AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a “resource injection vulnerability.”

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application.

Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.

Jive before 2016.3.1 has an open redirect from the external-link.jspa page.

iBaby M3S has a password of admin for the backdoor admin account.

OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.

TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay.

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input.

Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.