316 matches found
EUVD-2025-37860
OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...
CVE-2025-64187 OctoPrint is vulnerable to XSS through Action Command Notifications and Prompts
OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...
CVE-2025-64187 OctoPrint is vulnerable to XSS through Action Command Notifications and Prompts
OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...
CVE-2025-64187
OctoPrint versions 1.11.3 and earlier are vulnerable to XSS through Action Command notifications and prompts. A crafted file can inject arbitrary HTML/JavaScript into printer popups and notifications, potentially disrupting prints or exposing sensitive information if the user has permission. The ...
OctoPrint ĺŽĺ ¨ćźć´
OctoPrint is an open source application from OctoPrint. It provides a fast web interface for controlling consumer 3D printers. A security vulnerability exists in OctoPrint 1.11.3 and prior versions that originated from allowing arbitrary HTML and JavaScript to be injected into Action Command...
GHSA-CRVM-XJHM-9H29 OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
Impact OctoPrint versions up to and including 1.11.3 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notification and prompt popups generated by the printer. An attacker who successfully convinces a victim to print a specially crafted fil...
Cross-site Scripting (XSS)
Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Action Command Notification plugin and the Action Command Prompt plugin. An attacker can execute arbitrary scripts in the context of the user's...
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
Impact OctoPrint versions up to and including 1.11.3 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notification and prompt popups generated by the printer. An attacker who successfully convinces a victim to print a specially crafted fil...
PT-2025-45116
Name of the Vulnerable Software and Affected Versions OctoPrint versions 1.11.3 and below Description OctoPrint, a web interface for controlling 3D printers, is affected by an issue that allows the injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups. An...
CVE-2025-62169
OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...
CVE-2025-62169
OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...
CVE-2025-62169 OctoPrint-SpoolManager Plugin APIs do not enforce authentication
OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...
CVE-2025-62169
CVE-2025-62169 affects OctoPrint-SpoolManager plugin APIs that failed to enforce authentication/authorization in: testing branch <= 1.8.0a2 and stable branch
EUVD-2025-35702
OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...
CVE-2025-62169 OctoPrint-SpoolManager Plugin APIs do not enforce authentication
OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...
PT-2025-43530
Name of the Vulnerable Software and Affected Versions OctoPrint-SpoolManager versions 1.7.7 and older OctoPrint-SpoolManager versions 1.8.0a2 and older Description The APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks. This allows unauthoriz...
OctoPrint-SpoolManager ććéŽé˘ćźć´
OctoPrint-SpoolManager is a plugin for managing spools and their usage metadata by Wild Rikku Individual Developers. An authorization issue vulnerability exists in OctoPrint-SpoolManager versions 1.8.0a2 and 1.7.7, which stems from the API not properly performing authentication or authorization...
Command Injection
OctoPrint is vulnerable to Command Injection. The vulnerability is due to improper handling of specially crafted filenames in uploaded files that can be included in system commands defined in event handlers, which allows an authenticated attacker to execute arbitrary commands when the correspondi...
EUVD-2021-0155
Malware in sbrugna...
EUVD-2021-0154
Malware in sbrugna...