Devolutions Remote Desktop Manager
45 CVEs affecting Devolutions Remote Desktop Manager. Latest disclosed: 2026-03-03. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-2590 | Critical | 9.8 | 2026-03-03 | Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and e… |
CVE-2026-0747 | | 2026-01-08 | Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows… | |
CVE-2025-13683 | | 2025-11-28 | Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8… | |
CVE-2025-5334 | | 2025-05-29 | Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated us… | |
CVE-2025-2600 | | 2025-03-26 | Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATED_PASSWORD var… | |
CVE-2025-2562 | | 2025-03-26 | Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without g… | |
CVE-2025-2528 | | 2025-03-26 | Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration dif… | |
CVE-2025-2499 | | 2025-03-26 | Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to… | |
CVE-2025-1636 | | 2025-03-13 | Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows… | |
CVE-2025-1635 | | 2025-03-13 | Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user export… | |
CVE-2024-11621 | | 2025-02-10 | Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communi… | |
CVE-2025-1193 | | 2025-02-10 | Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker t… | |
CVE-2024-12149 | | 2024-12-04 | Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authe… | |
CVE-2024-11670 | | 2024-11-25 | Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authen… | |
CVE-2024-11671 | | 2024-11-25 | Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user t… | |
CVE-2024-11672 | | 2024-11-25 | Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated maliciou… | |
CVE-2024-7421 | | 2024-09-25 | An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain se… | |
CVE-2024-6492 | | 2024-07-16 | Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an atta… | |
CVE-2024-6354 | | 2024-06-26 | Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the exec… | |
CVE-2024-6057 | | 2024-06-17 | Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an… |