Freshrss Security Vulnerabilities (CVEs)
Track 12 security vulnerabilities affecting Freshrss products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in FreshRSS allows attackers to globally deny access to RSS feeds by manipulating proxy responses to return HTTP 429 Retry-After he...
Dec 27, 2025This vulnerability in FreshRSS allows attackers to predict authentication tokens due to weak random number generation, enabling account takeover throu...
Dec 27, 2025FreshRSS versions before 1.27.1 have a cross-site request forgery (CSRF) vulnerability in the logout functionality that can be exploited via <track sr...
Dec 18, 2025This vulnerability in FreshRSS allows unprivileged users to perform path traversal via the language configuration parameter, enabling them to access i...
Dec 16, 2025FreshRSS versions 1.26.3 and below contain a path traversal vulnerability in the theme field that allows attackers to enumerate server directories. Th...
Sep 30, 2025This vulnerability in FreshRSS allows attackers to trick administrators into promoting unauthorized users to admin privileges through a double clickja...
Sep 30, 2025FreshRSS versions 1.26.3 and below have a session management vulnerability where logout doesn't properly invalidate session cookies. This allows attac...
Sep 29, 2025FreshRSS versions 1.26.3 and below contain a UI redressing vulnerability where attackers can trick authenticated users into performing unintended acti...
Sep 29, 2025This vulnerability allows authenticated administrator users in FreshRSS versions 1.26.1 and below to execute arbitrary code on the server by modifying...
Aug 1, 2025FreshRSS versions before 1.26.2 contain an authentication bypass vulnerability when using HTTP auth via reverse proxy. Attackers with an account on th...
Jun 4, 2025FreshRSS versions before 1.26.2 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious RSS feed entry to repeatedly log out...
Jun 4, 2025FreshRSS versions before 1.26.2 contain an information disclosure vulnerability that allows attackers to check for the existence of specific directori...
Jun 4, 2025Why Monitor Freshrss Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 12+ known vulnerabilities affecting Freshrss products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Freshrss packages in under 60 seconds. No agents required - completely agentless scanning that works across Freshrss deployments.
Free vulnerability database: Access detailed information about every Freshrss CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Freshrss CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
