Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2024-2241 | Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions | 6.3 | 0.40% | 2024-03-07 | 2025-06-27 |
| CVE-2023-1939 | No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface. | 4.3 | 0.40% | 2023-04-11 | 2025-02-10 |
| CVE-2025-2003 | Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission. | 7.1 | 0.41% | 2025-03-05 | 2025-03-28 |
| CVE-2026-2590 | Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users, by creating or editing certain connection types while password saving is disabled. | 9.8 | 0.42% | 2026-03-03 | 2026-05-10 |
| CVE-2025-2278 | Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID. | 6.5 | 0.42% | 2025-03-13 | 2025-03-28 |
| CVE-2024-2403 | Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and earlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory. | 5.9 | 0.42% | 2024-03-13 | 2025-08-25 |
| CVE-2023-2282 | Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector. | 6.5 | 0.42% | 2023-04-25 | 2025-02-04 |
| CVE-2022-3781 | Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions. | 6.5 | 0.43% | 2022-11-01 | 2025-05-05 |
| CVE-2023-1202 | Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision. | 6.5 | 0.44% | 2023-04-02 | 2025-02-20 |
| CVE-2024-12196 | Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission. | 6.5 | 0.45% | 2024-12-04 | 2025-03-28 |
| CVE-2026-3130 | Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-checked-out account and performing a bulk deletion. | 9.8 | 0.45% | 2026-03-03 | 2026-03-04 |
| CVE-2025-4433 | Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges. | 8.7 | 0.45% | 2025-05-30 | 2025-11-25 |
| CVE-2025-2280 | Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature. | 8.1 | 0.47% | 2025-03-13 | 2025-03-28 |
| CVE-2023-1574 | Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text. | 6.5 | 0.48% | 2023-04-02 | 2025-02-25 |
| CVE-2025-5334 | Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users. This issue affects the following versions : * Remote Desktop Manager Windows 2025.1.34.0 and ear | 7.5 | 0.48% | 2025-05-29 | 2025-07-02 |
| CVE-2022-2316 | HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site. | 5.4 | 0.49% | 2022-07-06 | 2024-11-21 |
| CVE-2024-6055 | Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration file. | 4.7 | 0.50% | 2024-06-17 | 2025-03-28 |
| CVE-2024-11671 | Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching. | 5.4 | 0.50% | 2024-11-25 | 2025-03-28 |
| CVE-2026-3224 | Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT). | 9.8 | 0.51% | 2026-03-03 | 2026-03-05 |
| CVE-2024-10971 | Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission. | 4.3 | 0.51% | 2024-11-12 | 2025-06-27 |