CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

181 matches found

PaperCut NG - Authentication Bypass

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper...

8.2CVSS7.5AI score0.83284EPSS

Exploits0References3

Tenable Nessus•added 2026/05/07 12:0 a.m.•1 views

PaperCut NG < 25.0.11 Path Traversal (CVE-2026-6418)

The version of PaperCut NG installed on the remote Windows host is prior to 25.0.11. It is, therefore, affected by a vulnerability: - A path traversal vulnerability exists in the Shared Account Synchronization component of PaperCut NG/MF. Due to a lack of proper path validation and sanitization, ...

4.9CVSS6AI score0.00039EPSS

Exploits0References2

Tenable Nessus•added 2026/04/27 12:0 a.m.•0 views

PaperCut NG < 25.0.10 XSS (CVE-2026-4794)

The version of PaperCut NG installed on the remote Windows host is prior to 25.0.10. It is, therefore, affected by a vulnerability: - Multiple cross-site scripting XSS vulnerabilities allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This...

4.8CVSS5.2AI score0.00014EPSS

Exploits0References2

Vulnrichment•added 2026/03/31 12:54 a.m.•1 views

CVE-2026-5115 Session hijacking in PaperCut NG/MF embedded application for Konica Minolta devices

The PaperCut NG/MF specifically, the embedded application for Konica Minolta devices is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered that the...

6.9CVSS5.8AI score0.00043EPSS

Exploits0References1

Vulnrichment•added 2026/03/31 12:39 a.m.•0 views

CVE-2026-4794 Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF

Multiple cross-site scripting XSS vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This could be used to compromise other admininistrator's sessions or perform unauthorized actions via the...

2.1CVSS5.9AI score0.00014EPSS

Exploits0References1

ATTACKERKB•added 2026/03/31 12:39 a.m.•1 views

CVE-2026-4794

2.1CVSS5.9AI score0.00014EPSS

Exploits0References2

CVE•added 2026/03/31 12:39 a.m.•7 views

CVE-2026-4794

CVE-2026-4794 involves multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF, affecting versions before 25.0.10. The flaws allow authenticated administrator users to inject arbitrary web script or HTML via various UI fields, which could be used to compromise other administrators’ ...

4.8CVSS5.9AI score0.00014EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/03/31 12:0 a.m.•3 views

PaperCut NG/MF 安全漏洞

PaperCut NG/MF is a printing management system developed by PaperCut Corporation. Versions of PaperCut NG/MF prior to 25.0.10 contained security vulnerabilities. These vulnerabilities stemmed from cross-site scripting vulnerabilities in multiple UI fields, which could allow for the injection of...

4.8CVSS5.8AI score0.00014EPSS

Exploits0References1

Positive Technologies•added 2026/03/31 12:0 a.m.•1 views

PT-2026-29169

2.1CVSS5.9AI score0.00014EPSS

Exploits0References2

CNNVD•added 2026/03/31 12:0 a.m.•3 views

PaperCut NG/MF 安全漏洞

PaperCut NG/MF is a printing management system developed by PaperCut Corporation. There is a security vulnerability in PaperCut NG/MF. This vulnerability stems from an insecure communication channel between the embedded application and the server, which could lead to data leaks. These leaked data...

7.5CVSS5.8AI score0.00043EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:33 p.m.•7 views

CVE-2023-31046

A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach...

6.5CVSS6.7AI score0.00194EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:25 a.m.•5 views

CVE-2023-4568

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch...

6.5CVSS7.2AI score0.78159EPSS

Exploits2References1