CVE-2025-62166 FreshRSS has an IDOR which allows for viewing feeds of any user and leaking tokens

FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled, and feeds of other users should be private. This...

CVE-2025-62166 FreshRSS has an IDOR which allows for viewing feeds of any user and leaking tokens

FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled, and feeds of other users should be private. This...

CVE-2026-28559 wpForo Forum 2.4.14 Information Disclosure via Global RSS Feed

wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, bypassing the privacy and status WHERE clauses that...

PT-2026-1181

Name of the Vulnerable Software and Affected Versions Petlibro Smart Pet Feeder Platform versions up to 1.7.31 Description The Petlibro Smart Pet Feeder Platform is affected by an improper access control issue. The platform allows unauthorized device manipulation by accepting arbitrary serial...

CVE-2025-68148 FreshRSS globally denies access to feed via proxy modifying to 429 Retry-After

FreshRSS is a free, self-hostable RSS aggregator. From version 1.27.0 to before 1.28.0, An attacker could globally deny access to feeds via proxy modifying to 429 Retry-After for a large list of feeds on given instance, making it unusable for majority of users. This issue has been patched in...

CVE-2025-68148

The CVE-2025-68148 issue affects FreshRSS versions 1.27.0 through before 1.28.0. An attacker could globally deny access to feeds by manipulating proxy settings to generate a flood of 429 Retry-After responses, effectively making the instance unusable for most users. The vulnerability is addressed...

EUVD-2017-17361

Malware in sbrugna...

EUVD-2022-43323

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-3636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks. CVE-2025-3636 Note...

Linux Distros Unpatched Vulnerability : CVE-2022-0093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an...

Moodle 安全漏洞

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an authorization issue vulnerability that stems from an insufficient capability check, which can be...

CVE-2025-27000

Missing Authorization vulnerability in George Pattichis Simple Photo Feed simple-photo-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Photo Feed: from n/a through = 1.4.0...

CVE-2025-27000

Missing Authorization vulnerability in George Pattichis Simple Photo Feed simple-photo-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Photo Feed: from n/a through = 1.4.0...

PT-2024-30181 · Unknown · Projectworlds Online Examination System

Name of the Vulnerable Software and Affected Versions: Projectworlds Online Examination System version 1.0 Description: The issue is related to SQL Injection via the subject parameter in feed.php. This allows for potential exploitation. Recommendations: For Projectworlds Online Examination System...

PT-2023-3261 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.84 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to the usage of RSS feeds in GLPI, which is subject to server-side request forgery SSRF. When the remote address is not a valid RSS feed, ...

CVE-2022-3994

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations...

CVE-2022-3994

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations...

CVE-2022-3994

The CVE-2022-3994 issue affects the Authenticator WordPress plugin prior to version 1.3.1. The root cause is the plugin not restricting subscribers from updating a site's feed access token, which may deny other users access to the feature in certain configurations. The documented impact is increa...

WordPress plugin Authenticator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Vulnerabilities fixed in Zoom

Vulnerabilities have been fixed in Zoom. The vulnerabilities allow a malicious person to carry out attacks that result in the following categories of damage: Manipulation of data Circumvention of security measure Accessing sensitive data The vulnerabilities with characteristics CVE-2022-28758 and...