10

CVSS4.0

CVE-2025-34221 - Vasion Print (formerly PrinterLogic)

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 25.2.1518 (VA/SaaS deployments) expose every internal Docker container to the network because firewall rules allow unrestricted traffic to the Docker bridge network. Because no aut…

📅 Published: Sept. 29, 2025, 8:43 p.m. 🔄 Last Modified: Nov. 17, 2025, 11:56 p.m.

9.4

CVSS4.0

CVE-2025-34215 - Vasion Print (formerly PrinterLogic) Unauthenticated Firmware Update Endpoint RCE

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose an unauthenticated firmware-upload flow: a public page returns a signed token usable at va-api/v1/update, and every Docker image contains th…

📅 Published: Sept. 29, 2025, 8:43 p.m. 🔄 Last Modified: Nov. 17, 2025, 11:56 p.m.

10

CVSS4.0

CVE-2025-34224 - Vasion Print (formerly PrinterLogic) Unauthenticated Device Modification

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose a set of PHP scripts under the `console_release` directory without requiring authentication. An unauthenticated remote attacker can invoke …

📅 Published: Sept. 29, 2025, 8:42 p.m. 🔄 Last Modified: Nov. 17, 2025, 11:56 p.m.

6.9

CVSS4.0

CVE-2025-34220 - Vasion Print (formerly PrinterLogic) Unauthenticated API Leaks Group Information

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contains a /api-gateway/identity/search-groups endpoint that does not require authentication. Requests to https://<tenant>.printercloud10.com/api-ga…

📅 Published: Sept. 29, 2025, 8:42 p.m. 🔄 Last Modified: Nov. 17, 2025, 11:56 p.m.

10

CVSS4.0

CVE-2025-34222 - Vasion Print (formerly PrinterLogic) Unauthenticated Admin APIs Used to Modify SSL Certificates

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose four admin routes – /admin/hp/cert_upload, /admin/hp/cert_delete, /admin/certs/ca, and /admin/certs/serviceclients/{scid} – without any auth…

📅 Published: Sept. 29, 2025, 8:41 p.m. 🔄 Last Modified: Nov. 17, 2025, 11:56 p.m.

8.8

CVSS4.0

CVE-2025-34228 - Vasion Print (formerly PrinterLogic) SSRF via Lexmark update.php

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `/var/www/app/console_release/lexmark/update.php` script is reachable from the inter…

📅 Published: Sept. 29, 2025, 8:41 p.m. 🔄 Last Modified: Nov. 17, 2025, 11:56 p.m.

6.9

CVSS4.0

CVE-2025-34229 - Vasion Print (formerly PrinterLogic) Blind SSRF via HP installApp.php

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery (SSRF) vulnerability reachable via the /var/www/app/console_release/hp/installApp.php script that can be…

📅 Published: Sept. 29, 2025, 8:41 p.m. 🔄 Last Modified: Nov. 17, 2025, 11:56 p.m.

6.9

CVSS4.0

CVE-2025-34230 - Vasion Print (formerly PrinterLogic) Blind SSRF via HP log_off_single_sign_on.php

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery (SSRF) vulnerability reachable via the /var/www/app/console_release/hp/log_off_single_sign_on.php script…

📅 Published: Sept. 29, 2025, 8:40 p.m. 🔄 Last Modified: Nov. 17, 2025, 11:56 p.m.

8.8

CVSS4.0

CVE-2025-34231 - Vasion Print (formerly PrinterLogic) SSRF via HP badgeSetup.php

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind and non-blind server-side request forgery (SSRF) vulnerability. The '/var/www/app/console_release/hp/badgeSetup.php' script is reach…

📅 Published: Sept. 29, 2025, 8:40 p.m. 🔄 Last Modified: Nov. 17, 2025, 11:56 p.m.

8.8

CVSS4.0

CVE-2025-34225 - Vasion Print (formerly PrinterLogic) SSRF via console_release Directory

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `console_release` directory is reachable from the internet without any authenticatio…

📅 Published: Sept. 29, 2025, 8:39 p.m. 🔄 Last Modified: Nov. 17, 2025, 11:56 p.m.
Total resulsts: 349182
Page 3640 of 34,919
« previous page » next page
Filters