Lucene search
K

58 matches found

Veracode
Veracode
added 2026/01/07 7:21 a.m.6 views

Unauthenticated Information Disclosure

signalk-server is vulnerable to unauthenticated information disclosure. The vulnerability is due to missing authentication checks on sensitive endpoints, which allows an attacker to retrieve internal system details such as the full SignalK data schema, connected serial devices, and installed...

5.3CVSS7AI score0.00338EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/02 6:37 p.m.5 views

CVE-2025-68620

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated...

9.1CVSS7.2AI score0.00492EPSS
Exploits1References1
Snyk
Snyk
added 2026/01/02 3:28 p.m.2 views

Authentication Bypass Using an Alternate Path or Channel

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the startServerEvents and queryRequest functions. When allowreadonly is enabled, an unauthenticated...

10CVSS7.1AI score0.00492EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/01/02 3:28 p.m.4 views

current-impact (=1.0.0), nmea-streamer (>=1.0.1 <=2.2.0) potentially affected by CVE-2025-68620 via signalk-server (=1.46.3)

signalk-server NPM version =1.46.3 is affected by a known vulnerability. The following packages have a transitive dependency on signalk-server and may be impacted: - current-impact =1.0.0 - nmea-streamer =1.0.1, =2.2.0 Source cves: CVE-2025-68620 Source advisory: OSV:GHSA-FQ56-HVG6-WVM5...

9.1CVSS5.8AI score0.00492EPSS
Exploits1
EUVD
EUVD
added 2026/01/02 3:26 p.m.4 views

EUVD-2025-206135

Signal K Server Vulnerable to Access Request Spoofing...

6.3CVSS6.4AI score0.00272EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/01/02 3:26 p.m.6 views

current-impact (=1.0.0), nmea-streamer (>=1.0.1 <=2.2.0) potentially affected by CVE-2025-69203 via signalk-server (=1.46.3)

signalk-server NPM version =1.46.3 is affected by a known vulnerability. The following packages have a transitive dependency on signalk-server and may be impacted: - current-impact =1.0.0 - nmea-streamer =1.0.1, =2.2.0 Source cves: CVE-2025-69203 Source advisory: OSV:GHSA-VFRF-VCJ7-WVR8...

8.8CVSS5.8AI score0.00272EPSS
Exploits1
Snyk
Snyk
added 2026/01/02 3:23 p.m.4 views

Arbitrary Code Injection

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Arbitrary Code Injection via the appstore.js REST API endpoint, which allows the installation of npm packages using unsanitized version specifiers. An administrator...

8.6CVSS7.9AI score0.00645EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/01/02 3:23 p.m.6 views

current-impact (=1.0.0), nmea-streamer (>=1.0.1 <=2.2.0) potentially affected by CVE-2025-68619 via signalk-server (=1.46.3)

signalk-server NPM version =1.46.3 is affected by a known vulnerability. The following packages have a transitive dependency on signalk-server and may be impacted: - current-impact =1.0.0 - nmea-streamer =1.0.1, =2.2.0 Source cves: CVE-2025-68619 Source advisory: OSV:GHSA-93JC-VQQC-VVVH...

8.6CVSS5.8AI score0.00645EPSS
Exploits1
Snyk
Snyk
added 2026/01/02 3:22 p.m.2 views

Information Exposure

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Information Exposure via the exposed endpoints /skServer/serialports, /skServer/availablePaths, and /skServer/hasAnalyzer that are not protected by authentication...

6.9CVSS6.8AI score0.00338EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/01/02 3:22 p.m.13 views

current-impact (=1.0.0), nmea-streamer (>=1.0.1 <=2.2.0) potentially affected by CVE-2025-68273 via signalk-server (=1.46.3)

signalk-server NPM version =1.46.3 is affected by a known vulnerability. The following packages have a transitive dependency on signalk-server and may be impacted: - current-impact =1.0.0 - nmea-streamer =1.0.1, =2.2.0 Source cves: CVE-2025-68273 Source advisory: OSV:GHSA-FPF5-W967-RR2M...

5.3CVSS5.8AI score0.00338EPSS
Exploits1
Snyk
Snyk
added 2026/01/02 3:20 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the /signalk/v1/access/requests endpoint. An attacker can cause the server to exhaust memory resources and...

8.7CVSS6.7AI score0.00519EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/01/02 3:20 p.m.6 views

current-impact (=1.0.0), nmea-streamer (>=1.0.1 <=2.2.0) potentially affected by CVE-2025-68272 via signalk-server (=1.46.3)

signalk-server NPM version =1.46.3 is affected by a known vulnerability. The following packages have a transitive dependency on signalk-server and may be impacted: - current-impact =1.0.0 - nmea-streamer =1.0.1, =2.2.0 Source cves: CVE-2025-68272 Source advisory: OSV:GHSA-7RQC-FF8M-7J23...

7.5CVSS5.8AI score0.00519EPSS
Exploits1
OSV
OSV
added 2026/01/02 3:20 p.m.4 views

GHSA-7RQC-FF8M-7J23 Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding

Summary A Denial of Service DoS vulnerability allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Details The...

7.5CVSS7AI score0.00519EPSS
Exploits1References5
Snyk
Snyk
added 2026/01/02 3:11 p.m.3 views

Improper Control of Dynamically-Managed Code Resources

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the restoreFilePath global variable, which can be manipulated through the /skServer/validateBackup endpoin...

9.6CVSS7.6AI score0.17934EPSS
Exploits3References3
vulnersOsv
vulnersOsv
added 2026/01/02 3:11 p.m.7 views

current-impact (=1.0.0), nmea-streamer (>=1.0.1 <=2.2.0) potentially affected by CVE-2025-66398 via signalk-server (=1.46.3)

signalk-server NPM version =1.46.3 is affected by a known vulnerability. The following packages have a transitive dependency on signalk-server and may be impacted: - current-impact =1.0.0 - nmea-streamer =1.0.1, =2.2.0 Source cves: CVE-2025-66398 Source advisory: OSV:GHSA-W3X5-7C4C-66P9...

9.6CVSS6AI score0.17934EPSS
Exploits3
NVD
NVD
added 2026/01/01 7:15 p.m.6 views

CVE-2025-68619

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugi...

8.6CVSS0.00645EPSS
Exploits1References2
NVD
NVD
added 2026/01/01 6:15 p.m.9 views

CVE-2025-68272

Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service DoS vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a...

7.5CVSS0.00519EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/01 6:8 p.m.2 views

CVE-2025-68272 Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding

Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service DoS vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a...

7.5CVSS6.5AI score0.00519EPSS
Exploits1References2
Rows per page
Query Builder