Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands.

Drivers/soc/qcom/spcom.c in the Qualcom SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.

JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site scrip inclusion (XSSI) attack.

An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload.

SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action.

SetucoCMS allows remote attackers to cause a denial of service.

SQL injection vulnerability in SetucoCMS.

Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.

Cross-site request forgery (CSRF) vulnerability in SetucoCMS.

An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the “token” cookie issued at login.