HIGH8.8CVE-2025-58180OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload from 0, < 1.11.3
HIGH8.8CVE-2022-3068OctoPrint Improper Privilege Management vulnerability from 0, < ef95ef1c101b79394f134e8fce000e6bae046571 | from 0, < 1.8.3
HIGH8.8CVE-2022-3068OctoPrint Improper Privilege Management vulnerability from 0, < 1.8.3
HIGH7.5Cross-site Scripting in OctoPrint
from 0, < 1.8.0
HIGH7.5Cross-site Scripting in OctoPrint
from 0, < 8087528e4a7ddd15c7d95ff662deb5ef7de90045 | from 0, < 1.8.0
HIGH7.5Cross-site Scripting in OctoPrint
from 0, < 6d259d7e6f5b0de9a1c762831537a386e53978d3 | from 0, < 1.8.0
HIGH7.5Cross-site Scripting in OctoPrint
from 0, < 1.8.0
HIGH7.1OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
from 0, < 5afbec8d23508edc25b0f1bdef1620580136add4, < 5afbec8d23508edc25b0f1bdef1620580136add4 | from 0, < 1.10.1
HIGH7.1OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
from 0, < 1.10.1
MEDIUM6.5OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint
from 0, < 1.11.2
MEDIUM6.5OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine
from 0, < d0072cff894509c77e243d6562245ad3079e17db | from 0, < 1.9.3
MEDIUM6.5OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine
from 0, < 1.9.3
MEDIUM6.5OctoPrint Incorrect Access Control
from 0, < 1.6.0
MEDIUM6.5OctoPrint Incorrect Access Control
from 0, < 1.6.0
MEDIUM6.1OctoPrint API Error Messages vulnerable to XSS
from 0, < 1.6.0
MEDIUM6.1OctoPrint API Error Messages vulnerable to XSS
from 0, < 1.6.0
MEDIUM6.0OctoPrint vulnerable to Special Element Injection
from 0, < 3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e | from 0, < 1.8.3
MEDIUM6.0OctoPrint vulnerable to Special Element Injection
from 0, < 1.8.3
MEDIUM5.9OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication
from 0, < 1.11.6
MEDIUM5.5OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates
from 0, < 1.10.3
MEDIUM5.5OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates
from 0, < 1.10.3
MEDIUM5.4OctoPrint vulnerable to possible file extraction via upload endpoints
from 0, < 1.11.2
MEDIUM5.3OctoPrint has API key access in settings without reauthentication
from 0, < 1.10.3
MEDIUM5.3OctoPrint has API key access in settings without reauthentication
from 0, < 1.10.3
MEDIUM5.3Unverified Password Change in OctoPrint
from 0, < 1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f | from 0, < 1.8.3
MEDIUM5.3Unverified Password Change in OctoPrint
from 0, < 1.8.3
MEDIUM4.4OctoPrint vulnerable to Insufficient Session Expiration.
from 0, < 40e6217ac1a85cc5ed592873ae49db01d3005da4 | from 0, < 1.8.3
MEDIUM4.4OctoPrint vulnerable to Insufficient Session Expiration.
from 0, < 1.8.3
MEDIUM4.3OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
from 0, < 41ff431014edfa18ca1a01897b10463934dc7fc2 | from 0, < 1.11.0
MEDIUM4.3OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
from 0, < 1.11.0
MEDIUM4.2OctoPrint Unverified Password Change via Access Control Settings
from 0, < 1.10.0rc1
MEDIUM4.2OctoPrint Unverified Password Change via Access Control Settings
from 0, < 1729d167b4ae4a5835bbc7211b92c6828b1c4125 | from 0, < 1.10.0rc1
MEDIUM4.0XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
from 0, < 779894c1bc6478332d14bc9ed1006df1354eb517, < 779894c1bc6478332d14bc9ed1006df1354eb517 | from 0, < 1.10.0
MEDIUM4.0XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
from 0, < 1.10.0rc3
LOW3.7OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type
from 0, < 1.8.3
LOW3.7OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type
from 0, < 3e3c11811e216fb371a33e28412df83f9701e5b0 | from 0, < 1.8.3
LOW3.7OctoPrint does not have rate limiting on the login page
from 0, <= 1.7.3
—OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
from 0, < 1.11.4