Authentication header is passed on by Nextcloud Server due to a vulnerable GuzzleHTTP version

None...

Missing brute force protection on cloud federation sharing

None...

SMTP Command Injection in iCalendar Attachments to emails via newlines

None...

Improper input-size validation on the user new session name

None...

Possibility for anyone to add a stack with existing tasks on anyone's board in the Deck app

None...

HackerOne: Blind XSS in app.pullrequest.com/████████ via /reviews/ratings/{uuid}

Summary: Hi, While researching PullRequest yesterday, I saw some "review" endpoints in web archive of "app.pullrequest.com". http://web.archive.org/cdx/search/cdx?url=app.pullrequest.com/&output=text&fl=original&collapse=urlkey One of them was...

Force an admin to install recommended applications

None...

Control character filtering misses leading and trailing whitespace in file and folder names

None...

Can bypass the lock protection in Android Files app

None...