1115 matches found
CVE-2026-8296
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts...
EUVD-2026-38000
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts...
CVE-2026-8296
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts...
CVE-2026-8296
CVE-2026-8296 affects Octopus Server. Affected versions permit embedding a Cross-Site Scripting (XSS) payload via artifacts when an attacker has high privileges and certain access levels; exploitation requires user interaction. CVSSv4 base score 5.6 (MEDIUM); attack vector NETWORK; attack complex...
PT-2026-50868
Name of the Vulnerable Software and Affected Versions Octopus Server affected versions not specified Description Certain access levels allow the embedding of a Cross-Site Scripting XSS payload via artifacts. Cross-Site Scripting is a flaw that allows an attacker to inject malicious scripts into w...
CVE-2026-4881
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...
[SECURITY] Fedora 43 Update: rust-sequoia-octopus-librnp-1.11.1-7.fc43
Reimplementation of RNP's interface using Sequoia for use with Thunderbird...
CVE-2026-4881
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...
CVE-2026-4881
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...
EUVD-2026-34227
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...
CVE-2026-4881
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...
CVE-2026-4881
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...
CVE-2026-4881
Octopus Server is affected by CVE-2026-4881 due to permissions not being checked correctly in a specific API endpoint, allowing any authenticated user to perform server-level changes and receive an error. Affected software is Octopus Server; vulnerable component/behavior is the permission check i...
PT-2026-46172
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...
Octopus Server 安全漏洞
Octopus Server is a deployment automation and release management tool provided by the Australian company Octopus, used for continuous delivery. The affected versions of Octopus Server have a security vulnerability. This vulnerability stems from incorrect permission checks, allowing any...
[SECURITY] Fedora 42 Update: rust-sequoia-octopus-librnp-1.11.1-6.fc42
Reimplementation of RNP's interface using Sequoia for use with Thunderbird...
[SECURITY] Fedora 44 Update: rust-sequoia-octopus-librnp-1.11.1-6.fc44
Reimplementation of RNP's interface using Sequoia for use with Thunderbird...
EUVD-2026-12544
In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...
CVE-2026-3237
In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...
CVE-2026-3237
In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...