7 matches found
EUVD-2026-27235
An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...
CVE-2026-5115
The PaperCut NG/MF specifically, the embedded application for Konica Minolta devices is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered that the...
EUVD-2026-17273
The PaperCut NG/MF specifically, the embedded application for Konica Minolta devices is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered that the...
Malicious code in techdocs-cli-embedded-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6523ca476cc6b141bf6eb3cc01162248af09aeb7f527940ba0927c5961fbf35 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6445 Malicious code in techdocs-cli-embedded-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6523ca476cc6b141bf6eb3cc01162248af09aeb7f527940ba0927c5961fbf35 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Shopify: XSS in $shop$.myshopify.com/admin/ via twine template injection in "Shopify.API.Modal.input" method when using a malicious app
Description The Shopify Embedded App SDK is used to facilitate limited interactions with parent page /admin/apps/$id from an embedded app within the shop admin interface. The SDK has multiple methods which allow an app to interact with the user which execute in the context of the admin domain and...
Shopify: XSS in $shop$.myshopify.com/admin/ via "Button Objects" in malicious app
This report is similar in impact, exploitability and root-cause as report 205701 requiring an additional step of user-interaction. Description The Shopify Embedded App SDK is used to facilitate limited interactions with parent page /admin/apps/$id from an embedded app within the shop admin...