Vulnerabilidades em Devolutions
153 resultadosCVE-2023-2257MEDIUMAuthentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attEPSS 0.2%CVE-2026-0747LOWExposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025EPSS 0.2%CVE-2026-8477LOWImproper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticateEPSS 0.2%CVE-2026-3638MEDIUMImproper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authentEPSS 0.2%CVE-2026-7325HIGHImproper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain aEPSS 0.2%CVE-2026-9245MEDIUMImproper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to reEPSS 0.2%CVE-2026-4829MEDIUMImproper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user tEPSS 0.2%CVE-2023-7047—
Inadequate validation of permissions when employing remote tools and
macros via the context menu within Devolutions Remote Desktop ManagerEPSS 0.2%CVE-2026-5171MEDIUMImproper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but witEPSS 0.2%CVE-2026-5146MEDIUMImproper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or deletEPSS 0.2%CVE-2026-4989MEDIUMImproper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform seEPSS 0.2%CVE-2026-11890MEDIUMImproper access control in PAM account discovery results in Devolutions
Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieveEPSS 0.2%CVE-2026-3277MEDIUMThe OpenID Connect (OIDC) authentication configuration in PowerShell
Universal before 2026.1.3 stores the OIDC client secret in cleartext iEPSS 0.2%CVE-2026-9247LOWInsufficient logging in the entry export feature in Devolutions Server allows an authenticated user with export permissions to export a sealEPSS 0.2%CVE-2026-10787MEDIUMMissing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadataEPSS 0.2%CVE-2026-3221MEDIUMSensitive
user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker wEPSS 0.2%CVE-2022-3182—Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackersEPSS 0.2%CVE-2025-2528LOWImproper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to
use EPSS 0.2%CVE-2024-7421MEDIUMAn information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to systeEPSS 0.2%CVE-2026-9223MEDIUMMissing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged authenticated user EPSS 0.2%