Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2025/09/30 11:47 p.m.10 views

CVE-2025-59950

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.3 and below, due to a bypass of double clickjacking protection confirmation dialog, it is possible to trick the admin into clicking the Promote button in another user's management page after the admin double clicks on a button...

6.7CVSS6.7AI score0.00262EPSS
Exploits1References1
NVD
NVD
added 2025/09/30 4:44 a.m.8 views

CVE-2025-61586

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below are vulnerable to directory enumeration by setting path in theme field, allowing attackers to gain additional information about the server by checking if certain directories exist. This issue is fixed in version 1.27.0...

6.9CVSS0.00425EPSS
Exploits1References3
NVD
NVD
added 2025/09/29 9:15 p.m.7 views

CVE-2025-54591

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSSAuth::hasAccess function used by some of the tag/feed related endpoints. FreshRSS controllers usually have a...

7.5CVSS0.00398EPSS
Exploits1References3
OSV
OSV
added 2024/02/23 3:15 p.m.10 views

AZL-34578 CVE-2024-25629 affecting package c-ares for versions less than 1.30.0-1

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

5.5CVSS6.8AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2024/02/23 3:15 p.m.9 views

AZL-43501 CVE-2024-25629 affecting package python-pycares 3.1.1-3

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

5.5CVSS6.8AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2022/02/18 3:15 p.m.1 views

DEBIAN-CVE-2022-23647

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted int...

6.1CVSS6.6AI score0.01479EPSS
Exploits0References1
Rows per page
Query Builder