Every CVE whose affected-product data names Tt-rss Tiny Tiny Rss, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2017-16896 — CVSS 9.8 (critical): A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
CVE-2020-25787 — CVSS 9.8 (critical): An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.
CVE-2020-25788 — CVSS 8.1 (high): An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles…
CVE-2021-28373 — CVSS 7.5 (high): The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid…
CVE-2020-25789 — CVSS 6.1 (medium): An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG…