Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.

iBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service.

Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.

CloudView NMS before 2.10a has XSS via SNMP.

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning.

Opsview before 2015-11-06 has XSS via SNMP.

Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.

Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.

Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.

LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files.