freshrss

Top products

The 15 most recently published vulnerabilities affecting freshrss.

• CVE-2025-62166FreshRSS has an IDOR which allows for viewing feeds of any user and leaking tokens7.5Mar 9, 2026
• CVE-2025-68148FreshRSS globally denies access to feed via proxy modifying to 429 Retry-After4.3Dec 26, 2025
• CVE-2025-68932FreshRSS has weak cryptographic randomness in remember-me token and nonce generation9.8Dec 26, 2025
• CVE-2025-59949FreshRSS has Logout CSRF that Leads to DoS via <track src>5.3Dec 18, 2025
• CVE-2025-58173FreshRSS vulnerable to authenticated RCE via path traversal inside include()8.8Dec 15, 2025
• CVE-2025-59950FreshRSS: Double clickjacking can lead to privilege escalation6.7Sep 29, 2025
• CVE-2025-61586FreshRSS is vulnerable to directory enumeration by setting path in its theme field5.3Sep 29, 2025
• CVE-2025-59948FreshRSS is vulnerable to XSS due to lack of CSP on HTML query page6.7Sep 29, 2025
• CVE-2025-57769FressRSS: Clickjacking can lead to XSS and/or privilege escalation6.1Sep 29, 2025
• CVE-2025-54875FreshRSS: Unauthorized creation of admin user when registration is enabled9.8Sep 29, 2025
• CVE-2025-54592FreshRSS has Incomplete Session Termination on Logout9.8Sep 29, 2025
• CVE-2025-54591FreshRSS: Unauthenticated users can view default user's information7.5Sep 29, 2025
• CVE-2025-54593FreshRSS is vulnerable to RCE attacks by authenticated admin7.2Aug 1, 2025
• CVE-2025-46341Privilege escalation via SSRF when using HTTP auth7.1Jun 4, 2025
• CVE-2025-46339FreshRSS vulnerable to favicon cache poisoning via proxy4.3Jun 4, 2025