Vendor CVEs
Tencent
All CVEs
52 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11616 | Hig | 0.58 | 8.8 | 0.05 | Aug 30, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | ||
| CVE-2024-39684 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened;… | ||
| CVE-2025-11046 | Hig | 0.47 | 7.3 | 0.00 | Sep 26, 2025 | A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The… | ||
| CVE-2025-13716 | Hig | 0.44 | 7.8 | 0.00 | Dec 23, 2025 | Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MimicMotion. User interaction is required to exploit this… | ||
| CVE-2025-13715 | Hig | 0.44 | 7.8 | 0.00 | Dec 23, 2025 | Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent FaceDetection-DSFD. User interaction is required to exploit this… | ||
| CVE-2025-13714 | Hig | 0.44 | 7.8 | 0.00 | Dec 23, 2025 | Tencent MedicalNet generate_model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MedicalNet. User interaction is required to exploit this… | ||
| CVE-2025-13708 | Hig | 0.44 | 7.8 | 0.00 | Dec 23, 2025 | Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent NeuralNLP-NeuralClassifier. User interaction is… | ||
| CVE-2025-13706 | Hig | 0.44 | 7.8 | 0.00 | Dec 23, 2025 | Tencent PatrickStar merge_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent PatrickStar. User interaction is required to exploit this… | ||
| CVE-2024-38517 | Hig | 0.44 | 7.8 | 0.00 | Jul 9, 2024 | Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened;… | ||
| CVE-2024-56962 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-56955 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2026-8786 | Med | 0.41 | 6.3 | 0.00 | May 18, 2026 | A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to… | ||
| CVE-2025-9395 | Med | 0.41 | 6.3 | 0.00 | Aug 24, 2025 | A vulnerability was identified in wangsongyan wblog 0.0.1. This affects the function RestorePost of the file backup.go. Such manipulation of the argument fileName leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly… | ||
| CVE-2026-30856 | Med | 0.38 | 5.9 | 0.00 | Mar 7, 2026 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting… | ||
| CVE-2025-25329 | Med | 0.36 | 5.5 | 0.00 | Feb 27, 2025 | An issue in Tencent Technology (Beijing) Company Limited Tencent MicroVision iOS 8.137.0 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2018-5331 | Med | 0.35 | 5.4 | 0.01 | Jan 10, 2018 | Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. | ||
| CVE-2026-5585 | Med | 0.34 | 5.3 | 0.01 | Apr 5, 2026 | A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/task_manager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated… | ||
| CVE-2019-11419 | 0.03 | — | 0.04 | May 14, 2019 | vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file. The content of the… | |||
| CVE-2023-34312 | 0.01 | — | 0.01 | Jun 1, 2023 | In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition. | |||
| CVE-2026-30861 | 0.00 | — | 0.02 | Mar 7, 2026 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration validation. The application allows… | |||
| CVE-2026-30860 | 0.00 | — | 0.01 | Mar 7, 2026 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution (RCE) vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect… | |||
| CVE-2026-30859 | 0.00 | — | 0.00 | Mar 7, 2026 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants,… | |||
| CVE-2026-30858 | 0.00 | — | 0.00 | Mar 7, 2026 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the web_fetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the… | |||
| CVE-2026-30857 | 0.00 | — | 0.00 | Mar 7, 2026 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a cross-tenant authorization bypass in the knowledge base copy endpoint allows any authenticated user to clone (duplicate) another tenant’s knowledge… | |||
| CVE-2026-30855 | 0.00 | — | 0.00 | Mar 7, 2026 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID.… | |||
| CVE-2026-30247 | 0.00 | — | 0.00 | Mar 7, 2026 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery (SSRF) through HTTP redirects. While the backend… | |||
| CVE-2025-63945 | 0.00 | — | 0.00 | Feb 23, 2026 | A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210.9.28693.621001 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. | |||
| CVE-2026-22688 | 0.00 | — | 0.02 | Jan 10, 2026 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server… | |||
| CVE-2026-22687 | 0.00 | — | 0.00 | Jan 10, 2026 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use… | |||
| CVE-2025-13709 | 0.00 | — | 0.00 | Dec 23, 2025 | Tencent TFace restore_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnerability in… | |||
| CVE-2025-13711 | 0.00 | — | 0.00 | Dec 23, 2025 | Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnerability in that the… | |||
| CVE-2025-56230 | 0.00 | — | 0.00 | Nov 4, 2025 | Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component. | |||
| CVE-2024-40433 | 0.00 | — | 0.01 | Jul 26, 2024 | Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view component. | |||
| CVE-2024-34408 | 0.00 | — | 0.00 | May 3, 2024 | Tencent libpag through 4.3.51 has an integer overflow in DecodeStream::checkEndOfFile() in codec/utils/DecodeStream.cpp via a crafted PAG (Portable Animated Graphics) file. | |||
| CVE-2024-33078 | 0.00 | — | 0.01 | May 1, 2024 | Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code execution. | |||
| CVE-2024-22873 | 0.00 | — | 0.01 | Feb 26, 2024 | Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attackers to access internal requests via a crafted POST request. | |||
| CVE-2023-52286 | 0.00 | — | 0.01 | Dec 31, 2023 | Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387. | |||
| CVE-2023-40829 | 0.00 | — | 0.00 | Oct 12, 2023 | There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000. | |||
| CVE-2022-35158 | 0.00 | — | 0.01 | Aug 3, 2022 | A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service (DoS) via a crafted lua script. | |||
| CVE-2021-33057 | 0.00 | — | 0.01 | Jul 26, 2022 | The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use… | |||
| CVE-2021-40180 | 0.00 | — | 0.01 | Jul 26, 2022 | In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user's address book via wx.searchContacts. | |||
| CVE-2021-33879 | 0.00 | — | 0.01 | Jun 6, 2021 | Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows… | |||
| CVE-2021-27247 | 0.00 | — | 0.06 | Apr 14, 2021 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat 2.9.5 desktop version. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The… | |||
| CVE-2020-27874 | 0.00 | — | 0.02 | Feb 10, 2021 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists… | |||
| CVE-2020-24162 | 0.00 | — | 0.00 | Sep 3, 2020 | The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. | |||
| CVE-2020-24160 | 0.00 | — | 0.00 | Sep 3, 2020 | Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. | |||
| CVE-2019-17151 | 0.00 | — | 0.01 | Jan 7, 2020 | This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that the target must be within a chat session together with the attacker.… | |||
| CVE-2019-13125 | 0.00 | — | 0.01 | Jul 1, 2019 | HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation. | |||
| CVE-2011-4867 | 0.00 | — | 0.01 | Jan 25, 2012 | The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application. | |||
| CVE-2011-4865 | 0.00 | — | 0.01 | Jan 25, 2012 | The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application. |
- risk 0.58cvss 8.8epss 0.05
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- risk 0.51cvss 7.8epss 0.00
Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened;…
- risk 0.47cvss 7.3epss 0.00
A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The…
- risk 0.44cvss 7.8epss 0.00
Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MimicMotion. User interaction is required to exploit this…
- risk 0.44cvss 7.8epss 0.00
Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent FaceDetection-DSFD. User interaction is required to exploit this…
- risk 0.44cvss 7.8epss 0.00
Tencent MedicalNet generate_model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MedicalNet. User interaction is required to exploit this…
- risk 0.44cvss 7.8epss 0.00
Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent NeuralNLP-NeuralClassifier. User interaction is…
- risk 0.44cvss 7.8epss 0.00
Tencent PatrickStar merge_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent PatrickStar. User interaction is required to exploit this…
- risk 0.44cvss 7.8epss 0.00
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened;…
- risk 0.42cvss 6.5epss 0.00
An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in wangsongyan wblog 0.0.1. This affects the function RestorePost of the file backup.go. Such manipulation of the argument fileName leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly…
- risk 0.38cvss 5.9epss 0.00
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting…
- risk 0.36cvss 5.5epss 0.00
An issue in Tencent Technology (Beijing) Company Limited Tencent MicroVision iOS 8.137.0 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.35cvss 5.4epss 0.01
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.
- risk 0.34cvss 5.3epss 0.01
A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/task_manager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated…
- CVE-2019-11419May 14, 2019risk 0.03cvss —epss 0.04
vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file. The content of the…
- CVE-2023-34312Jun 1, 2023risk 0.01cvss —epss 0.01
In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.
- CVE-2026-30861Mar 7, 2026risk 0.00cvss —epss 0.02
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration validation. The application allows…
- CVE-2026-30860Mar 7, 2026risk 0.00cvss —epss 0.01
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution (RCE) vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect…
- CVE-2026-30859Mar 7, 2026risk 0.00cvss —epss 0.00
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants,…
- CVE-2026-30858Mar 7, 2026risk 0.00cvss —epss 0.00
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the web_fetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the…
- CVE-2026-30857Mar 7, 2026risk 0.00cvss —epss 0.00
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a cross-tenant authorization bypass in the knowledge base copy endpoint allows any authenticated user to clone (duplicate) another tenant’s knowledge…
- CVE-2026-30855Mar 7, 2026risk 0.00cvss —epss 0.00
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID.…
- CVE-2026-30247Mar 7, 2026risk 0.00cvss —epss 0.00
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery (SSRF) through HTTP redirects. While the backend…
- CVE-2025-63945Feb 23, 2026risk 0.00cvss —epss 0.00
A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210.9.28693.621001 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.
- CVE-2026-22688Jan 10, 2026risk 0.00cvss —epss 0.02
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server…
- CVE-2026-22687Jan 10, 2026risk 0.00cvss —epss 0.00
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use…
- CVE-2025-13709Dec 23, 2025risk 0.00cvss —epss 0.00
Tencent TFace restore_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnerability in…
- CVE-2025-13711Dec 23, 2025risk 0.00cvss —epss 0.00
Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnerability in that the…
- CVE-2025-56230Nov 4, 2025risk 0.00cvss —epss 0.00
Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component.
- CVE-2024-40433Jul 26, 2024risk 0.00cvss —epss 0.01
Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view component.
- CVE-2024-34408May 3, 2024risk 0.00cvss —epss 0.00
Tencent libpag through 4.3.51 has an integer overflow in DecodeStream::checkEndOfFile() in codec/utils/DecodeStream.cpp via a crafted PAG (Portable Animated Graphics) file.
- CVE-2024-33078May 1, 2024risk 0.00cvss —epss 0.01
Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code execution.
- CVE-2024-22873Feb 26, 2024risk 0.00cvss —epss 0.01
Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attackers to access internal requests via a crafted POST request.
- CVE-2023-52286Dec 31, 2023risk 0.00cvss —epss 0.01
Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387.
- CVE-2023-40829Oct 12, 2023risk 0.00cvss —epss 0.00
There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000.
- CVE-2022-35158Aug 3, 2022risk 0.00cvss —epss 0.01
A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service (DoS) via a crafted lua script.
- CVE-2021-33057Jul 26, 2022risk 0.00cvss —epss 0.01
The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use…
- CVE-2021-40180Jul 26, 2022risk 0.00cvss —epss 0.01
In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user's address book via wx.searchContacts.
- CVE-2021-33879Jun 6, 2021risk 0.00cvss —epss 0.01
Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows…
- CVE-2021-27247Apr 14, 2021risk 0.00cvss —epss 0.06
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat 2.9.5 desktop version. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…
- CVE-2020-27874Feb 10, 2021risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…
- CVE-2020-24162Sep 3, 2020risk 0.00cvss —epss 0.00
The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.
- CVE-2020-24160Sep 3, 2020risk 0.00cvss —epss 0.00
Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code.
- CVE-2019-17151Jan 7, 2020risk 0.00cvss —epss 0.01
This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that the target must be within a chat session together with the attacker.…
- CVE-2019-13125Jul 1, 2019risk 0.00cvss —epss 0.01
HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation.
- CVE-2011-4867Jan 25, 2012risk 0.00cvss —epss 0.01
The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application.
- CVE-2011-4865Jan 25, 2012risk 0.00cvss —epss 0.01
The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application.
Page 1 of 2