4 matches found
CVE-2025-46339
creationtimestamp| type| source ---|---|--- 2025-06-04 21:18:01+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqsq5nx4xkg2...
CVE-2025-46339
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a given URL as a feed with the proxy set to an attacker-controlled one and disabled SSL verifying. The favicon hash is computed by hashing the feed URL and the salt, whilst not...
CVE-2025-46339
FreshRSS prior to version 1.26.2 is vulnerable to favicon cache poisoning via a manipulated feed URL and an attacker-controlled proxy with SSL verification disabled. The underlying issue is the favicon hash computation, which hashes the feed URL and a salt but omits proxy address, proxy protocol,...
CVE-2025-46339 FreshRSS vulnerable to favicon cache poisoning via proxy
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a given URL as a feed with the proxy set to an attacker-controlled one and disabled SSL verifying. The favicon hash is computed by hashing the feed URL and the salt, whilst not...