Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2022-3781 | Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions. | 6.5 | 0.43% | 2022-11-01 | 2026-06-17 |
| CVE-2023-1202 | Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision. | 6.5 | 0.44% | 2023-04-02 | 2026-06-17 |
| CVE-2024-12196 | Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission. | 6.5 | 0.45% | 2024-12-04 | 2026-06-17 |
| CVE-2026-3130 | Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-checked-out account and performing a bulk deletion. | 9.8 | 0.45% | 2026-03-03 | 2026-06-17 |
| CVE-2025-4433 | Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges. | 8.7 | 0.45% | 2025-05-30 | 2026-06-17 |
| CVE-2025-2280 | Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature. | 8.1 | 0.47% | 2025-03-13 | 2026-06-17 |
| CVE-2023-1574 | Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text. | 6.5 | 0.48% | 2023-04-02 | 2026-06-17 |
| CVE-2025-5334 | Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users. This issue affects the following versions : * Remote Desktop Manager Windows 2025.1.34.0 and ear | 7.5 | 0.48% | 2025-05-29 | 2026-06-17 |
| CVE-2022-2316 | HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site. | 5.4 | 0.49% | 2022-07-06 | 2026-06-17 |
| CVE-2024-6055 | Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration file. | 4.7 | 0.50% | 2024-06-17 | 2026-06-17 |
| CVE-2024-11671 | Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching. | 5.4 | 0.50% | 2024-11-25 | 2026-06-17 |
| CVE-2026-3224 | Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT). | 9.8 | 0.51% | 2026-03-03 | 2026-06-17 |
| CVE-2024-10971 | Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission. | 4.3 | 0.51% | 2024-11-12 | 2026-06-17 |
| CVE-2025-2277 | Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking. | 7.5 | 0.52% | 2025-03-13 | 2026-06-17 |
| CVE-2025-13757 | SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8. | 8.8 | 0.52% | 2025-11-27 | 2026-06-17 |
| CVE-2023-1980 | Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries. | 6.5 | 0.52% | 2023-04-11 | 2026-06-17 |
| CVE-2023-6264 | Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints. | 5.3 | 0.52% | 2023-11-22 | 2026-06-17 |
| CVE-2024-11672 | Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature. | 4.3 | 0.53% | 2024-11-25 | 2026-06-17 |
| CVE-2022-3780 | Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions. | 7.5 | 0.53% | 2022-11-01 | 2026-06-17 |
| CVE-2026-3204 | Improper input validation in the error message page in Devolutions Server 2025.3.16 and earlier allows remote attackers to spoof the displayed error message via a specially crafted URL. | 9.8 | 0.53% | 2026-03-03 | 2026-06-17 |