CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.2CVSS6AI score0.00134EPSS

EUVD-2022-55939

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victi...

9.8CVSS7.8AI score0.01174EPSS

EUVD-2022-55932

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system...

9.8CVSS6.7AI score0.00269EPSS

EUVD-2022-55941

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php, traceroute.php, and dns.php to generate network flooding attacks targeting...

9.8CVSS6.4AI score0.00387EPSS

EUVD-2022-55934

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected...

9.8CVSS6.3AI score0.0024EPSS

EUVD-2022-55936

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream...

8.5CVSS7AI score0.0436EPSS

EUVD-2022-55935

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the vulnerable ping.php script,...

9.3CVSS8.3AI score0.01147EPSS

EUVD-2022-55930

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi script to write malicious files to the system with www-data permissions, enabling unauthorized...

7.5CVSS6.5AI score0.00056EPSS

EUVD-2022-55943

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the...

Exploits2References7

NVD•added 2025/12/30 11:15 p.m.•1 views

CVE-2022-50792

8.7CVSS0.00387EPSS

OSV•added 2025/12/30 11:15 p.m.•1 views

CVE-2022-50790

7.5CVSS5.8AI score0.0024EPSS

NVD•added 2025/12/30 11:15 p.m.•1 views

CVE-2022-50788

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without authentication...

7.5CVSS0.00387EPSS

NVD•added 2025/12/30 11:15 p.m.•2 views

CVE-2022-50790

7.5CVSS0.0024EPSS

CVE-2022-50787

7.2CVSS6AI score

Exploits0References5

NVD•added 2025/12/30 11:15 p.m.•1 views

CVE-2022-50788

7.5CVSS5.8AI score

Exploits0References5

CVE-2022-50692

7.5CVSS0.00056EPSS

CVE-2022-50694

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access...

9.8CVSS6AI score

Exploits0References5