Inverle

5 exploits Active since Jun 2025
CVE-2025-62166 WRITEUP HIGH WRITEUP
FreshRSS < 1.28.0 - Authorization Bypass via Master Authentication Token
FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled, and feeds of other users should be private. This vulnerability is fixed in 1.28.0.
CVSS 7.5
CVE-2025-31134 WRITEUP HIGH WRITEUP
FreshRSS < 1.26.2 - Information Disclosure via Directory Existence Check
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories exist. An attacker can, for example, check if older PHP versions are installed or if certain software is installed on the server and potentially use that information to further attack the server. Version 1.26.2 contains a patch for the issue.
CVSS 7.5
CVE-2025-59948 WRITEUP MEDIUM WRITEUP
FreshRSS < 1.27.0 - Authenticated Cross-Site Scripting via Feed Event Handler Attributes
FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders feed entries without CSP, it is possible to execute an XSS payload. The Allow API access authentication setting needs to be enabled by the instance administrator beforehand for the attack to work as it relies on api/query.php. An account takeover is possible by sending a change password request via the XSS payload / setting UserJS for persistence / stealing the autofill password / displaying a phishing page with a spoofed URL using history.replaceState() If the victim is an administrator, the attacker can also perform administrative actions. This issue is fixed in version 1.27.0.
CVSS 6.7
CVE-2025-61586 WRITEUP MEDIUM WRITEUP
FreshRSS < 1.27.0 - Path Traversal via Theme Field
FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below are vulnerable to directory enumeration by setting path in theme field, allowing attackers to gain additional information about the server by checking if certain directories exist. This issue is fixed in version 1.27.0.
CVSS 5.3
CVE-2025-68148 WRITEUP MEDIUM WRITEUP
FreshRSS 1.27.0-1.28.0 - Denial of Service via Proxy Retry-After Header Manipulation
FreshRSS is a free, self-hostable RSS aggregator. From version 1.27.0 to before 1.28.0, An attacker could globally deny access to feeds via proxy modifying to 429 Retry-After for a large list of feeds on given instance, making it unusable for majority of users. This issue has been patched in version 1.28.0.
CVSS 4.3