Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

tigroumeow — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting tigroumeow. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Tigroumeow is a security researcher focused on identifying vulnerabilities in web applications and software systems, with 14 CVEs primarily related to remote code execution and cross-site scripting flaws. Their work often targets popular open-source platforms and enterprise software, highlighting weaknesses in input validation and authentication mechanisms. While no major public incidents are directly attributed to tigroumeow, their contributions to vulnerability databases demonstrate consistent findings in privilege escalation and server-side request forgery categories. The researcher's CVE history shows a pattern of exposing flaws in widely used systems, contributing to improved security practices across affected vendors.

Top products by tigroumeow: AI Engine – The Chatbot, AI Framework & MCP for WordPress AI Engine Meow Gallery
CVE IDTitleCVSSSeverityPublished
CVE-2026-1400 AI Engine <= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload via 'filename' Parameter in update_media_metadata Endpoint — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-434 7.2 High2026-01-28
CVE-2026-0746 AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-918 6.4 Medium2026-01-27
CVE-2025-8084 AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-918 6.8 Medium2025-11-18
CVE-2025-12844 AI Engine <= 3.1.8 - Authenticated (Subscriber+) PHP Object Injection via PHAR Deserialization — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-502 7.1 High2025-11-13
CVE-2025-11749 AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-200 9.8 Critical2025-11-05
CVE-2025-8268 Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-862 6.5 Medium2025-09-03
CVE-2025-7847 AI Engine 2.9.3 - 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload — AI EngineCWE-434 8.8 High2025-07-31
CVE-2025-7780 AI Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-200 6.5 Medium2025-07-24
CVE-2025-5570 AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-79 5.4 Medium2025-07-08
CVE-2025-6238 AI Engine 2.8.4 - Insecure OAuth Implementation — AI EngineCWE-601 8.0 High2025-07-04
CVE-2025-5071 AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP — AI EngineCWE-863 8.8 High2025-06-19
CVE-2024-4386 Gallery Block (Meow Gallery) <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Meow GalleryCWE-79 6.4 Medium2024-05-09
CVE-2024-0378 AI Engine <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-79 6.5 Medium2024-03-02
CVE-2024-0699 AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-434 6.6 Medium2024-02-05

This page lists every published CVE security advisory associated with tigroumeow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.