Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Tencent — Vulnerabilities & Security Advisories 29

Browse all 29 CVE security advisories affecting Tencent. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Tencent operates as a global technology conglomerate, primarily known for its social networking platforms, cloud services, and digital entertainment ecosystems. With twenty-nine recorded Common Vulnerabilities and Exposures (CVEs), the company’s historical security landscape reveals a pattern of typical enterprise software flaws. These incidents predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from complex web applications and backend infrastructure components. While no single catastrophic breach has defined its public security narrative, the volume of disclosed issues highlights the challenges inherent in maintaining vast, interconnected digital services. The company’s security posture reflects standard industry risks associated with large-scale software development, where diverse product lines create multiple attack surfaces. Continuous patching and rigorous code review processes remain essential for mitigating these recurring technical defects across its extensive portfolio of consumer and enterprise tools.

Top products by Tencent: WeKnora WeChat RapidJSON TFace HunyuanDiT Tencent Foxmail Hunyuan3D-1 PatrickStar MedicalNet NeuralNLP-NeuralClassifier FaceDetection-DSFD MimicMotion HunyuanVideo AI-Infra-Guard
CVE IDTitleCVSSSeverityPublished
CVE-2026-5585 Tencent AI-Infra-Guard Task Detail Endpoint task_manager.go information disclosure — AI-Infra-GuardCWE-200 5.3 Medium2026-04-05
CVE-2026-30861 WeKnora: Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation — WeKnoraCWE-78 10.0 Critical2026-03-07
CVE-2026-30860 WeKnora: Remote Code Execution via SQL Injection Bypass in AI Database Query Tool — WeKnoraCWE-89 10.0 Critical2026-03-07
CVE-2026-30859 WeKnora: Broken Access Control - Cross-Tenant Data Exposure — WeKnoraCWE-284 5.3 Medium2026-03-07
CVE-2026-30858 WeKnora: DNS Rebinding Vulnerability in web_fetch Tool Allows SSRF to Internal Resources — WeKnoraCWE-918 6.5 Medium2026-03-07
CVE-2026-30857 WeKnora: Unauthorized Cross‑Tenant Knowledge Base Cloning — WeKnoraCWE-639 5.3 Medium2026-03-07
CVE-2026-30856 WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection — WeKnoraCWE-706 5.9 Medium2026-03-07
CVE-2026-30855 WeKnora: Broken Access Control in Tenant Management — WeKnoraCWE-284 8.8 High2026-03-07
CVE-2026-30247 WeKnora: SSRF via Redirection — WeKnoraCWE-918 5.9 Medium2026-03-07
CVE-2026-22688 WeKnora has Command Injection in MCP stdio test — WeKnoraCWE-77 10.0 Critical2026-01-10
CVE-2026-22687 WeKnora vulnerable to SQL Injection — WeKnoraCWE-89 5.6 Medium2026-01-10
CVE-2025-13715 Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Remote Code Execution Vulnerability — FaceDetection-DSFDCWE-502 7.8AIHighAI2025-12-23
CVE-2025-13709 Tencent TFace restore_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability — TFaceCWE-502 7.8AIHighAI2025-12-23
CVE-2025-13711 Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability — TFaceCWE-502 7.8AIHighAI2025-12-23
CVE-2025-13706 Tencent PatrickStar merge_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability — PatrickStarCWE-502 7.8AIHighAI2025-12-23
CVE-2025-13708 Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability — NeuralNLP-NeuralClassifierCWE-502 7.8AIHighAI2025-12-23
CVE-2025-13716 Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability — MimicMotionCWE-502 7.8AIHighAI2025-12-23
CVE-2025-13714 Tencent MedicalNet generate_model Deserialization of Untrusted Data Remote Code Execution Vulnerability — MedicalNetCWE-502 7.8AIHighAI2025-12-23
CVE-2025-13710 Tencent HunyuanVideo load_vae Deserialization of Untrusted Data Remote Code Execution Vulnerability — HunyuanVideoCWE-502 7.8AIHighAI2025-12-23
CVE-2025-13707 Tencent HunyuanDiT model_resume Deserialization of Untrusted Data Remote Code Execution Vulnerability — HunyuanDiTCWE-502 7.8AIHighAI2025-12-23
CVE-2025-13712 Tencent HunyuanDiT merge Deserialization of Untrusted Data Remote Code Execution Vulnerability — HunyuanDiTCWE-502 7.8AIHighAI2025-12-23
CVE-2025-13713 Tencent Hunyuan3D-1 load_pretrained Deserialization of Untrusted Data Remote Code Execution Vulnerability — Hunyuan3D-1CWE-502 7.8AIHighAI2025-12-23
CVE-2025-11046 Tencent WeKnora test testEmbeddingModel server-side request forgery — WeKnoraCWE-918 7.3 High2025-09-26
CVE-2024-39684 Tencent RapidJSON include/rapidjson/reader.h GenericReader::ParseNumber() Function Template Exponent Parsing Integer Overflow — RapidJSONCWE-190 6.8 High2024-07-09
CVE-2024-38517 Tencent RapidJSON include/rapidjson/reader.h GenericReader::ParseNumber() Function Template Exponent Parsing Integer Underflow — RapidJSONCWE-191 6.8 High2024-07-09
CVE-2021-27247 Tencent WeChat 缓冲区错误漏洞 — WeChatCWE-125 4.3 -2021-04-14
CVE-2020-27874 Tencent WeChat 缓冲区错误漏洞 — WeChatCWE-119 8.8 -2021-02-10
CVE-2019-17151 Tencent WeChat 输入验证错误漏洞 — WeChatCWE-356 5.4 -2020-01-07
CVE-2018-11616 Tencent Foxmail 命令注入漏洞 — Tencent FoxmailCWE-78 8.8 -2018-08-30

This page lists every published CVE security advisory associated with Tencent. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.