Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1109 matches found

RedhatCVE
RedhatCVEadded 4 days ago6 views

CVE-2026-4881

In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...

6CVSS5.4AI score0.00031EPSS
Exploits0References1
Fedora
Fedoraadded 4 days ago12 views

[SECURITY] Fedora 43 Update: rust-sequoia-octopus-librnp-1.11.1-7.fc43

Reimplementation of RNP's interface using Sequoia for use with Thunderbird...

5.8AI score
Exploits0
NVD
NVDadded 5 days ago6 views

CVE-2026-4881

In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...

6CVSS0.00031EPSS
Exploits0References1
CVE
CVEadded 5 days ago11 views

CVE-2026-4881

Octopus Server is affected by CVE-2026-4881 due to permissions not being checked correctly in a specific API endpoint, allowing any authenticated user to perform server-level changes and receive an error. Affected software is Octopus Server; vulnerable component/behavior is the permission check i...

6CVSS5.8AI score0.00031EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 5 days ago5 views

CVE-2026-4881

In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...

6CVSS5.8AI score0.00031EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 5 days ago5 views

CVE-2026-4881

In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...

6CVSS5.8AI score0.00031EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 5 days ago6 views

EUVD-2026-34227

In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...

6CVSS5.8AI score0.00031EPSS
Exploits0References1
Cvelist
Cvelistadded 5 days ago32 views

CVE-2026-4881

In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...

6CVSS0.00031EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 5 days ago10 views

PT-2026-46172

In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...

6CVSS5.8AI score0.00031EPSS
Exploits0References2
Fedora
Fedoraadded 2026/05/27 1:12 a.m.10 views

[SECURITY] Fedora 42 Update: rust-sequoia-octopus-librnp-1.11.1-6.fc42

Reimplementation of RNP's interface using Sequoia for use with Thunderbird...

5.5CVSS5.8AI score0.00006EPSS
Exploits0
Fedora
Fedoraadded 2026/05/15 2:34 a.m.8 views

[SECURITY] Fedora 44 Update: rust-sequoia-octopus-librnp-1.11.1-6.fc44

Reimplementation of RNP's interface using Sequoia for use with Thunderbird...

5.8AI score
Exploits0
EUVD
EUVDadded 2026/03/17 9:31 a.m.3 views

EUVD-2026-12544

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

2.3CVSS5.8AI score0.00042EPSS
Exploits0References2
NVD
NVDadded 2026/03/17 7:16 a.m.3 views

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

4.3CVSS0.00042EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/03/17 6:37 a.m.2 views

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

2.3CVSS5.8AI score0.00042EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/17 6:37 a.m.0 views

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

2.3CVSS5.8AI score0.00042EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/03/17 6:37 a.m.7 views

CVE-2026-3237

In Octopus Server, a low-privileged user could exploit an API endpoint with insufficient permission validation to modify the signing key expiration and revocation time frames. The issue affects the API layer but does not allow exposure of signing keys. CVSS v4.0 base score 2.3 (LOW) with network ...

4.3CVSS5.8AI score0.00042EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/03/17 6:37 a.m.29 views

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

2.3CVSS0.00042EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/03/17 12:0 a.m.2 views

Octopus Server 安全漏洞

Octopus Server is a deployment automation and release management tool provided by the Australian company Octopus, designed for continuous delivery. There is a security vulnerability in Octopus Server, which stems from incorrect permission validation for API endpoints. This vulnerability could all...

4.3CVSS5.8AI score0.00042EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/06 2:37 p.m.3 views

CVE-2026-3236

In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token...

4.3CVSS5.8AI score0.00042EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/05 12:30 p.m.3 views

EUVD-2026-9817

In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token...

2.3CVSS5.9AI score0.00042EPSS
Exploits0References2
Rows per page
Query Builder