CVE-2025-1636
published 2025-03-13CVE-2025-1636: Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows…
PriorityP338medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.58%
72.5th percentile
Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows an authenticated user to inadvertently leak the My Personal Credentials in a shared vault via the clear history feature due to faulty business logic.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| devolutions | remote_desktop_manager | < 2024.3.31.0 | 2024.3.31.0 |
| devolutions | remote_desktop_manager | <= 2024.3.29.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Synapse pagination Denial of Service
ghsa·2026-05-14
CVE-2026-45076 [MEDIUM] CWE-20 Synapse pagination Denial of Service
Synapse pagination Denial of Service
### Impact
In federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients.
Clients could therefore fail to display room history.
### Patches
Update to Synapse 1.152.1 or later.
### Workarounds
There are no known workarounds for this issue.
### Identifiers
- ELEMENTSEC-2025-1636
### For more information
If you have any questions or comments about this advisory, please email us at [security at element.io](mailto:[email protected]).
GHSA
GHSA-4gfx-6626-vp83: Exposure of sensitive information in My Personnal Credentials password history component in Devolutions Remote Desktop Manager 2024
ghsa_unreviewed·2025-03-13
CVE-2025-1636 [MEDIUM] CWE-200 GHSA-4gfx-6626-vp83: Exposure of sensitive information in My Personnal Credentials password history component in Devolutions Remote Desktop Manager 2024
Exposure of sensitive information in My Personnal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows an authenticated user to inadvertently leak the My Personnal Credentials in a shared vault via the clear history feature due to faulty business logic.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-13
Published