📦 Octopus Server

This vulnerability in Octopus Deploy allows attackers to delete files or file contents on the host system through an unauthenticated API endpoint lacking input validation. It affects Octopus Deploy in...

This vulnerability in Octopus Server allows attackers to use the preview import feature to determine whether specific files exist on the target system. This information disclosure could help adversari...

CVE-2024-2975 is a race condition vulnerability in Octopus Deploy that allows local privilege escalation. Attackers can exploit timing issues in certain configurations to gain elevated privileges. Thi...

CVE-2022-4009 is a command injection vulnerability in Octopus Deploy that allows authenticated users to execute arbitrary code during offline package creation. This affects Octopus Deploy Server insta...

CVE-2021-26556 is a local privilege escalation vulnerability in Octopus Server where incorrect folder ACLs when installed to custom locations allow unprivileged users to perform DLL side-loading attac...

This vulnerability in Octopus Server allows authenticated users with sufficient privileges to set custom headers that can cause server responses to return 500 errors, leading to denial of service. Att...

CVE-2025-0513 is a cross-site scripting (XSS) vulnerability in Octopus Server where unsafe handling of error messages allows attackers to inject malicious code. This affects users viewing error pages ...

Octopus Server versions before 2024.2.10998 may expose sensitive variables like passwords and API keys in task logs in clear-text under certain circumstances. This affects organizations using Octopus ...