An invalid write may occur in optipng before version 0.7.6 while processing bitmap images due to `crt_row’ being (inc|dec)remented without any boundary checking when encountering delta escapes.

Pulse version 0.7.0 Final suffers from cross site request forgery and cross site scripting vulnerabilities.

MeshCMS version 3.6 suffers from a remote command execution vulnerability.

Quanta LTE routers suffer from backdoor accounts, remote code execution, weak WPS functionality, arbitrary file reading, and a ridiculous amount of other vulnerabilities.

ARRIS SURFboard 6141 broadband cable modems suffer from a cross site request forgery vulnerability that allows an attacker to force a reboot.

Hexchat IRC client version 2.11.0 suffers from a stack buffer overflow vulnerability.

Hexchat IRC client version 2.11.0 suffers from a directory traversal vulnerability.

DotCMS version 3.3 suffers from a remote SQL injection vulnerability.

Cacti versions 0.8.8g and below remote SQL injection exploit.

PQI Air Pen Express router versions 6W51-0000R2 and 6W51-0000R2XXX suffer from cross site request forgery, cross site scripting, and various other vulnerabilities.