|
1371
|
2.6 |
LOW
Network
|
devolutions
|
devolutions_server
|
Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9248
|
2026-05-23 04:02 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1372
|
3.1 |
LOW
Network
|
devolutions
|
devolutions_server
|
Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request.
This issue affects :
* D…
|
CWE-620
Unverified Password Change
|
CVE-2026-9249
|
2026-05-23 04:01 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1373
|
4.3 |
MEDIUM
Network
|
devolutions
|
devolutions_server
|
Missing authorization in the user profile update feature in Devolutions Server allows an authenticated Active Directory user to modify their own profile attributes via a crafted API request.
This is…
|
CWE-862
Missing Authorization
|
CVE-2026-9224
|
2026-05-23 03:58 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1374
|
4.3 |
MEDIUM
Network
|
devolutions
|
devolutions_server
|
Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged authenticated user to create new vaults via a crafted import request.
|
CWE-284
Improper Access Control
|
CVE-2026-9223
|
2026-05-23 03:57 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1375
|
7.6 |
HIGH
Network
|
devolutions
|
devolutions_server
|
Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-fac…
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-9047
|
2026-05-23 03:55 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1376
|
2.7 |
LOW
Network
|
devolutions
|
devolutions_server
|
Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensit…
|
CWE-841
Improper Enforcement of Behavioral Workflow
|
CVE-2026-8477
|
2026-05-23 03:54 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1377
|
7.1 |
HIGH
Network
|
devolutions
|
devolutions_server
|
Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provide…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7325
|
2026-05-23 03:45 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1378
|
4.3 |
MEDIUM
Network
|
devolutions
|
devolutions_server
|
Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activ…
|
CWE-284
Improper Access Control
|
CVE-2026-5171
|
2026-05-23 03:36 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1379
|
5.4 |
MEDIUM
Network
|
devolutions
|
devolutions_server
|
Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain ac…
|
CWE-862
Missing Authorization
|
CVE-2026-9251
|
2026-05-23 03:31 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1380
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User compone…
|
CWE-79
Cross-site Scripting
|
CVE-2026-36226
|
2026-05-23 03:28 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
