Vulnerabilidades en Devolutions
153 resultadosCVE-2026-4064HIGHMissing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with anEPSS 0.3%CVE-2025-1231MEDIUMImproper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user paEPSS 0.3%CVE-2025-13765MEDIUMExposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: beEPSS 0.3%CVE-2023-6288—Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES eEPSS 0.3%CVE-2025-4493MEDIUMImproper privilege assignment in PAM JIT privilege sets in Devolutions
Server allows a PAM user to perform PAM JIT
requests on unauthorizeEPSS 0.3%CVE-2025-4316MEDIUMImproper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the EPSS 0.3%CVE-2026-3131MEDIUMImproper
access control in multiple DVLS REST API endpoints in Devolutions
Server 2025.3.14.0 and earlier allows an authenticated user witEPSS 0.3%CVE-2025-11957CRITICALImproper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to EPSS 0.3%CVE-2024-0589MEDIUMCross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows alEPSS 0.3%CVE-2026-12161HIGHImproper input validation in the SSH Elevate Shell feature in
Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user
witEPSS 0.3%CVE-2024-6512MEDIUMAuthorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users witEPSS 0.3%CVE-2024-3545MEDIUMImproper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and DEPSS 0.3%CVE-2025-8312HIGHDeadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out EPSS 0.3%CVE-2025-0691MEDIUMImproper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "EEPSS 0.3%CVE-2026-10696HIGHUse of an incorrectly resolved name or reference in the pinget backend
in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet communiEPSS 0.3%CVE-2025-3517MEDIUMIncorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a prevEPSS 0.3%CVE-2024-12151MEDIUMIncorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old EPSS 0.3%CVE-2026-4828HIGHImproper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid creEPSS 0.3%CVE-2026-0610CRITICALSQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12EPSS 0.3%CVE-2026-5175MEDIUMImproper access control in the multi-factor authentication (MFA) management API in Devolutions Server allows an authenticated attacker to deEPSS 0.3%