316 matches found
CVE-2021-32560
The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not .log files...
CVE-2021-32561
OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters...
CVE-2018-16710
OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the...
User Impersonation
Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to User Impersonation via the X-Preemptive-Recording HTTP header. An attacker could bypass the login redirect and directly access the HTML of certain frontend pages by adding the HTTP...
CVE-2025-32788
OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential...
CVE-2025-32788
OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential...
PYSEC-2025-56
OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential...
PYSEC-2025-56
OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential...
CVE-2025-32788
CVE-2025-32788 – OctoPrint Up to version 1.10.3, OctoPrint could bypass the login redirect and directly access rendered HTML of certain frontend pages by abusing authentication checks. The issue centers on the frontend authentication flow, notably functions like require_login, require_login_with,...
CVE-2025-32788 OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential...
CVE-2025-32788 OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential...
CVE-2025-32788 OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential...
GHSA-QW93-H6PF-226X OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
Impact OctoPrint versions up until and including 1.10.3 contain a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The impact on data exposure is minimal because, typically, data is loaded via API requests that...
OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
Impact OctoPrint versions up until and including 1.10.3 contain a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The impact on data exposure is minimal because, typically, data is loaded via API requests that...
PT-2025-17558 · Octoprint · Octoprint
Name of the Vulnerable Software and Affected Versions: OctoPrint versions up to and including 1.10.3 Description: OctoPrint provides a web interface for controlling consumer 3D printers. The issue allows an attacker to bypass the login redirect and directly access the rendered HTML of certain...
OctoPrint 安全漏洞
OctoPrint is an open source application from OctoPrint. It provides a fast web interface for controlling consumer 3D printers. A security vulnerability exists in OctoPrint 1.10.3 and earlier versions, which stems from a login redirection bypass that could result in direct access to front-end page...
Improper Validation of Certificate with Host Mismatch
Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in components/octoprint, which uses custom Octoprint HTTP sessions. The default ssl parameter configuration uses the value False or None, which causes the SSL verification...
CVE-2022-1430
Cross-site Scripting XSS - DOM in GitHub repository octoprint/octoprint prior to 1.8.0...
CVE-2022-1432
Cross-site Scripting XSS - Generic in GitHub repository octoprint/octoprint prior to 1.8.0...
CVE-2024-32977
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if the...