聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2009-10007 | Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim. | 9.1 | 0.06% | 2026-06-09 | 2026-06-09 |
| CVE-2009-20012 | Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | 無 | 無 | 2026-04-22 | 2026-04-22 |
| CVE-2009-20007 | Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected client. An attacker can exploit this flaw by sending an overly long message that overflows a fixed-length buffer, potentially leading to arbitrary code execution in the context of the vulnerable process. This vulnerability is exploitable remotely and does not require authentication. | 9.3 | 62.26% | 2025-09-16 | 2026-04-15 |
| CVE-2009-20006 | osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility (admin/file_manager.php). The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to upload a .php file containing arbitrary code, which is then executed by the server. | 9.3 | 76.36% | 2025-09-16 | 2026-04-15 |
| CVE-2009-20005 | A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due to insufficient bounds checking, the input overflows a stack buffer, allowing an attacker to overwrite control structures and execute arbitrary code. It is unknown if this vulnerability was patched and an affected version range remains undefined. | 9.3 | 69.35% | 2025-09-16 | 2026-04-15 |
| CVE-2009-20011 | ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as the Apache user. Additionally, the exploit can optionally escalate privileges by abusing insecure PATH usage in the benetool binary, resulting in root-level access if successful. | 10.0 | 64.07% | 2025-08-30 | 2026-04-15 |
| CVE-2009-20010 | Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by the underlying shell without adequate escaping. This allows attackers to inject arbitrary shell commands and execute them on the server. The flaw is exploitable without authentication and was discovered by researcher LSO. | 9.3 | 64.75% | 2025-08-30 | 2026-04-15 |
| CVE-2009-20009 | Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to properly validate the input length before copying it into a fixed-size buffer, resulting in memory corruption and potential remote code execution. Exploitation requires network access and does not require prior authentication. | 9.3 | 62.60% | 2025-08-30 | 2026-04-15 |
| CVE-2009-20008 | Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to properly validate input length before copying user-supplied data into a fixed-size buffer. A remote attacker can exploit this vulnerability by enticing a user to visit a specially crafted webpage containing a long URL, resulting in arbitrary code execution. | 8.6 | 49.15% | 2025-08-30 | 2026-04-15 |
| CVE-2009-10006 | UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC con | 9.3 | 56.67% | 2025-08-22 | 2026-04-15 |
| CVE-2009-20004 | gAlan 0.2.1, a modular audio processing environment for Windows, is vulnerable to a stack-based buffer overflow when parsing .galan files. The application fails to properly validate the length of input data, allowing a specially crafted file to overwrite the stack and execute arbitrary code. Exploitation requires local interaction, typically by convincing a user to open the malicious file. | 8.4 | 4.19% | 2025-08-21 | 2026-04-15 |
| CVE-2009-20003 | Xenorate versions up to and including 2.50, a Windows-based multimedia player, is vulnerable to a stack-based buffer overflow when processing .xpl playlist files. The application fails to properly validate the length of input data, allowing an attacker to craft a malicious .xpl file that overwrites the Structured Exception Handler (SEH) and enables arbitrary code execution. Exploitation requires local interaction, typically by convincing a user to open the crafted file. | 8.4 | 4.75% | 2025-08-21 | 2026-04-15 |
| CVE-2009-20002 | Millenium MP3 Studio versions up to and including 2.0 is vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application fails to properly validate the length of the File1 field within the playlist, allowing an attacker to craft a malicious .pls file that overwrites the Structured Exception Handler (SEH) and executes arbitrary code. Exploitation requires the victim to open the file locally, though remote execution may be possible if the .pls extension is registered | 8.4 | 25.35% | 2025-08-21 | 2026-04-15 |
| CVE-2009-10005 | ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot. | 8.7 | 52.41% | 2025-08-20 | 2026-04-15 |
| CVE-2009-4123 | The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation. | 7.5 | 0.27% | 2023-12-12 | 2024-11-21 |
| CVE-2009-3777 | Rejected reason: This candidate is unused by its CNA. | 無 | 0.04% | 2023-09-14 | 2023-11-07 |
| CVE-2009-3776 | Rejected reason: This candidate is unused by its CNA. | 無 | 0.04% | 2023-09-14 | 2023-11-07 |
| CVE-2009-3775 | Rejected reason: This candidate is unused by its CNA. | 無 | 0.04% | 2023-09-14 | 2023-11-07 |
| CVE-2009-3774 | Rejected reason: This candidate is unused by its CNA. | 無 | 0.04% | 2023-09-14 | 2023-11-07 |
| CVE-2009-3773 | Rejected reason: This candidate is unused by its CNA. | 無 | 0.04% | 2023-09-14 | 2023-11-07 |