Trovebox, a photo sharing and management application, is prone to several critical vulnerabilities. Exploiting is trivial and it is recommended to update to the fixed version from Github.
During an interal pentest several critical vulnerabilities could be identified in the latest version of Kaltura Community and Enterprise. The vulnerabilities were fixed in the latest release 13.2.0.
Update: A proof of concept exploit can be found here.