Vulnerabilities > Papercut > Papercut NG > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-22 | CVE-2023-39470 | Unspecified vulnerability in Papercut NG PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. | 7.2 |
| 2024-09-26 | CVE-2024-8404 | Link Following vulnerability in Papercut NG An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. | 7.8 |
| 2024-05-14 | CVE-2024-4712 | Unspecified vulnerability in Papercut MF An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the image-handler process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. | 7.8 |
| 2024-05-14 | CVE-2024-3037 | Files or Directories Accessible to External Parties vulnerability in Papercut MF An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. | 7.8 |
| 2024-05-03 | CVE-2023-39469 | Code Injection vulnerability in Papercut MF PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. | 7.2 |
| 2024-03-14 | CVE-2024-1882 | Unspecified vulnerability in Papercut MF This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server. | 7.2 |
| 2024-03-14 | CVE-2024-1654 | Unspecified vulnerability in Papercut MF This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. | 7.2 |
| 2023-07-25 | CVE-2023-3486 | Unrestricted Upload of File with Dangerous Type vulnerability in Papercut MF An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. | 7.5 |
| 2023-06-20 | CVE-2023-2533 | Cross-Site Request Forgery (CSRF) vulnerability in Papercut MF and Papercut NG A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. | 8.8 |
| 2023-04-20 | CVE-2023-27351 | Unspecified vulnerability in Papercut MF and Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 7.5 |