EUVD-2021-2237

Malware in sbrugna...

EUVD-2008-5255

Malware in sbrugna...

EUVD-2022-6087

Malicious code in bioql PyPI...

EUVD-2023-0351

Malicious code in bioql PyPI...

EUVD-2024-0794

Malicious code in bioql PyPI...

CVE-2025-49312 WordPress Echo RSS Feed Post Generator Plugin for WordPress plugin <= 5.4.8.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeRevolution Echo RSS Feed Post Generator Plugin for WordPress rss-feed-post-generator-echo allows Reflected XSS.This issue affects Echo RSS Feed Post Generator Plugin for WordPress: from n/a...

WordPress plugin Echo RSS Feed Post Generator Plugin Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-27927

RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. The attacker ca...

CVE-2023-26491

RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructe...

RSSHub 安全漏洞

RSSHub is an RSS feed generator written in Node.js, distributed under the MIT license and maintained by DIYgod and other GitHub users. A security vulnerability exists in RSSHub versions 1.0.0-master.cbbd829 through prior to 1.0.0-master.d8ca915, which stems from the presence of a cross-site...

CVE-2024-27926

RSSHub (Node.js) is affected by a Cross-site Scripting (XSS) vulnerability in the internal media proxy. A crafted image sent to the proxy from versions 1.0.0-master.cbbd829 up to, but not including, 1.0.0-master.d8ca915, can bypass sanitization and allow execution of arbitrary JavaScript code whe...

CVE-2023-22493

RSSHub (Node.js) is affected by a Server-Side Request Forgery (SSRF) vulnerability caused by unsafe route parameter handling. An attacker can induce the server to issue arbitrary HTTP requests, potentially accessing internal resources. The issue is mitigated by patch commit a66cbcf in RSSHub, and...

PT-2023-18544 · Rsshub · Rsshub

Name of the Vulnerable Software and Affected Versions: RSSHub affected versions not specified Description: RSSHub is an open source RSS feed generator that is vulnerable to Server-Side Request Forgery SSRF attacks. This issue allows an attacker to send arbitrary HTTP requests from the server to...

Code injection

RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 non-semantic versioning there is a risk of code injection. Some routes use eval or Function constructor, which may be injected by the target site with unsafe code, causing server-side securi...

CVE-2021-21278

RSSHub is affected by a code-injection vulnerability in which certain routes use eval or the Function constructor, allowing unsafe code to be injected by a target site. The root cause is unsafe dynamic code evaluation in specific routes. The fix (version 7f1c430) temporarily removes the problemat...

CVE-2021-21278 Risk of code injection in RSSHub

RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 non-semantic versioning there is a risk of code injection. Some routes use eval or Function constructor, which may be injected by the target site with unsafe code, causing server-side securi...

Cross site scripting

Cross-site scripting XSS vulnerability in the selflink function in in the RSS Feed Generator wp-includes/feed.php for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header HTTPHOST variable...

CVE-2008-5278

Cross-site scripting XSS vulnerability in the selflink function in in the RSS Feed Generator wp-includes/feed.php for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header HTTPHOST variable...

CVE-2008-5278

Cross-site scripting XSS vulnerability in the selflink function in in the RSS Feed Generator wp-includes/feed.php for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header HTTPHOST variable...

CVE-2008-5278

WordPress CVE-2008-5278 affects the RSS Feed Generator (wp-includes/feed.php) prior to 2.6.5, enabling remote injection of HTML/script via HTTP_HOST. The issue is caused by unsanitized Host header, resulting in XSS in the RSS feed. Remediation: upgrade WordPress to 2.6.5 or later (per the descrip...