Lucene search
K

4 matches found

Circl
Circl
added 2025/06/04 9:18 p.m.18 views

CVE-2025-46339

creationtimestamp| type| source ---|---|--- 2025-06-04 21:18:01+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqsq5nx4xkg2...

4.3CVSS7AI score0.00159EPSS
Exploits1References1
NVD
NVD
added 2025/06/04 8:15 p.m.12 views

CVE-2025-46339

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a given URL as a feed with the proxy set to an attacker-controlled one and disabled SSL verifying. The favicon hash is computed by hashing the feed URL and the salt, whilst not...

4.3CVSS0.00159EPSS
Exploits1References2
CVE
CVE
added 2025/06/04 8:4 p.m.57 views

CVE-2025-46339

FreshRSS prior to version 1.26.2 is vulnerable to favicon cache poisoning via a manipulated feed URL and an attacker-controlled proxy with SSL verification disabled. The underlying issue is the favicon hash computation, which hashes the feed URL and a salt but omits proxy address, proxy protocol,...

4.3CVSS6.9AI score0.00159EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/06/04 8:4 p.m.6 views

CVE-2025-46339 FreshRSS vulnerable to favicon cache poisoning via proxy

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a given URL as a feed with the proxy set to an attacker-controlled one and disabled SSL verifying. The favicon hash is computed by hashing the feed URL and the salt, whilst not...

4.3CVSS6.7AI score0.00159EPSS
Exploits1References4
Rows per page
Query Builder