| | CVE-2017-13986 | HPE | medium | 6.1 | 0.4%
| | A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.… | Sep 30, 2017 | May 13, 2026 |
| | CVE-2017-13985 | HPE | medium | 6.5 | 0.4%
| | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health… | Sep 30, 2017 | May 13, 2026 |
| | CVE-2017-13984 | HPE | medium | 6.5 | 1.3%
| | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health… | Sep 30, 2017 | May 13, 2026 |
| | CVE-2017-13983 | HPE | critical | 9.8 | 14.9%
| | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health… | Sep 30, 2017 | May 13, 2026 |
| | CVE-2017-13982 | HPE | high | 8.8 | 3.3%
| | A directory traversal vulnerability in HPE BSM Platform Application Performance Management System He… | Sep 30, 2017 | May 13, 2026 |
| | CVE-2016-4434 | Apache | high | 7.8 | 0.4%
| | Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might … | Sep 30, 2017 | May 13, 2026 |
| | CVE-2017-9790 | Apache | high | 7.5 | 2.1%
| | When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1… | Sep 29, 2017 | May 13, 2026 |
| | CVE-2017-7687 | Apache | high | 7.5 | 3.2%
| | When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache M… | Sep 29, 2017 | May 13, 2026 |
| | CVE-2017-12621 | Apache | critical | 9.8 | 0.8%
| | During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "S… | Sep 28, 2017 | May 13, 2026 |
| | CVE-2015-5169 | Apache | medium | 6.1 | 1.2%
| | Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20. | Sep 25, 2017 | May 13, 2026 |
| | CVE-2017-12255 | Cisco | medium | 6.7 | 0.1%
| | A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacke… | Sep 21, 2017 | May 13, 2026 |
| | CVE-2017-12254 | Cisco | medium | 6.1 | 0.3%
| | A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthentic… | Sep 21, 2017 | May 13, 2026 |
| | CVE-2017-12253 | Cisco | high | 8.8 | 0.3%
| | A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote atta… | Sep 21, 2017 | May 13, 2026 |
| | CVE-2017-12252 | Cisco | high | 7.8 | 0.1%
| | A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local at… | Sep 21, 2017 | May 13, 2026 |
| | CVE-2017-12250 | Cisco | medium | 5.3 | 0.8%
| | A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allo… | Sep 21, 2017 | May 13, 2026 |
| | CVE-2017-12248 | Cisco | medium | 6.1 | 0.2%
| | A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow … | Sep 21, 2017 | May 13, 2026 |
| | CVE-2017-12214 | Cisco | high | 8.8 | 0.9%
| | A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential r… | Sep 21, 2017 | May 13, 2026 |
| | CVE-2017-9804 | Apache | high | 7.5 | 4.6%
| | In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a UR… | Sep 20, 2017 | May 13, 2026 |
| | CVE-2017-9793 | Apache | high | 7.5 | 7.9%
| | The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outd… | Sep 20, 2017 | May 13, 2026 |
| | CVE-2017-12611 | Apache | critical | 9.8 | 94.2%
| | In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in… | Sep 20, 2017 | May 13, 2026 |
| | CVE-2016-8738 | Apache | medium | 5.9 | 1.1%
| | In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the … | Sep 20, 2017 | May 13, 2026 |
| | CVE-2016-6795 | Apache | critical | 9.8 | 5.0%
| | In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possibl… | Sep 20, 2017 | May 13, 2026 |
| | CVE-2015-0689 | Cisco | high | 7.5 | 0.4%
| | Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protect… | Sep 19, 2017 | May 13, 2026 |
| | CVE-2017-12616 | Apache | high | 7.5 | 91.4%
| | When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security… | Sep 19, 2017 | May 13, 2026 |
| | CVE-2017-12615 | Apache | high | 8.1 | 94.2%
| ⚠ KEV | When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the r… | Sep 19, 2017 | Apr 21, 2026 |
| | CVE-2017-9803 | Apache | high | 7.5 | 1.2%
| | Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an applicatio… | Sep 18, 2017 | May 13, 2026 |
| | CVE-2017-6147 | F5 | medium | 5.9 | 0.7%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 a… | Sep 18, 2017 | May 13, 2026 |
| | CVE-2017-9798 | Apache | high | 7.5 | 93.8%
| | Apache httpd allows remote attackers to read secret data from process memory if the Limit directive … | Sep 18, 2017 | May 13, 2026 |
| | CVE-2014-7808 | Apache | high | 7.5 | 0.3%
| | Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers… | Sep 15, 2017 | May 13, 2026 |
| | CVE-2017-9805 | Apache | high | 8.1 | 94.3%
| ⚠ KEV | The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an X… | Sep 15, 2017 | Apr 21, 2026 |
| | CVE-2017-4926 | VMware | medium | 5.4 | 0.2%
| | VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross… | Sep 15, 2017 | May 13, 2026 |
| | CVE-2017-4925 | VMware | medium | 5.5 | 0.2%
| | VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESX… | Sep 15, 2017 | May 13, 2026 |
| | CVE-2017-4924 | VMware | high | 8.8 | 0.3%
| | VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusi… | Sep 15, 2017 | May 13, 2026 |
| | CVE-2017-12249 | Cisco | critical | 9.1 | 1.2%
| | A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (C… | Sep 13, 2017 | May 13, 2026 |
| | CVE-2017-3165 | Apache | medium | 5.4 | 0.3%
| | In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one au… | Sep 13, 2017 | May 13, 2026 |
| | CVE-2017-12612 | Apache | high | 7.8 | 0.1%
| | In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received… | Sep 13, 2017 | May 13, 2026 |
| | CVE-2016-8744 | Apache | high | 8.8 | 0.5%
| | Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML… | Sep 13, 2017 | May 13, 2026 |
| | CVE-2016-8737 | Apache | high | 8.8 | 0.2%
| | In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF)… | Sep 13, 2017 | May 13, 2026 |
| | CVE-2015-5206 | Apache | critical | 9.8 | 1.9%
| | Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x b… | Sep 13, 2017 | May 13, 2026 |
| | CVE-2015-5168 | Apache | critical | 9.8 | 1.9%
| | Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5… | Sep 13, 2017 | May 13, 2026 |
| | CVE-2017-8759 | Microsoft | high | 7.8 | 94.0%
| ⚠ KEV | Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to exec… | Sep 13, 2017 | Apr 22, 2026 |
| | CVE-2017-8758 | Microsoft | medium | 6.1 | 0.8%
| | Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchang… | Sep 13, 2017 | May 13, 2026 |
| | CVE-2017-8757 | Microsoft | high | 7.5 | 34.2%
| | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an att… | Sep 13, 2017 | May 13, 2026 |
| | CVE-2017-8756 | Microsoft | high | 7.5 | 20.5%
| | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an att… | Sep 13, 2017 | May 13, 2026 |
| | CVE-2017-8755 | Microsoft | high | 7.5 | 77.0%
| | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker … | Sep 13, 2017 | May 13, 2026 |
| | CVE-2017-8754 | Microsoft | medium | 4.2 | 5.1%
| | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an att… | Sep 13, 2017 | May 13, 2026 |
| | CVE-2017-8753 | Microsoft | high | 7.5 | 20.5%
| | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an att… | Sep 13, 2017 | May 13, 2026 |
| | CVE-2017-8752 | Microsoft | high | 7.5 | 20.5%
| | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker … | Sep 13, 2017 | May 13, 2026 |
| | CVE-2017-8751 | Microsoft | high | 7.5 | 54.0%
| | Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context… | Sep 13, 2017 | May 13, 2026 |
| | CVE-2017-8750 | Microsoft | high | 7.5 | 22.0%
| | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT… | Sep 13, 2017 | May 13, 2026 |