CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/02/20 7:16 a.m.•4 views

CVE-2026-2825

5.1CVSS0.00013EPSS

CVE•added 2026/02/20 6:2 a.m.•9 views

CVE-2026-2825

CVE-2026-2825 affects WeRSS we-mp-rss up to 1.4.8, specifically the Article Module’s tools/fix.py fix_html function. The vulnerability enables cross-site scripting (XSS) via manipulated input, with remote initiation possible. The exploit has been disclosed publicly. The provided documents do not ...

5.1CVSS3.8AI score0.00013EPSS

Vulnrichment•added 2026/02/20 6:2 a.m.•4 views

CVE-2026-2825 rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting

5.1CVSS3.8AI score0.00013EPSS

CNNVD•added 2026/02/20 12:0 a.m.•5 views

WeRSS 代码注入漏洞

WeRSS is a WeChat official account system developed by Rachel. Versions of WeRSS 1.4.8 and earlier had a code injection vulnerability. This vulnerability originated from a cross-site scripting issue in the fixhtml function within the Article Module component’s files in tools/fix.py...

5.1CVSS5.7AI score0.00013EPSS

Positive Technologies•added 2026/02/20 12:0 a.m.•5 views

PT-2026-21001

A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix html of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to th...

5.1CVSS3.8AI score0.00013EPSS

RedhatCVE•added 2026/02/10 7:33 a.m.•4 views

CVE-2026-2216

A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function downloadexportfile of the file apis/tools.py. Executing a manipulation of the argument filename can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used...

5.3CVSS5.2AI score0.00057EPSS

RedhatCVE•added 2026/02/10 7:33 a.m.•3 views

CVE-2026-2215

A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRETKEY results in use of default cryptographic key. The attack can be initiated...

6.3CVSS5AI score0.00044EPSS

NVD•added 2026/02/09 6:16 a.m.•4 views

CVE-2026-2216

5.3CVSS0.00057EPSS

NVD•added 2026/02/09 5:16 a.m.•7 views

CVE-2026-2215

6.3CVSS0.00044EPSS

Cvelist•added 2026/02/09 5:2 a.m.•25 views

CVE-2026-2216 rachelos WeRSS we-mp-rss tools.py download_export_file path traversal

5.3CVSS0.00057EPSS

CVE•added 2026/02/09 4:32 a.m.•9 views

CVE-2026-2215

CVE-2026-2215 affects rachelos WeRSS we-mp-rss up to 1.4.8. The issue concerns improper handling in the JWT Handler’s core/auth.py where manipulating the SECRET_KEY can cause the system to fall back to a default cryptographic key. This enables remote exploitation under high complexity with a netw...

6.3CVSS4.7AI score0.00044EPSS

Cvelist•added 2026/02/09 4:32 a.m.•27 views

CVE-2026-2215 rachelos WeRSS we-mp-rss JWT auth.py default key

6.3CVSS0.00044EPSS

Vulnrichment•added 2026/02/09 4:32 a.m.•4 views

CVE-2026-2215 rachelos WeRSS we-mp-rss JWT auth.py default key

6.3CVSS5AI score0.00044EPSS

ATTACKERKB•added 2026/02/09 4:32 a.m.•4 views

CVE-2026-2215

6.3CVSS4.6AI score0.00044EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/02/09 12:0 a.m.•3 views

PT-2026-7068

A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function download export file of the file apis/tools.py. Executing a manipulation of the argument filename can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used...

5.3CVSS5.2AI score0.00057EPSS

CNNVD•added 2026/02/09 12:0 a.m.•2 views

WeRSS 安全漏洞

WeRSS is a WeChat official account system developed by Rachel. Versions of WeRSS 1.4.8 and earlier contained security vulnerabilities. These vulnerabilities stemmed from incorrect handling of the SECRETKEY parameter in the core/auth.py file of the JWT Handler component, which could lead to the us...

6.3CVSS5.8AI score0.00044EPSS

CNNVD•added 2026/02/09 12:0 a.m.•3 views

WeRSS 路径遍历漏洞

WeRSS is a WeChat official account system developed by Rachel. Versions of WeRSS 1.4.8 and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter filename in the downloadexportfile function within the files apis/tools.py, which could...

5.3CVSS5.8AI score0.00057EPSS

RedhatCVE•added 2025/11/17 9:7 a.m.•5 views

CVE-2025-13174

A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function dojob of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument webhookurl can lead to server-side request...

6.5CVSS6.7AI score0.00039EPSS

EUVD•added 2025/11/14 9:30 p.m.•2 views

EUVD-2025-197656

6.5CVSS6.3AI score0.00039EPSS