CVE-2026-7824

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

CVE-2026-7824 PaperCut Hive (Ricoh): Plain text password in logs

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

CVE-2026-7824 PaperCut Hive (Ricoh): Plain text password in logs

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

CVE-2026-6418 PaperCut NG/MF: Path Traversal in Shared Account Synchronization

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

CVE-2026-6418

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

CVE-2026-6418 PaperCut NG/MF: Path Traversal in Shared Account Synchronization

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

CVE-2026-6418

PaperCut MF (version 25.0.4) Shared Account Synchronization contains a path traversal in which an authenticated administrator can specify arbitrary local file paths for account data synchronization due to insufficient path validation and sanitization. When the synchronization runs, the system par...

CVE-2026-6180 PaperCut MF: Card truncation on HP readers

A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence counters, the server may incorrectly process fragmented data chunks. If a sequence reset notificatio...

CVE-2026-6180

PaperCut MF/NG suffers a race condition in processing badge-swipe data from certain HP devices, under dropped/out-of-order packet conditions. The issue can cause a truncated badge ID to be registered, and in environments with custom badge-ID post-processing scripts, the truncated value may map to...

PaperCut MF 输入验证错误漏洞

PaperCut MF is a multi-functional printer control software developed by the Australian company PaperCut. There is an input validation vulnerability in PaperCut MF, which stems from race conditions when processing card data from certain HP multifunctional devices. Under specific network conditions...

PaperCut Hive 日志信息泄露漏洞

PaperCut Hive is a cloud-based printing management solution developed by the Australian company PaperCut. PaperCut Hive has a vulnerability related to log information leakage. This vulnerability arises from the recording of plaintext management credentials when the deep logging mode is enabled...

PT-2026-36984

Name of the Vulnerable Software and Affected Versions PaperCut Hive Ricoh embedded application affected versions not specified Description An issue exists where the application records administrative credentials in plain text within log files when the "Deep Logging" diagnostic mode is enabled. An...

PT-2026-36983

Name of the Vulnerable Software and Affected Versions PaperCut MF version 25.0.4 Description An issue in the Shared Account Synchronization component allows authenticated administrative users to specify arbitrary file paths on the local file system due to insufficient path validation and...

PT-2026-36982

Name of the Vulnerable Software and Affected Versions PaperCut MF affected versions not specified Description A race condition occurs when processing badge-swipe data from specific HP multifunction devices. Under certain network conditions involving dropped packets and out-of-order sequence...

PaperCut MF 安全漏洞

PaperCut MF is a multi-functional printer control software developed by the Australian company PaperCut. Version 25.0.4 of PaperCut MF contains a security vulnerability. This vulnerability stems from insufficient path validation and cleanup measures, which may allow authenticated administrators t...

PaperCut NG < 25.0.10 XSS (CVE-2026-4794)

The version of PaperCut NG installed on the remote Windows host is prior to 25.0.10. It is, therefore, affected by a vulnerability: - Multiple cross-site scripting XSS vulnerabilities allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This...

PaperCut MF < 25.0.10 XSS (CVE-2026-4794)

The version of PaperCut MF installed on the remote Windows host is prior to 25.0.10. It is, therefore, affected by a vulnerability: - Multiple cross-site scripting XSS vulnerabilities allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This...

PaperCut MF < 25.0.5 Session Hijacking (CVE-2026-5115)

The version of PaperCut MF installed on the remote Windows host is prior to 25.0.5. It is, therefore, affected by a vulnerability: - The PaperCut MF embedded application for Konica Minolta devices is vulnerable to session hijacking. The communication channel between the embedded application and t...

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities KEV catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vulnerabilities is as...

CISA Adds Eight Known Exploited Vulnerabilities to Catalog

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2023-27351link is external PaperCut NG/MF Improper Authentication Vulnerability CVE-2024-27199link is external JetBrains TeamCity Relative Path Traversal...