From DHS/US-CERT's National Vulnerability Database
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.
The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI ha...
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.
LINK-NET LW-N605R devices with firmware 184.108.40.2066 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.