Tt-rss - Tiny Tiny Rss CVE

Filtered by vendor Tt-rss Subscribe

Filtered by product Tiny Tiny Rss

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-25787	1 Tt-rss	1 Tiny Tiny Rss	2021-03-15	10.0 HIGH	9.8 CRITICAL
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.
CVE-2017-16896	1 Tt-rss	1 Tiny Tiny Rss	2017-12-05	7.5 HIGH	9.8 CRITICAL
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.

Vulnerabilities (CVE)