Every CVE whose affected-product data names Papercut Papercut Mf, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (29)
CVE-2019-8948 — CVSS 9.8 (critical): PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163.
CVE-2023-39143 — CVSS 9.8 (critical): PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files…
CVE-2019-12135 — CVSS 9.8 (critical): An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier…
CVE-2024-1222 — CVSS 8.6 (high): This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This…
CVE-2023-3486 — CVSS 8.2 (high): An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload…
CVE-2026-6180 — CVSS 8.1 (high): A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network…
CVE-2024-3037 — CVSS 7.8 (high): An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To…
CVE-2024-8404 — CVSS 7.8 (high): An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To…
CVE-2024-4712 — CVSS 7.8 (high): An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific…
CVE-2023-6006 — CVSS 7.8 (high): This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must…
CVE-2014-2657 — CVSS 7.5 (high): Unspecified vulnerability in the print release functionality in PaperCut MF before 14.1 (Build 26983) has unknown impact and remote…
CVE-2026-5115 — CVSS 7.5 (high): The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut…
CVE-2024-1654 — CVSS 7.2 (high): This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have…
CVE-2024-1882 — CVSS 7.2 (high): This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code…
CVE-2023-39469 — CVSS 7.2 (high): PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
CVE-2014-2659 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to…
CVE-2023-31046 — CVSS 6.5 (medium): A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could…
CVE-2024-1884 — CVSS 6.5 (medium): This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the…
CVE-2024-1883 — CVSS 6.3 (medium): This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by…
CVE-2024-8405 — CVSS 6.1 (medium): An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific…
CVE-2024-9672 — CVSS 5.4 (medium): A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created…
CVE-2014-2658 — CVSS 5.0 (medium): Unspecified vulnerability in Papercut MF and NG before 14.1 (Build 26983) allows attacker to cause a denial of service via unknown vectors.
CVE-2026-6418 — CVSS 4.9 (medium): An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows…
CVE-2024-1223 — CVSS 4.8 (medium): This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have…
CVE-2026-4794 — CVSS 4.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject…
CVE-2024-1221 — CVSS 3.1 (low): This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the…