NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2010-20124 | Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | 該当なし | 該当なし | 2026-04-22 | 2026-04-22 |
| CVE-2010-20118 | Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | 該当なし | 該当なし | 2026-04-22 | 2026-04-22 |
| CVE-2010-20117 | Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | 該当なし | 該当なし | 2026-04-22 | 2026-04-22 |
| CVE-2010-20116 | Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | 該当なし | 該当なし | 2026-04-22 | 2026-04-22 |
| CVE-2010-20110 | Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | 該当なし | 該当なし | 2026-04-22 | 2026-04-22 |
| CVE-2010-10017 | WM Downloader version 3.1.2.2 is vulnerable to a buffer overflow when processing a specially crafted .m3u playlist file. The application fails to properly validate input length, allowing an attacker to overwrite structured exception handler (SEH) records and execute arbitrary code. Exploitation occurs locally when a user opens the malicious file, and the payload executes with the privileges of the current user. | 8.4 | 10.89% | 2025-08-30 | 2026-04-15 |
| CVE-2010-10016 | BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw occurs during parsing of long URLs embedded in the playlist, allowing overwrite of Structured Exception Handler (SEH) records. The vulnerability is triggered upon opening a crafted playlist file and affects the Unicode parsing logic in the Window | 10.0 | 66.70% | 2025-08-30 | 2026-04-15 |
| CVE-2010-20123 | Steinberg MyMP3Player version 3.0 (build 3.0.0.67) is vulnerable to a stack-based buffer overflow when parsing .m3u playlist files. The application fails to properly validate the length of input data within the playlist, allowing a specially crafted file to overwrite critical memory structures and execute arbitrary code. This vulnerability can be exploited locally by convincing a user to open a malicious .m3u file. | 8.4 | 4.19% | 2025-08-21 | 2026-04-15 |
| CVE-2010-20122 | Xftp FTP Client version up to and including 3.0 (build 0238) contain a stack-based buffer overflow vulnerability triggered by a maliciously crafted PWD response from an FTP server. When the client connects to a server and receives an overly long directory string in response to the PWD command, the client fails to properly validate the length of the input before copying it into a fixed-size buffer. This results in memory corruption and allows remote attackers to execute arbitrary code on the clie | 9.3 | 58.65% | 2025-08-21 | 2026-04-15 |
| CVE-2010-20120 | Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction. | 8.4 | 7.65% | 2025-08-21 | 2026-04-15 |
| CVE-2010-20115 | Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and potentially execute arbitrary code. Exploitation requires direct access to the FTP service and is constrained by a single execution attempt if the daemon is installed as a Windows service. | 9.3 | 53.69% | 2025-08-21 | 2026-04-15 |
| CVE-2010-20114 | VariCAD EN up to and including version 2010-2.05 is vulnerable to a stack-based buffer overflow when parsing .dwb drawing files. The application fails to properly validate the length of input data embedded in the file, allowing a crafted .dwb file to overwrite critical memory structures. This flaw can be exploited locally by convincing a user to open a malicious file, resulting in arbitrary code execution. | 8.4 | 9.70% | 2025-08-21 | 2026-04-15 |
| CVE-2010-20113 | EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resol | 9.3 | 62.71% | 2025-08-21 | 2025-09-10 |
| CVE-2010-20108 | FTPPad <= 1.2.0 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long directory and filename, the application fails to properly validate input length. This results in a buffer overflow that overwrites the saved Extended Instruction Pointer (EIP), allowing remote attackers to execute arbitrary code. | 8.4 | 20.63% | 2025-08-21 | 2026-04-15 |
| CVE-2010-20107 | A stack-based buffer overflow exists in FTP Synchronizer Professional <= v4.0.73.274. When the client connects to an FTP server and issues a LIST command—typically during sync preview or profile creation—the server’s response containing an overly long filename triggers a buffer overflow. This results in the corruption of the Structured Exception Handler (SEH), potentially allowing remote code execution. | 8.5 | 23.08% | 2025-08-21 | 2026-04-15 |
| CVE-2010-20034 | Gekko Manager FTP Client <= 0.77 contains a stack-based buffer overflow in its FTP directory listing parser. When processing a server response to a LIST command, the client fails to properly validate the length of filenames. A crafted response containing an overly long filename can overwrite the Structured Exception Handler (SEH), potentially allowing remote code execution. | 8.5 | 23.08% | 2025-08-21 | 2026-04-15 |
| CVE-2010-20007 | Seagull FTP Client <= v3.3 Build 409 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long filename, the application fails to properly validate input length, resulting in a buffer overflow that overwrites the Structured Exception Handler (SEH). This may allow remote attackers to execute arbitrary code on the client system. This product lin | 8.5 | 16.28% | 2025-08-21 | 2026-04-15 |
| CVE-2010-20121 | EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed | 9.3 | 68.64% | 2025-08-21 | 2025-09-10 |
| CVE-2010-20119 | CommuniCrypt Mail versions up to and including 1.16 contains a stack-based buffer overflow vulnerability in its ANSMTP.dll and AOSMTP.dll ActiveX controls, specifically within the AddAttachments() method. This method fails to properly validate the length of input strings, allowing data to exceed the bounds of a fixed-size stack buffer. When invoked with an overly long string, the control can corrupt adjacent memory structures, including exception handlers, leading to potential control flow dis | 8.6 | 52.33% | 2025-08-21 | 2026-04-15 |
| CVE-2010-20112 | Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to the app parameter, allowing excessive data to overwrite memory structures including the Structured Exception Handler (SEH). Additionally, malformed parameter names followed by an equals sign may result in unintended control flow behavior. This vulnerability is exposed through IIS and af | 9.3 | 52.33% | 2025-08-21 | 2026-04-15 |