Vulnerabilities > Papercut > Papercut MF > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2024-8404 | Link Following vulnerability in Papercut NG An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. | 7.8 |
| 2023-07-25 | CVE-2023-3486 | Unrestricted Upload of File with Dangerous Type vulnerability in Papercut MF An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. | 7.5 |
| 2023-06-20 | CVE-2023-2533 | Cross-Site Request Forgery (CSRF) vulnerability in Papercut MF and Papercut NG A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. | 8.8 |
| 2023-04-20 | CVE-2023-27351 | Improper Authentication vulnerability in Papercut MF and Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 7.5 |
| 2019-06-06 | CVE-2019-12135 | Unspecified vulnerability in Papercut MF and Papercut NG An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier allows remote attackers to execute arbitrary code via an unspecified vector. | 7.5 |
| 2019-02-20 | CVE-2019-8948 | Injection vulnerability in Papercut MF and Papercut NG PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163. | 7.5 |
| 2014-04-28 | CVE-2014-2657 | Security vulnerability in Papercut MF 14.1 Unspecified vulnerability in the print release functionality in PaperCut MF before 14.1 (Build 26983) has unknown impact and remote vectors, related to embedded MFPs. | 7.5 |