604 matches found
[SECURITY] Fedora 44 Update: openssh-10.2p1-8.fc44
SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...
Attacking the MCP Trust Boundary
Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol MCP, the fast-growing standard for connecting AI agents to external services, inherits that gap...
CVE-2026-6066
ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...
CVE-2026-6066 Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center
ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...
EUVD-2026-23533
Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic...
CVE-2026-40434
Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic...
CVE-2026-40434
CVE-2026-40434 affects Anviz CrossChex Standard and is due to improper verification of the source of a communication channel, enabling an adjacent attacker on the same network to inject TCP packets and modify or disrupt client/server traffic. The documented impact is high (I/H, A/H) with no user ...
PT-2026-33503
Name of the Vulnerable Software and Affected Versions Anviz CrossChex Standard affected versions not specified Description The software lacks source verification in the client/server channel. This allows an attacker on the same network to perform TCP packet injection to alter or disrupt applicati...
[SECURITY] Fedora 42 Update: openssh-9.9p1-13.fc42
SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...
[SECURITY] Fedora 43 Update: openssh-10.0p1-7.fc43
SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...
SUSE CVE-2026-27951
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function StreamEnsureCapacity can create an endless blocking loop. This may affect all client and server implementations using FreeRDP. For practical exploitation this will only work on 32bit systems whe...
CVE-2026-27951
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function StreamEnsureCapacity can create an endless blocking loop. This may affect all client and server implementations using FreeRDP. For practical exploitation this will only work on 32bit systems whe...
jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions
Impact User control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF file...
EulerOS Virtualization 2.10.1 : rsync (EulerOS-SA-2026-1145)
According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destinati...
SUSE CVE-2026-23737
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...
CVE-2026-23737 seroval Affected by Remote Code Execution via JSON Deserialization
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...
seroval Affected by Remote Code Execution via JSON Deserialization
Improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. The vulnerability can be exploited via overriding constant value and error deserialization, which allows indirect access to unsafe JS evaluation. This requires at least the ability to...
[SECURITY] Fedora 42 Update: openssh-9.9p1-12.fc42
SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...
CVE-2023-4537
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...
Siemens OpenSSL 3.0 Buffer Overflow (CVE-2022-3786)
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...