Vulnerabilidades en FreshRSS
22 resultadosCVE-2022-23497MEDIUMInsecure file access in FreshRSSEPSS 0.8%CVE-2025-54593HIGHFreshRSS is vulnerable to RCE attacks by authenticated adminEPSS 0.7%CVE-2025-58173HIGHFreshRSS vulnerable to authenticated RCE via path traversal inside include()EPSS 0.6%CVE-2025-68932LOWFreshRSS has weak cryptographic randomness in remember-me token and nonce generationEPSS 0.5%CVE-2025-54875CRITICALFreshRSS: Unauthorized creation of admin user when registration is enabledEPSS 0.5%CVE-2025-54592HIGHFreshRSS has Incomplete Session Termination on LogoutEPSS 0.5%CVE-2023-22481MEDIUMSensitive information exposure in the logs of greader API in FreshRSSEPSS 0.5%CVE-2025-68148MEDIUMFreshRSS globally denies access to feed via proxy modifying to 429 Retry-AfterEPSS 0.4%CVE-2025-61586MEDIUMFreshRSS is vulnerable to directory enumeration by setting path in its theme fieldEPSS 0.4%CVE-2025-31134MEDIUMFreshRSS vulnerable to directory enumeration via ext.phpEPSS 0.4%CVE-2025-46341HIGHPrivilege escalation via SSRF when using HTTP authEPSS 0.4%CVE-2025-54591HIGHFreshRSS: Unauthenticated users can view default user's informationEPSS 0.4%CVE-2025-32015MEDIUMFreshRSS vulnerable to Cross-site Scripting by embedding <script> tag inside <iframe srcdoc>EPSS 0.4%CVE-2025-62166HIGHFreshRSS has an IDOR which allows for viewing feeds of any user and leaking tokensEPSS 0.4%CVE-2025-59949MEDIUMFreshRSS has Logout CSRF that Leads to DoS via <track src>EPSS 0.4%CVE-2025-59948MEDIUMFreshRSS is vulnerable to XSS due to lack of CSP on HTML query pageEPSS 0.3%CVE-2025-31136MEDIUMFreshRSS vulnerable to Cross-site Scripting by <iframe>'ing a vulnerable same-origin page in a feed entryEPSS 0.3%CVE-2025-68402HIGHFreshRSS has an authentication bypass due to truncated bcrypt hash [edge branch]EPSS 0.3%CVE-2025-59950MEDIUMFreshRSS: Double clickjacking can lead to privilege escalationEPSS 0.3%CVE-2025-57769MEDIUMFressRSS: Clickjacking can lead to XSS and/or privilege escalationEPSS 0.3%