All 4 CVE vulnerabilities found in WeRSS we-mp-rss, with AI-generated Chinese analysis, references, and POCs.
Vendor: rachelos
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-2825 | rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting CWE-79 | 3.5 | Low | 2026-02-20 |
| CVE-2026-2216 | rachelos WeRSS we-mp-rss tools.py download_export_file path traversal CWE-22 | 4.3 | Medium | 2026-02-09 |
| CVE-2026-2215 | rachelos WeRSS we-mp-rss JWT auth.py default key CWE-1394 | 3.7 | Low | 2026-02-09 |
| CVE-2025-13174 | rachelos WeRSS we-mp-rss Webhook mps.py do_job server-side request forgery CWE-918 | 6.3 | Medium | 2025-11-14 |
All 4 known CVE vulnerabilities affecting WeRSS we-mp-rss with full Chinese analysis, references, and POCs where available.