com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification.
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script.
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0.
The Hisense U965 Android device with a build fingerprint of Hisense/U965_4G_10/HS6739MT:8.1.0/O11019/Hisense_U965_4G_10_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.