| CVE-2025-58180 |
unknown |
— |
1.0 |
|
|
|
9mo ago |
OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload |
| CVE-2026-23892 |
unknown |
— |
— |
|
|
|
4mo ago |
OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication |
| CVE-2025-64187 |
unknown |
— |
— |
|
|
|
7mo ago |
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt |
| CVE-2025-48879 |
unknown |
— |
— |
|
|
|
1y ago |
OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint |
| CVE-2025-48067 |
unknown |
— |
— |
|
|
|
1y ago |
OctoPrint vulnerable to possible file extraction via upload endpoints |
| CVE-2025-32788 |
unknown |
— |
— |
|
|
|
1y ago |
OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and… |
| CVE-2024-51493 |
unknown |
— |
— |
|
|
|
2y ago |
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary con… |
| CVE-2024-49377 |
unknown |
— |
— |
|
|
|
2y ago |
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone … |
| CVE-2024-32977 |
unknown |
— |
— |
|
|
|
2y ago |
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely… |
| CVE-2024-28237 |
unknown |
— |
— |
|
|
|
2y ago |
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a vi… |
| CVE-2024-23637 |
unknown |
— |
— |
|
|
|
2y ago |
OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, incl… |
| CVE-2023-41047 |
unknown |
— |
— |
|
|
|
3y ago |
OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that w… |
| CVE-2022-3607 |
unknown |
— |
— |
|
|
|
4y ago |
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3. |
| CVE-2022-2872 |
unknown |
— |
— |
|
|
|
4y ago |
Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3. |
| CVE-2022-3068 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3. |
| CVE-2022-2888 |
unknown |
— |
— |
|
|
|
4y ago |
If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists. |
| CVE-2022-2930 |
unknown |
— |
— |
|
|
|
4y ago |
Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3. |
| CVE-2022-2822 |
unknown |
— |
— |
|
|
|
4y ago |
OctoPrint does not have rate limiting on the login page |
| CVE-2021-32561 |
unknown |
— |
— |
|
|
|
4y ago |
OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters. |
| CVE-2021-32560 |
unknown |
— |
— |
|
|
|
4y ago |
The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files. |
| CVE-2022-1430 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0. |
| CVE-2022-1432 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0. |
