📦 Devolutions Server

This vulnerability allows authenticated users with PAM access in Devolutions Server to bypass permission controls and view unauthorized PAM entries. It affects all Devolutions Server deployments runni...

This vulnerability in Devolutions Server allows attackers to bypass access controls on Password List entries, potentially exposing sensitive credentials. It affects all Devolutions Server installation...

An SQL injection vulnerability in the last usage logs feature of Devolutions Server allows attackers to execute arbitrary SQL commands. This affects all Devolutions Server installations up to specific...

CVE-2025-11619 is an improper certificate validation vulnerability in Devolutions Server that allows man-in-the-middle attackers to intercept encrypted traffic between clients and gateways. This affec...

A deadlock in the PAM automatic check-in feature of Devolutions Server allows passwords to remain valid beyond their intended check-out period. This affects organizations using Devolutions Server for ...

This vulnerability allows non-administrative users with both 'User Management' and 'User Group Management' permissions in Devolutions Server to escalate privileges by adding themselves or others to ad...

This vulnerability in Devolutions Server exposes SSH passwords in the web-based authentication component due to missing password masking. An authenticated user could inadvertently leak their SSH passw...

This vulnerability allows authenticated users in Devolutions Server to bypass browser extension restrictions, potentially enabling malicious browser extensions to interact with the application. It aff...

This vulnerability allows attackers with access to Devolutions Server's PAM JIT elevation feature to escalate privileges to unauthorized groups via crafted requests. It affects Devolutions Server 2024...

This vulnerability allows users in Devolutions Server to retain elevated privileges beyond their intended expiration time. Attackers could exploit this to maintain unauthorized access to sensitive sys...

This vulnerability allows attackers with permission to manage PAM propagation scripts in Devolutions Server to retrieve stored passwords via a GET request. It affects Devolutions Server 2023.2.8.0 and...

This SQL injection vulnerability in Devolutions Server allows authenticated attackers to execute arbitrary SQL commands through insufficient input sanitization in the documentation feature. Attackers ...

This SQL injection vulnerability in Devolutions Server allows administrative users to execute arbitrary SQL commands via the username parameter in the user deletion API endpoint. It affects Devolution...

This vulnerability allows Windows domain users to bypass authentication in Devolutions Server, potentially gaining unauthorized access. It affects organizations using Devolutions Server with Windows d...

Devolutions Server versions 2025.3.14 and earlier store sensitive user account information unencrypted in the database. This allows attackers with database access to read sensitive user data directly....

This vulnerability in Devolutions Server and Remote Desktop Manager exposes credentials through unintended requests, potentially allowing attackers to access sensitive authentication data. It affects ...

CVE-2025-13765 allows non-administrative users in Devolutions Server to access email service credentials, potentially exposing sensitive authentication information. This affects Devolutions Server ins...

An improper access control vulnerability in Devolutions Server allows users with 'View-only' permissions to access sensitive nested password fields they shouldn't have access to, potentially exposing ...

An improper input validation vulnerability in Devolutions Server's Security Dashboard ignored-tasks API allows authenticated users to send crafted requests that cause denial of service to the Security...

This vulnerability allows authenticated users in Devolutions Server to bypass client-side validation and edit permissions they shouldn't have access to. It affects all Devolutions Server installations...

This vulnerability allows a PAM (Privileged Access Management) user in Devolutions Server to perform JIT (Just-In-Time) privilege requests on groups they shouldn't have access to. It's caused by an im...

This vulnerability allows authenticated users in Devolutions Server to access temporary access and checkout request information by guessing or knowing request IDs. It affects all Devolutions Server de...

This vulnerability allows authenticated users in Devolutions Server to view password history entries without proper authorization. Attackers with valid credentials can access sensitive password histor...

This vulnerability allows authenticated users in Devolutions DVLS to bypass intended access controls and view password history data they shouldn't have permission to access. It affects all users with ...

This CVE describes an authorization bypass vulnerability in Devolutions Server's PAM access request approval mechanism. Authenticated users with approval permissions can approve their own access reque...

This vulnerability allows an authenticated attacker to bypass two-factor authentication (2FA) in Devolutions Server by using another browser tab to authenticate as another user without being prompted ...

This vulnerability allows authenticated users with PAM JIT elevation access in Devolutions Server to manipulate LDAP filter queries through crafted requests. Attackers could potentially access unautho...

Devolutions Server versions through 2025.2.20 and 2025.3.8 expose credentials in unintended requests, potentially leaking sensitive authentication data. This affects all users running vulnerable versi...