The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does not...

jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token.

Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value.

If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly a...

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is ...

rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.