VYPR

Freshrss

by FreshRSS

Source repositories

CVEs (23)

  • CVE-2025-31134Jun 4, 2025
    risk 0.00cvss epss 0.00

    FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories exist. An attacker can, for example, check if older PHP versions are installed or if certain software is…

  • CVE-2023-22481Mar 6, 2023
    risk 0.00cvss epss 0.00

    FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in `users/_/log_api.txt` in the case where the authentication fails. The issues occurs in `authorizationToUser()` in `greader.php`. If there is an issue with the…

  • CVE-2022-23497Dec 9, 2022
    risk 0.00cvss epss 0.01

    FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords (brypt with cost 9, salted) of FreshRSS Web interface. If the API is used, the configuration…

Page 2 of 2