Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. At
CVE-2022-50796
CRITICAL CVSS 9.3
Find Similar
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the v
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can s
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attack
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attack
CVE-2023-53963
CRITICAL CVSS 9.3
Find Similar
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Att
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directo
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. At
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory with .dns.pid extension. Unauthenti
CVE-2023-53955
CRITICAL CVSS 9.3
Find Similar
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit th
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can
CVE-2022-50794
CRITICAL CVSS 9.3
Find Similar
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by inje
CVE-2022-50696
CRITICAL CVSS 9.3
Find Similar
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these st
An unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi in SNMP Web Pro 1.1 allows a remote attacker to read arbitrary files. The CGI concatenates the user-supplied params directly
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services'
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and ac
CVE-2026-7302
CRITICAL CVSS 9.1
Find Similar
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by i
A vulnerability has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability affects unknown code of the file /sobey-mchEditor/watermark/upload. The manipulation of the argument File l
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session
Page 1+ Next →