353 matches found
PaperCut NG - Authentication Bypass
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper...
PaperCut NG Unauthenticated XMLRPC Functionality
PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch. id: CVE-2023-4568 info: name: PaperCut NG Unauthenticated XMLRPC Functionality...
PaperCut < 22.1.3 - Path Traversal
PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files. id: CVE-2023-39143 info: name: PaperCut 22.1.3 - Path Traversal author: pdteam severity: critical description: PaperCut NG and PaperCut MF before 22.1.3...
Exploit for Improper Access Control in Papercut Papercut_Mf
CVE-2023-27350 — PaperCut NG/MF Authentication Bypass & RCE S...
PaperCut - Unauthenticated Remote Code Execution
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. ...
PaperCut NG < 25.0.11 Path Traversal (CVE-2026-6418)
The version of PaperCut NG installed on the remote Windows host is prior to 25.0.11. It is, therefore, affected by a vulnerability: - A path traversal vulnerability exists in the Shared Account Synchronization component of PaperCut NG/MF. Due to a lack of proper path validation and sanitization, ...
PaperCut NG < 24.1.9 / 25.x < 25.0.10 Race Condition (CVE-2026-6180)
The version of PaperCut NG installed on the remote Windows host is prior to 24.1.9 or 25.x prior to 25.0.10. It is, therefore, affected by a vulnerability: - A race condition exists in PaperCut NG/MF when processing badge-swipe data from certain HP multifunction devices. Under specific network...
PaperCut MF < 24.1.9 / 25.x < 25.0.10 Race Condition (CVE-2026-6180)
The version of PaperCut MF installed on the remote Windows host is prior to 24.1.9 or 25.x prior to 25.0.10. It is, therefore, affected by a vulnerability: - A race condition exists in PaperCut NG/MF when processing badge-swipe data from certain HP multifunction devices. Under specific network...
PaperCut MF < 25.0.11 Path Traversal (CVE-2026-6418)
The version of PaperCut MF installed on the remote Windows host is prior to 25.0.11. It is, therefore, affected by a vulnerability: - A path traversal vulnerability exists in the Shared Account Synchronization component of PaperCut NG/MF. Due to a lack of proper path validation and sanitization, ...
EUVD-2026-27235
An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...
EUVD-2026-27231
A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence counters, the server may incorrectly process fragmented data chunks. If a sequence reset notificatio...
CVE-2026-7824
An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...
CVE-2026-6418
An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...
CVE-2026-6180
A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence counters, the server may incorrectly process fragmented data chunks. If a sequence reset notificatio...
CVE-2026-7824 PaperCut Hive (Ricoh): Plain text password in logs
An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...
CVE-2026-7824 PaperCut Hive (Ricoh): Plain text password in logs
An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...
CVE-2026-7824
An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...
CVE-2026-7824
CVE-2026-7824 – PaperCut Hive (Ricoh) : In the PaperCut Hive Ricoh embedded application, enabling the diagnostic/Deep Logging mode causes administrative credentials to be recorded in plain text in log files. An attacker with administrative access to the PaperCut Hive management portal can remotel...
CVE-2026-6418 PaperCut NG/MF: Path Traversal in Shared Account Synchronization
An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...
CVE-2026-6418
PaperCut MF (version 25.0.4) Shared Account Synchronization contains a path traversal in which an authenticated administrator can specify arbitrary local file paths for account data synchronization due to insufficient path validation and sanitization. When the synchronization runs, the system par...