Security Vulnerabilities
In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-03-05
A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.003
Published
2026-03-05
In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding response is not compressed.
This happens because the JDK Inflater is allocated for decompressing the request, but it is not released because the release mechanism is tied to the compressed response.
In this case, since the response is not compressed, the release mechanism does not trigger, causing the leak.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-03-05
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details.
CVSS Score
3.7
EPSS Score
0.001
Published
2026-03-05
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-03-05
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-03-05
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
6.8
EPSS Score
0.0
Published
2026-03-05
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-03-05
Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
6.6
EPSS Score
0.0
Published
2026-03-05
Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
4.7
EPSS Score
0.0
Published
2026-03-05