📦

devolutions_server

Vendor: devolutions

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 1 Remote Access

Total CVEs 142 Total Indexed

Avg. EPSS 0.14% Exploit Prob.

Latest CVE CVE-2026-9590 Jun 02

Security Vulnerability Index

Page 10 / 15

2.6 CVSS

CVE-2021-36382

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).

EPSS: 0.13%

Severity: LOW

Jul 12, 2021

7.2 CVSS

CVE-2021-28157

An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete.

EPSS: 0.24%

Severity: HIGH

Apr 14, 2021

6.5 CVSS

CVE-2021-28048

An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page.

EPSS: 0.15%

Severity: MEDIUM

Apr 14, 2021

6.1 CVSS

CVE-2021-23925

An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document.

EPSS: 0.29%

Severity: MEDIUM

Apr 01, 2021

7.5 CVSS

CVE-2021-23924

An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.

EPSS: 0.32%

Severity: HIGH

Apr 01, 2021

8.1 CVSS

CVE-2021-23923

An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users.

EPSS: 0.18%

Severity: HIGH

Apr 01, 2021

9.1 CVSS

CVE-2021-23921

An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements.

EPSS: 0.28%

Severity: CRITICAL

Apr 01, 2021

Displaying 7 of 142 Total Entries

8 9 10 11 12 ... 15

Total 15 Sections