CVE Tools

devolutions

Unclassifiedunknown

109

Cumulative CVEs

18

Monthly snapshots

#61

Peak rank

Top products

server5 devolutions server2

Latest CVEs

The 15 most recently published vulnerabilities affecting devolutions.

CVE-2026-10696Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to cause an installed application...7.5Jun 17, 2026
CVE-2026-12105Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions.6.5Jun 16, 2026
CVE-2026-12117Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not ...4.3Jun 16, 2026
CVE-2026-11890Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results.4.3Jun 16, 2026
CVE-2026-12162Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry...5.5Jun 15, 2026
CVE-2026-12161Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to ex...8.8Jun 15, 2026
CVE-2026-8694Improper access control on the API documentation endpoint in PowerShell Universal5.3Jun 12, 2026
CVE-2026-10544Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbit...6.5Jun 8, 2026
CVE-2026-10787Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request. This ...4.3Jun 8, 2026
CVE-2026-10786Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations...6.5Jun 8, 2026
CVE-2026-9522Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery s...5.4Jun 2, 2026
CVE-2026-9590Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information withou...5.3Jun 2, 2026
CVE-2026-7325Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provi...7.1May 22, 2026
CVE-2026-9251Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain ...5.4May 22, 2026
CVE-2026-5171Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's act...4.3May 22, 2026