Lucene search
K

1340 matches found

Veracode
Veracode
added 2026/01/07 8:0 a.m.5 views

Remote Code Execution (RCE)

Signal K Server is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsanitized npm version specifiers in the appstore install API, where attacker-controlled URLs or git sources can be passed to npm, allowing execution of malicious postinstall scripts when an administrator...

8.6CVSS7.2AI score0.00645EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/02 6:37 p.m.5 views

CVE-2025-68619

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugi...

8.6CVSS7.7AI score0.00645EPSS
Exploits1References1
OSV
OSV
added 2026/01/02 3:23 p.m.2 views

GHSA-93JC-VQQC-VVVH Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package

The SignalK appstore interface allows administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugin or webapp, the version parameter accepts arbitrary npm version specifiers including URLs. npm...

8.6CVSS7.9AI score0.00645EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/01/02 3:23 p.m.11 views

Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package

The SignalK appstore interface allows administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugin or webapp, the version parameter accepts arbitrary npm version specifiers including URLs. npm...

8.6CVSS8AI score0.00645EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/01/02 3:23 p.m.5 views

EUVD-2025-206137

Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package...

8.6CVSS6.8AI score0.00645EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/01 6:35 p.m.3 views

CVE-2025-68619 Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugi...

8.6CVSS7.3AI score0.00645EPSS
Exploits1References2
CVE
CVE
added 2026/01/01 6:35 p.m.18 views

CVE-2025-68619

CVE-2025-68619 affects the Signal K Server. The appstore REST endpoint allows admins to install npm packages by passing a version specifier, but the code does not sanitize this field and forwards it to npm. Because npm supports arbitrary version specifiers (including URLs and git sources) the att...

8.6CVSS7.3AI score0.00645EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-1023

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.19.0 Description Signal K Server is a server application used in marine environments. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API...

8.6CVSS7.6AI score0.00645EPSS
Exploits1References8
The Hacker News
The Hacker News
added 2025/10/29 8:34 a.m.31 views

10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems. "The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprint...

7AI score
Exploits0
OSV
OSV
added 2025/10/18 5:38 a.m.4 views

MAL-2025-48511 Malicious code in test-postinstall-package-for-ctf-nfrejnfvjenjner (npm)

The package communicates with a domain associated with malicious activity...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-5951

Malware in sbrugna...

3.3CVSS4.2AI score0.00395EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-18133

Malware in sbrugna...

9.8CVSS9.2AI score0.04785EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-54508

Malicious code in bioql PyPI...

5.2CVSS6.6AI score0.00124EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27127

Malicious code in bioql PyPI...

7.8CVSS6.5AI score0.00199EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-5907

Malicious code in bioql PyPI...

9.9CVSS6.6AI score0.00741EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/16 9:46 a.m.6 views

Malicious code in @yoobic/jpeg-camera-es6 (npm)

Suspicious postinstall script executing bundle.js and the presence of unsignedbitwisemathexcess YARA rule match indicates malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38de35c3ae3f0f156a77b94484f3774c14c293d3e37531ec74c8277fde1ad5c7 Any computer that has...

6.8AI score
Exploits0References7
OSV
OSV
added 2025/09/16 9:46 a.m.3 views

MAL-2025-47225 Malicious code in @yoobic/jpeg-camera-es6 (npm)

Suspicious postinstall script executing bundle.js and the presence of unsignedbitwisemathexcess YARA rule match indicates malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38de35c3ae3f0f156a77b94484f3774c14c293d3e37531ec74c8277fde1ad5c7 Any computer that has...

6.8AI score
Exploits0References7
OSV
OSV
added 2025/09/16 9:33 a.m.2 views

MAL-2025-47230 Malicious code in yoo-styles (npm)

Suspicious postinstall script executing bundle.js and YARA rule unsignedbitwisemathexcess match strongly suggests malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b064ef82c07e5538a3269d44de4c6750b224f665f808a5099715143c8be21e4 Any computer that h...

6.9AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/16 9:33 a.m.3 views

Malicious code in yoo-styles (npm)

Suspicious postinstall script executing bundle.js and YARA rule unsignedbitwisemathexcess match strongly suggests malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b064ef82c07e5538a3269d44de4c6750b224f665f808a5099715143c8be21e4 Any computer that h...

6.9AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/16 9:32 a.m.6 views

Malicious code in @operato/styles (npm)

Suspicious postinstall script executing bundle.js and unsignedbitwisemathexcess YARA rule match indicates malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f85f761f5ad599532a97a4c4c64bea4910004e56178cd4081fefb3b113ed8d6d Any computer that has this...

6.9AI score
Exploits0References7
Rows per page
Query Builder