Lucene search
+L

248 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 2:44 a.m.7 views

CVE-2018-11549

An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings - Member Centre - Chinese information - Ordinary member" via a QQ number, as demonstrated by a formqq10= substring...

5.4CVSS5.6AI score0.00667EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/17 6:42 p.m.3 views

CVE-2025-47948 Cocotais Bot has builtin .echo command injection

Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...

7.2CVSS7AI score0.00346EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/17 6:42 p.m.23 views

CVE-2025-47948 Cocotais Bot has builtin .echo command injection

Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...

7.2CVSS0.00346EPSS
Exploits0References2
OSV
OSV
added 2025/05/17 6:42 p.m.5 views

CVE-2025-47948 Cocotais Bot has builtin .echo command injection

Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...

7.2CVSS6.5AI score0.00346EPSS
Exploits0References4
OSV
OSV
added 2024/10/23 3:15 p.m.6 views

CVE-2024-10290

A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...

7.5CVSS4.9AI score0.00578EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/10/23 3:0 p.m.33 views

CVE-2024-10290 ZZCMS inc.php information disclosure

A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...

6.9CVSS0.00578EPSS
Exploits0References4
HackRead
HackRead
added 2024/08/13 12:22 p.m.22 views

Hackers Leak 1.4 Billion Tencent User Accounts Online

Massive data leak exposes 1.4 billion Tencent user accounts. Leaked data includes emails, phone numbers, and QQ IDs…...

7.3AI score
Exploits0
vulnersOsv
vulnersOsv
added 2023/09/09 12:30 a.m.12 views

club.mrxiao:express-java-common (>=1.0.0 <=1.0.2), club.mrxiao:express-java-jdl (>=1.0.0 <=1.0.2) +439 more potentially affected by CVE-2023-42278 via cn.hutool:hutool-json (>=4.0.0 <=5.8.21)

cn.hutool:hutool-json MAVEN version =4.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.3, =2.0.5, =2.0.1.B, =2.0.1.B, =2.0.1.B, =1.0.1, =1.0.3 and more Source cves: CVE-2023-42278 Source advisory: OSV:GHSA-RR66-QH5M-W6MX...

7.5CVSS7.1AI score0.00706EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/09/09 12:30 a.m.7 views

club.mrxiao:express-java-common (>=1.0.0 <=1.0.2), club.mrxiao:express-java-jdl (>=1.0.0 <=1.0.2) +439 more potentially affected by CVE-2023-42277 via cn.hutool:hutool-json (>=4.0.0 <=5.8.21)

cn.hutool:hutool-json MAVEN version =4.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.3, =2.0.5, =2.0.1.B, =2.0.1.B, =2.0.1.B, =1.0.1, =1.0.3 and more Source cves: CVE-2023-42277 Source advisory: OSV:GHSA-7P8C-CRFR-Q93P...

9.8CVSS7.2AI score0.00769EPSS
Exploits1
CNVD
CNVD
added 2023/08/28 12:0 a.m.6 views

QQ Music Command Execution Vulnerability

QQ Music is the official music playback software from Tencent. A command execution vulnerability exists in QQ Music, which can be exploited by an attacker to execute arbitrary commands...

7.9AI score
Exploits0
CNVD
CNVD
added 2023/06/02 12:0 a.m.10 views

Tencent QQ Local Elevation of Privilege Vulnerability

Tencent QQ is a multi-platform instant messaging software from China's Tencent. A local elevation of privilege vulnerability exists in Tencent QQ. The vulnerability is caused due to QQProtect.exe and QQProtectEngine.dll not validating pointers from inter-process communication, which can lead to a...

7.8CVSS6.6AI score0.00598EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/06/01 3:15 a.m.6 views

CVE-2023-34312

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition...

7.8CVSS5.7AI score0.00598EPSS
Exploits1References2
OSV
OSV
added 2023/06/01 3:15 a.m.5 views

CVE-2023-34312

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition...

7.8CVSS7.1AI score0.00598EPSS
Exploits1References1
NVD
NVD
added 2023/06/01 3:15 a.m.35 views

CVE-2023-34312

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition...

7.8CVSS7.6AI score0.00598EPSS
Exploits1References1
Prion
Prion
added 2023/06/01 3:15 a.m.21 views

Design/Logic Flaw

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition...

4.3CVSS7.5AI score0.00598EPSS
Exploits1References1Affected Software2
Vulnrichment
Vulnrichment
added 2023/06/01 12:0 a.m.12 views

CVE-2023-34312

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition...

6.8AI score0.00598EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/06/01 12:0 a.m.9 views

Tencent QQ 安全漏洞

Tencent QQ is a multi-platform instant messaging software from China's Tencent. A local elevation of privilege vulnerability exists in Tencent QQ. The vulnerability is caused due to QQProtect.exe and QQProtectEngine.dll not validating pointers from inter-process communication, which can lead to a...

7.8CVSS6.8AI score0.00598EPSS
Exploits1References2
CVE
CVE
added 2023/06/01 12:0 a.m.255 views

CVE-2023-34312

CVE-2023-34312 affects Tencent QQ (versions up to 9.7.8.29039) and TIM (up to 3.4.7.22084). The issue is a write-what-where condition caused by QQProtect.exe and QQProtectEngine.dll not validating pointers from inter-process communication, enabling a local breach with high impact in confidentiali...

7.8CVSS7.5AI score0.00598EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2023/06/01 12:0 a.m.58 views

CVE-2023-34312

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition...

7.8AI score0.00598EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2023/04/26 12:33 p.m.42 views

Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China

The advanced persistent threat APT group referred to as Evasive Panda has been observed targeting an international non-governmental organization NGO in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ. The attack chains are designed to distribut...

6.9AI score
Exploits0
Rows per page
Query Builder