Lucene search
K
IronmansoftwarePowershell Universal*

5 matches found

CVE
CVE
added 2026/02/27 3:11 p.m.19 views

CVE-2026-3277

The vulnerability CVE-2026-3277 affects PowerShell Universal prior to version 2026.1.3, where the OpenID Connect (OIDC) client secret is stored in cleartext in the .universal/authentication.ps1 script. An attacker with read access to that file can obtain the OIDC client credentials, leading to po...

6.5CVSS6AI score0.00161EPSS
CVE
CVE
added 2026/03/17 7:14 p.m.17 views

CVE-2026-4064

CVE-2026-4064 affects PowerShell Universal prior to version 2026.1.4. The issue is missing authorization checks on multiple gRPC service endpoints, enabling an authenticated user with any valid token to bypass role-based access controls and perform privileged operations. Potential impact includes...

8.3CVSS5.8AI score0.00325EPSS
CVE
CVE
added 2026/06/12 2:11 p.m.16 views

CVE-2026-8694

CVE-2026-8694 involves an improper access control flaw in Devolutions PowerShell Universal up to version 2026.1.7, where an unauthenticated remote attacker can obtain the OpenAPI specification of user-defined REST endpoints. The affected component is the OpenAPI/REST endpoint documentation expose...

5.3CVSS5.4AI score0.00221EPSS
CVE
CVE
added 2026/03/17 7:15 p.m.15 views

CVE-2026-3563

CVE-2026-3563 affects PowerShell Universal prior to version 2026.1.4. The root cause is improper input validation in the apps and endpoints configuration. An authenticated user with permissions to create or modify Apps or Endpoints can override existing application or system routes, producing uni...

5.5CVSS5.8AI score0.00341EPSS
CVE
CVE
added 2026/01/07 5:0 p.m.11 views

CVE-2026-0618

Devolutions PowerShell Universal is affected by a Cross-site Scripting vulnerability tracked as CVE-2026-0618. Vulnerable versions are before 4.5.6 and before 5.6.13. Root cause: improper input neutralization in user-supplied data, enabling script execution in web pages viewed by other users. Imp...

6.1CVSS6.3AI score0.00152EPSS