Nextcloud: Improper handling of request URLs in nextcloud/guests allows guest users to bypass app allowlist

Improper handling of request URLs allowed guest users to bypass application allowlist in Nextcloud guests app...

Nextcloud: Non-admin users can reset app allowlist to the default

A vulnerability was disclosed where non-administrative users could reset the application allowlist to the default state. This could have allowed malicious apps to be installed...