CloudView NMS before 2.10a has a format string issue exploitable over SNMP.

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page.

Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks.

Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.

iBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service.

Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.

CloudView NMS before 2.10a has XSS via SNMP.

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning.

Opsview before 2015-11-06 has XSS via SNMP.

Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.