Logo
Retour à la veille

CVE-2026-56809

Publié : 30 juin 2026
Modifié : 30 juin 2026
Lien officiel NVD
Score CVSS
6.1
MEDIUM

Description détaillée

Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses Web Image Monitor.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Références et Patchs

https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2026-000005https://jvn.jp/en/jp/JVN48718197/https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2026-000005

Dernières Vulnérabilités

CVE-2026-45822

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on '%' producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately 33s. An attacker can cause significant CPU consumption and event-loop blocking via crafted input.

VOIR DÉTAILS

CVE-2026-12578

The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.

VOIR DÉTAILS

CVE-2026-9576

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII (name, email, phone, address, payment information) from calendar groups they do not own.

VOIR DÉTAILS