threat
engine
.sh
Back
·
··:··
Home
/
Product
/
devolutions remote desktop manager
Product
devolutions remote desktop manager
50 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-2590
<= 2025.3.30.0
Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote De
9.8
CRITICAL
CVE-2026-0747
>= 2025.3.24.0 and < 2025.3.29.0
Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 th
3.3
LOW
CVE-2025-13683
< 2025.3.25.0
Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolut
6.5
MEDIUM
CVE-2025-5334
< 2025.2.0.17
Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manag
7.5
HIGH
CVE-2025-2600
< 2024.3.31.0
Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to
6.8
MEDIUM
CVE-2025-2562
< 2024.3.31.0
Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to us
5.4
MEDIUM
CVE-2025-2528
< 2024.3.31.0
Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated use
3.6
LOW
CVE-2025-2499
< 2024.3.31.0
Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated
5.4
MEDIUM
CVE-2025-1636
< 2024.3.31.0
Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024
6.5
MEDIUM
CVE-2025-1635
< 2024.3.31.0
Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on
6.5
MEDIUM
CVE-2025-1193
< 2024.3.20.0
Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on
8.1
HIGH
CVE-2024-11621
< 2024.3.4.2
Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept
8.8
HIGH
CVE-2024-12149
< 2024.3.20.0
Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earli
8.1
HIGH
CVE-2024-11672
< 2024.3.10.0
Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows all
4.3
MEDIUM
CVE-2024-11671
< 2024.3.18.0
Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows a
5.4
MEDIUM
CVE-2024-11670
<= 2024.3.10.0
Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Wind
5.4
MEDIUM
CVE-2024-7421
< 2024.3.10
An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with acces
5.5
MEDIUM
CVE-2024-6492
< 2024.2.15.0
Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earl
7.4
HIGH
CVE-2024-6354
< 2024.2.12.0
Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenti
7.2
HIGH
CVE-2024-6057
< 2024.1.32.0
Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an atta
9.8
CRITICAL
CVE-2024-6055
< 2024.2.8.0
Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earl
4.7
MEDIUM
CVE-2024-3545
< 2024.1.21.0
Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on win
4.3
MEDIUM
CVE-2024-2403
< 2024.1.15.0
Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and earlier on Windows allow
5.9
MEDIUM
CVE-2024-0589
<= 2023.3.36.0
Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on
5.4
MEDIUM
CVE-2023-7047
<= 2023.3.31.0
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Deskto
4.4
MEDIUM
CVE-2023-6593
< 2023.3.5.0
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has acce
9.8
CRITICAL
CVE-2023-6288
< 2023.3.10.2
Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_L
7.8
HIGH
CVE-2023-5766
<= 2023.2.33
A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely ex
9.8
CRITICAL
CVE-2023-5765
<= 2023.2.33
Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows al
9.8
CRITICAL
CVE-2023-4417
<= 2023.2.19
Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions o
6.5
MEDIUM
CVE-2023-4373
<= 2023.2.19
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 202
9.8
CRITICAL
CVE-2023-2282
<= 2023.1.22
Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an
6.5
MEDIUM
CVE-2023-1980
<= 2022.3.35
Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the
6.5
MEDIUM
CVE-2023-1939
<= 2022.3.2.0
No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versio
4.3
MEDIUM
CVE-2023-1574
< 2023.1.10
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and belo
6.5
MEDIUM
CVE-2023-1202
< 2023.1.10
Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prio
6.5
MEDIUM
CVE-2023-1203
< 2022.3.1.6
Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager Power
6.5
MEDIUM
CVE-2023-0463
all versions
The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.
3.3
LOW
CVE-2022-26964
< 2022.1
Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a passwo
7.4
HIGH
CVE-2022-4287
< 2022.3.27
Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on Windows a
8.8
HIGH
CVE-2022-3641
>= 2022.3.13 and < 2022.3.26
Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authent
8.8
HIGH
CVE-2022-3781
< 2022.2.27
Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Des
6.5
MEDIUM
CVE-2022-3780
< 2022.3.8
Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which a
7.5
HIGH
CVE-2022-3182
< 2022.2.15
Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows
7.0
HIGH
CVE-2022-2221
< 2022.1.8
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticat
6.5
MEDIUM
CVE-2022-33995
< 2022.2
A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or over
7.5
HIGH
CVE-2022-1342
<= 2022.1.24
A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data.
4.6
MEDIUM
CVE-2021-42098
< 2021.2.16
An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permis
8.8
HIGH
CVE-2021-23922
< 2020.2.12.0
An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerabilit
5.4
MEDIUM
CVE-2021-28047
< 2021.1.0
Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticat
5.4
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin