CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 2140 of 55 results
CVE Description Max CVSS EPSS % Published Updated
CVE-2025-12485 Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions : * Devolutions Server 2025.3.2.0 through 2025.3.5.0 * Devolutions Server 2025.2.15.0 and earlier 8.8 0.59% 2025-11-06 2026-06-17
CVE-2025-11957 Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests. 9.0 0.27% 2025-10-22 2026-06-17
CVE-2025-11619 Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic. 8.8 0.22% 2025-10-15 2026-06-17
CVE-2025-8312 Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following version(s) : * Devolutions Server 2025.2.2.0 through 2025.2.5.0 * Devolutions Server 2025.1.12.0 and earlier 7.1 0.28% 2025-07-30 2026-06-17
CVE-2025-6741 Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature This issue affects the following versions : * Devolutions Server 2025.2.2.0 through 2025.2.4.0 * Devolutions Server 2025.1.11.0 and earlier 7.1 0.35% 2025-07-22 2026-06-17
CVE-2025-6523 Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe. This issue affects the following versions : * Devolutions Server 2025.2.2.0 through 2025.2.3.0 * Devolutions Server 2025.1.11.0 and earlier 9.5 0.38% 2025-07-22 2026-06-17
CVE-2025-4433 Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges. 8.7 0.45% 2025-05-30 2026-06-17
CVE-2025-5334 Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users. This issue affects the following versions : * Remote Desktop Manager Windows 2025.1.34.0 and ear 7.5 0.48% 2025-05-29 2026-06-17
CVE-2025-2280 Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature. 8.1 0.47% 2025-03-13 2026-06-17
CVE-2025-2277 Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking. 7.5 0.52% 2025-03-13 2026-06-17
CVE-2025-2003 Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission. 7.1 0.41% 2025-03-05 2026-06-17
CVE-2025-1193 Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack by presenting a certificate for a different host. 8.1 0.36% 2025-02-10 2026-06-17
CVE-2024-11621 Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager macOS 2024.3.9.0 and earlier Remote Desktop Manager Linux 2024.3.2.5 and earlier Remote Desktop Manager Android 2024.3.3.7 and earlier Remote Desktop Manager iOS 2024.3.3.0 and earlier Remote Desktop Manager Powershell 2024.3.6.0 and earlier 8.8 0.16% 2025-02-10 2026-06-17
CVE-2024-12149 Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested. 8.1 0.58% 2024-12-04 2026-06-17
CVE-2024-6492 Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via a specially crafted website. 7.4 0.55% 2024-07-16 2026-06-17
CVE-2024-6354 Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard. 7.2 0.79% 2024-06-26 2026-06-17
CVE-2024-6057 Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature. 9.8 0.92% 2024-06-17 2026-06-17
CVE-2024-2921 Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions. 9.8 0.79% 2024-03-26 2026-06-17
CVE-2024-2915 Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request. 8.8 0.65% 2024-03-26 2026-06-17
CVE-2024-1764 Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances 7.6 0.36% 2024-03-05 2026-06-17
cvelogic Threat Intelligence