Vulnerabilidades em Devolutions
153 resultadosCVE-2026-9224MEDIUMMissing authorization in the user profile update feature in Devolutions Server allows an authenticated Active Directory user to modify theirEPSS 0.2%CVE-2026-9246MEDIUMImproper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated user with vault reaEPSS 0.2%CVE-2026-0618MEDIUMCross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4.5.6, before 5.6.13.EPSS 0.2%CVE-2026-10786MEDIUMImproper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain clEPSS 0.1%CVE-2026-4396HIGHImproper certificate validation in Devolutions Hub Reporting Service
2025.3.1.1 and earlier allows a network attacker to perform a
man-in-EPSS 0.1%CVE-2026-4434HIGHImproper certificate validation in the PAM propagation WinRM connections
allows a network attacker to perform a man-in-the-middle attack viEPSS 0.1%CVE-2026-9251MEDIUMMissing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass tEPSS 0.1%CVE-2024-11862MEDIUMNon constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption EPSS 0.1%CVE-2026-9522MEDIUMImproper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user withouEPSS 0.1%CVE-2026-9249LOWUnverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a craEPSS 0.1%CVE-2026-9248LOWAuthorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to cEPSS 0.1%CVE-2026-12162MEDIUMImproper host validation in the social login autofill feature in
Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to
disclosEPSS 0.1%CVE-2026-12755LOWImproper input validation in the PAM AD discovery endpoints in
Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated
usEPSS —