CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

CVE•added 2021/03/13 8:19 p.m.•77 views

CVE-2021-28373

The vulnerability CVE-2021-28373 affects Tiny Tiny RSS (tt-rss) via the auth_internal plugin. The root issue allows an attacker to log in using an OTP code without a valid password, as reported for TT-RSS prior to 2021-03-12. The condition occurred on the git master branch for a short period; pro...

7.5CVSS7.5AI score0.00147EPSS

Exploits0References2Affected Software1

Veracode•added 2021/02/10 9:19 a.m.•16 views

Arbitrary Code Execution

tt-rss is vulnerable to arbitrary code execution. Lack of URL validation before requests are made allows an attacker to potentially obtain arbitrary code execution on the host OS...

9.8CVSS4.7AI score0.15535EPSS

Exploits4References4Affected Software1

Veracode•added 2021/02/10 9:19 a.m.•15 views

Arbitrary Code Execution

tt-rss is vulnerable to arbitrary code execution. The vulnerability exists as plugins/afproxyhttp/init.php mishandles the $REQUEST"url" in an error message...

8.1CVSS3.7AI score0.00338EPSS

Exploits0References3Affected Software1

Veracode•added 2021/02/10 9:19 a.m.•13 views

Mishandled Code

tt-rss is vulnerable to mishandled code. The vulnerability exists due to an issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. The cachedurl feature mishandles JavaScript inside an SVG document...

6.1CVSS2.1AI score0.00264EPSS

Exploits0References3Affected Software1

Tenable Nessus•added 2020/10/01 12:0 a.m.•38 views

FreeBSD : tt-rss -- multiple vulnerabilities (2eec1e85-faf3-11ea-8ac0-4437e6ad11c4)

tt-rss project reports : The cachedurl feature mishandles JavaScript inside an SVG document. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST'url' in an error message. It does not validate all URLs before requesting them. Allows remote attackers to execute arbitrary PHP code via a...

10CVSS8.1AI score0.15535EPSS

Exploits8References7

UbuntuCve•added 2020/09/19 9:15 p.m.•15 views

CVE-2020-25787

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. It does not validate all URLs before requesting them...

10CVSS7.2AI score0.15535EPSS

Exploits4References3

CVE•added 2020/09/19 8:18 p.m.•79 views

CVE-2020-25787

CVE-2020-25787 affects Tiny Tiny RSS (tt-rss) prior to 2020-09-16. The issue is that tt-rss does not validate all URLs before requesting them, enabling potential remote code execution as described by multiple sources. A number of connected documents provide concrete details: a known remote code e...

10CVSS9.3AI score0.15535EPSS

Exploits4References4Affected Software1

CVE•added 2020/09/19 8:18 p.m.•49 views

CVE-2020-25788

Tiny Tiny RSS (tt-rss) before 2020-09-16 contains a vulnerability in imgproxy (plugins/af_proxy_http/init.php) where $_REQUEST["url"] is mishandled in an error message. Root cause: improper handling of the URL parameter in error output. Impact indicators in the provided data show high severity (C...

8.1CVSS7.9AI score0.00338EPSS

Exploits0References3Affected Software1

FreeBSD•added 2020/09/15 12:0 a.m.•25 views

tt-rss -- multiple vulnerabilities

tt-rss project reports: The cachedurl feature mishandles JavaScript inside an SVG document. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message. It does not validate all URLs before requesting them. Allows remote attackers to execute arbitrary PHP code via a...

10CVSS5.9AI score0.15535EPSS

Exploits4References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by