CVE-2024-8405
published 2024-09-26CVE-2024-8405: An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within…
PriorityP424medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
0.24%
14.8th percentile
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack.
Note:
This CVE has been split from CVE-2024-4712.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| papercut | papercut_mf | < 23.0.9 | 23.0.9 |
| papercut | papercut_ng | < 23.0.9 | 23.0.9 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-4794 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.2
CVE-2026-4794 [HIGH] CVE-2026-4794 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4794 :
PaperCut NG vulnerability analysis and mitigation
Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This could be used to compromise other admininistrator's sessions or perform unauthorized actions via the administrator's authenticated context (e.g. requires an active login session).
Source : NVD
## 2.1
Score
Published March 31, 2026
Severity LOW
CNA Score 2.1
Affected Technologies
PaperCut NG
PaperCut MF
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
Wiz
CVE-2026-5115 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-5115 [HIGH] CVE-2026-5115 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5115 :
PaperCut MF vulnerability analysis and mitigation
The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device.
It was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an attack on the device. Such an attack could potentially be used to steal data or to perform a phishing attack on the end user.
Source : NVD
## 3.6
Score
Published March 31, 2026
Severity LOW
CNA Score 3.6
Affected Technologies
PaperCut MF
Has Public Exploit N
2024-09-26
Published