ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_csv_decode2 function in ok_csv.c.
ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_wav_decode_ms_adpcm_data function in ok_wav.c.
TEMMOKU T1.09 Beta allows admin/user/add CSRF.
publicinstallinstall.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install/#/step3 URI.
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file.
UCMS 1.4.7 has ?do=user_addpost CSRF.
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI.
UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.
imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter.