Lucene search
K

518 matches found

vulnersOsv
vulnersOsv
added 2025/08/14 6:52 p.m.5 views

jl-wechat-sdk (>=1.0.0 <=1.2.3) potentially affected by unknown CVE via crpyto-js (=0.0.1-security)

crpyto-js NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on crpyto-js and may be impacted: - jl-wechat-sdk =1.0.0, =1.2.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-17718...

5.8AI score
Exploits0
NVD
NVD
added 2025/08/09 7:15 p.m.11 views

CVE-2025-8764

A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclose...

6.5CVSS0.00242EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/08/03 12:0 a.m.19 views

wx-shop 安全漏洞

wx-shop is a WeChat applet simple mall by the individual developer Feng Zhihui 495300897. A security vulnerability exists in wx-shop, which stems from vulnerability to cross-site request forgery attacks...

5.3CVSS4.8AI score0.002EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/06/28 4:23 p.m.13 views

CVE-2025-34045

A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/downloadimgage endpoint, where insufficient inpu...

8.7CVSS6.8AI score0.04311EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.12 views

CVE-2024-27565

A Server-Side Request Forgery SSRF in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests...

9.8CVSS7AI score0.00661EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:28 a.m.6 views

CVE-2024-40433

Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view component...

8.8CVSS7.1AI score0.01175EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:18 a.m.17 views

CVE-2022-45564

SQL Injection vulnerability in znfit Home improvement ERP management system V5020220207,v42 allows attackers to execute arbitrary sql commands via the userCode parameter to the wechat applet...

9.8CVSS8.8AI score0.00761EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/05/23 12:0 a.m.4 views

Modeling Interdependent Privacy Threats

The rise of online social networks, user-gene-rated content, and third-party apps made data sharing an inevitable trend, driven by both user behavior and the commercial value of personal information. As service providers amass vast amounts of data, safeguarding individual privacy has become...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.9 views

CVE-2021-24615

The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks...

5.4CVSS6.3AI score0.00382EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:51 p.m.11 views

CVE-2021-43678

Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting XSS vulnerability in Wechat.php...

6.1CVSS5.9AI score0.00775EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:3 a.m.5 views

CVE-2019-17151

This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that the target must be within a chat session together with the attacker. The specific flaw...

5.8CVSS6.7AI score0.01374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:35 a.m.10 views

CVE-2018-25082

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...

9.8CVSS6.8AI score0.00775EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/21 12:0 a.m.4 views

KillWxapkg 安全漏洞

KillWxapkg is an automated decompiler of WeChat applets by Antkites individual developers. A security vulnerability exists in KillWxapkg 2.4.1 and earlier versions, which stems from an os command injection in the processFile function in the internal/unpack/unpack.go file...

8.1CVSS5.5AI score0.02343EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/02/05 10:27 p.m.8 views

CVE-2022-45837

Reflected Cross-Site Scripting XSS vulnerability in Denis 微信机器人高级版 plugin = 6.0.1 versions...

7.1CVSS5.8AI score0.00408EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:59 p.m.11 views

CVE-2020-27874

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM...

8.8CVSS6.8AI score0.02016EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 6:44 a.m.10 views

CVE-2024-50522

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in redyyu WeChat Subscribers Lite wechat-subscribers-lite allows Reflected XSS.This issue affects WeChat Subscribers Lite : from n/a through = 1.6.6...

7.1CVSS5.9AI score0.00394EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:27 a.m.7 views

CVE-2024-9108

The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convertremoteimagetolocal' function in versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS8AI score0.00853EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:19 a.m.15 views

CVE-2024-9106

The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. This is due to insufficient verification on the user being supplied during the social login. This makes it possible for unauthenticated attackers to log in as any existing...

9.8CVSS7.1AI score0.0171EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.4 views

PT-2024-36279 · WordPress · Midoks Wp微信机器人

Name of the Vulnerable Software and Affected Versions: Midoks WP微信机器人 versions through 5.3.5 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and also...

7.1CVSS6.7AI score0.00194EPSS
Exploits0References3
NVD
NVD
added 2024/11/19 5:15 p.m.16 views

CVE-2024-50522

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in redyyu WeChat Subscribers Lite wechat-subscribers-lite allows Reflected XSS.This issue affects WeChat Subscribers Lite : from n/a through = 1.6.6...

7.1CVSS0.00394EPSS
Exploits0References1
Rows per page
Query Builder