Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints

Note This is a separate issue from the RCE vulnerability State Pollution currently being patched. While related to tokensecurity.js, it involves different endpoints and risks. Summary An unauthenticated information disclosure vulnerability allows any user to retrieve sensitive system information,...

Hikvision DVR Improper Privilege Management (CVE-2025-66173)

There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted...

CVE-2025-68273

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and install...

CVE-2025-68273

Summary: CVE-2025-68273 affects Signal K Server prior to version 2.19.0, exposing unauthenticated information via exposed endpoints and enabling information disclosure of the vessel data schema, connected serial devices, and analyzer tools. The root cause is missing authentication protection for ...

CVE-2025-68273 Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and install...

CVE-2025-68273 Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and install...

CVE-2025-68273 Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and install...

CVE-2025-62091

Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support serial-codes-generator-and-validator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial Codes Generator and Validator with WooCommerce...

CVE-2025-15017

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access...

PT-2026-8210

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the tegra qspi combined seq xfer function related to the curr xfer field. Specifically, the curr xfer field can be accessed by an interrupt request...

PT-2026-5534

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the gs can open function related to USB-in transfer URBs. The URBs are allocated and submitted, but not always freed in gs can close due to the USB framework...

PT-2026-1022

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.19.0 Description Signal K Server, a server application used on boats, has an information disclosure issue. An unauthenticated user can access sensitive system information. This includes the complete SignalK...

PT-2026-27712

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to USB communication with the f81604 CAN controller. Specifically, the issue concerns the incorrect anchoring of URB USB Request Block structure...

PT-2026-27689

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the handling of USB urb USB Request Block anchoring within the etas es58x CAN Controller Area Network driver. Specifically, the read bulk callback lacked proper anchorin...

PT-2026-27672

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the ems usb read bulk callback function related to handling USB urb data lengths. The function incorrectly uses the size of the buffer passed to...

PT-2026-27730

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The kalmia driver does not properly validate the number and types of USB endpoints a device has before binding to it. A malicious device lacking expected USB endpoints can cause the driv...

PT-2026-6148

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's ALSA subsystem, specifically within the scarlett2 module. A logic error in the scarlett2 usb get config function’s endianness conversion code can lead...

PT-2026-27677

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The kaweth driver does not validate the number and types of USB endpoints of a device before binding to it. A malicious device lacking expected USB endpoints can cause the driver to cras...

PT-2026-27655

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The pegasus driver does not validate the number and types of USB endpoints a device has before binding to it. A malicious device lacking expected USB endpoints can cause the driver to...

CVE-2025-62091

Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support serial-codes-generator-and-validator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial Codes Generator and Validator with WooCommerce...