Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.

LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files.

CloudView NMS before 2.10a has XSS via a TELNET login.

The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.

Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.

Netikus EventSentry before 3.2.1.44 has XSS via SNMP.

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.

CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def.

Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file.