Good point, but syncthing only listens on localhost as others have said too.
However it still is a network service that can have vulnerabilities, besides many others like KDE Connect (which may be a target as one of its purposes is remote control and monitoring) or a bittorrent client
deleted by creator
deleted by creator
Syncthing only listens on loopback by default unless you modify the config.
Good point, but syncthing only listens on localhost as others have said too.
However it still is a network service that can have vulnerabilities, besides many others like KDE Connect (which may be a target as one of its purposes is remote control and monitoring) or a bittorrent client