IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Forc...

jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `s...

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionali...

Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build 32047.

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injecti...

Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associat...