CVE-2023-27351 is the official identifier for an improper authentication vulnerability in PaperCut NG/MF. CISA added it to the Known Exploited Vulnerabilities catalog and marked known ransomware campaign use as Known, which makes this an urgent remediation item rather than a routine patch cycle issue. Follow vendor mitigation guidance, use CISA’s required-action guidance for cloud services where applicabl [truncated]
CVE-2023-2533 is a PaperCut NG/MF cross-site request forgery (CSRF) vulnerability that CISA has added to its Known Exploited Vulnerabilities catalog. For defenders, the key signal is not just the vulnerability class but the fact that it is treated as known-exploited by CISA, with a remediation due date of 2025-08-18 in the supplied record. Organizations running PaperCut NG/MF should treat this as a priori [truncated]
CVE-2023-27350 is an improper access control issue affecting PaperCut MF/NG. CISA added it to the Known Exploited Vulnerabilities catalog on 2023-04-21 and marked it as having known ransomware campaign use, so this should be treated as a high-priority patching item.
