CVE-2026-50552

Koel (open-source music streaming) is affected prior to version 9.7.1 by a Server-Side Request Forgery (SSRF) in the radio station creation endpoint (POST /api/radio/stations). The url validation rules are declared without bail, allowing the HasAudioContentType rule to issue HTTP requests even af...

CVE-2026-50552 Koel: Server-Side Request Forgery (SSRF) in radio station creation due to missing validation bail

Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery SSRF vulnerability in the radio station creation endpoint POST /api/radio/stations. The url field validation rules are declared without the bail keyword, so the...

PT-2026-48965

Name of the Vulnerable Software and Affected Versions Koel versions prior to 9.7.1 Description An authenticated, non-admin user can cause the server to make HEAD or GET requests to arbitrary internal hosts. This occurs because the validation rules for the url field in the "POST /api/radio/station...

WordPress Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.5.9 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Radio Station versions = 2.5.9...

CVE-2024-58277

R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access...

EUVD-2025-19961

Malicious code in bioql PyPI...

EUVD-2024-31401

Malicious code in bioql PyPI...

The Mysterious Shortwave Radio Station Stoking US-Russia Nuclear Fears

A popular shortwave Russian radio station dubbed “UVB-76” has been an enigma for decades. But its recent messages have turned it into a tool for Kremlin saber-rattling...

CVE-2025-53568

Cross-Site Request Forgery CSRF vulnerability in Tony Zeoli Radio Station radio-station allows Cross Site Request Forgery.This issue affects Radio Station: from n/a through = 2.5.12...

CVE-2025-53568

Cross-Site Request Forgery CSRF vulnerability in Tony Zeoli Radio Station radio-station allows Cross Site Request Forgery.This issue affects Radio Station: from n/a through = 2.5.12...

CVE-2025-53568

CVE-2025-53568 affects the WordPress plugin Radio Station (Radio Station by netmix) with a CSRF vulnerability in the admin surface for versions

CVE-2025-53568 WordPress Radio Station plugin <= 2.5.12 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tony Zeoli Radio Station radio-station allows Cross Site Request Forgery.This issue affects Radio Station: from n/a through = 2.5.12...

CVE-2025-53568 WordPress Radio Station plugin <= 2.5.12 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tony Zeoli Radio Station radio-station allows Cross Site Request Forgery.This issue affects Radio Station: from n/a through = 2.5.12...

WordPress plugin Radio Station 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress Radio Station, which stems from the application not properly handling user-submitted form data, and no detail...

PT-2025-27892 · Unknown · Tony Zeoli Radio Station

Name of the Vulnerable Software and Affected Versions: Tony Zeoli Radio Station versions 2.5.12 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on the affected system. This vulnerability...

WordPress Radio Station plugin <= 2.5.12 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Radio Station versions = 2.5.12...

CVE-2024-33689

Cross-Site Request Forgery CSRF vulnerability in Tony Zeoli Radio Station radio-station.This issue affects Radio Station: from n/a through = 2.5.7...

Radio Station by netmix® – Manage and play your Show Schedule in WordPress! < 2.5.8 - Cross-Site Request Forgery to Notice Dismissal

Description The Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.7. This is due to missing or incorrect nonce validation on the radiostationnoticedismiss function...

CVE-2024-33689

Cross-Site Request Forgery CSRF vulnerability in Tony Zeoli Radio Station radio-station.This issue affects Radio Station: from n/a through = 2.5.7...

CVE-2024-33689 WordPress Radio Station plugin <= 2.5.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tony Zeoli, Tony Hayes Radio Station.This issue affects Radio Station: from n/a through 2.5.7...