| | CVE-2014-0073 |  Apache | critical | 9.8 | 11.4%
| | The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova… | Oct 30, 2017 | May 13, 2026 |
| | CVE-2014-0072 | Apache | high | 7.5 | 1.5%
| | ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file… | Oct 30, 2017 | May 13, 2026 |
| | CVE-2013-4366 | Apache | critical | 9.8 | 1.3%
| | http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that… | Oct 30, 2017 | May 13, 2026 |
| | CVE-2012-5636 | Apache | medium | 6.1 | 1.6%
| | Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, … | Oct 30, 2017 | May 13, 2026 |
| | CVE-2012-4449 | Apache | critical | 9.8 | 0.4%
| | Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a… | Oct 30, 2017 | May 13, 2026 |
| | CVE-2014-0115 | Apache | high | 7.5 | 0.8%
| | Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers … | Oct 30, 2017 | May 13, 2026 |
| | CVE-2012-0881 | Apache | high | 7.5 | 2.1%
| | Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU c… | Oct 30, 2017 | May 13, 2026 |
| | CVE-2009-1198 | Apache | medium | 6.1 | 0.8%
| | Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to injec… | Oct 30, 2017 | May 13, 2026 |
| | CVE-2009-1197 | Apache | medium | 5.3 | 0.4%
| | Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error … | Oct 30, 2017 | May 13, 2026 |
| | CVE-2016-3090 | Apache | high | 8.8 | 2.2%
| | The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attacke… | Oct 30, 2017 | May 13, 2026 |
| | CVE-2015-3249 | Apache | critical | 9.8 | 4.2%
| | The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers … | Oct 30, 2017 | May 13, 2026 |
| | CVE-2015-0226 | Apache | high | 7.5 | 5.2%
| | Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption fail… | Oct 30, 2017 | May 13, 2026 |
| | CVE-2015-0224 | Apache | high | 7.5 | 56.0%
| | qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon c… | Oct 30, 2017 | May 13, 2026 |
| | CVE-2014-3624 | Apache | critical | 9.8 | 0.4%
| | Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by le… | Oct 30, 2017 | May 13, 2026 |
| | CVE-2014-3526 | Apache | high | 7.5 | 0.5%
| | Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers… | Oct 30, 2017 | May 13, 2026 |
| | CVE-2013-4246 | Apache | high | 8.8 | 0.4%
| | libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users … | Oct 30, 2017 | May 13, 2026 |
| | CVE-2015-1835 | Apache | medium | 5.3 | 0.6%
| | Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit … | Oct 27, 2017 | May 13, 2026 |
| | CVE-2014-3600 | Apache | critical | 9.8 | 0.5%
| | XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2014-3579 | Apache | critical | 9.8 | 3.5%
| | XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote con… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2016-5003 | Apache | critical | 9.8 | 41.5%
| | The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2016-5002 | Apache | high | 7.8 | 3.5%
| | XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2017-6163 |  F5 | medium | 5.9 | 1.5%
| | In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 1… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2017-6162 | F5 | medium | 5.9 | 1.5%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websa… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2017-6161 | F5 | medium | 5.3 | 2.7%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAc… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2017-6160 | F5 | medium | 5.9 | 4.6%
| | In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a re… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2017-6159 | F5 | medium | 5.9 | 0.9%
| | F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software versi… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2017-6157 | F5 | high | 8.1 | 6.9%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2017-0303 | F5 | high | 7.5 | 2.4%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software… | Oct 27, 2017 | May 13, 2026 |
| | CVE-2012-1622 | Apache | critical | 9.8 | 2.9%
| | Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecifi… | Oct 26, 2017 | May 13, 2026 |
| | CVE-2017-7732 |  Fortinet | medium | 6.1 | 0.9%
| | A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 th… | Oct 26, 2017 | May 13, 2026 |
| | CVE-2017-7341 | Fortinet | high | 7.2 | 2.5%
| | An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10… | Oct 26, 2017 | May 13, 2026 |
| | CVE-2017-7335 | Fortinet | medium | 5.4 | 0.3%
| | A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-… | Oct 26, 2017 | May 13, 2026 |
| | CVE-2014-0691 |  Cisco | high | 7.3 | 0.2%
| | Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it ea… | Oct 24, 2017 | May 13, 2026 |
| | CVE-2017-12618 | Apache | medium | 4.7 | 0.9%
| | Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM da… | Oct 24, 2017 | May 13, 2026 |
| | CVE-2017-12613 | Apache | high | 7.1 | 0.3%
| | When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value i… | Oct 24, 2017 | May 13, 2026 |
| | CVE-2010-2232 | Apache | high | 7.5 | 1.7%
| | In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker … | Oct 23, 2017 | May 13, 2026 |
| | CVE-2017-12317 | Cisco | medium | 6.7 | 0.0%
| | The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static k… | Oct 22, 2017 | May 13, 2026 |
| | CVE-2017-6165 | F5 | critical | 9.8 | 2.0%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 … | Oct 20, 2017 | May 13, 2026 |
| | CVE-2017-6145 | F5 | high | 7.3 | 0.4%
| | iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSaf… | Oct 20, 2017 | May 13, 2026 |
| | CVE-2017-6144 | F5 | high | 7.4 | 0.2%
| | In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file… | Oct 20, 2017 | May 13, 2026 |
| | CVE-2017-6141 | F5 | medium | 5.9 | 0.6%
| | In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certa… | Oct 20, 2017 | May 13, 2026 |
| | CVE-2017-12628 | Apache | high | 7.8 | 0.1%
| | The JMX server embedded in Apache James, also used by the command line client is exposed to a java d… | Oct 20, 2017 | May 13, 2026 |
| | CVE-2017-5636 | Apache | critical | 9.8 | 1.2%
| | In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serializa… | Oct 19, 2017 | May 13, 2026 |
| | CVE-2017-5635 | Apache | high | 7.5 | 0.5%
| | In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user requ… | Oct 19, 2017 | May 13, 2026 |
| | CVE-2016-8748 | Apache | medium | 5.4 | 0.4%
| | In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in… | Oct 19, 2017 | May 13, 2026 |
| | CVE-2017-12298 | Cisco | medium | 6.1 | 0.2%
| | A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to con… | Oct 19, 2017 | May 13, 2026 |
| | CVE-2017-12296 | Cisco | medium | 6.1 | 0.2%
| | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to co… | Oct 19, 2017 | May 13, 2026 |
| | CVE-2017-12293 | Cisco | high | 8.6 | 1.6%
| | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to ca… | Oct 19, 2017 | May 13, 2026 |
| | CVE-2017-12288 | Cisco | medium | 6.1 | 0.2%
| | A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could … | Oct 19, 2017 | May 13, 2026 |
| | CVE-2017-12287 | Cisco | medium | 4.3 | 0.5%
| | A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Softwa… | Oct 19, 2017 | May 13, 2026 |