cbcvebase.

Papercut Ng Mf vulnerabilities

5 known vulnerabilities affecting papercut/papercut_ng_mf.

Total CVEs
5
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-2533P1HIGHCVSS 8.8KEVPoC≥ 22.0.10, < 2.1.12023-06-20
CVE-2023-2533 [HIGH] CWE-352 CVE-2023-2533: A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, unde A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of de
nvd
CVE-2026-6180P3HIGHCVSS 8.1fixed in 24.1.9fixed in 25.0.102026-05-05
CVE-2026-6180 [HIGH] CWE-20 CVE-2026-6180: A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunctio A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence counters, the server may incorrectly process fragmented data chunks. If a sequence reset notification fails to reach the server, the server may reject the init
nvd
CVE-2026-5115P3HIGHCVSS 7.5fixed in 25.0.5fixed in 25.0.9 (KM certified)2026-03-31
CVE-2026-5115 [HIGH] CWE-319 CVE-2026-5115: The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered that the communication channel between the embedded application and the
nvd
CVE-2026-6418P4MEDIUMCVSS 4.9fixed in 25.0.112026-05-05
CVE-2026-6418 [MEDIUM] CWE-36 CVE-2026-6418: An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0 An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with administrative privileges can specify arbitrary file path
nvd
CVE-2026-4794P4MEDIUMCVSS 4.8fixed in 25.0.102026-03-31
CVE-2026-4794 [MEDIUM] CWE-79 CVE-2026-4794: Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authentic Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This could be used to compromise other admininistrator's sessions or perform unauthorized actions via the administrator's authenticated context (e.g. requires a
nvd
Papercut Ng Mf vulnerabilities | cvebase