Lucene search
K

1116 matches found

Vulnrichment
Vulnrichment
added 2026/02/25 12:22 p.m.3 views

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

5.9CVSS5.4AI score0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/25 12:22 p.m.21 views

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

5.9CVSS0.00332EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.11 views

PT-2026-21900

Name of the Vulnerable Software and Affected Versions Octopus Deploy affected versions not specified Description A lack of validation in a field within Octopus Deploy allowed for the removal of files and/or their contents on the host system via an API endpoint. This could potentially bypass...

9.1CVSS6AI score0.00332EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

Octopus Deploy 安全漏洞

Octopus Deploy is an automated tool developed by the Australian company Octopus, used for the development and deployment of applications in .NET, Java, and other programming languages. There is a security vulnerability in Octopus Deploy, which stems from the lack of validation in the API endpoint...

9.1CVSS5.8AI score0.00332EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.2 views

Fedora 43 : rust-sequoia-keystore-server / rust-sequoia-octopus-librnp / etc (2026-9317b8ea7b)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-9317b8ea7b advisory. Rebuild with sequoia-openpgp v2.1.0 to apply fixes for RUSTSEC-2025-0136 / CVE-2025-67897. Tenable has extracted the preceding description block directly fro...

5.3CVSS5.5AI score0.00297EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/02/04 12:0 a.m.5 views

Fedora: Security Advisory (FEDORA-2026-9317b8ea7b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.4AI score0.00297EPSS
Exploits0References3
NVD
NVD
added 2026/01/16 12:16 a.m.9 views

CVE-2021-47801

Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'loginuser' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to...

8.8CVSS0.0035EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.7 views

Vianeos OctoPUS SQL injection vulnerability

Vianeos OctoPUS is a video service middleware system developed by the French company Vianeos. Version 5 of Vianeos OctoPUS contains a SQL injection vulnerability. This vulnerability stems from a time-based blind SQL injection in the loginuser parameter, which may lead to information leakage...

8.8CVSS5.8AI score0.0035EPSS
Exploits0References4
CVE
CVE
added 2026/01/15 11:25 p.m.19 views

CVE-2021-47801

Vianeos OctoPUS 5 is affected by a time-based blind SQL injection in the login_user parameter during authentication requests. The vulnerability allows crafted POST requests with SQL payloads that trigger database sleep functions to extract information. Root cause is a time-based blind SQLi flaw i...

8.8CVSS7.8AI score0.0035EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/15 11:25 p.m.4 views

CVE-2021-47801 Vianeos OctoPUS 5 - 'login_user' SQLi

Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'loginuser' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to...

8.8CVSS7.8AI score0.0035EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/15 11:25 p.m.31 views

CVE-2021-47801 Vianeos OctoPUS 5 - 'login_user' SQLi

Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'loginuser' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to...

8.8CVSS0.0035EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 12:25 p.m.6 views

CVE-2018-12884

In Octopus Deploy 3.0 onwards before 2018.6.7, an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu...

6.5CVSS6.6AI score0.0079EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.12 views

CVE-2021-31820

In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI...

7.5CVSS7.2AI score0.00611EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.24 views

CVE-2021-31822

When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access...

7.8CVSS6.8AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.11 views

CVE-2021-31817

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext...

7.5CVSS7.7AI score0.00858EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.9 views

CVE-2021-31818

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...

4.3CVSS7.7AI score0.00622EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.8 views

CVE-2021-31821

When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...

5.5CVSS7.2AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.8 views

CVE-2019-11632

In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. These permissions are only used in custom...

8.1CVSS6.7AI score0.01173EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:51 a.m.7 views

CVE-2020-10678

In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges...

8.8CVSS7AI score0.01024EPSS
Exploits0References1
Schneier on Security
Schneier on Security
added 2025/12/05 10:6 p.m.4 views

Friday Squid Blogging: Vampire Squid Genome

The vampire squid Vampyroteuthis infernalis has the largest cephalopod genome ever sequenced: more than 11 billion base pairs. That's more than twice as large as the biggest squid genomes. It's technically not a squid: "The vampire squid is a fascinating twig tenaciously hanging onto the cephalop...

6.9AI score
Exploits0
Rows per page
Query Builder