Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/09 7:43 p.m.7 views

CVE-2026-42606 AzuraCast: Password Reset Poisoning via Untrusted X-Forwarded-Host Header Leads to Account Takeover and 2FA Bypass

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...

8.1CVSS5.8AI score0.00476EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/09 7:55 p.m.5 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via improper sanitization in the cleanUpString function. An attacker can execute arbitrary commands on the server by injecting specially crafted Liquidsoap string interpolation sequences into user-controllable...

8.7CVSS6.1AI score
Exploits0References2
CNVD
CNVD
added 2023/05/11 12:0 a.m.6 views

AzuraCast Access Control Error Vulnerability

AzuraCast is a simple self-hosted webcast management suite from AzuraCast. An Access Control Error vulnerability exists in versions of AzuraCast prior to 0.18.3 that stems from an improper restriction of excessive authentication attempts. An attacker could exploit the vulnerability to brute force...

9.8CVSS6.7AI score0.00787EPSS
Exploits1References1
CNVD
CNVD
added 2023/04/23 12:0 a.m.7 views

AzuraCast Cross-Site Scripting Vulnerability

AzuraCast is a simple self-hosted webcast management suite from AzuraCast. A cross-site scripting vulnerability exists in AzuraCast version 0.18 and earlier, which stems from the lack of effective filtering and escaping of user-supplied data in the name field on the Edit Profile page, and can be...

4.8CVSS6.1AI score0.00504EPSS
Exploits1References1
Rows per page
Query Builder