|
721
|
8.8 |
HIGH
Network
|
azuracast
|
azuracast
|
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint (POST /api/station/{station_id}…
Update
|
CWE-22
Path Traversal
|
CVE-2026-42605
|
2026-05-15 02:34 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
722
|
8.8 |
HIGH
Network
|
azuracast
|
azuracast
|
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with…
Update
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-42606
|
2026-05-15 02:31 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
723
|
5.1 |
MEDIUM
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allo…
New
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2025-62305
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
724
|
5.1 |
MEDIUM
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details,…
New
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2025-62308
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
725
|
2.6 |
LOW
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to…
New
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2025-62309
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
726
|
5.4 |
MEDIUM
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized …
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2025-62310
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
727
|
4.3 |
MEDIUM
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized a…
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2025-62311
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
728
|
3.0 |
LOW
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse,…
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2025-62312
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
729
|
5.4 |
MEDIUM
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized …
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2025-62313
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
730
|
2.3 |
LOW
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based securi…
New
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2025-62316
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
