CVE-2026-50552

Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery SSRF vulnerability in the radio station creation endpoint POST /api/radio/stations. The url field validation rules are declared without the bail keyword, so the...

EUVD-2026-36546

Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery SSRF vulnerability in the radio station creation endpoint POST /api/radio/stations. The url field validation rules are declared without the bail keyword, so the...

CVE-2026-50552 Koel: Server-Side Request Forgery (SSRF) in radio station creation due to missing validation bail

Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery SSRF vulnerability in the radio station creation endpoint POST /api/radio/stations. The url field validation rules are declared without the bail keyword, so the...

WordPress WP Radio – Worldwide Online Radio Stations Directory for WordPress Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Software WP Radio – Worldwide Online Radio Stations Directory for WordPress Type Plugin Vulnerable versions = 3.1.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1041 Patch priority Medium CVSS severity Medium 6.4 Developer Claim...

WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization via multiple AJAX actions

Description The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for...

Anonymous: Russian Radio Stations Hacked with Fake Missile Alerts

By Deeba Ahmed Several radio stations in Russia were reportedly hacked to send fake missile alerts across the country, the government has claimed. This is a post from HackRead.com Read the original post: Anonymous: Russian Radio Stations Hacked with Fake Missile Alerts...

Ukrainian Radio Stations Hacked to Broadcast Fake News About Zelenskyy's Health

Ukrainian radio operator TAVR Media on Thursday became the latest victim of a cyberattack, resulting in the broadcast of a fake message that President Volodymyr Zelenskyy was seriously ill. "Cybercriminals spread information that the President of Ukraine, Volodymyr Zelenskyy, is allegedly in...

WordPress WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin <= 3.1.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin versions = 3.1.3. Solution Update the WordPress WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin to the latest available versio...

Cyberattack Suspected in Cox TV and Radio Outages

A reported ransomware attack on Cox Media Group CMG has crippled streaming and other internal operations of dozens of radio and television stations scattered across America’s 20 broadcast markets. CMG has won’t comment on the reported attack and hasn’t responded to a request for comment. A member...

Funke Media Group suffers nationwide ransomware attack in Germany

On December 22, Germany’s third largest publisher fell victim to a cyberattack that affected systems in offices all around the country. The Funke Media Group publishes dozens of newspapers, like Berliner Morgenpost, Hamburger Abendblatt, and Bergedorfer Zeitung, as well as magazines, several loca...

trinidadradiostations.net XSS vulnerability

Open Bug Bounty ID: OBB-603718 Description| Value ---|--- Affected Website:| trinidadradiostations.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Radio Stations Hacked to Play "F**k Donald Trump" on Repeat Across the Country

It’s just two weeks into the Trump presidency, but his decisions have caused utter chaos around the country. One such order signed by the president was banning both refugees and visa holders from seven Muslim-majority countries Iraq, Iran, Libya, Yemen, Somalia, Syria, and Sudan from entering the...

65 Sites Compromised in ZeroAccess Trojan Attacks

As many as 65 websites have been compromised in an attack that has snared another Washington, D.C.-area media website as well as a number of travel and leisure sites. While the sites aren’t topically related, they’re all hosting advertisements injected with malicious code hosted on...

Citigroup sites hit by Brazilian Anonymous hacker #OpWeeksPayment

Citigroup sites hit by Brazilian Anonymous hacker Citigroup has confirmed its consumer banking sites were temporarily offline Friday because of what a bank spokesman referred to as temporary outages. Hackers with Anonymous have claimed to be behind the attacks. The operation behind the attacks...

SHOUTcast Filename Format String - ver 2 (CVE-2004-1373)

SHOUTcast is a free distributed streaming audio system developed by Nullsoft. It is widely used by Internet-based radio stations. The SHOUTcast server implements a subset of the HTTP protocol to communicate with clients. A client-server session starts with the client requesting an audio stream fr...

CVE-2007-1008

Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service application crash via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or...

Memory corruption

Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service application crash via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or...

CVE-2007-1008

Apple iTunes 7.0.2 is affected by CVE-2007-1008 where a crafted XML list of radio stations can cause a denial of service via memory corruption. The issue is user‑assisted remote in nature and relies on the XML document being retrieved from a static URL, which implies an attacker must perform DNS ...