Ironmansoftware Powershell Universal — known CVE vulnerabilities
Every CVE whose affected-product data names Ironmansoftware Powershell Universal, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2022-45183 — CVSS 8.8 (high): Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token…
CVE-2023-49213 — CVSS 8.8 (high): The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP…
CVE-2026-4064 — CVSS 8.3 (high): Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with…
CVE-2022-45184 — CVSS 7.2 (high): The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration…
CVE-2026-3277 — CVSS 6.5 (medium): The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext…
CVE-2026-0618 — CVSS 6.1 (medium): Cross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4.5.6, before 5.6.13.
CVE-2026-3563 — CVSS 5.5 (medium): Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with…
CVE-2026-8694 — CVSS 5.3 (medium): Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the…