Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2017-20198 | The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem (/) with read/write privileges. When using a malicious Docker image, the attacker can write to /etc/cron.d/ on the host, achieving arbitrary code execution with root privileges. This impacts any system where the Docker daemon honors Marathon container configurations | 9.3 | 0.76% | 2025-07-23 | 2026-06-16 |
| CVE-2017-7740 | Rejected reason: Not used | N/A | N/A | 2025-04-28 | 2025-04-28 |
| CVE-2017-20197 | A vulnerability was found in propanetank Roommate-Bill-Tracking up to 288437f658fc9ee7d4b92a9da12557024d8bc55c. It has been declared as critical. This vulnerability affects unknown code of the file /includes/login.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The name of the patch is b32bb1b940f82d38fb9310cd66ebe349e20a1d0a. It is recommended to apply a patch to fix this issue. | 6.9 | 0.35% | 2025-04-09 | 2026-06-16 |
| CVE-2017-17548 | Rejected reason: Not used | N/A | N/A | 2025-03-17 | 2025-03-17 |
| CVE-2017-17547 | Rejected reason: Not used | N/A | N/A | 2025-03-17 | 2025-03-17 |
| CVE-2017-17546 | Rejected reason: Not used | N/A | N/A | 2025-03-17 | 2025-03-17 |
| CVE-2017-17545 | Rejected reason: Not used | N/A | N/A | 2025-03-17 | 2025-03-17 |
| CVE-2017-17542 | Rejected reason: Not used | N/A | N/A | 2025-03-17 | 2025-03-17 |
| CVE-2017-13318 | In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 5.7 | 0.09% | 2025-01-28 | 2026-06-16 |
| CVE-2017-13317 | In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 5.7 | 0.09% | 2025-01-28 | 2026-06-16 |
| CVE-2017-20196 | A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argument aid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 5.3 | 0.37% | 2025-01-26 | 2026-06-16 |
| CVE-2017-13322 | In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 10.0 | 0.15% | 2025-01-17 | 2026-06-16 |
| CVE-2017-13308 | In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 6.7 | 0.08% | 2024-12-05 | 2026-06-16 |
| CVE-2017-13323 | In String16 of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | 0.09% | 2024-11-27 | 2026-06-16 |
| CVE-2017-13321 | In SensorService::isDataInjectionEnabled of frameworks/native/services/sensorservice/SensorService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 5.5 | 0.10% | 2024-11-27 | 2026-06-16 |
| CVE-2017-13320 | In impeg2d_bit_stream_flush() of libmpeg2dec there is a possible OOB read due to a missing bounds check. This could lead to Remote DoS with no additional execution privileges needed. User interaction is needed for exploitation. | 6.5 | 0.21% | 2024-11-27 | 2026-06-16 |
| CVE-2017-13319 | In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.5 | 0.33% | 2024-11-27 | 2026-06-16 |
| CVE-2017-13316 | In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | 0.08% | 2024-11-27 | 2026-06-16 |
| CVE-2017-18307 | Information disclosure possible while audio playback. | 8.4 | 0.07% | 2024-11-26 | 2026-06-16 |
| CVE-2017-18306 | Information disclosure due to uninitialized variable. | 8.4 | 0.07% | 2024-11-26 | 2026-06-16 |