Horizon3.ai researchers have published some details (but no PoC for now, thankfully!) about CVE-2023-39143, two vulnerabilities in PaperCut application servers that could be exploited by unauthenticated attackers to execute code remotely. But, they noted, unlike the PaperCut vulnerability (CVE-2023-27350) recently leveraged by Clop and LockBit ransomware affiliates, CVE-2023-39143 is not a “one-shot” RCE bug.
Source: Help Net Security