CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.

Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.

KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.

Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before 2015-11-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM before 1.2.2 and -JOB WEB SYSTEM High Income 1.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.

HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Westermo WeOS before 4.19.0 uses the same SSL private key across different customers’ installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key.

The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330.