The Microsoft Windows kernel suffers from an ATMFD.DLL out-of-bounds read vulnerability via a malformed Name INDEX in the CFF table.
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation).
Bitdefender AV crashes when fed malicious RAR files from 2013.
It appears that the VMSF_DELTA memory corruption that was reported to Sophos AV in 2012 (and fixed there) was actually inherited from upstream unrar. For unknown reasons, whoever fixed the bug did not report this to upstream unrar, and the bug seems to have persisted there to this day.
WordPress Photo Gallery plugin versions 1.3.34 and 1.3.42 suffer from a path traversal vulnerability.
WordPress Download Manager plugin versions 2.9.46 and 2.9.51 suffer from a cross site scripting vulnerability.
Mikrotik RouterOS version 6.39.2 suffers from a FTP CWD command buffer overflow vulnerability.
Mikrotik RouterOS version 6.28 suffers from a cookie HTTP request header buffer overflow vulnerability.
KBVault MySQL version 0.16a suffers from a remote arbitrary file upload vulnerability.
Easy File Sharing Web Server version 7.2 POST buffer overflow exploit with DEP bypass.