聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2025-2280 | Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature. | 8.1 | 0.47% | 2025-03-13 | 2025-03-28 |
| CVE-2025-2278 | Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID. | 6.5 | 0.42% | 2025-03-13 | 2025-03-28 |
| CVE-2025-2277 | Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking. | 7.5 | 0.52% | 2025-03-13 | 2025-03-28 |
| CVE-2025-1636 | Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows an authenticated user to inadvertently leak the My Personal Credentials in a shared vault via the clear history feature due to faulty business logic. | 6.5 | 1.58% | 2025-03-13 | 2025-03-28 |
| CVE-2025-1635 | Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to faulty business logic. | 6.5 | 1.58% | 2025-03-13 | 2025-03-28 |
| CVE-2025-2003 | Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission. | 7.1 | 0.41% | 2025-03-05 | 2025-03-28 |
| CVE-2025-1231 | Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality. | 5.4 | 0.32% | 2025-02-11 | 2025-03-28 |
| CVE-2025-1193 | Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack by presenting a certificate for a different host. | 8.1 | 0.36% | 2025-02-10 | 2025-03-28 |
| CVE-2024-11621 | Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager macOS 2024.3.9.0 and earlier Remote Desktop Manager Linux 2024.3.2.5 and earlier Remote Desktop Manager Android 2024.3.3.7 and earlier Remote Desktop Manager iOS 2024.3.3.0 and earlier Remote Desktop Manager Powershell 2024.3.6.0 and earlier | 8.8 | 0.16% | 2025-02-10 | 2025-03-28 |
| CVE-2024-12196 | Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission. | 6.5 | 0.45% | 2024-12-04 | 2025-03-28 |
| CVE-2024-12151 | Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets. | 5.0 | 0.26% | 2024-12-04 | 2025-03-28 |
| CVE-2024-12149 | Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested. | 8.1 | 0.58% | 2024-12-04 | 2025-03-28 |
| CVE-2024-12148 | Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints. | 4.3 | 0.35% | 2024-12-04 | 2025-03-28 |
| CVE-2024-11862 | Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks | 5.1 | 0.14% | 2024-11-27 | 2026-04-15 |
| CVE-2024-11672 | Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature. | 4.3 | 0.53% | 2024-11-25 | 2025-03-28 |
| CVE-2024-11671 | Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching. | 5.4 | 0.50% | 2024-11-25 | 2025-03-28 |
| CVE-2024-11670 | Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions. | 5.4 | 0.63% | 2024-11-25 | 2025-03-28 |
| CVE-2024-10971 | Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission. | 4.3 | 0.51% | 2024-11-12 | 2025-06-27 |
| CVE-2024-7421 | An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions | 5.5 | 0.15% | 2024-09-25 | 2025-03-17 |
| CVE-2024-6512 | Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism. | 6.5 | 0.29% | 2024-09-25 | 2025-03-14 |