NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2009-20012 | Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | 該当なし | 該当なし | 2026-04-22 | 2026-04-22 |
| CVE-2009-20007 | Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected client. An attacker can exploit this flaw by sending an overly long message that overflows a fixed-length buffer, potentially leading to arbitrary code execution in the context of the vulnerable process. This vulnerability is exploitable remotely and does not require authentication. | 9.3 | 62.26% | 2025-09-16 | 2026-04-15 |
| CVE-2009-20006 | osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility (admin/file_manager.php). The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to upload a .php file containing arbitrary code, which is then executed by the server. | 9.3 | 76.36% | 2025-09-16 | 2026-04-15 |
| CVE-2009-20005 | A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due to insufficient bounds checking, the input overflows a stack buffer, allowing an attacker to overwrite control structures and execute arbitrary code. It is unknown if this vulnerability was patched and an affected version range remains undefined. | 9.3 | 69.35% | 2025-09-16 | 2026-04-15 |
| CVE-2009-20011 | ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as the Apache user. Additionally, the exploit can optionally escalate privileges by abusing insecure PATH usage in the benetool binary, resulting in root-level access if successful. | 10.0 | 64.07% | 2025-08-30 | 2026-04-15 |
| CVE-2009-20010 | Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by the underlying shell without adequate escaping. This allows attackers to inject arbitrary shell commands and execute them on the server. The flaw is exploitable without authentication and was discovered by researcher LSO. | 9.3 | 64.75% | 2025-08-30 | 2026-04-15 |
| CVE-2009-20009 | Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to properly validate the input length before copying it into a fixed-size buffer, resulting in memory corruption and potential remote code execution. Exploitation requires network access and does not require prior authentication. | 9.3 | 62.60% | 2025-08-30 | 2026-04-15 |
| CVE-2009-20008 | Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to properly validate input length before copying user-supplied data into a fixed-size buffer. A remote attacker can exploit this vulnerability by enticing a user to visit a specially crafted webpage containing a long URL, resulting in arbitrary code execution. | 8.6 | 49.15% | 2025-08-30 | 2026-04-15 |
| CVE-2009-10006 | UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC con | 9.3 | 56.67% | 2025-08-22 | 2026-04-15 |
| CVE-2009-20004 | gAlan 0.2.1, a modular audio processing environment for Windows, is vulnerable to a stack-based buffer overflow when parsing .galan files. The application fails to properly validate the length of input data, allowing a specially crafted file to overwrite the stack and execute arbitrary code. Exploitation requires local interaction, typically by convincing a user to open the malicious file. | 8.4 | 4.19% | 2025-08-21 | 2026-04-15 |
| CVE-2009-20003 | Xenorate versions up to and including 2.50, a Windows-based multimedia player, is vulnerable to a stack-based buffer overflow when processing .xpl playlist files. The application fails to properly validate the length of input data, allowing an attacker to craft a malicious .xpl file that overwrites the Structured Exception Handler (SEH) and enables arbitrary code execution. Exploitation requires local interaction, typically by convincing a user to open the crafted file. | 8.4 | 4.75% | 2025-08-21 | 2026-04-15 |
| CVE-2009-20002 | Millenium MP3 Studio versions up to and including 2.0 is vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application fails to properly validate the length of the File1 field within the playlist, allowing an attacker to craft a malicious .pls file that overwrites the Structured Exception Handler (SEH) and executes arbitrary code. Exploitation requires the victim to open the file locally, though remote execution may be possible if the .pls extension is registered | 8.4 | 25.35% | 2025-08-21 | 2026-04-15 |
| CVE-2009-10005 | ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot. | 8.7 | 52.41% | 2025-08-20 | 2026-04-15 |
| CVE-2009-4123 | The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation. | 7.5 | 0.27% | 2023-12-12 | 2024-11-21 |
| CVE-2009-3777 | Rejected reason: This candidate is unused by its CNA. | 該当なし | 0.04% | 2023-09-14 | 2023-11-07 |
| CVE-2009-3776 | Rejected reason: This candidate is unused by its CNA. | 該当なし | 0.04% | 2023-09-14 | 2023-11-07 |
| CVE-2009-3775 | Rejected reason: This candidate is unused by its CNA. | 該当なし | 0.04% | 2023-09-14 | 2023-11-07 |
| CVE-2009-3774 | Rejected reason: This candidate is unused by its CNA. | 該当なし | 0.04% | 2023-09-14 | 2023-11-07 |
| CVE-2009-3773 | Rejected reason: This candidate is unused by its CNA. | 該当なし | 0.04% | 2023-09-14 | 2023-11-07 |
| CVE-2009-3772 | Rejected reason: This candidate is unused by its CNA. | 該当なし | 0.04% | 2023-09-14 | 2023-11-07 |