Bambuddy 安全漏洞

Bambuddy is a self-hosted printing management system for 3D printers developed by MartinNYHC’s individual developer. Versions of Bambuddy prior to 0.1.7 contained security vulnerabilities. These vulnerabilities stemmed from hard-coded keys and the lack of authentication checks on ManyAPI routes,...

EUVD-2023-27478

Malicious code in bioql PyPI...

EUVD-2025-12227

Malicious code in bioql PyPI...

CVE-2025-48067

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the...

PT-2025-17558 · Octoprint · Octoprint

Name of the Vulnerable Software and Affected Versions: OctoPrint versions up to and including 1.10.3 Description: OctoPrint provides a web interface for controlling consumer 3D printers. The issue allows an attacker to bypass the login redirect and directly access the rendered HTML of certain...

CVE-2024-23637

OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an adm...

PYSEC-2024-29

OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an adm...

CVE-2024-23637 OctoPrint Unverified Password Change via Access Control Settings

OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an adm...

CVE-2024-23637 OctoPrint Unverified Password Change via Access Control Settings

OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an adm...

CVE-2024-23637 OctoPrint Unverified Password Change via Access Control Settings

OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an adm...

CVE-2024-23637

OctoPrint (web interface for 3D printers) contains a vulnerability in versions up to 1.9.3 that allows a malicious admin to change the password of other admin accounts (including their own) without re-authenticating. The issue would let an attacker who hijacks an admin session lock out legitimate...

OctoPrint webcam stream test cross-site scripting vulnerability

OctoPrint is an application that provides a fast web interface for controlling consumer 3D printers. A cross-site scripting vulnerability exists in versions prior to OctoPrint 1.8.0, which stems from a lack of filtering and escaping of data in the software webcam stream test. An attacker could us...

CVE-2021-34086

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests...

Code injection

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the settings page...

CVE-2021-34086

CVE-2021-34086 affects Ultimaker S3/S5 and Ultimaker 3 (S-line up to 6.3; 3 through 5.2.16) where the local webserver exposes APIs that are vulnerable to CSRF due to lack of request verification. Root cause: insufficient CSRF protection on the local webserver APIs. Impact: CVSS3.1/AV:N/AC:L/PR:N/...

CVE-2021-34087

The CVE-2021-34087 entry describes a clickjacking vulnerability in the local webserver of Ultimaker printers. Affected products: Ultimaker S3, Ultimaker S5, and Ultimaker 3 family (S-line through firmware 6.3; Ultimaker 3 through 5.2.16). The issue is specifically on the settings page of the loca...

CVE-2021-34087

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the settings page...

OctoPrint Cross-Site Request Vulnerability

OctoPrint is an application. Provides a fast web interface for controlling consumer 3D printers. A cross-site request vulnerability existed prior to OctoPrint version 1.6.0. The vulnerability originated in the program because an API error message included the value of an input parameter. No...

Prusa Research PrusaSlicer Objparser::objparse() stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the Objparser::objparse functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

A Cheap 3D Printer Can Trick Smartphone Fingerprint Locks

With a budget of just $2,000, researchers could fool biometric scanners 80 percent of the time...