threat
engine
.sh
Back
·
··:··
Home
/
Product
/
papercut ng
Product
papercut ng
29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-6418
< 25.0.11
An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows ad
4.9
MEDIUM
CVE-2026-6180
< 24.1.9
A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific netw
8.1
HIGH
CVE-2026-4794
< 25.0.10
Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to i
4.8
MEDIUM
CVE-2024-9672
< 24.1.1
A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created
5.4
MEDIUM
CVE-2023-39470
< 22.1.1
PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remot
7.2
HIGH
CVE-2024-8405
< 23.0.9
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This s
6.1
MEDIUM
CVE-2024-8404
< 23.0.9
An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled.
7.8
HIGH
CVE-2024-4712
< 23.0.9
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This
7.8
HIGH
CVE-2024-3037
< 23.0.9
An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled.
7.8
HIGH
CVE-2023-39469
< 22.1.1
PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to
7.2
HIGH
CVE-2024-1884
< 20.1.10
This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to in
6.5
MEDIUM
CVE-2024-1883
< 20.1.10
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weak
6.3
MEDIUM
CVE-2024-1882
< 20.1.10
This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote cod
7.2
HIGH
CVE-2024-1654
< 20.1.10
This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must alre
7.2
HIGH
CVE-2024-1223
< 20.1.10
This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must alre
4.8
MEDIUM
CVE-2024-1222
< 20.1.10
This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privilege
8.6
HIGH
CVE-2024-1221
< 20.1.10
This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against t
3.1
LOW
CVE-2023-6006
< 23.0.1
This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker
7.8
HIGH
CVE-2023-31046
< 22.1.1
A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this
6.5
MEDIUM
CVE-2023-4568
<= 22.0.12
PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affect
6.5
MEDIUM
CVE-2023-39143
< 22.1.3
PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary
9.8
CRITICAL
CVE-2023-3486
< 22.1.3
An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to u
8.2
HIGH
CVE-2023-2533
< 20.1.8
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could p
8.4
HIGH
CVE-2023-27351
>= 15.0 and < 20.1.7
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914).
7.5
HIGH
CVE-2023-27350
>= 8.0 and < 20.1.7
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914).
9.8
CRITICAL
CVE-2019-12135
<= 18.3.8
An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and e
9.8
CRITICAL
CVE-2019-8948
< 18.3.6
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163.
9.8
CRITICAL
CVE-2014-2658
<= 14.1
Unspecified vulnerability in Papercut MF and NG before 14.1 (Build 26983) allows attacker to cause a denial of service via unknown
CVE-2014-2659
<= 14.1
Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote atta
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin