Lucene search
K

6 matches found

NVD
NVD
added 2026/02/09 6:16 a.m.7 views

CVE-2026-2216

A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function downloadexportfile of the file apis/tools.py. Executing a manipulation of the argument filename can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used...

5.3CVSS0.00292EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/09 5:2 a.m.5 views

CVE-2026-2216 rachelos WeRSS we-mp-rss tools.py download_export_file path traversal

A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function downloadexportfile of the file apis/tools.py. Executing a manipulation of the argument filename can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used...

5.3CVSS5.3AI score0.00292EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/09 5:2 a.m.21 views

CVE-2026-2216

A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function downloadexportfile of the file apis/tools.py. Executing a manipulation of the argument filename can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used...

5.3CVSS5AI score0.00292EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/09 5:2 a.m.33 views

CVE-2026-2216 rachelos WeRSS we-mp-rss tools.py download_export_file path traversal

A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function downloadexportfile of the file apis/tools.py. Executing a manipulation of the argument filename can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used...

5.3CVSS0.00292EPSS
Exploits0References4
CVE
CVE
added 2026/02/09 5:2 a.m.13 views

CVE-2026-2216

CVE-2026-2216 affects rachelos WeRSS we-mp-rss (≤1.4.8). The vulnerability is in the function download_export_file within apis/tools.py and arises from filename manipulation enabling path traversal. The issue can be exploited remotely; exploitation has been published and may be used. CVSS metrics...

5.3CVSS5AI score0.00292EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.8 views

WeRSS 路径遍历漏洞

WeRSS is a WeChat official account system developed by Rachel. Versions of WeRSS 1.4.8 and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter filename in the downloadexportfile function within the files apis/tools.py, which could...

5.3CVSS5.8AI score0.00292EPSS
Exploits0References5
Rows per page
Query Builder