CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/11/19 5:15 p.m.•1 views

CVE-2025-12766

5CVSS5.8AI score0.00036EPSS

NVD•added 2025/11/19 5:15 p.m.•5 views

CVE-2025-12766

5CVSS0.00036EPSS

CVE•added 2025/11/19 4:8 p.m.•5 views

CVE-2025-12766

CVE-2025-12766 is a vulnerability in the Management Console of BlackBerry AtHoc (OnPrem) v7.21 where an insecure direct object reference (IDOR) could allow an attacker to gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System (IWS). Affected component:...

5CVSS6.5AI score0.00036EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/11/19 4:8 p.m.•3 views

CVE-2025-12766 Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of affected versions of BlackBerry AtHoc.

5CVSS6.5AI score0.00036EPSS

Cvelist•added 2025/11/19 4:8 p.m.•4 views

CVE-2025-12766 Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of affected versions of BlackBerry AtHoc.

5CVSS0.00036EPSS

Positive Technologies•added 2025/11/19 12:0 a.m.•4 views

PT-2025-47468

5CVSS6.9AI score0.00036EPSS

Exploits0References2

OSV•added 2025/01/31 11:25 a.m.•6 views

CVE-2025-21666 vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]

In the Linux kernel, the following vulnerability has been resolved: vsock: prevent null-ptr-deref in vsockhasdata|hasspace Recent reports have shown how we sometimes call vsockhasdata when a vsock socket has been de-assigned from a transport see attached links, but we shouldn't. Previous commits...

5.5CVSS6.2AI score0.00031EPSS

Exploits0References11

OSV•added 2023/10/27 6:15 p.m.•0 views

CVE-2023-5827

A vulnerability was found in Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2. It has been classified as critical. This affects an unknown part of the file /Web/SysManage/UserEdit.aspx. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed t...

9.8CVSS5.6AI score

Exploits0References3

CVE•added 2023/10/27 5:31 p.m.•35 views

CVE-2023-5827

CVE-2023-5827 affects Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2. The vulnerability is in the file /Web/SysManage/UserEdit.aspx, where manipulating the ID parameter leads to a SQL injection. Several connected sources corroborate a critical impact with public disclosure of...

9.8CVSS7.8AI score0.00052EPSS

Cvelist•added 2023/10/27 5:31 p.m.•8 views

CVE-2023-5827 Shanghai CTI Navigation CTI Monitoring and Early Warning System UserEdit.aspx sql injection

5.5CVSS9.9AI score0.00052EPSS

Cvelist•added 2023/08/05 11:0 p.m.•15 views

CVE-2023-4172 Chengdu Flash Flood Disaster Monitoring and Warning System FileHandler.ashx absolute path traversal

A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal...

4.3CVSS7.8AI score0.00156EPSS

CVE•added 2023/08/05 11:0 p.m.•54 views

CVE-2023-4172

CVE-2023-4172 affects Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. The vulnerability arises from improper handling of the FileDirectory argument in the FileHandler.ashx (path/file processing), enabling absolute path traversal via a remote attack. Exploitation has been disclosed...

7.5CVSS6AI score0.00156EPSS

Vulnrichment•added 2023/08/05 9:0 p.m.•9 views

CVE-2023-4171 Chengdu Flash Flood Disaster Monitoring and Warning System FileDownload.ashx path traversal

A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file \Service\FileDownload.ashx. The manipulation of the argument Files leads to path traversal: '../filedir'. The attack can be...

4.3CVSS7.1AI score0.00183EPSS

OSV•added 2023/07/21 1:15 a.m.•0 views

CVE-2023-3804

A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file /Service/FileHandler.ashx. The manipulation of the argument userFile leads to unrestricted upload. The exploit has been...

9.8CVSS4.9AI score0.00112EPSS

NVD•added 2023/07/21 1:15 a.m.•10 views

CVE-2023-3803

A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.asmx of the component File Name Handler. The manipulation leads to insufficiently random values. Th...

3.7CVSS3.9AI score0.00115EPSS

Prion•added 2023/07/21 1:15 a.m.•23 views

Design/Logic Flaw

1.4CVSS4.3AI score0.00115EPSS

CVE•added 2023/07/21 1:0 a.m.•29 views

CVE-2023-3804

CVE-2023-3804 affects Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. The vulnerability is in the file /Service/FileHandler.ashx, where manipulation of the argument userFile enables unrestricted upload. The exploit has been publicly disclosed. Several sources confirm this is a cod...

9.8CVSS7.7AI score0.00112EPSS

Cvelist•added 2023/07/21 12:31 a.m.•19 views

CVE-2023-3803 Chengdu Flash Flood Disaster Monitoring and Warning System File Name ImageStationDataService.asmx random values

2.6CVSS4.5AI score0.00115EPSS

CVE•added 2023/07/21 12:31 a.m.•33 views

CVE-2023-3803

CVE-2023-3803 affects Chengdu Flash Flood Disaster Monitoring and Warning System 2.0, specifically the File Name Handler component and the /Service/ImageStationDataService.asmx file. The root cause is a flaw that leads to insufficiently random values. Documented attack complexity is high and expl...

3.7CVSS4AI score0.00115EPSS