Lucene search
K

316 matches found

OSV
OSV
added 2025/09/09 7:34 p.m.5 views

CVE-2025-58180 OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename...

7.5CVSS7AI score0.19313EPSS
Exploits4References6
OSV
OSV
added 2025/09/09 7:22 p.m.4 views

GHSA-49MJ-X8JP-QVFC OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload

Impact OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename becomes included in a command defined in a system event handler an...

8.8CVSS7.4AI score0.19313EPSS
Exploits4References6
Github Security Blog
Github Security Blog
added 2025/09/09 7:22 p.m.7 views

OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload

Impact OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename becomes included in a command defined in a system event handler an...

8.8CVSS7.4AI score0.19313EPSS
Exploits4References6Affected Software1
GithubExploit
GithubExploit
added 2025/09/09 8:32 a.m.208 views

Exploit for CVE-2025-58180

CVE-2025-58180 RCE in OctoPrint via Unsanitized Filename in Fi...

9.1AI score0.19313EPSS
Exploits4
GithubExploit
GithubExploit
added 2025/09/09 8:32 a.m.497 views

Exploit for CVE-2025-58180

CVE-2025-58180 RCE in OctoPrint via Unsanitized Filename in Fi...

9.1AI score0.19313EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.2 views

PT-2025-36936

Name of the Vulnerable Software and Affected Versions: OctoPrint versions prior to 1.11.3 Description: OctoPrint is a web interface for controlling consumer 3D printers. Versions up to and including 1.11.2 are susceptible to a flaw that permits an authenticated attacker to upload a file with a...

8.8CVSS5.9AI score0.19313EPSS
Exploits4References16
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.5 views

OctoPrint 操作系统命令注入漏洞

OctoPrint is an application from the OctoPrint open source. It provides a fast web interface for controlling consumer 3D printers. An operating system command injection vulnerability exists in OctoPrint 1.11.2 and earlier versions, which stems from improper filename handling and could lead to...

8.8CVSS7.3AI score0.19313EPSS
Exploits4References6
RedhatCVE
RedhatCVE
added 2025/06/12 4:10 p.m.8 views

CVE-2025-48879

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...

6.5CVSS6.3AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/12 3:21 p.m.5 views

CVE-2025-48067

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the...

5.4CVSS5AI score0.00256EPSS
Exploits0References1
Veracode
Veracode
added 2025/06/11 8:43 a.m.8 views

Denial Of Service (DoS)

octoprint is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of malformed multipart/form-data requests due to an endless loop triggered by a missing end boundary, which causes the single-threaded Tornado web server to become unresponsive...

6.5CVSS7AI score0.00223EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/06/11 8:37 a.m.5 views

Arbitrary File Exfiltration

octoprint is vulnerable to Arbitrary file exfiltration. The vulnerability is due to insufficient restrictions on file movement by users with FILEUPLOAD permission, allowing files readable by OctoPrint to be moved into the upload folder and downloaded...

5.4CVSS7AI score0.00256EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/06/10 8:14 p.m.1 views

GHSA-9WJ4-8H85-PGRW OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint

Impact OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. This could be used to effectively run ...

6.5CVSS5.7AI score0.00223EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/06/10 8:14 p.m.13 views

OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint

Impact OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. This could be used to effectively run ...

6.5CVSS6.5AI score0.00223EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/06/10 8:13 p.m.7 views

GHSA-M9JH-JF9H-X3H2 OctoPrint vulnerable to possible file extraction via upload endpoints

Impact OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. The primary ris...

5.4CVSS5.7AI score0.00256EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/06/10 8:13 p.m.17 views

OctoPrint vulnerable to possible file extraction via upload endpoints

Impact OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. The primary ris...

5.4CVSS5.2AI score0.00256EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/06/10 4:15 p.m.12 views

CVE-2025-48067

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the...

5.4CVSS0.00256EPSS
Exploits0References2
NVD
NVD
added 2025/06/10 4:15 p.m.11 views

CVE-2025-48879

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...

6.5CVSS0.00223EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/10 3:45 p.m.2 views

Improper Neutralization

Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to Improper Neutralization through the UploadStorageFallbackHandler request handler. An attacker can make the web server component become unresponsive by sending a manipulated broken...

7.1CVSS6.9AI score0.00223EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/10 3:43 p.m.3 views

External Control of File Name or Path

Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to External Control of File Name or Path via the upload endpoints. An attacker with the FILEUPLOAD permission can move files from the host into the upload folder, from where they can ...

5.4CVSS6.9AI score0.00256EPSS
Exploits0References2
OSV
OSV
added 2025/06/10 3:23 p.m.8 views

CVE-2025-48879 OctoPrint Vulnerable to Denial of Service through malformed HTTP request

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...

6.5CVSS6.5AI score0.00223EPSS
Exploits0References4
Rows per page
Query Builder