Browse all 4 CVE security advisories affecting rachelos. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rachelos is a web application framework primarily used for building dynamic content management systems. Historically, it has been associated with multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues. The framework's modular architecture has introduced security risks through insecure default configurations and insufficient input validation. Four CVEs have been recorded, highlighting consistent patterns in authentication bypass and session management weaknesses. While no major public incidents have been documented, the recurring nature of these vulnerabilities suggests a need for enhanced security hardening and regular updates in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-2825 | rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting — WeRSS we-mp-rssCWE-79 | 3.5 | Low | 2026-02-20 |
| CVE-2026-2216 | rachelos WeRSS we-mp-rss tools.py download_export_file path traversal — WeRSS we-mp-rssCWE-22 | 4.3 | Medium | 2026-02-09 |
| CVE-2026-2215 | rachelos WeRSS we-mp-rss JWT auth.py default key — WeRSS we-mp-rssCWE-1394 | 3.7 | Low | 2026-02-09 |
| CVE-2025-13174 | rachelos WeRSS we-mp-rss Webhook mps.py do_job server-side request forgery — WeRSS we-mp-rssCWE-918 | 6.3 | Medium | 2025-11-14 |
This page lists every published CVE security advisory associated with rachelos. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.