CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 101120 of 156 results
CVE Description Max CVSS EPSS % Published Updated
CVE-2025-2562 Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. 5.4 0.36% 2025-03-26 2026-06-17
CVE-2025-2499 Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. 5.4 0.36% 2025-03-26 2026-06-17
CVE-2025-1231 Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality. 5.4 0.32% 2025-02-11 2026-06-17
CVE-2024-11671 Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching. 5.4 0.50% 2024-11-25 2026-06-17
CVE-2024-11670 Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions. 5.4 0.63% 2024-11-25 2026-06-17
CVE-2024-0589 Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry. 5.4 0.29% 2024-01-31 2026-06-17
CVE-2023-2118 Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints. 5.4 0.36% 2023-04-21 2026-06-17
CVE-2022-2316 HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site. 5.4 0.49% 2022-07-06 2026-06-17
CVE-2026-9590 Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission. 5.3 0.18% 2026-06-02 2026-06-17
CVE-2026-8694 Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints. 5.3 0.22% 2026-06-12 2026-06-17
CVE-2023-6264 Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints. 5.3 0.52% 2023-11-22 2026-06-17
CVE-2023-5358 Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters. 5.3 0.55% 2023-11-01 2026-06-17
CVE-2025-11958 An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server 2025.2.15.0 and earlier allows an authenticated user to cause a denial of service to the Security Dashboard via a crafted request. 5.1 0.37% 2025-10-22 2026-06-17
CVE-2024-11862 Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks 5.1 0.14% 2024-11-27 2026-06-17
CVE-2026-9245 Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier 5.0 0.17% 2026-05-22 2026-06-17
CVE-2026-5175 Improper access control in the multi-factor authentication (MFA) management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account protection to password-only authentication via crafted HTTP requests.  This issue affects Server: from 2026.1.6 through 2026.1.11. 5.0 0.25% 2026-04-01 2026-06-17
CVE-2026-4925 Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication (MFA) configuration via a crafted request. This issue affects Server: from 2026.1.6 through 2026.1.11. 5.0 0.19% 2026-04-01 2026-06-17
CVE-2025-3768 Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable. 5.0 0.17% 2025-06-05 2026-06-17
CVE-2025-0691 Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation. 5.0 0.26% 2025-06-05 2026-06-17
CVE-2024-12151 Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets. 5.0 0.26% 2024-12-04 2026-06-17
cvelogic Threat Intelligence