Vulnerabilities > TT RSS > Tiny Tiny RSS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-13 | CVE-2021-28373 | Incorrect Authorization vulnerability in Tt-Rss Tiny RSS 17.4/20200916 The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. | 7.5 |
| 2020-09-19 | CVE-2020-25788 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Tt-Rss Tiny RSS 17.4 An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. | 8.1 |