Blackdex

**Name of the Vulnerable Software and Affected Versions** vaultwarden versions prior to 1.32.7 **Description** The issue allows an attacker to update or delete groups from an organization under certain conditions: the attacker has a user account in the server, the attacker's account has admin or owner permissions in an unrelated organization, and the attacker knows the target organization's UUID and the target group's UUID. This can lead to denial of service or privilege escalation. The attack is only applicable for servers with the `ORG GROUPS ENABLED` setting enabled, which is disabled by default. **Recommendations** For versions prior to 1.32.7, update to version 1.32.7 as soon as possible. If updating to 1.32.7 is not possible, consider disabling the `ORG GROUPS ENABLED` setting to disable groups functionality on the server. Alternatively, disabling `SIGNUPS ALLOWED` can prevent an attacker from creating new accounts on the server.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Android app versions prior to 3.6.1 **Description** The issue allows bypassing lock protection by repeatedly opening and closing the app in a short time, enabling access to files. **Recommendations** For versions prior to 3.6.1, update to version 3.6.1 or later to resolve the issue.