CVE-2026-0618
- EPSS 0.04%
- Veröffentlicht 07.01.2026 17:00:21
- Zuletzt bearbeitet 30.01.2026 01:41:53
Cross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4.5.6, before 5.6.13.
CVE-2024-50616
- EPSS 0.13%
- Veröffentlicht 27.10.2024 22:15:03
- Zuletzt bearbeitet 30.10.2024 20:35:38
Ironman PowerShell Universal 5.x before 5.0.12 allows an authenticated attacker to elevate their privileges and view job information.
CVE-2023-49213
- EPSS 1.55%
- Veröffentlicht 23.11.2023 22:15:07
- Zuletzt bearbeitet 21.11.2024 08:33:02
The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2...
CVE-2022-45183
- EPSS 0.48%
- Veröffentlicht 14.11.2022 08:15:09
- Zuletzt bearbeitet 21.11.2024 07:28:55
Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and 2.12.6.
CVE-2022-45184
- EPSS 0.24%
- Veröffentlicht 14.11.2022 08:15:09
- Zuletzt bearbeitet 21.11.2024 07:28:55
The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outs...