Vulnerabilidades en Devolutions
153 resultadosCVE-2025-13758LOWExposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.EPSS 0.3%CVE-2024-2918LOWImproper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM EPSS 0.2%CVE-2023-0463HIGHThe force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022EPSS 0.2%CVE-2024-1900MEDIUMImproper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticatEPSS 0.2%CVE-2026-4927MEDIUMExposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain otheEPSS 0.2%CVE-2026-1768MEDIUMA permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issEPSS 0.2%CVE-2026-8694MEDIUMImproper access control on the API documentation endpoint in PowerShell UniversalEPSS 0.2%CVE-2025-11619HIGHImproper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to EPSS 0.2%CVE-2024-11621HIGHMissing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modifEPSS 0.2%CVE-2026-9047HIGHImproper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knEPSS 0.2%CVE-2025-3768MEDIUMImproper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypassEPSS 0.2%CVE-2024-1898LOWImproper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notEPSS 0.2%CVE-2026-12105MEDIUMImproper access control in Devolutions Server 2026.2.5, 2026.1.21 allows
an authenticated user to access attachments via folder duplicationEPSS 0.2%CVE-2026-6706MEDIUMImproper
access control in the vault documentation feature in Devolutions
Server allows an authenticated attacker to read documentation coEPSS 0.2%CVE-2026-8407MEDIUMMissing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions EPSS 0.2%CVE-2026-10544MEDIUMImproper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authentEPSS 0.2%CVE-2026-4925MEDIUMImproper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restricEPSS 0.2%CVE-2026-9590MEDIUMImproper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user withEPSS 0.2%CVE-2026-1007HIGHIncorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issueEPSS 0.2%CVE-2026-12117MEDIUMImproper access control in the social login connection endpoint in
Devolutions Server 2026.2.5 allows an authenticated vault member to
enuEPSS 0.2%