Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

XXE issue in Airsonic before 10.1.2 during parse.

Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).

Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.

AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.

The AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service (system hang) via many simultaneous /?Key=PhoneRequestAuthorization requests.

The AirDrop application through 2.0 for Android allows remote attackers to cause a denial of service via a client that makes many socket connections through a configured port.

The AirDroid application through 4.2.1.6 for Android allows remote attackers to cause a denial of service (service crash) via many simultaneous sdctl/comm/lite_auth/ requests.

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.