 through 2026.1.11...

0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 3:2 p.m.7 views

CVE-2026-4925

CVE-2026-4925 is supported by connected sources as an issue in Devolutions Server MFA management: from versions 2026.1.6 through 2026.1.11, an authenticated user can bypass administrator-enforced restrictions and remove their own MFA configuration via a crafted request. The Red Hat, NVD, ENISA, C...

5CVSS5.9AI score0.00194EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/01 3:2 p.m.2 views

CVE-2026-4925

Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication MFA configuration via a crafted request. This issue affects Server: from 2026.1.6 through 2026.1.11...

5.9AI score0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 2:54 p.m.13 views

CVE-2026-4927

CVE-2026-4927 affects Devolutions Server. A flaw in the MFA feature allows users with user-management privileges to obtain other users’ OTP keys via an authenticated API request, exposing sensitive information. Affected versions are 2026.1.6 through 2026.1.11. No remediation details are provided ...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/01 2:54 p.m.19 views

CVE-2026-4927

Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request. This issue affects Server: from 2026.1.6 through 2026.1.11...

0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 2:48 p.m.24 views

CVE-2026-4828

Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request...

0.0026EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 2:48 p.m.1 views

CVE-2026-4828

Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request...

5.9AI score0.0026EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 2:48 p.m.12 views

CVE-2026-4828

Summary (CVE-2026-4828) : Devolutions Server prior to 2026.1.12 is affected by an improper authentication flaw in the OAuth login flow that enables a remote attacker with valid credentials to bypass MFA via a crafted login request. Affected versions include 2026.1.11 and earlier. The issue is mit...

8.2CVSS5.9AI score0.0026EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.8 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6 to 2026.1.11 contained security vulnerabilities. These vulnerabilities were...

5CVSS5.8AI score0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29536

Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request...

5.9AI score0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29539

Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication MFA configuration via a crafted request. This issue affects Server: from 2026.1.6 through 2026.1.11...

5.9AI score0.00194EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29540

Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request. This issue affects Server: from 2026.1.6 through 2026.1.11...

5.9AI score0.00224EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.6 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2026.1.11 contained security vulnerabilities, which stemmed from improper...

8.2CVSS5.8AI score0.0026EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29542

Improper access control in the multi-factor authentication MFA management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account protection to password-only authentication via crafted HTTP requests. This issue affects Server: from...

5.9AI score0.00254EPSS
Exploits0References2
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/01 12:0 a.m.14 views

[20260512] - Core - MFA Authentication Bypass

Incorrectly resetted session states to a vector that allows to bypass 2FA checks...

8.2CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Rows per page
Query Builder