A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could u...

An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with repor...

SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs...

In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.

In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be fur...

An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets.