CVE-2025-68148

FreshRSS is a free, self-hostable RSS aggregator. From version 1.27.0 to before 1.28.0, An attacker could globally deny access to feeds via proxy modifying to 429 Retry-After for a large list of feeds on given instance, making it unusable for majority of users. This issue has been patched in...

FreshRSS 安全漏洞

FreshRSS is a free, self-hosted RSS aggregator from FreshRSS Open Source. A security vulnerability exists in FreshRSS version 1.27.0 through versions prior to 1.28.0, which stems from an attacker being able to modify the proxy settings to cause a 429 Retry-After response, which could result in a...

CVE-2025-58173 FreshRSS vulnerable to authenticated RCE via path traversal inside include()

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...

Linux Distros Unpatched Vulnerability : CVE-2019-12468

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for...

GHSA-CV6C-7963-WXCG MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run...

CVE-2023-35943 Envoy vulnerable to CORS filter segfault when origin header is removed

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the origin header is removed and deleted between decodeHeadersand encodeHeaders. Versions 1.27....

CloudBees Jenkins XSS Vulnerability (CNVD-2020-50957)

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Jenkins Build Failure Analyze...

PT-2020-15465 · Jenkins · Jenkins Build Failure Analyzer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Build Failure Analyzer Plugin versions 1.27.0 and earlier Description: The issue results from the plugin not escaping matching text in a form validation response, leading to a cross-site scripting XSS vulnerability. This vulnerability...