Lucene search
K

60 matches found

Cvelist
Cvelist
added 2025/10/22 5:9 p.m.9 views

CVE-2025-11957

Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests...

9CVSS0.00298EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.4 views

PT-2025-43380

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.2.12.0 and earlier Description A flaw in the temporary access workflow permits a user with basic authentication to approve their own temporary access requests or those of other users. This can lead to...

8.4CVSS6.7AI score0.00298EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.4 views

Devolutions Server 安全漏洞

Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. An unauthorized access vulnerability exists in Devolutions Server that stems from improper...

9CVSS6.2AI score0.00298EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6286

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00421EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-50628

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.00595EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-9313

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.0157EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2025/08/19 12:0 a.m.108 views

📄 Piciorgros TMO-100 Configuration Change

Piciorgros TMO-100 allows for an unauthorized configuration change via TFTP. This issue affects versions prior to 4.20. Classification -------------- - CWE-306: Missing Authentication for Critical Function - CWE-940: Improper Verification of Source of a Communication Channel - CWE-200: Exposure o...

7.2AI score
Exploits0
OSV
OSV
added 2025/04/21 10:51 p.m.13 views

GHSA-7M6V-Q233-Q9J9 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS

Prevent token leakage / privilege escalation MinIO Operator STS: A Quick Overview MinIO Operator STS is a native IAM Authentication for Kubernetes. MinIO Operator offers support for Secure Tokens a.k.a. STS which are a form of temporary access credentials for your MinIO Tenant. In essence, this...

6.9CVSS7.6AI score0.0054EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/04/18 3:49 p.m.8 views

CVE-2025-27599 Element X Android vulnerable to loading malicious web pages via received intent

Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to Element Call and automatically grant it...

6.5CVSS6.4AI score0.00322EPSS
Exploits0References3
OSV
OSV
added 2025/03/13 1:15 p.m.5 views

CVE-2025-2278

Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID...

6.5CVSS5.8AI score0.00421EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/13 12:56 p.m.8 views

CVE-2025-2278

Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID...

6.4AI score0.00421EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/13 12:0 a.m.4 views

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. which provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.13 and prior versions, which stems from improper access control in the Temporary...

6.5CVSS6.5AI score0.00421EPSS
Exploits0References1
NVD
NVD
added 2024/12/04 6:15 p.m.14 views

CVE-2024-12149

Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested...

8.1CVSS0.00595EPSS
Exploits0References1
OSV
OSV
added 2024/12/04 6:15 p.m.1 views

CVE-2024-12149

Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested...

8.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2024/12/04 5:18 p.m.18 views

CVE-2024-12149

Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested...

0.00595EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/04 12:0 a.m.3 views

Devolutions Remote Desktop Manager 安全漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada Inc. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2024.3.19.0 and prior versions, which stems from an incorrect assignment of privileg...

8.1CVSS7AI score0.00595EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/04 12:0 a.m.6 views

PT-2024-17457 · Devolutions · Devolutions Remote Desktop Manager

Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2024.3.19.0 and earlier Description: The issue is related to incorrect permission assignment in the temporary access requests component, allowing an authenticated user to obtain more privileges than...

8.1CVSS7.1AI score0.00595EPSS
Exploits0References6
NVD
NVD
added 2024/12/03 6:15 a.m.17 views

CVE-2024-49414

Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list...

2.4CVSS0.0022EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/06 2:17 a.m.12 views

CVE-2024-34675

Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen...

2.4CVSS6.5AI score0.00199EPSS
Exploits0References1
CVE
CVE
added 2024/11/06 2:17 a.m.49 views

CVE-2024-34675

CVE-2024-34675 describes an improper access control in Dex Mode, prior to SMR Nov-2024 Release 1, that could allow a physical attacker to temporarily access an unlocked screen. The issue affects Dex Mode versions before the SMR Nov-2024 Release 1. Remediation per PT-2024-26096 and related advisor...

4.6CVSS3.6AI score0.00199EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder