2279 matches found
Brother Printers – Authentication Bypass via Default Admin Password
By leaking a target device's serial number, a remote attacker can generate the target device's default administrator password. The target device may leak its serial number via unauthenticated HTTP, HTTPS, IPP, SNMP, or PJL requests. id: CVE-2024-51978 info: name: Brother Printers – Authentication...
Brother MFC-L9570CDW - Information Disclosure
An unauthenticated attacker who can access either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631, can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mntinfo.csv can be accessed via a GET request and no...
Sharp Multifunction Printers - Cookie Exposure
It was observed that Sharp printers are vulnerable to a listing of session cookies without authentication. Any attacker can list valid cookies by visiting a backdoor webpage and use them to authenticate to the printers. id: CVE-2024-33610 info: name: Sharp Multifunction Printers - Cookie Exposure...
EUVD-2025-210448
Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be...
CVE-2025-63579
Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be...
CVE-2025-63579
CVE-2025-63579 affects Kyocera devices using Command Center RX for various TASKalfa models (e.g., 2552ci, 3252ci, 2553ci, 3253ci, 3554ci, 4052ci, 5052ci, 6052ci, 7052ci, 8052ci, 7353ci, 8353ci, 2554ci, 3254ci, 505). The description reports that unauthorized access can export all information store...
CVE-2025-63579
Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be...
CVE-2025-63579
Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be...
[SECURITY] Fedora 43 Update: hplip-3.26.4-7.fc43
The Hewlett-Packard Linux Imaging and Printing Project provides drivers for HP printers and multi-function peripherals...
CVE-2026-13753
A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...
Reflected cross-site scripting vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor
Overview Web Image Monitor provided by Ricoh Company, Ltd. is a web server that is included in and runs on laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Reflected cross-site scripting CWE-79 - CVE-2026-56809 Tomasz Holeksa of Pentest...
CVE-2026-56809
Multiple laser printers and MFPs multifunction printers which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses a crafted URL...
CVE-2026-56809
Multiple laser printers and MFPs multifunction printers which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses a crafted URL...
EUVD-2026-40255
Multiple laser printers and MFPs multifunction printers which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses Web Image Monitor...
CVE-2026-56809
Multiple laser printers and MFPs multifunction printers which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses a crafted URL...
CVE-2026-56809
Multiple laser printers and MFPs multifunction printers which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses a crafted URL...
CVE-2026-56809
CVE-2026-56809 concerns Ricoh Web Image Monitor on multiple laser printers/MFPs. The vulnerability is a reflected cross-site scripting flaw that allows arbitrary script execution in the web browser of a user who accesses the Web Image Monitor. Reported impact is browser-side, with confidentiality...
PT-2026-53822
Name of the Vulnerable Software and Affected Versions Ricoh Web Image Monitor affected versions not specified Description Ricoh Web Image Monitor contains a reflected cross-site scripting issue. This allows an arbitrary script to be executed within the web browser of a user who accesses the...
Astra Linux – Vulnerability in cups
OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and earlier, there was a use-after-free vulnerability in the CUPS scheduler cupsd when temporary printers were automatically deleted. The cupsdDeleteTemporaryPrinters function i...
Lexmark Printers Cross-site Scripting (CVE-2019-18791)
Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser. This plugin only works with Tenable.ot. Please visit...