Vulnerabilities > Octoprint
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-23637 | Improper Authentication vulnerability in Octoprint 1.2.18 OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. | 4.9 |
| 2023-10-09 | CVE-2023-41047 | Unspecified vulnerability in Octoprint OctoPrint is a web interface for 3D printers. | 6.5 |
| 2022-10-19 | CVE-2022-3607 | Injection vulnerability in Octoprint Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3. | 6.0 |
| 2022-05-18 | CVE-2022-1430 | Cross-site Scripting vulnerability in Octoprint Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0. | 5.1 |
| 2022-05-18 | CVE-2022-1432 | Cross-site Scripting vulnerability in Octoprint Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0. | 4.6 |
| 2021-05-11 | CVE-2021-32560 | Unspecified vulnerability in Octoprint The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files. | 4.0 |
| 2021-05-11 | CVE-2021-32561 | Cross-site Scripting vulnerability in Octoprint OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters. | 4.3 |
| 2018-09-07 | CVE-2018-16710 | Information Exposure vulnerability in Octoprint OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. | 9.1 |