CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-57699
https://notcve.org/view.php?id=CVE-2025-57699
22 Aug 2025 — A user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege. • https://www.westerndigital.com/support/product-security/wdc-25004-western-digital-kitfox-software-version-1-1-1-1 • CWE-428: Unquoted Search Path or Element •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-41451 – Post-Authentication OS Command Injection RCE in Danfoss AK-SM8xxA Series
https://notcve.org/view.php?id=CVE-2025-41451
22 Aug 2025 — Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system. Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execu... • https://www.danfoss.com/en/service-and-support/downloads/dcs/adap-kool-software/ak-sm-800a/#tab-overview • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-55454
https://notcve.org/view.php?id=CVE-2025-55454
22 Aug 2025 — An authenticated arbitrary file upload vulnerability in the component /msg/sendfiles of DooTask v1.0.51 allows attackers to execute arbitrary code via uploading a crafted file. • https://www.notion.so/Dootask-Arbitrary-file-upload-vulnerability-2162818a9e118053a586cf4bc05fd1fa •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-52786
https://notcve.org/view.php?id=CVE-2024-52786
22 Aug 2025 — An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL. • https://gitee.com/anji-plus/report/issues/IB3ED6 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2010-20122 – Xftp FTP Client <= 3.0 PWD Response Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-20122
21 Aug 2025 — This results in memory corruption and allows remote attackers to execute arbitrary code on the client system. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/xftp_client_pwd.rb • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2010-20115 – Vermillion FTP <= 1.31 Daemon PORT Command Memory Corruption
https://notcve.org/view.php?id=CVE-2010-20115
21 Aug 2025 — The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and potentially execute arbitrary code. Exploitation requires direct access to the FTP service and is constrained by a single execution attempt if the daemon is installed as a Windows service. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/vermillion_ftpd_port.rb • CWE-704: Incorrect Type Conversion or Cast CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2010-20123 – Steinberg MyMP3Player <= 3.0.0.67 Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-20123
21 Aug 2025 — The application fails to properly validate the length of input data within the playlist, allowing a specially crafted file to overwrite critical memory structures and execute arbitrary code. • https://www.exploit-db.com/exploits/11791 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2010-20007 – Seagull FTP v3.3 Build 409 Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-20007
21 Aug 2025 — This may allow remote attackers to execute arbitrary code on the client system. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/seagull_list_reply.rb • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2010-20120 – Maple <= v13 Maplet File Creation and Command Execution
https://notcve.org/view.php?id=CVE-2010-20120
21 Aug 2025 — This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction. • https://www.vulncheck.com/advisories/maple-maplet-file-creation-command-execution • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2010-20034 – Gekko Manager FTP Client <= 0.77 Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-20034
21 Aug 2025 — A crafted response containing an overly long filename can overwrite the Structured Exception Handler (SEH), potentially allowing remote code execution. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/gekkomgr_list_reply.rb • CWE-121: Stack-based Buffer Overflow •