From DHS/US-CERT's National Vulnerability Database
In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled.
In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation.
In MyT 1.5.1, the User[username] parameter has XSS.
Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/EmployeeEdit2.aspx, leading to the viewing of user information.