Lucene search
+L

7 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-16931

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00159EPSS
Exploits1References2
redhatcve
redhatcve
added 2025/06/06 8:12 p.m.20 views

CVE-2025-46339

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a given URL as a feed with the proxy set to an attacker-controlled one and disabled SSL verifying. The favicon hash is computed by hashing the feed URL and the salt, whilst not...

4.3CVSS7.1AI score0.00159EPSS
Exploits1References1
nvd
nvd
added 2025/06/04 8:15 p.m.12 views

CVE-2025-46339

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a given URL as a feed with the proxy set to an attacker-controlled one and disabled SSL verifying. The favicon hash is computed by hashing the feed URL and the salt, whilst not...

4.3CVSS0.00159EPSS
Exploits1References2
cvelist
cvelist
added 2025/06/04 8:4 p.m.24 views

CVE-2025-46339 FreshRSS vulnerable to favicon cache poisoning via proxy

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a given URL as a feed with the proxy set to an attacker-controlled one and disabled SSL verifying. The favicon hash is computed by hashing the feed URL and the salt, whilst not...

4.3CVSS0.00159EPSS
Exploits1References2
osv
osv
added 2025/06/04 8:4 p.m.6 views

CVE-2025-46339 FreshRSS vulnerable to favicon cache poisoning via proxy

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a given URL as a feed with the proxy set to an attacker-controlled one and disabled SSL verifying. The favicon hash is computed by hashing the feed URL and the salt, whilst not...

4.3CVSS6.7AI score0.00159EPSS
Exploits1References4
cve
cve
added 2025/06/04 8:4 p.m.61 views

CVE-2025-46339

FreshRSS prior to version 1.26.2 is vulnerable to favicon cache poisoning via a manipulated feed URL and an attacker-controlled proxy with SSL verification disabled. The underlying issue is the favicon hash computation, which hashes the feed URL and a salt but omits proxy address, proxy protocol,...

4.3CVSS6.9AI score0.00159EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2025/06/04 12:0 a.m.9 views

PT-2025-23855 · Freshrss · Freshrss

Name of the Vulnerable Software and Affected Versions: FreshRSS versions prior to 1.26.2 Description: The issue allows an attacker to poison feed favicons by manipulating the feed URL and proxy settings, potentially replacing favicons for all users. This is possible because the favicon hash...

4.3CVSS6.3AI score0.00159EPSS
Exploits1References6
Rows per page
Query Builder