Lucene search
K

316 matches found

EUVD
EUVD
•added 2025/11/07 3:11 a.m.•7 views

EUVD-2025-37860

OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...

4.6CVSS6.4AI score0.0015EPSS
Exploits0References3
OSV
OSV
•added 2025/11/07 3:11 a.m.•8 views

CVE-2025-64187 OctoPrint is vulnerable to XSS through Action Command Notifications and Prompts

OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...

4.6CVSS6.9AI score0.0015EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2025/11/07 3:11 a.m.•5 views

CVE-2025-64187 OctoPrint is vulnerable to XSS through Action Command Notifications and Prompts

OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...

4.6CVSS6.6AI score0.0015EPSS
Exploits0References2
CVE
CVE
•added 2025/11/07 3:11 a.m.•38 views

CVE-2025-64187

OctoPrint versions 1.11.3 and earlier are vulnerable to XSS through Action Command notifications and prompts. A crafted file can inject arbitrary HTML/JavaScript into printer popups and notifications, potentially disrupting prints or exposing sensitive information if the user has permission. The ...

4.6CVSS6.5AI score0.0015EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
•added 2025/11/07 12:0 a.m.•6 views

OctoPrint 安全漏洞

OctoPrint is an open source application from OctoPrint. It provides a fast web interface for controlling consumer 3D printers. A security vulnerability exists in OctoPrint 1.11.3 and prior versions that originated from allowing arbitrary HTML and JavaScript to be injected into Action Command...

4.6CVSS6.4AI score0.0015EPSS
Exploits0References3
OSV
OSV
•added 2025/11/04 3:42 p.m.•5 views

GHSA-CRVM-XJHM-9H29 OctoPrint vulnerable to XSS in Action Commands Notification and Prompt

Impact OctoPrint versions up to and including 1.11.3 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notification and prompt popups generated by the printer. An attacker who successfully convinces a victim to print a specially crafted fil...

4.6CVSS6.9AI score0.0015EPSS
Exploits0References4
Snyk
Snyk
•added 2025/11/04 3:42 p.m.•4 views

Cross-site Scripting (XSS)

Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Action Command Notification plugin and the Action Command Prompt plugin. An attacker can execute arbitrary scripts in the context of the user's...

4.6CVSS5.7AI score0.0015EPSS
Exploits0References3
Github Security Blog
Github Security Blog
•added 2025/11/04 3:42 p.m.•9 views

OctoPrint vulnerable to XSS in Action Commands Notification and Prompt

Impact OctoPrint versions up to and including 1.11.3 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notification and prompt popups generated by the printer. An attacker who successfully convinces a victim to print a specially crafted fil...

4.6CVSS6.9AI score0.0015EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
•added 2025/11/04 12:0 a.m.•8 views

PT-2025-45116

Name of the Vulnerable Software and Affected Versions OctoPrint versions 1.11.3 and below Description OctoPrint, a web interface for controlling 3D printers, is affected by an issue that allows the injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups. An...

4.6CVSS6.1AI score0.0015EPSS
Exploits0References15
RedhatCVE
RedhatCVE
•added 2025/10/24 4:25 p.m.•15 views

CVE-2025-62169

OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...

8.1CVSS7AI score0.00433EPSS
Exploits0References1
NVD
NVD
•added 2025/10/23 4:17 p.m.•9 views

CVE-2025-62169

OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...

8.1CVSS0.00433EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2025/10/23 4:9 p.m.•5 views

CVE-2025-62169 OctoPrint-SpoolManager Plugin APIs do not enforce authentication

OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...

8.1CVSS6.7AI score0.00433EPSS
Exploits0References4
CVE
CVE
•added 2025/10/23 4:9 p.m.•27 views

CVE-2025-62169

CVE-2025-62169 affects OctoPrint-SpoolManager plugin APIs that failed to enforce authentication/authorization in: testing branch <= 1.8.0a2 and stable branch

8.1CVSS6.7AI score0.00433EPSS
Exploits0References4
EUVD
EUVD
•added 2025/10/23 4:9 p.m.•6 views

EUVD-2025-35702

OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...

8.1CVSS6.5AI score0.00433EPSS
Exploits0References4
OSV
OSV
•added 2025/10/23 4:9 p.m.•9 views

CVE-2025-62169 OctoPrint-SpoolManager Plugin APIs do not enforce authentication

OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...

8.1CVSS7AI score0.00433EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2025/10/23 12:0 a.m.•9 views

PT-2025-43530

Name of the Vulnerable Software and Affected Versions OctoPrint-SpoolManager versions 1.7.7 and older OctoPrint-SpoolManager versions 1.8.0a2 and older Description The APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks. This allows unauthoriz...

8.1CVSS6.8AI score0.00433EPSS
Exploits0References10
CNNVD
CNNVD
•added 2025/10/23 12:0 a.m.•5 views

OctoPrint-SpoolManager 授权问题漏洞

OctoPrint-SpoolManager is a plugin for managing spools and their usage metadata by Wild Rikku Individual Developers. An authorization issue vulnerability exists in OctoPrint-SpoolManager versions 1.8.0a2 and 1.7.7, which stems from the API not properly performing authentication or authorization...

8.1CVSS6.8AI score0.00433EPSS
Exploits0References4
Veracode
Veracode
•added 2025/10/16 8:45 a.m.•7 views

Command Injection

OctoPrint is vulnerable to Command Injection. The vulnerability is due to improper handling of specially crafted filenames in uploaded files that can be included in system commands defined in event handlers, which allows an authenticated attacker to execute arbitrary commands when the correspondi...

8.8CVSS7.7AI score0.19313EPSS
Exploits4References6Affected Software1
EUVD
EUVD
•added 2025/10/07 12:30 a.m.•8 views

EUVD-2021-0155

Malware in sbrugna...

6.1CVSS6.1AI score0.01143EPSS
Exploits1References7
EUVD
EUVD
•added 2025/10/07 12:30 a.m.•7 views

EUVD-2021-0154

Malware in sbrugna...

6.5CVSS6.4AI score0.0149EPSS
Exploits1References7
Rows per page
Query Builder