EUVD-2026-23875

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...

ejabberd -- Potential DDoS in XML Parser

ejabberd team reports: This release adds new options that limit max memory used by XML parser used to process XMPP payloads, to prevent potential Denial of Service attack. The default values for pre-auth provide sufficient protection for ejabberd against non-authenticated users on c2s and s2s, so...

LXD: Update of type field in restricted TLS certificate allows privilege escalation to cluster admin

Summary A restricted TLS certificate user can escalate to cluster admin by changing their certificate type from client to server via PUT/PATCH to /1.0/certificates/fingerprint. The non-admin guard and reset block in doCertificateUpdate fail to validate or reset the Type field, allowing a...

CVE-2026-23737 seroval Affected by Remote Code Execution via JSON Deserialization

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...

openrsync 安全漏洞

openrsync is a file synchronization library by the individual developer of Kristaps Dz. A security vulnerability exists in openrsync version 0.5.0 and earlier, which stems from the client being able to specify zero-length blocks of data causing the server to SIGSEGV...

JLSEC-2025-325 A flaw was found in rsync

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

rsync: rsync server leaks arbitrary client files

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

Bidirectional URL redirection (client to server) does not work since Workspace app for Windows 1904

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Bidirectional URL redirection feature is not able to redirect URL from client to server since...

Microsoft security advisory: Vulnerability in IPsec could allow security feature bypass

Microsoft security advisory: Vulnerability in IPsec could allow security feature bypass INTRODUCTION Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, g...

qpid-cpp: qpid authentication bypass

It was found that the Apache Qpid daemon qpidd treated AMQP connections with the federationtag attribute set as a broker-to-broker connection, rather than a client-to-server connection. This resulted in the source user ID of messages not being checked. A client that can establish an AMQP connecti...

DEBIAN-CVE-2010-0305

ejabberdc2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service daemon crash via a large number of c2s aka client2server messages that trigger a queue overload...

UBUNTU-CVE-2010-0305

ejabberdc2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service daemon crash via a large number of c2s aka client2server messages that trigger a queue overload...

[Full-Disclosure] Jabberd2.x remote BuffJabberd2.x remote Buffer Overflowser Overflows

Security Advisory Advisory: ADLAB-04002Jabberd2.x remote Buffer Overflows Authors: [email protected] Class: Boundary Condition Error CVE:CAN-2004-0953 Remote: Yes, could allow remote compromise Vulnerable: Jabberd 2. Unvulnerable: Jabberd 1.4 Vendor: http://jabberd.jabberstudio.org/ I.INFO:...