SUSE CVE-2026-48847

Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...

CVE-2025-67737 AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE

AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A user with specific internal knowledge of a...

CVE-2025-67737

CVE-2025-67737 affects AzuraCast versions 0.23.1, where an API endpoint intended for internal use by sftpgo was exposed in the public HTTP API (at /api/internal/sftp-event). A user with valid SFTP credentials and knowledge of the station’s internal filesystem can craft a tailored HTTP request to ...

CVE-2025-67737 AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE

AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A user with specific internal knowledge of a...