Hexagon G!nius Auskunftsportal versions prior to 5.0.0.0 suffer from a remote SQL injection vulnerability.

Customer Relationship Management (CRM) System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Customer Relationship Management (CRM) System version 1.0 suffers from a persistent cross site scripting vulnerability.

Customer Relationship Management (CRM) System version 1.0 suffers from a remote shell upload vulnerability.

Odoo version 12.0.20190101 suffers from an unquoted service path vulnerability.

Splinterware System Scheduler Professional version 5.30 suffers an unquoted service path vulnerability.

Android NFC suffers from a type confusion vulnerability in nfa_rw_sys_disable.

Chevereto version 3.17.1 suffers from a persistent cross site scripting vulnerability.

Backdoor.Win32.Delf.zho malware suffers from bypass and code execution vulnerabilities.

The Container Manager Service accepts an access token provided by the user without verification allowing an arbitrary process to be created with another user identity leading to privilege escalation.