| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-68402 | FreshRSS has an authentication bypass due to truncated bcrypt hash [edge branch] | FreshRSS | FreshRSS | - | - | 2026-03-09 19:41:58 | Deep Dive |
| CVE-2025-62166 | FreshRSS has an IDOR which allows for viewing feeds of any user and leaking tokens | FreshRSS | FreshRSS | High | 7.5 | 2026-03-09 19:35:37 | Deep Dive |
| CVE-2025-68148 | FreshRSS globally denies access to feed via proxy modifying to 429 Retry-After | FreshRSS | FreshRSS | Medium | 4.3 | 2025-12-26 23:46:53 | Deep Dive |
| CVE-2025-68932 | FreshRSS has weak cryptographic randomness in remember-me token and nonce generation | FreshRSS | FreshRSS | 低危 | - | 2025-12-26 23:43:35 | Deep Dive |
| CVE-2025-59949 | FreshRSS has Logout CSRF that Leads to DoS via <track src> | FreshRSS | FreshRSS | Medium | 5.3 | 2025-12-18 18:31:55 | Deep Dive |
| CVE-2025-58173 | FreshRSS vulnerable to authenticated RCE via path traversal inside include() | FreshRSS | FreshRSS | - | - | 2025-12-15 23:07:25 | Deep Dive |
| CVE-2025-59950 | FreshRSS: Double clickjacking can lead to privilege escalation | FreshRSS | FreshRSS | Medium | 6.7 | 2025-09-29 23:21:42 | Deep Dive |
| CVE-2025-61586 | FreshRSS is vulnerable to directory enumeration by setting path in its theme field | FreshRSS | FreshRSS | 中危 | - | 2025-09-29 23:14:51 | Deep Dive |
| CVE-2025-59948 | FreshRSS is vulnerable to XSS due to lack of CSP on HTML query page | FreshRSS | FreshRSS | Medium | 6.7 | 2025-09-29 22:56:46 | Deep Dive |
| CVE-2025-57769 | FressRSS: Clickjacking can lead to XSS and/or privilege escalation | FreshRSS | FreshRSS | - | - | 2025-09-29 21:37:29 | Deep Dive |
| CVE-2025-54875 | FreshRSS: Unauthorized creation of admin user when registration is enabled | FreshRSS | FreshRSS | Critical | 9.8 | 2025-09-29 21:29:50 | Deep Dive |
| CVE-2025-54592 | FreshRSS has Incomplete Session Termination on Logout | FreshRSS | FreshRSS | - | - | 2025-09-29 21:23:44 | Deep Dive |
| CVE-2025-54591 | FreshRSS: Unauthenticated users can view default user's information | FreshRSS | FreshRSS | High | 7.5 | 2025-09-29 21:00:50 | Deep Dive |
| CVE-2025-54593 | FreshRSS is vulnerable to RCE attacks by authenticated admin | FreshRSS | FreshRSS | High | 7.2 | 2025-08-01 18:04:40 | Deep Dive |
| CVE-2025-46341 | Privilege escalation via SSRF when using HTTP auth | FreshRSS | FreshRSS | High | 7.1 | 2025-06-04 20:09:18 | Deep Dive |
| CVE-2025-46339 | FreshRSS vulnerable to favicon cache poisoning via proxy | FreshRSS | FreshRSS | Medium | 4.3 | 2025-06-04 20:04:55 | Deep Dive |
| CVE-2025-32015 | FreshRSS vulnerable to Cross-site Scripting by embedding <script> tag inside <iframe srcdoc> | FreshRSS | FreshRSS | Medium | 6.7 | 2025-06-04 19:59:40 | Deep Dive |
| CVE-2025-31482 | FreshRSS vulnerable to DoS by malicious feed entry loading logout URL | FreshRSS | FreshRSS | Medium | 4.3 | 2025-06-04 19:50:59 | Deep Dive |
| CVE-2025-31136 | FreshRSS vulnerable to Cross-site Scripting by <iframe>'ing a vulnerable same-origin page in a feed entry | FreshRSS | FreshRSS | Medium | 6.7 | 2025-06-04 19:42:15 | Deep Dive |
| CVE-2025-31134 | FreshRSS vulnerable to directory enumeration via ext.php | FreshRSS | FreshRSS | - | - | 2025-06-04 19:35:56 | Deep Dive |