Lucene search
K

508 matches found

OSV
OSV
added 2026/05/25 5:27 a.m.13 views

MAL-2026-4754 Malicious code in heims (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33e7dda6f116113ebe2bd1ae1ec5238d66f8ada8a87e69a90e49aac1f4eb3f57 The package's WechatUtil.gettoken in src/heims/utils/wechat/wechatutil.py hardcodes a POST to https://token.zhangjianpeng.cn/ with md5appid and...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/18 12:31 a.m.9 views

GHSA-CVWM-VWHP-22JX org.linlinjava:litemall-wx-api has an Injection issue

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in SQL injection. Remote...

7.3CVSS6.7AI score0.00259EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/18 12:31 a.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the /wx/goods/list endpoint in the front-end WeChat API. An attacker can access, modify, or delete sensitive data by sending specially crafted input to the API endpoint. Remediation There is no fixed version for...

7.5CVSS7.6AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 12:31 a.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the /wx/goods/list endpoint in the front-end WeChat API. An attacker can access, modify, or delete sensitive data by sending specially crafted input to the API endpoint. Remediation There is no fixed version for...

7.5CVSS7.6AI score0.00259EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/18 12:31 a.m.12 views

org.linlinjava:litemall-wx-api has an Injection issue

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in SQL injection. Remote...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/05/18 12:16 a.m.37 views

CVE-2026-8771

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...

7.5CVSS0.00259EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

litemall 注入漏洞

Litemall is a small shopping system developed by Linlinjava’s developers. Versions of Litemall 1.8.0 and earlier had a injection vulnerability. This vulnerability originated from a function in the Front-end WeChat API, specifically the list function in the...

7.5CVSS7.1AI score0.00259EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/17 11:30 p.m.17 views

CVE-2026-8771

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/17 11:30 p.m.62 views

CVE-2026-8771 linlinjava litemall Front-end WeChat API WxGoodsController.java list sql injection

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...

7.5CVSS0.00259EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/17 11:30 p.m.7 views

CVE-2026-8771 linlinjava litemall Front-end WeChat API WxGoodsController.java list sql injection

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References4
CVE
CVE
added 2026/05/17 11:30 p.m.22 views

CVE-2026-8771

The vulnerability CVE-2026-8771 affects linlinjava litemall up to v1.8.0, specifically the Front-end WeChat API component WxGoodsController.java (WxGoodsController). A SQL injection can be triggered by manipulating the function list, with remote exploitation possible and the exploit publicly rele...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.12 views

PT-2026-41590

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References5
NVD
NVD
added 2026/04/29 6:16 p.m.5 views

CVE-2026-7396

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. It is possible to initiate the attack remotely. T...

6.9CVSS0.00479EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/29 5:30 p.m.5 views

EUVD-2026-26267

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. It is possible to initiate the attack remotely. T...

6.9CVSS5.4AI score0.00479EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/29 5:30 p.m.3 views

CVE-2026-7396

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. It is possible to initiate the attack remotely. T...

6.9CVSS5.5AI score0.00479EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/04/29 5:30 p.m.32 views

CVE-2026-7396 NousResearch hermes-agent WeChat Work Platform Adapter wecom.py path traversal

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. It is possible to initiate the attack remotely. T...

6.9CVSS0.00479EPSS
Exploits0References6
CVE
CVE
added 2026/04/29 5:30 p.m.60 views

CVE-2026-7396

CVE-2026-7396 : NousResearch hermes-agent 0.8.0 contains a path traversal vulnerability in the WeChat Work Platform Adapter, specifically in the file gateway/platforms/wecom.py. The issue arises from manipulation of an unknown functionality, allowing a remote attacker to traverse directories. The...

6.9CVSS5.5AI score0.00479EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.12 views

PT-2026-35964

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. It is possible to initiate the attack remotely. T...

6.9CVSS5.4AI score0.00479EPSS
Exploits0References7
Packet Storm News
Packet Storm News
added 2026/04/24 12:0 a.m.4 views

MetInfo CMS 8.1 WeChat Module Vulnerability Detection Scanner

This Metasploit auxiliary module is a non-exploit vulnerability detection scanner designed to assess potential security weaknesses in the MetInfo CMS WeChat module, specifically related to weixinreply.class.php handling logic...

9.8CVSS5.2AI score0.39688EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.6 views

CVE-2026-6576

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...

6.5CVSS6.3AI score0.01456EPSS
Exploits0References1
Rows per page
Query Builder