316 matches found
CVE-2025-58180 OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename...
GHSA-49MJ-X8JP-QVFC OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload
Impact OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename becomes included in a command defined in a system event handler an...
OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload
Impact OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename becomes included in a command defined in a system event handler an...
Exploit for CVE-2025-58180
CVE-2025-58180 RCE in OctoPrint via Unsanitized Filename in Fi...
Exploit for CVE-2025-58180
CVE-2025-58180 RCE in OctoPrint via Unsanitized Filename in Fi...
PT-2025-36936
Name of the Vulnerable Software and Affected Versions: OctoPrint versions prior to 1.11.3 Description: OctoPrint is a web interface for controlling consumer 3D printers. Versions up to and including 1.11.2 are susceptible to a flaw that permits an authenticated attacker to upload a file with a...
OctoPrint 操作系统命令注入漏洞
OctoPrint is an application from the OctoPrint open source. It provides a fast web interface for controlling consumer 3D printers. An operating system command injection vulnerability exists in OctoPrint 1.11.2 and earlier versions, which stems from improper filename handling and could lead to...
CVE-2025-48879
OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...
CVE-2025-48067
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the...
Denial Of Service (DoS)
octoprint is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of malformed multipart/form-data requests due to an endless loop triggered by a missing end boundary, which causes the single-threaded Tornado web server to become unresponsive...
Arbitrary File Exfiltration
octoprint is vulnerable to Arbitrary file exfiltration. The vulnerability is due to insufficient restrictions on file movement by users with FILEUPLOAD permission, allowing files readable by OctoPrint to be moved into the upload folder and downloaded...
GHSA-9WJ4-8H85-PGRW OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint
Impact OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. This could be used to effectively run ...
OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint
Impact OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. This could be used to effectively run ...
GHSA-M9JH-JF9H-X3H2 OctoPrint vulnerable to possible file extraction via upload endpoints
Impact OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. The primary ris...
OctoPrint vulnerable to possible file extraction via upload endpoints
Impact OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. The primary ris...
CVE-2025-48067
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the...
CVE-2025-48879
OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...
Improper Neutralization
Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to Improper Neutralization through the UploadStorageFallbackHandler request handler. An attacker can make the web server component become unresponsive by sending a manipulated broken...
External Control of File Name or Path
Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to External Control of File Name or Path via the upload endpoints. An attacker with the FILEUPLOAD permission can move files from the host into the upload folder, from where they can ...
CVE-2025-48879 OctoPrint Vulnerable to Denial of Service through malformed HTTP request
OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...