CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

85 matches found

CVE-2026-49201

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...

10CVSS0.00023EPSS

Exploits0References1

Cvelist•added 6 days ago•29 views

CVE-2026-49201 Acer Wave 7 router: Hardcoded Cryptographic Key

10CVSS0.00023EPSS

Exploits0References1

NVD•added 2025/12/30 11:15 p.m.•1 views

CVE-2022-50796

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi script to write malicious files to the system with www-data permissions, enabling unauthorized...

9.8CVSS0.01147EPSS

Exploits2References5

EUVD•added 2025/12/23 12:30 a.m.•3 views

EUVD-2023-60247

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafted multipart form-data POST requests with...

8.8CVSS6.8AI score0.05303EPSS

Exploits2References5

NVD•added 2025/12/22 10:16 p.m.•1 views

CVE-2023-53962

8.8CVSS0.05303EPSS

Exploits2References4

OSV•added 2025/12/22 10:16 p.m.•3 views

CVE-2023-53962

7.5CVSS6AI score

Exploits0References4

CVE•added 2025/12/22 9:37 p.m.•4 views

CVE-2023-53962

The CVE-2023-53962 entry concerns SOUND4 IMPACT/FIRST/PULSE/Eco v2.x with an unauthenticated directory traversal in upload.cgi through the upgfile parameter, enabling remote attackers to write arbitrary files. Exploitation involves crafting multipart form-data POST requests that include directory...

8.8CVSS6.9AI score0.05303EPSS

Exploits2References4Affected Software1

Cvelist•added 2025/12/22 9:37 p.m.•21 views

CVE-2023-53962 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Directory Traversal File Write

8.8CVSS0.05303EPSS

Exploits2References4

Positive Technologies•added 2025/12/22 12:0 a.m.•1 views

PT-2025-52699

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x Description The software contains an unauthenticated directory traversal flaw. Remote attackers can write arbitrary files by manipulating the upgfile parameter within the 'upload.cgi' script...

8.8CVSS6.8AI score0.05303EPSS

Exploits2References7

VulnCheck KEV•added 2025/12/11 12:0 a.m.•2 views

VulnCheck KEV: CVE-2018-4063

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticat...

9CVSS6.4AI score0.01877EPSS

In wildExploits3References6

EUVD•added 2025/12/09 6:30 p.m.•1 views

EUVD-2025-202302

An unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi in SNMP Web Pro 1.1 allows a remote attacker to read arbitrary files. The CGI concatenates the user-supplied params directly onto the base path /var/www/files/userScript/ using memcpy + strcat without validation or...

6.5AI score0.00148EPSS

Exploits1References2

NVD•added 2025/12/09 4:18 p.m.•1 views

CVE-2025-65287

7.5CVSS0.00148EPSS

Exploits1References1

Cvelist•added 2025/12/09 12:0 a.m.•16 views

CVE-2025-65287

0.00148EPSS

Exploits1References1

RedhatCVE•added 2025/11/14 12:1 a.m.•1 views

CVE-2025-60679

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2FWv1.10CNB05R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and then concatenated usin...

8.8CVSS8.1AI score0.00259EPSS

Exploits1References1

OSV•added 2025/11/13 8:15 p.m.•0 views

CVE-2025-60679

8.8CVSS6.4AI score0.00259EPSS

Exploits1References4

Cvelist•added 2025/11/13 12:0 a.m.•4 views

CVE-2025-60679

0.00259EPSS

Exploits1References4

CNNVD•added 2025/11/13 12:0 a.m.•1 views

D-Link DIR-816A2 安全漏洞

D-Link DIR-816A2 is a router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-816A2 that stems from improper buffer sizing when the upload.cgi module handles /proc/version, which could result in a stack buffer overflow...

8.8CVSS7.1AI score0.00259EPSS

Exploits1References5

Vulnrichment•added 2025/11/13 12:0 a.m.•1 views

CVE-2025-60679

7.7AI score0.00259EPSS

Exploits1References4

CVE•added 2025/11/13 12:0 a.m.•8 views

CVE-2025-60679

CVE-2025-60679: A stack buffer overflow in the D-Link DIR-816A2 router, in the upload.cgi module that processes firmware version information, occurs when /proc/version is read into a 512-byte buffer and concatenated with a 29-byte constant via sprintf() into another 512-byte buffer. Input exceedi...

8.8CVSS7.7AI score0.00259EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2025/11/13 12:0 a.m.•2 views

PT-2025-46900

Name of the Vulnerable Software and Affected Versions D-Link DIR-816A2 router firmware versions prior to DIR-816A2 FWv1.10CNB05 R1B011D88210 Description A stack buffer overflow condition exists in the D-Link DIR-816A2 router firmware. The issue is located in the upload.cgi module, which processes...

8.8CVSS7.9AI score0.00259EPSS

Exploits1References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by