20 matches found
EUVD-2019-3302
Malware in sbrugna...
EUVD-2018-10564
Malware in sbrugna...
EUVD-2020-18786
Malware in sbrugna...
EUVD-2020-19679
Malware in sbrugna...
EUVD-2022-42975
Malicious code in bioql PyPI...
EUVD-2022-35002
Malicious code in bioql PyPI...
EUVD-2022-34350
Malicious code in bioql PyPI...
CVE-2022-4870
In affected versions of Octopus Deploy it is possible to discover network details via error message...
CVE-2022-1901
In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview...
CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage...
CVE-2020-26161
In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header...
CVE-2018-12089
In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is...
CVE-2018-11320
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...
CVE-2025-0539
In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself...
CVE-2025-0539
CVE-2025-0539 affects Octopus Deploy on Windows where the server can be coerced into issuing server-side requests that include authentication material. The underlying impact is that a suitably positioned attacker could compromise the account running the Octopus Server and potentially affect the h...
CVE-2025-0526
In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...
CVE-2025-0526
CVE-2025-0526 affects Octopus Deploy. The issue arises from a lack of input validation in an API endpoint that permits uploading files to unexpected locations on the host, potentially enabling circumvention of intended workflows. Connected sources confirm the vulnerability description across mult...
PT-2025-6191 · Unknown · Octopus Deploy
Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows uploading files to unexpected locations on the host using an API endpoint. This is due to a lack of validation in a field, which could potentially result in ways to...
CVE-2022-2760
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space...
PT-2022-17185 · Unknown · Octopus Deploy
Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows uploading a package to the built-in feed with insufficient permissions after re-indexing packages. Recommendations: At the moment, there is no information about a...