Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in...
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world re...
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readab...
A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credenti...