聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-2590 | Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users, by creating or editing certain connection types while password saving is disabled. | 9.8 | 0.05% | 2026-03-03 | 2026-05-10 |
| CVE-2026-3277 | The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials | 6.5 | 0.01% | 2026-02-27 | 2026-03-30 |
| CVE-2026-3221 | Sensitive user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with access to the database to obtain sensitive user information via direct database access. | 4.9 | 0.01% | 2026-02-25 | 2026-02-28 |
| CVE-2026-3131 | Improper access control in multiple DVLS REST API endpoints in Devolutions Server 2025.3.14.0 and earlier allows an authenticated user with view-only permission to access sensitive connection data. | 6.5 | 0.02% | 2026-02-24 | 2026-02-26 |
| CVE-2026-1768 | A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15. | 4.3 | 0.01% | 2026-02-24 | 2026-02-26 |
| CVE-2026-1007 | Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12. | 7.6 | 0.02% | 2026-01-19 | 2026-02-10 |
| CVE-2026-0610 | SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12 | 9.8 | 0.06% | 2026-01-19 | 2026-02-10 |
| CVE-2026-0747 | Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for example during physical observation or screen sharing. | 3.3 | 0.01% | 2026-01-08 | 2026-01-22 |
| CVE-2026-0618 | Cross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4.5.6, before 5.6.13. | 6.1 | 0.02% | 2026-01-07 | 2026-01-30 |
| CVE-2025-13683 | Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8.0; Remote Desktop Manager: through 2025.3.23.0. | 6.5 | 0.04% | 2025-11-28 | 2025-12-18 |
| CVE-2025-13765 | Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9. | 4.3 | 0.03% | 2025-11-27 | 2025-12-03 |
| CVE-2025-13758 | Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8. | 3.5 | 0.02% | 2025-11-27 | 2025-12-03 |
| CVE-2025-13757 | SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8. | 8.8 | 0.03% | 2025-11-27 | 2025-12-03 |
| CVE-2025-12808 | Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : * Devolutions Server 2025.3.2.0 through 2025.3.5.0 * Devolutions Server 2025.2.15.0 and earlier | 6.5 | 0.04% | 2025-11-06 | 2025-11-10 |
| CVE-2025-12485 | Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions : * Devolutions Server 2025.3.2.0 through 2025.3.5.0 * Devolutions Server 2025.2.15.0 and earlier | 8.8 | 0.05% | 2025-11-06 | 2025-11-10 |
| CVE-2025-11958 | An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server 2025.2.15.0 and earlier allows an authenticated user to cause a denial of service to the Security Dashboard via a crafted request. | 5.1 | 0.07% | 2025-10-22 | 2025-11-25 |
| CVE-2025-11957 | Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests. | 9.0 | 0.05% | 2025-10-22 | 2025-11-25 |
| CVE-2025-11619 | Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic. | 8.8 | 0.02% | 2025-10-15 | 2025-12-03 |
| CVE-2025-8353 | UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing. | 5.9 | 0.19% | 2025-07-30 | 2025-08-06 |
| CVE-2025-8312 | Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following version(s) : * Devolutions Server 2025.2.2.0 through 2025.2.5.0 * Devolutions Server 2025.1.12.0 and earlier | 7.1 | 0.17% | 2025-07-30 | 2025-08-19 |