CVE-2026-8320 jishenghua jshERP updatePlatformConfigByKey Endpoint UserService.java getUserByWeixinCode server-side request forgery

A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java of the component updatePlatformConfigByKey Endpoint. Such manipulation of the argument weixinUrl lead...

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system CMS known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 CVSS score: 9.8, a code injection flaw that could result in arbitrary...

📄 MetInfo CMS 8.1 PHP Code Injection

This Python script is a full remote code execution exploit suite targeting a vulnerability in MetInfo CMS versions 8.1 and below. The flaw resides in the weixin module handling logic, where improperly sanitized input allows PHP code injection via crafted XML and HTTP parameters/headers...

📄 MetInfo CMS 8.1 Code Injection

MetInfo CMS versions 8.1 and below suffer from a PHP code injection vulnerability in weixinreply.class.php. --------------------------------------------------------------------------- MetInfo CMS = 8.1 weixinreply.class.php PHP Code Injection Vulnerability...

com.foxinmy:easemob4j (>=1.1.0 <=1.1.3), com.foxinmy:umeng4j (>=1.1.0 <=1.1.3) +13 more potentially affected by CVE-2026-24819 via com.foxinmy:weixin4j-base (>=1.0 <=1.9.1)

com.foxinmy:weixin4j-base MAVEN version =1.0, =1.1.0, =1.1.0, =1.9.0, =1.4, =1.0, =1.9.0, =1.4, =1.0, =1.8.0, =1.0.9-RELEASE, =0.0.2, =0.0.3 - org.oxerr:spring-security-wechat-samples-helloworld =0.0.1 Source cves: CVE-2026-24819 Source advisory: SNYK:JAVA-COMFOXINMY-15128702...

Improperly Controlled Sequential Memory Allocation

Overview com.foxinmy:weixin4j-base is a 微信开发基础工程 Affected versions of this package are vulnerable to Improperly Controlled Sequential Memory Allocation due to improper control of memory allocation in the CharArrayBuffer and ClassUtil components. An attacker can cause excessive memory consumption ...

GHSA-444M-PX7R-QPVV weixin4j has Improperly Controlled Sequential Memory Allocation

Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules. This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java. This issue affects all versions of weixin4j. A path is...

EUVD-2018-12878

Malware in sbrugna...

EUVD-2022-4092

Malicious code in bioql PyPI...

EUVD-2025-27455

Malicious code in bioql PyPI...

litemall 授权问题漏洞

litemall is a small mall system for linlinjava individual developers. An authorization issue vulnerability exists in litemall 1.8.0 and earlier versions, which stems from incorrect manipulation of the parameter ID of the function WxAftersaleController in the file /wx/aftersale/cancel, which could...

CVE-2025-30875

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alexandre Froger WP Weixin wp-weixin allows Stored XSS.This issue affects WP Weixin: from n/a through = 1.3.16...

CVE-2025-30875

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alexandre Froger WP Weixin wp-weixin allows Stored XSS.This issue affects WP Weixin: from n/a through = 1.3.16...

CVE-2025-30875

CVE-2025-30875 applies to WordPress plugin WP Weixin by Alexandre Froger, vulnerable to Stored XSS via improper input neutralization during web page generation. Affected: WP Weixin versions n/a through 1.3.16. CVSS v3.1 metrics: AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L; base score 5.9 (Medium). Exploi...

CVE-2025-30875

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alexandre Froger WP Weixin wp-weixin allows Stored XSS.This issue affects WP Weixin: from n/a through = 1.3.16...

CVE-2025-30875 WordPress WP Weixin plugin <= 1.3.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alexandre Froger WP Weixin wp-weixin allows Stored XSS.This issue affects WP Weixin: from n/a through = 1.3.16...

CVE-2025-30875 WordPress WP Weixin plugin <= 1.3.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alexandre Froger WP Weixin wp-weixin allows Stored XSS.This issue affects WP Weixin: from n/a through = 1.3.16...

WordPress plugin WP Weixin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

PT-2025-36755

Name of the Vulnerable Software and Affected Versions: Alexandre Froger WP Weixin versions through 1.3.16 Description: The software contains an Improper Neutralization of Input During Web Page Generation, which allows for Stored Cross-site Scripting XSS. Recommendations: Update Alexandre Froger W...

CVE-2025-9297

A vulnerability was detected in Tenda i22 1.0.0.34687. This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be...