Skip to main content

Papercut Ng

23 CVEs product

Monthly

CVE-2024-9672 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Papercut Mf Papercut Ng
NVD
CVSS 4.0
6.3
EPSS
0.2%
CVE-2024-8405 MEDIUM This Month

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Denial Of Service Microsoft Papercut Mf Papercut Ng
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-8404 HIGH This Week

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Papercut Mf Papercut Ng
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-4712 HIGH This Week

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Microsoft Papercut Mf Papercut Ng
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-3037 HIGH This Week

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Papercut Mf Papercut Ng
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-1884 MEDIUM This Month

This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Papercut Mf Papercut Ng
NVD
CVSS 3.1
6.5
EPSS
37.9%
CVE-2024-1883 MEDIUM This Month

This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Papercut Mf Papercut Ng
NVD
CVSS 3.1
6.1
EPSS
61.5%
CVE-2024-1882 HIGH This Week

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Papercut Mf Papercut Ng
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-1654 HIGH This Week

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Papercut Mf Papercut Ng
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-1223 MEDIUM This Month

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Papercut Mf Papercut Ng
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-1222 CRITICAL Act Now

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Papercut Mf Papercut Ng
NVD
CVSS 3.1
9.8
EPSS
64.0%
CVE-2024-1221 LOW Monitor

This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Papercut Mf Papercut Ng
NVD
CVSS 3.1
3.1
EPSS
0.5%
CVE-2023-6006 MEDIUM This Month

This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Papercut Mf Papercut Ng
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2023-31046 MEDIUM This Month

A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Papercut Mf Papercut Ng
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-4568 MEDIUM POC This Month

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Papercut Ng
NVD
CVSS 3.1
6.5
EPSS
3.6%
CVE-2023-39143 CRITICAL POC THREAT Act Now

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Microsoft Papercut Mf Papercut Ng
NVD
CVSS 3.1
9.8
EPSS
78.7%
CVE-2023-3486 HIGH This Week

An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Papercut Mf Papercut Ng
NVD
CVSS 3.1
7.5
EPSS
75.8%
CVE-2023-2533 HIGH POC KEV THREAT This Week

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Papercut Mf Papercut Ng
NVD
CVSS 3.1
8.8
EPSS
29.2%
CVE-2023-27350 CRITICAL POC KEV THREAT Emergency

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Papercut Mf Papercut Ng
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2019-12135 CRITICAL Act Now

An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier allows remote attackers to execute arbitrary code via an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Papercut Mf Papercut Ng
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2019-8948 CRITICAL Act Now

PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Papercut Mf Papercut Ng
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2014-2658 MEDIUM This Month

Unspecified vulnerability in Papercut MF and NG before 14.1 (Build 26983) allows attacker to cause a denial of service via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Papercut Mf Papercut Ng
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-2659 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Papercut Mf Papercut Ng
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
EPSS 0% CVSS 6.3
MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Papercut Mf Papercut Ng
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Denial Of Service Microsoft +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Papercut Mf +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Microsoft +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Papercut Mf +1
NVD
EPSS 38% CVSS 6.5
MEDIUM This Month

This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Papercut Mf Papercut Ng
NVD
EPSS 61% CVSS 6.1
MEDIUM This Month

This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Papercut Mf Papercut Ng
NVD
EPSS 1% CVSS 7.2
HIGH This Week

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Papercut Mf Papercut Ng
NVD
EPSS 1% CVSS 7.2
HIGH This Week

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Papercut Mf Papercut Ng
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Papercut Mf Papercut Ng
NVD
EPSS 64% CVSS 9.8
CRITICAL Act Now

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Papercut Mf Papercut Ng
NVD
EPSS 1% CVSS 3.1
LOW Monitor

This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Papercut Mf +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Papercut Mf +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Papercut Mf Papercut Ng
NVD
EPSS 4% CVSS 6.5
MEDIUM POC This Month

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Papercut Ng
NVD
EPSS 79% CVSS 9.8
CRITICAL POC THREAT Act Now

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Microsoft +2
NVD
EPSS 76% CVSS 7.5
HIGH This Week

An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Papercut Mf +1
NVD
EPSS 29% CVSS 8.8
HIGH POC KEV THREAT This Week

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Papercut Mf +1
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Papercut Mf +1
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL Act Now

An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier allows remote attackers to execute arbitrary code via an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Papercut Mf Papercut Ng
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Papercut Mf Papercut Ng
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in Papercut MF and NG before 14.1 (Build 26983) allows attacker to cause a denial of service via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Papercut Mf Papercut Ng
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Papercut Mf Papercut Ng
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy