524 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-2617
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic was found in OpenCV wechatqrcode Module up to 4.7.0. Affected by this vulnerability is the function...
CVE-2025-50902
Cross Site Request Forgery CSRF vulnerability in old-peanut Open-Shop aka old-peanut/wechatappletopensource thru 1.0.0 allows attackers to gain sensitive information via crafted HTTP Post message...
dts-mall 安全漏洞
dts-mall is a WeChat small program mall by qiguliuxing individual developer. A security vulnerability exists in dts-mall version v0.0.1-SNAPSHOT, which stems from improper access control and could lead to authentication bypass...
PT-2025-34148 · Old Peanut · Open-Shop
Name of the Vulnerable Software and Affected Versions: old-peanut Open-Shop versions through 1.0.0 Description: A Cross Site Request Forgery CSRF issue exists in old-peanut Open-Shop, allowing attackers to obtain sensitive information via a crafted HTTP Post message. Recommendations: At the momen...
Linux Distros Unpatched Vulnerability : CVE-2023-2618
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as problematic, has been found in OpenCV wechatqrcode Module up to 4.7.0. Affected by this issue is the function...
jl-wechat-sdk (>=1.0.0 <=1.2.3) potentially affected by unknown CVE via crpyto-js (=0.0.1-security)
crpyto-js NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on crpyto-js and may be impacted: - jl-wechat-sdk =1.0.0, =1.2.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-17718...
CVE-2025-8764
A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclose...
wx-shop 安全漏洞
wx-shop is a WeChat applet simple mall by the individual developer Feng Zhihui 495300897. A security vulnerability exists in wx-shop, which stems from vulnerability to cross-site request forgery attacks...
CVE-2025-34045
A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/downloadimgage endpoint, where insufficient inpu...
CVE-2024-27565
A Server-Side Request Forgery SSRF in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests...
CVE-2024-40433
Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view component...
CVE-2022-45564
SQL Injection vulnerability in znfit Home improvement ERP management system V5020220207,v42 allows attackers to execute arbitrary sql commands via the userCode parameter to the wechat applet...
Modeling Interdependent Privacy Threats
The rise of online social networks, user-gene-rated content, and third-party apps made data sharing an inevitable trend, driven by both user behavior and the commercial value of personal information. As service providers amass vast amounts of data, safeguarding individual privacy has become...
CVE-2021-24615
The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks...
CVE-2021-43678
Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting XSS vulnerability in Wechat.php...
CVE-2019-17151
This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that the target must be within a chat session together with the attacker. The specific flaw...
CVE-2018-25082
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...
KillWxapkg 安全漏洞
KillWxapkg is an automated decompiler of WeChat applets by Antkites individual developers. A security vulnerability exists in KillWxapkg 2.4.1 and earlier versions, which stems from an os command injection in the processFile function in the internal/unpack/unpack.go file...
CVE-2022-45837
Reflected Cross-Site Scripting XSS vulnerability in Denis 微信机器人高级版 plugin = 6.0.1 versions...
CVE-2020-27874
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM...