GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.

A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3.

A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.

A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3.

MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web request via /assets/components/gallery/connector.php.

MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.

MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.

MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.

MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.

MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.