CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。

指派機構(CNA / 來源):[email protected] 移除此篩選

顯示 11313 筆結果
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2026-3224 Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT). 9.8 0.51% 2026-03-03 2026-06-17
CVE-2026-3204 Improper input validation in the error message page in Devolutions Server 2025.3.16 and earlier allows remote attackers to spoof the displayed error message via a specially crafted URL. 9.8 0.53% 2026-03-03 2026-06-17
CVE-2026-3130 Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-checked-out account and performing a bulk deletion. 9.8 0.45% 2026-03-03 2026-06-17
CVE-2026-2590 Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users, by creating or editing certain connection types while password saving is disabled. 9.8 0.42% 2026-03-03 2026-06-17
CVE-2026-0610 SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12 9.8 0.26% 2026-01-19 2026-06-17
CVE-2025-11957 Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests. 9.0 0.27% 2025-10-22 2026-06-17
CVE-2025-6523 Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe. This issue affects the following versions : * Devolutions Server 2025.2.2.0 through 2025.2.3.0 * Devolutions Server 2025.1.11.0 and earlier 9.5 0.38% 2025-07-22 2026-06-17
CVE-2024-6057 Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature. 9.8 0.92% 2024-06-17 2026-06-17
CVE-2024-2921 Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions. 9.8 0.79% 2024-03-26 2026-06-17
CVE-2023-6593 Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction. 9.8 0.73% 2023-12-12 2026-06-17
CVE-2023-5766 A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet. 9.8 0.58% 2023-11-01 2026-06-17
CVE-2023-5765 Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching. 9.8 0.61% 2023-11-01 2026-06-17
CVE-2023-4373 Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. 9.8 0.66% 2023-08-21 2026-06-17
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence