Vulnerabilities > Octoprint
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-23637 | Improper Authentication vulnerability in Octoprint OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. | 4.9 |
| 2023-10-09 | CVE-2023-41047 | Unspecified vulnerability in Octoprint OctoPrint is a web interface for 3D printers. | 6.5 |
| 2022-10-19 | CVE-2022-3607 | Injection vulnerability in Octoprint Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3. | 6.0 |
| 2022-09-21 | CVE-2022-2888 | Insufficient Session Expiration vulnerability in Octoprint If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists. | 4.4 |
| 2022-09-21 | CVE-2022-3068 | Improper Privilege Management vulnerability in Octoprint Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3. | 8.8 |
| 2022-09-21 | CVE-2022-2872 | Unrestricted Upload of File with Dangerous Type vulnerability in Octoprint Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3. | 5.4 |
| 2022-08-22 | CVE-2022-2930 | Unverified Password Change vulnerability in Octoprint Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3. | 7.8 |
| 2022-08-15 | CVE-2022-2822 | Improper Restriction of Excessive Authentication Attempts vulnerability in Octoprint An attacker can freely brute force username and password and can takeover any account. | 7.5 |
| 2022-05-18 | CVE-2022-1430 | Cross-site Scripting vulnerability in Octoprint Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0. | 7.5 |
| 2022-05-18 | CVE-2022-1432 | Cross-site Scripting vulnerability in Octoprint Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0. | 6.4 |