Command Injection

@signalk/set-system-time, is vulnerable to command injection. The vulnerability is due to unsafe construction of shell commands while processing navigation.datetime values via WebSocket delta messages, which allows an attacker with write access or unauthenticated access when security is disabled ...

CVE-2026-23515

Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...

CVE-2026-23515

Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...

CVE-2026-23515

Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...

Command Injection

Overview @signalk/set-system-time is a Signal K server plugin to set system date & time on Signal K data, usually from a GPS Affected versions of this package are vulnerable to Command Injection via the stream.onValue function. An attacker can execute arbitrary shell commands on the server by...

Signal K set-system-time plugin vulnerable to RCE - Command Injection

Summary A Command Injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated users can also exploit this vulnerability if security is disabled on the Signal K...

Signal K Server 操作系统命令注入漏洞

The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 1.5.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from insecure shell command constructions when handling the...

PT-2026-5713

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 1.5.0 Signal K Set-System-Time plugin versions prior to 1.5.0 Description A command injection issue exists in the Signal K Server and its Set-System-Time plugin. Authenticated users with write permissions can...

CVE-2025-67532

creationtimestamp| type| source ---|---|--- 2026-01-20 20:18:59+00:00| seen| Telegram/SWtK29cm2UgpyN8y03yUQ9wCaVP-eBcjxccSsN45iOVRTiE...

CVE-2025-69414

creationtimestamp| type| source ---|---|--- 2026-01-02 18:55:13+00:00| published-proof-of-concept| Telegram/0JnnPb1FXPACs6svVySu41rA7pedi-lhGwy4Q4xBeRTLA 2026-05-21 14:09:20+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mmeluowero2f...

CVE-2025-59703

creationtimestamp| type| source ---|---|--- 2025-12-02 18:42:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m6zlup577q2s...

[SECURITY] Fedora 43 Update: rust-speedate-0.17.0-1.fc43

Fast and simple datetime, date, time and duration parsing...

[SECURITY] Fedora 43 Update: python-cron-converter-1.2.2-1.fc43

Cron-converter provides a Cron string parser from string/lists to string/lists and iteration for the datetime object with a cron like format...

EUVD-2002-1381

Malware in sbrugna...

EUVD-2017-14915

Malware in sbrugna...

EUVD-2023-0326

Malicious code in bioql PyPI...

Malicious code in datetime-zones (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1a3d123441a30b70e5c3317307e99636ac6d13c589e7fb1ae0253a6aaa96aaf During import, environment variables are exfiltrated --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2025-47756 Malicious code in datetime-zones (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1a3d123441a30b70e5c3317307e99636ac6d13c589e7fb1ae0253a6aaa96aaf During import, environment variables are exfiltrated --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Linux Distros Unpatched Vulnerability : CVE-2025-6536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in Tarantool up to 3.3.1 and classified as problematic. Affected by this vulnerability is the function tmtodatetime in the librar...

Linux Distros Unpatched Vulnerability : CVE-2017-5838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The gstdatetimenewfromiso8601string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds...