Paessler PRTG before 16.2.24.4045 has XSS via SNMP.

OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.

OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.

OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks.

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.

Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.

Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.

Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.