VYPR
Vendor

Tencent

Products
32
CVEs
52
Across products
52
Status
Private

Products

32
View all 32 products →

Recent CVEs

52
View all 52 CVEs →
  • CVE-2018-11616HigAug 30, 2018
    risk 0.58cvss 8.8epss 0.05

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2024-39684HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened;…

  • CVE-2025-11046HigSep 26, 2025
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The…

  • CVE-2025-13716HigDec 23, 2025
    risk 0.44cvss 7.8epss 0.00

    Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MimicMotion. User interaction is required to exploit this…

  • CVE-2025-13715HigDec 23, 2025
    risk 0.44cvss 7.8epss 0.00

    Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent FaceDetection-DSFD. User interaction is required to exploit this…

  • CVE-2025-13714HigDec 23, 2025
    risk 0.44cvss 7.8epss 0.00

    Tencent MedicalNet generate_model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MedicalNet. User interaction is required to exploit this…

  • CVE-2025-13708HigDec 23, 2025
    risk 0.44cvss 7.8epss 0.00

    Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent NeuralNLP-NeuralClassifier. User interaction is…

  • CVE-2025-13706HigDec 23, 2025
    risk 0.44cvss 7.8epss 0.00

    Tencent PatrickStar merge_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent PatrickStar. User interaction is required to exploit this…

  • CVE-2024-38517HigJul 9, 2024
    risk 0.44cvss 7.8epss 0.00

    Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened;…

  • CVE-2024-56962MedJan 27, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link.

  • CVE-2024-56955MedJan 27, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link.

  • CVE-2026-8786MedMay 18, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to…

  • CVE-2025-9395MedAug 24, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in wangsongyan wblog 0.0.1. This affects the function RestorePost of the file backup.go. Such manipulation of the argument fileName leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly…

  • CVE-2026-30856MedMar 7, 2026
    risk 0.38cvss 5.9epss 0.00

    WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting…

  • CVE-2025-25329MedFeb 27, 2025
    risk 0.36cvss 5.5epss 0.00

    An issue in Tencent Technology (Beijing) Company Limited Tencent MicroVision iOS 8.137.0 allows attackers to access sensitive user information via supplying a crafted link.

  • CVE-2018-5331MedJan 10, 2018
    risk 0.35cvss 5.4epss 0.01

    Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.

  • CVE-2026-5585MedApr 5, 2026
    risk 0.34cvss 5.3epss 0.01

    A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/task_manager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated…

  • CVE-2019-11419May 14, 2019
    risk 0.03cvss epss 0.04

    vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file. The content of the…

  • CVE-2023-34312Jun 1, 2023
    risk 0.01cvss epss 0.01

    In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.

  • CVE-2026-30861Mar 7, 2026
    risk 0.00cvss epss 0.02

    WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration validation. The application allows…