Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure

Fides versions 2.19.0 to before 2.39.2rc0 contain an information disclosure caused by unauthenticated HTTP GET request to the Privacy Center, letting attackers access the SERVERSIDEFIDESAPIURL, which may reveal server configuration details, exploit requires no authentication. id: CVE-2024-31223...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: jaeger: jaeger-2.19.0-1.hum1 aarch64, x8664 jaeger-2.19.0-1.hum1.src src...

OpenSearch has a bypass of REST Layer Authorization Using Malformed Paths

Description A flaw was identified in the OpenSearch REST layer that could allow authorization checks to be bypassed when processing certain malformed HTTP requests. This could permit unauthorized access to restricted API endpoints in environments that rely on REST-layer authorization...

GHSA-83X9-VC3C-HGHC OpenSearch has a bypass of REST Layer Authorization Using Malformed Paths

Description A flaw was identified in the OpenSearch REST layer that could allow authorization checks to be bypassed when processing certain malformed HTTP requests. This could permit unauthorized access to restricted API endpoints in environments that rely on REST-layer authorization...

PT-2026-41480

Name of the Vulnerable Software and Affected Versions opensearch versions prior to 2.19.0 opensearch-ingest-attachment-plugin affected versions not specified opensearch-mapper-annotated-text-plugin affected versions not specified opensearch-mapper-murmur3-plugin affected versions not specified...

CVE-2025-68273

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and install...

CVE-2025-68272

Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service DoS vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a...

User Impersonation

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to User Impersonation via the access request system. An attacker can obtain elevated privileges and impersonate trusted devices by submitting misleading descriptions,...

Arbitrary Code Injection

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Arbitrary Code Injection via the appstore.js REST API endpoint, which allows the installation of npm packages using unsanitized version specifiers. An administrator...

EUVD-2025-206137

Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package...

EUVD-2025-206140

Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution RCE...

CVE-2025-68619

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugi...

CVE-2025-68619 Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugi...

CVE-2025-68619 Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugi...

CVE-2025-68619

CVE-2025-68619 affects the Signal K Server. The appstore REST endpoint allows admins to install npm packages by passing a version specifier, but the code does not sanitize this field and forwards it to npm. Because npm supports arbitrary version specifiers (including URLs and git sources) the att...

CVE-2025-66398

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restor...

CVE-2025-68272 Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding

Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service DoS vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a...

CVE-2025-66398 Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restor...

Signal K Server 信息泄露漏洞

Signal K Server is a ship centralized server from Signal K open source. An information disclosure vulnerability exists in versions of Signal K Server prior to 2.19.0 that originates from an unauthenticated information disclosure that allows any user to retrieve sensitive system information,...

Signal K Server 安全漏洞

Signal K Server is a ship centralized server from Signal K open source. A security vulnerability exists in Signal K Server versions prior to 2.19.0 that originates from an unauthenticated attacker who can cause the server to crash by accessing a request endpoint flooding attack, potentially...