A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
9.8CVSS
9.8AI Score
0.002EPSS
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.
9.8CVSS
9.3AI Score
0.325EPSS