65 matches found
CVE-2026-23515
The CVE affects Signal K Server’s set-system-time plugin, with exploitation possible before version 1.5.0. Authenticated users with write permissions (or any user if server security is disabled) can trigger command injection by sending crafted navigation.datetime values via WebSocket delta messag...
CVE-2026-23515 RCE - Command Injection in Signal K set-system-time plugin
Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...
CVE-2026-23515 RCE - Command Injection in Signal K set-system-time plugin
Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...
CVE-2026-23515 RCE - Command Injection in Signal K set-system-time plugin
Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...
CVE-2026-23515
Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...
signalk-server (>=1.0.0 <=1.1.2) potentially affected by CVE-2026-23515 via @signalk/set-system-time (>=1.0.0 <=1.2.0)
@signalk/set-system-time NPM version =1.0.0, =1.0.0, =1.1.2 Source cves: CVE-2026-23515 Source advisory: SNYK:JS-SIGNALKSETSYSTEMTIME-15182653...
signalk-server (>=1.0.0 <=1.1.2) potentially affected by CVE-2026-23515 via @signalk/set-system-time (>=1.0.0 <=1.2.0)
@signalk/set-system-time NPM version =1.0.0, =1.0.0, =1.1.2 Source cves: CVE-2026-23515 Source advisory: OSV:GHSA-P8GP-2W28-MHWG...
Command Injection
Overview @signalk/set-system-time is a Signal K server plugin to set system date & time on Signal K data, usually from a GPS Affected versions of this package are vulnerable to Command Injection via the stream.onValue function. An attacker can execute arbitrary shell commands on the server by...
GHSA-P8GP-2W28-MHWG Signal K set-system-time plugin vulnerable to RCE - Command Injection
Summary A Command Injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated users can also exploit this vulnerability if security is disabled on the Signal K...
Signal K set-system-time plugin vulnerable to RCE - Command Injection
Summary A Command Injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated users can also exploit this vulnerability if security is disabled on the Signal K...
PT-2026-5713
Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 1.5.0 Signal K Set-System-Time plugin versions prior to 1.5.0 Description A command injection issue exists in the Signal K Server and its Set-System-Time plugin. Authenticated users with write permissions can...
D-Link DCS-930L Command Injection Vulnerability
D-Link DCS-930L is a network camera from China AUO D-Link. The D-Link DCS-930L suffers from a command injection vulnerability that stems from the failure to properly filter construct command special characters, commands, etc. in the parameter AdminID in the file /setSystemAdmin. An attacker can...
EUVD-2025-48945
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
EUVD-2025-30187
Malicious code in bioql PyPI...
CVE-2025-52873
Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication. A user with protected privileges can successfully invoke the SetSystemConfig functionality to...
CVE-2025-52873
Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication. A user with protected privileges can successfully invoke the SetSystemConfig functionality to...
CVE-2025-52873
CVE-2025-52873 affects Cognex In-Sight Explorer and In-Sight Camera Firmware. The vulnerability arises from a telnet service on port 23 that supports management operations (e.g., firmware upgrades, reboots) requiring authentication. A user with protected privileges can invoke SetSystemConfig to m...
CVE-2025-52873 Cognex In-Sight Explorer and In-Sight Camera Firmware Incorrect Permission Assignment for Critical Resource
Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication. A user with protected privileges can successfully invoke the SetSystemConfig functionality to...
CVE-2025-52873 Cognex In-Sight Explorer and In-Sight Camera Firmware Incorrect Permission Assignment for Critical Resource
Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication. A user with protected privileges can successfully invoke the SetSystemConfig functionality to...
Cognex In-Sight Explorer和Cognex In-Sight Camera Firmware 安全漏洞
Cognex In-Sight Explorer and Cognex In-Sight Camera Firmware are both products of Cognex Corporation, U.S.A. Cognex In-Sight Explorer is a tool that has the ability to debug and program the software of its line of smart cameras.Cognex In-Sight Camera Firmware is the firmware for a range of smart...