Some of the bugs that I have found in products. Many are still non public whilst the vendor resolves them. Currently over 70 0day bugs reported in various vendor commercial and open source products.
Sophos Web Security Appliance – Stored Cross-Site Scripting Vulnerability
http://wsa.sophos.com/swa_docs/ws1000/concepts/ReleaseNotes_4.0.4.html
Splunk Enterprise – Stored Cross-Site Scripting Vulnerability
https://www.splunk.com/view/SP-CAAAN7C
X-Cart Store – Stored Cross-Site Scripting Vulnerability
http://kb.x-cart.com/display/XDD/5.1.11+-+24+Feb+2015
Themify Maps Pro – Stored Cross-Site Script Vulnerability
http://themify.me/changelogs/builder-maps-pro.txt
Rapid 7 NeXpose <5.4.6 - Unquoted Service Path Binaries
https://community.rapid7.com/docs/DOC-2000
Nagios XI Network Monitor OS Command Injection
http://www.securityfocus.com/archive/1/523391
Nagios XI Network Monitor Blind SQL Injection
http://www.securityfocus.com/archive/1/523392
Nagios XI Network Monitor Stored and Reflected XSS
http://www.securityfocus.com/archive/1/523393
Ipswitch Whatsup Gold 14.2-15 Directory Traversal
http://www.securityfocus.com/bid/52745
PRTG Network Monitor 9.2.0 - OS Command Injection
http://www.paessler.com/prtg/prtg9history