CVE-2025-32788 OctoPrint Authenticated Reverse Proxy Page Authentication Bypass

OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential...

CVE-2025-32788

CVE-2025-32788 – OctoPrint Up to version 1.10.3, OctoPrint could bypass the login redirect and directly access rendered HTML of certain frontend pages by abusing authentication checks. The issue centers on the frontend authentication flow, notably functions like require_login, require_login_with,...

CVE-2024-51330

An issue in UltiMaker Cura v.4.41 and 5.8.1 and before allows a local attacker to execute arbitrary code via Inter-process communication IPC mechanism between Cura application and CuraEngine processes, localhost network stack, printing settings and G-code processing and transmission components,...

CVE-2024-51330

CVE-2024-51330 affects UltiMaker Cura up to v4.41 and v5.8.1 and earlier, enabling a local attacker to execute arbitrary code via the Inter-process communication (IPC) between the Cura GUI and CuraEngine, the localhost network stack, and related printing/G-code components on Ultimaker 3D printers...

CVE-2024-51330

An issue in UltiMaker Cura v.4.41 and 5.8.1 and before allows a local attacker to execute arbitrary code via Inter-process communication IPC mechanism between Cura application and CuraEngine processes, localhost network stack, printing settings and G-code processing and transmission components,...

CVE-2024-49377 Jinja2 Templates are vulnerable to XSS attacks due to their configuration in OctoPrint

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on...

CVE-2024-49377 Jinja2 Templates are vulnerable to XSS attacks due to their configuration in OctoPrint

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on...

CVE-2024-32977 OctoPrint Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if the...

CVE-2024-28237

The CVE-2024-28237 issue affects OctoPrint prior to 1.10.0rc3, specifically the Classic Webcam plugin snapshot URL feature. The root cause is a cross-site scripting (XSS) vulnerability where a crafted webcam snapshot URL tested via the web interface can cause JavaScript to execute in a victim adm...

CVE-2024-28237 OctoPrint XSS via the "Snapshot Test" feature in Classic Webcam plugin settings

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through th...

Code injection

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract da...

PYSEC-2023-195

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract da...

CVE-2023-41047 Improper Neutralization of Special Elements Used in a Template Engine in OctoPrint

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract da...

CVE-2023-41047 Improper Neutralization of Special Elements Used in a Template Engine in OctoPrint

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract da...

CVE-2023-41047

OctoPrint (web interface for 3D printers) contains CVE-2023-41047 affecting versions up to 1.9.2. The vulnerability arises from improper neutralization in a template-related element, allowing an administrator with HIGH privileges to configure a crafted GCODE script that is executed during renderi...

[SECURITY] Fedora 33 Update: slic3r-1.3.0-19.fc33

Slic3r is a G-code generator for 3D printers. It's compatible with RepRaps, Makerbots, Ultimakers and many more machines. See the project homepage at slic3r.org and the documentation on the Slic3r wiki for more information...

Fedora: Security Advisory for slic3r (FEDORA-2021-473e880567)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for slic3r (FEDORA-2021-1d72d8cea2)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for slic3r (FEDORA-2021-70a78ade08)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Explosive technology and 3D printers: a history of deadly devices

Hackers: They’ll turn your computer into a BOMB! "Hackers turning computers into bombs" is a now legendary headline, taken from the Weekly World News. It has rather set the bar for "people will murder you with computers" anxiety. Even those familiar with the headline may not have dug into the sto...