Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

FreshRSS — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting FreshRSS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by FreshRSS:FreshRSS
CVE IDTitleCVSSSeverityPublished
CVE-2025-68402 FreshRSS has an authentication bypass due to truncated bcrypt hash [edge branch] — FreshRSSCWE-287 5.3AIMediumAI2026-03-09
CVE-2025-62166 FreshRSS has an IDOR which allows for viewing feeds of any user and leaking tokens — FreshRSSCWE-284 7.5 High2026-03-09
CVE-2025-68148 FreshRSS globally denies access to feed via proxy modifying to 429 Retry-After — FreshRSSCWE-770 4.3 Medium2025-12-26
CVE-2025-68932 FreshRSS has weak cryptographic randomness in remember-me token and nonce generation — FreshRSSCWE-338 9.8 -2025-12-26
CVE-2025-59949 FreshRSS has Logout CSRF that Leads to DoS via <track src> — FreshRSSCWE-352 5.3 Medium2025-12-18
CVE-2025-58173 FreshRSS vulnerable to authenticated RCE via path traversal inside include() — FreshRSSCWE-20 8.8AIHighAI2025-12-15
CVE-2025-59950 FreshRSS: Double clickjacking can lead to privilege escalation — FreshRSSCWE-1021 6.7 Medium2025-09-29
CVE-2025-61586 FreshRSS is vulnerable to directory enumeration by setting path in its theme field — FreshRSSCWE-22 5.3 -2025-09-29
CVE-2025-59948 FreshRSS is vulnerable to XSS due to lack of CSP on HTML query page — FreshRSSCWE-79 6.7 Medium2025-09-29
CVE-2025-57769 FressRSS: Clickjacking can lead to XSS and/or privilege escalation — FreshRSSCWE-79 8.8AIHighAI2025-09-29
CVE-2025-54875 FreshRSS: Unauthorized creation of admin user when registration is enabled — FreshRSSCWE-284 9.8 Critical2025-09-29
CVE-2025-54592 FreshRSS has Incomplete Session Termination on Logout — FreshRSSCWE-613 7.1AIHighAI2025-09-29
CVE-2025-54591 FreshRSS: Unauthenticated users can view default user's information — FreshRSSCWE-284 7.5 High2025-09-29
CVE-2025-54593 FreshRSS is vulnerable to RCE attacks by authenticated admin — FreshRSSCWE-94 7.2 High2025-08-01
CVE-2025-46341 Privilege escalation via SSRF when using HTTP auth — FreshRSSCWE-918 7.1 High2025-06-04
CVE-2025-46339 FreshRSS vulnerable to favicon cache poisoning via proxy — FreshRSSCWE-349 4.3 Medium2025-06-04
CVE-2025-32015 FreshRSS vulnerable to Cross-site Scripting by embedding <script> tag inside <iframe srcdoc> — FreshRSSCWE-79 6.7 Medium2025-06-04
CVE-2025-31482 FreshRSS vulnerable to DoS by malicious feed entry loading logout URL — FreshRSSCWE-352 4.3 Medium2025-06-04
CVE-2025-31136 FreshRSS vulnerable to Cross-site Scripting by <iframe>'ing a vulnerable same-origin page in a feed entry — FreshRSSCWE-79 6.7 Medium2025-06-04
CVE-2025-31134 FreshRSS vulnerable to directory enumeration via ext.php — FreshRSSCWE-201 5.3AIMediumAI2025-06-04
CVE-2023-22481 Sensitive information exposure in the logs of greader API in FreshRSS — FreshRSSCWE-532 4.0 Medium2023-03-06
CVE-2022-23497 Insecure file access in FreshRSS — FreshRSSCWE-200 6.5 Medium2022-12-09

This page lists every published CVE security advisory associated with FreshRSS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.