11 matches found
EUVD-2025-28138
Malicious code in bioql PyPI...
CVE-2025-47948
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...
Cocotais Bot has builtin .echo command injection
Summary A command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized user can use the /echo command to cause the bot to send a message that mentions all members in the chat, bypassing any...
GHSA-MJ2C-8HXF-FFVQ Cocotais Bot has builtin .echo command injection
Summary A command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized user can use the /echo command to cause the bot to send a message that mentions all members in the chat, bypassing any...
CVE-2025-47948
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...
CVE-2025-47948 Cocotais Bot has builtin .echo command injection
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...
CVE-2025-47948 Cocotais Bot has builtin .echo command injection
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...
CVE-2025-47948 Cocotais Bot has builtin .echo command injection
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...
CVE-2025-47948
Cocotais Bot (QQ bot framework) has a command-echo vulnerability. In versions 1.5.0-test2-hotfix through 1.6.1, an unauthenticated user can abuse /echo to trigger privileged behavior by injecting platform tags, causing the bot to mention all chat members and bypassing permissions. The issue stem...
PT-2025-21803 · Unknown · Cocotais Bot
Name of the Vulnerable Software and Affected Versions: Cocotais Bot versions 1.5.0-test2-hotfix through 1.6.2 Description: The issue allows unauthorized users to indirectly trigger privileged behavior by injecting special platform tags, potentially leading to spam, disruption, or abuse of...
Cocotais Bot 注入漏洞
Cocotais Bot is a fast, lightweight and easy-to-use QQ bot framework open-sourced by Cocotais Team. An injection vulnerability exists in Cocotais Bot versions prior to 1.6.2, which stems from the command-return feature that allows the injection of special platform tags, which could lead to...