Approved changes feed: RSS · Atom

cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorPapercut (5a23865c-3ba8-545b-b35e-5012dab36247)
ProductPapercut Mf (9bdfbf9f-8699-5668-bdad-c05048d30c67)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-6418 vulnerable 2026-06-08 08:07:04.769398 PaperCut NG/MF: Path Traversal in Shared Account Synchronization
An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with administrative privileges can specify arbitrary file paths on the local file system. This allows for the enumeration of directory structures and the unauthorized reading of sensitive text-based configuration or system files. When the synchronization process is triggered, the application attempts to parse the contents of the specified file, subsequently exposing the data within the application's account management interface. This vulnerability could lead to the disclosure of sensitive system information or configuration details, depending on the permissions of the service account under which the application is running.
Published: 2026-05-05T06:21:37.345Z
Updated: 2026-06-16T05:03:05.377Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-6180 vulnerable 2026-06-08 08:07:04.526009 PaperCut MF: Card truncation on HP readers
A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence counters, the server may incorrectly process fragmented data chunks. If a sequence reset notification fails to reach the server, the server may reject the initial data chunk while erroneously accepting subsequent chunks before a connection reset completes. This leads to the registration of a truncated badge ID string. While this typically results in an authentication failure, the vulnerability is compounded in environments utilizing custom badge-ID post-processing scripts. In such configurations, the truncated string may be transformed into a valid ID belonging to a different user, leading to unauthorized session establishment (Incorrect User Login) on the device.
Published: 2026-05-05T06:19:44.725Z
Updated: 2026-05-05T14:13:10.635Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-5115 vulnerable 2026-06-08 08:07:03.013804 Session hijacking in PaperCut NG/MF embedded application for Konica Minolta devices
The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an  attack on the device. Such an attack could potentially be used to steal data or to perform a phishing attack on the end user.
Published: 2026-03-31T00:54:48.889Z
Updated: 2026-03-31T13:59:35.485Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-4794 vulnerable 2026-06-08 08:07:02.369466 Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF
Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This could be used to compromise other admininistrator's sessions or perform unauthorized actions via the administrator's authenticated context (e.g. requires an active login session).
Published: 2026-03-31T00:39:56.135Z
Updated: 2026-03-31T14:03:59.735Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-9672 vulnerable 2026-06-08 07:00:28.450121 Reflected XSS in PaperCut MF
A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created JavaScript payloads in the browser. A user must click on a malicious link for this issue to occur.
Published: 2024-12-09T23:49:55.535Z
Updated: 2024-12-10T16:08:48.582Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-8405 vulnerable 2026-06-08 07:00:24.516044 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-8404 vulnerable 2026-06-08 07:00:24.513496 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-4712 vulnerable 2026-06-08 06:50:18.476065 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-3037 vulnerable 2026-06-08 06:41:52.257333 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-1884 vulnerable 2026-06-08 06:27:14.821485 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-1883 vulnerable 2026-06-08 06:27:14.820694 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-1882 vulnerable 2026-06-08 06:27:14.819737 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-1654 vulnerable 2026-06-08 06:27:14.001521 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-1223 vulnerable 2026-06-08 06:25:39.602102 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-1222 vulnerable 2026-06-08 06:25:39.601059 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-1221 vulnerable 2026-06-08 06:25:39.599074 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-6006 vulnerable 2026-06-08 06:19:45.389009 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-3486 vulnerable 2026-06-08 06:09:39.715557 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-39469 vulnerable 2026-06-08 06:09:37.548470 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-39143 vulnerable 2026-06-08 06:09:35.808017 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-31046 vulnerable 2026-06-08 06:04:41.723665 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-2533 vulnerable 2026-06-08 06:02:42.486249 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-27351 vulnerable 2026-06-08 05:57:40.942045 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-27350 vulnerable 2026-06-08 05:57:40.940126 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-8948 vulnerable 2026-06-08 05:14:24.738139 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-12135 vulnerable 2026-06-08 05:12:38.590017 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-2659 vulnerable 2026-06-08 05:05:29.494356 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-2658 vulnerable 2026-06-08 05:05:29.479765 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.