|
2861
|
7.5 |
HIGH
Network
|
dell
|
elastic_cloud_storage
|
Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may potentially exploit this vulnerability, le…
|
CWE-284
Improper Access Control
|
CVE-2022-31231
|
2026-05-23 04:10 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2862
|
5.0 |
MEDIUM
Network
|
devolutions
|
devolutions_server
|
Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a craft…
|
CWE-601
Open Redirect
|
CVE-2026-9245
|
2026-05-23 04:05 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2863
|
4.3 |
MEDIUM
Network
|
devolutions
|
devolutions_server
|
Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated user with vault read access to retrieve the documentation and attachments of s…
|
CWE-862
Missing Authorization
|
CVE-2026-9246
|
2026-05-23 04:04 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2864
|
2.4 |
LOW
Network
|
devolutions
|
devolutions_server
|
Insufficient logging in the entry export feature in Devolutions Server allows an authenticated user with export permissions to export a sealed entry without triggering the unseal notification to admi…
|
CWE-778
Insufficient Logging
|
CVE-2026-9247
|
2026-05-23 04:03 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2865
|
2.6 |
LOW
Network
|
devolutions
|
devolutions_server
|
Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9248
|
2026-05-23 04:02 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2866
|
3.1 |
LOW
Network
|
devolutions
|
devolutions_server
|
Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request.
This issue affects :
* D…
|
CWE-620
Unverified Password Change
|
CVE-2026-9249
|
2026-05-23 04:01 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2867
|
4.3 |
MEDIUM
Network
|
devolutions
|
devolutions_server
|
Missing authorization in the user profile update feature in Devolutions Server allows an authenticated Active Directory user to modify their own profile attributes via a crafted API request.
This is…
|
CWE-862
Missing Authorization
|
CVE-2026-9224
|
2026-05-23 03:58 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2868
|
4.3 |
MEDIUM
Network
|
devolutions
|
devolutions_server
|
Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged authenticated user to create new vaults via a crafted import request.
|
CWE-284
Improper Access Control
|
CVE-2026-9223
|
2026-05-23 03:57 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2869
|
7.6 |
HIGH
Network
|
devolutions
|
devolutions_server
|
Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-fac…
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-9047
|
2026-05-23 03:55 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2870
|
2.7 |
LOW
Network
|
devolutions
|
devolutions_server
|
Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensit…
|
CWE-841
Improper Enforcement of Behavioral Workflow
|
CVE-2026-8477
|
2026-05-23 03:54 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
