Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app p...

Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA.

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.

Windows TCP/IP Driver Security Feature Bypass Vulnerability

The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication ...

Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf...