Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octoprint vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-41047
OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use t...
Octoprint Octoprint
1 Github repository
8.8
CVSSv3
CVE-2022-3068
Improper Privilege Management in GitHub repository octoprint/octoprint before 1.8.3.
Octoprint Octoprint
5.4
CVSSv3
CVE-2022-2872
Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint before 1.8.3.
Octoprint Octoprint
6.5
CVSSv3
CVE-2021-32560
The Logging subsystem in OctoPrint prior to 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files.
Octoprint Octoprint
6.4
CVSSv3
CVE-2022-1432
Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint before 1.8.0.
Octoprint Octoprint
6
CVSSv3
CVE-2022-3607
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint before 1.8.3.
Octoprint Octoprint
9.1
CVSSv3
CVE-2018-16710
OctoPrint up to and including 1.3.9 allows remote malicious users to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port f...
Octoprint Octoprint
7.5
CVSSv3
CVE-2022-2822
An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.
Octoprint Octoprint
6.1
CVSSv3
CVE-2021-32561
OctoPrint prior to 1.6.0 allows XSS because API error messages include the values of input parameters.
Octoprint Octoprint
4.4
CVSSv3
CVE-2022-2888
If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.
Octoprint Octoprint
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »