24h | 7d | 30d

CVE-2026-3956

Overview

  • xierongwkhd
  • weimai-wetapp
11 Mar 2026
Published
12 Mar 2026
Updated
CVSS v4.0
MEDIUM (5.1)
EPSS
0.04%
KEV

Description

A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects the function getAdmins of the file source-code/src/main/java/com/moke/wp/wx_weimai/controller/admin/Admin_AdminUserController.java. Performing a manipulation of the argument keyword results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture fallback
ZAST AI @zastai

ZAST.AI identified and verified two SQL injection vulnerabilities in weimai-wetapp <= 1.0.0:

CVE-2026-3956 in /admin/auser/getAdmins
CVE-2026-3957 in /home/getLikeMovieList
Why this case matters:

the vulnerable parameters sit in two different application contexts
one path affects admin listing logic and one affects public recommendation logic
ZAST.AI validated exploitation with SQLMap and confirmed recovery of root@%
For defenders, this is a strong signal to review MyBatis-backed query flows as a class, not one endpoint at a time.

Full report: blog.zast.ai/vulnerability%20r

  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-3957

Overview

  • xierongwkhd
  • weimai-wetapp
11 Mar 2026
Published
12 Mar 2026
Updated
CVSS v4.0
MEDIUM (5.1)
EPSS
0.05%
KEV

Description

A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This vulnerability affects the function getLikeMovieList of the file source-code/src/main/java/com/moke/wp/wx_weimai/controller/HomeController.java of the component Endpoint. Executing a manipulation of the argument cat can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture fallback
ZAST AI @zastai

ZAST.AI identified and verified two SQL injection vulnerabilities in weimai-wetapp <= 1.0.0:

CVE-2026-3956 in /admin/auser/getAdmins
CVE-2026-3957 in /home/getLikeMovieList
Why this case matters:

the vulnerable parameters sit in two different application contexts
one path affects admin listing logic and one affects public recommendation logic
ZAST.AI validated exploitation with SQLMap and confirmed recovery of root@%
For defenders, this is a strong signal to review MyBatis-backed query flows as a class, not one endpoint at a time.

Full report: blog.zast.ai/vulnerability%20r

  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-14772

Overview

  • ABB
  • T-MAC Plus
03 Jun 2026
Published
03 Jun 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.04%
KEV

Description

Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
boredchilada @boredchilada.bsky.social
~Cybergcca~ CCCS issued 3 advisories for vulnerabilities in Google Chrome, ABB T-MAC Plus, and Phoenix Contact CHARX SEC-3xxx. - IOCs: CVE-2025-14771, CVE-2025-14772, CVE-2025-14773 - #CyberSecurity #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-14773

Overview

  • ABB
  • T-MAC Plus
03 Jun 2026
Published
03 Jun 2026
Updated
CVSS v3.1
HIGH (8.0)
EPSS
0.04%
KEV

Description

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
boredchilada @boredchilada.bsky.social
~Cybergcca~ CCCS issued 3 advisories for vulnerabilities in Google Chrome, ABB T-MAC Plus, and Phoenix Contact CHARX SEC-3xxx. - IOCs: CVE-2025-14771, CVE-2025-14772, CVE-2025-14773 - #CyberSecurity #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 1h ago
Showing 41 to 44 of 44 CVEs