CVE-2026-6066 Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...

EUVD-2026-23533

Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic...

CVE-2026-40434

Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic...

CVE-2026-40434

CVE-2026-40434 affects Anviz CrossChex Standard and is due to improper verification of the source of a communication channel, enabling an adjacent attacker on the same network to inject TCP packets and modify or disrupt client/server traffic. The documented impact is high (I/H, A/H) with no user ...

PT-2026-33503

Name of the Vulnerable Software and Affected Versions Anviz CrossChex Standard affected versions not specified Description The software lacks source verification in the client/server channel. This allows an attacker on the same network to perform TCP packet injection to alter or disrupt applicati...

[SECURITY] Fedora 42 Update: openssh-9.9p1-13.fc42

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

[SECURITY] Fedora 43 Update: openssh-10.0p1-7.fc43

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

SUSE CVE-2026-27951

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function StreamEnsureCapacity can create an endless blocking loop. This may affect all client and server implementations using FreeRDP. For practical exploitation this will only work on 32bit systems whe...

CVE-2026-27951

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function StreamEnsureCapacity can create an endless blocking loop. This may affect all client and server implementations using FreeRDP. For practical exploitation this will only work on 32bit systems whe...

jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions

Impact User control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF file...

EulerOS Virtualization 2.10.1 : rsync (EulerOS-SA-2026-1145)

According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destinati...

SUSE CVE-2026-23737

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...

CVE-2026-23737 seroval Affected by Remote Code Execution via JSON Deserialization

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...

seroval Affected by Remote Code Execution via JSON Deserialization

Improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. The vulnerability can be exploited via overriding constant value and error deserialization, which allows indirect access to unsafe JS evaluation. This requires at least the ability to...

[SECURITY] Fedora 42 Update: openssh-9.9p1-12.fc42

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

CVE-2023-4537

Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...

Siemens OpenSSL 3.0 Buffer Overflow (CVE-2022-3786)

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

CVE-2024-2462

Allow attackers to intercept or falsify data exchanges between the client and the server...

RustFS has a gRPC Hardcoded Token Authentication Bypass

Vulnerability Overview Description RustFS implements gRPC authentication using a hardcoded static token "rustfs rpc" that is: 1. Publicly exposed in the source code repository 2. Hardcoded on both client and server sides 3. Non-configurable with no mechanism for token rotation 4. Universally vali...

Man-In-The-Middle (MITM) Attack

MQTT is vulnerable to a Man-in-the-Middle MITM attack. The vulnerability is due to missing hostname verification by default, which allows an attacker to intercept and manipulate communication between clients and servers...