PT-2026-47073

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

Malicious code in chainlink-price-feed-aggregator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 557bc05b86e81155a6305c13693641f32ca21520bac827af82b2a785f4f669d4 Package name impersonates Chainlink branding while being published by an unrelated identity author 'Web3 Developer Tools ', repo github.com/web3/...

CVE-2026-1216 RSS Aggregator <= 5.0.10 - Reflected Cross-Site Scripting via 'template' Parameter

The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated...

EUVD-2025-16907

Malicious code in bioql PyPI...

EUVD-2023-26629

Malicious code in bioql PyPI...

CVE-2025-46339

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a given URL as a feed with the proxy set to an attacker-controlled one and disabled SSL verifying. The favicon hash is computed by hashing the feed URL and the salt, whilst not...

CVE-2025-31136

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting XSS issue that occurs in f.php when SVG favicons are downloaded from an attacker-controlled feed containing tags...

CVE-2025-46339

FreshRSS prior to version 1.26.2 is vulnerable to favicon cache poisoning via a manipulated feed URL and an attacker-controlled proxy with SSL verification disabled. The underlying issue is the favicon hash computation, which hashes the feed URL and a salt but omits proxy address, proxy protocol,...

CVE-2025-46339 FreshRSS vulnerable to favicon cache poisoning via proxy

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a given URL as a feed with the proxy set to an attacker-controlled one and disabled SSL verifying. The favicon hash is computed by hashing the feed URL and the salt, whilst not...

Liferea: Remote Code Execution

Background Liferea is a feed reader/news aggregator that brings together all of the content from your favorite subscriptions into a simple interface that makes it easy to organize and browse feeds. Its GUI is similar to a desktop mail/news client, with an embedded web browser. Description A...

[SECURITY] Fedora 17 Update: kdepim-4.8.4-4.fc17

KDE PIM Personal Information Manager applications, including: akregator: feed aggregator blogilo: blogging application, focused on simplicity and usability kmail: email client knode: newsreader knotes: sticky notes for the desktop kontact: integrated PIM management korganizer: journal,...

Rnews Feed Aggregator v1.01 (search/index) SQL Injection Vulnerability

Exploit for php platform in category web applications ====================================================================== Rnews Feed Aggregator v1.01 search/index SQL Injection Vulnerability ====================================================================== Scriptname.......: Rnews v1.01...

Fedora Update for kdepim FEDORA-2010-8544

Check for the Version of kdepim OpenVAS Vulnerability Test Fedora Update for kdepim FEDORA-2010-8544 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

[SECURITY] Fedora 10 Update: planet-2.0-10.fc10

Planet is a flexible feed aggregator, this means that it downloads feeds and aggregates their content together into a single combined feed with the latest news first. It uses Mark Pilgrim's Ultra-liberal feed parser so can read from RDF, RSS and Atom feeds and Tomas Styblo's template library to...

[SECURITY] Fedora 11 Update: planet-2.0-10.fc11

Planet is a flexible feed aggregator, this means that it downloads feeds and aggregates their content together into a single combined feed with the latest news first. It uses Mark Pilgrim's Ultra-liberal feed parser so can read from RDF, RSS and Atom feeds and Tomas Styblo's template library to...

Fedora Update for kdepim FEDORA-2007-2985

Check for the Version of kdepim OpenVAS Vulnerability Test Fedora Update for kdepim FEDORA-2007-2985 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

gregariusXSSSQL.txt

http://gregarius.net/ Gregarius is a web-based RSS/RDF/ATOM feed aggregator, designed to run on your web server, allowing you to access your news sources from wherever you want. XSS in search.php: search.php?rssquery=alert1&rssquerymatch=exact XSS in tags.php: tags.php?tag=alert1 SQL Injection in...