517 matches found
PT-2026-28169
Name of the Vulnerable Software and Affected Versions Pay versions prior to 3.7.20 Description The verify wechat sign function in src/Functions.php does not properly validate signatures when the Host header in a PSR-7 request is set to localhost. This allows an attacker to bypass the RSA signatur...
WeRSS 代码注入漏洞
WeRSS is a WeChat official account system developed by Rachel. Versions of WeRSS 1.4.8 and earlier had a code injection vulnerability. This vulnerability originated from a cross-site scripting issue in the fixhtml function within the Article Module component’s files in tools/fix.py...
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle AitM framework dubbed DKnife that's operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based implants that are designed to perform deep packet inspection...
wechat-monitor-poc
WeChat Message Monitoring PoC Project Project Description...
com.foxinmy:easemob4j (>=1.1.0 <=1.1.3), com.foxinmy:umeng4j (>=1.1.0 <=1.1.3) +13 more potentially affected by CVE-2026-24819 via com.foxinmy:weixin4j-base (>=1.0 <=1.9.1)
com.foxinmy:weixin4j-base MAVEN version =1.0, =1.1.0, =1.1.0, =1.9.0, =1.4, =1.0, =1.9.0, =1.4, =1.0, =1.8.0, =1.0.9-RELEASE, =0.0.2, =0.0.3 - org.oxerr:spring-security-wechat-samples-helloworld =0.0.1 Source cves: CVE-2026-24819 Source advisory: SNYK:JAVA-COMFOXINMY-15128702...
wxhelper security vulnerability
wxhelper is a WeChat reverse-engineering tool developed by ttttupup. Versions of wxhelper 3.9.10.19-v1 and earlier contain security vulnerabilities. These vulnerabilities stem from an out-of-bound write operation and a heap-based buffer overflow vulnerability present in the program file mongoose....
CVE-2023-40829
There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000...
CVE-2021-27247
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat 2.9.5 desktop version. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
EUVD-2018-2324
Malware in sbrugna...
EUVD-2018-12981
Malware in sbrugna...
EUVD-2018-12980
Malware in sbrugna...
EUVD-2021-14012
Malware in sbrugna...
EUVD-2021-27365
Malware in sbrugna...
EUVD-2020-20367
Malware in sbrugna...
EUVD-2018-2110
Malware in sbrugna...
EUVD-2019-7608
Malware in sbrugna...
EUVD-2019-3094
Malware in sbrugna...
EUVD-2019-9586
Malware in sbrugna...
EUVD-2018-12979
Malware in sbrugna...
EUVD-2024-45094
Malicious code in bioql PyPI...