1218 matches found
CVE-2026-39320
The Signal K Server CVE-2026-39320 affects versions prior to 2.25.0, where an unauthenticated Regular Expression Denial of Service (ReDoS) can be triggered via WebSocket subscription handling. The root cause is injection of unescaped regex metacharacters into the context parameter of a stream sub...
CVE-2026-39320 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within the WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the...
Signal K Server 安全漏洞
The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.25.0 contained a security vulnerability. This vulnerability stemmed from improper validation of the context parameter in the WebSocket subscription processing logic, which...
PT-2026-33877
Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.25.0 Description An unauthenticated Regular Expression Denial of Service ReDoS exists within the WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the context parameter ...
[SECURITY] Fedora 43 Update: smb4k-4.0.6-1.fc43
Smb4K is an SMB/CIFS share browser for KDE. It uses the Samba software suite to access the SMB/CIFS shares of the local network neighborhood. Its purpose is to provide a program that's easy to use and has as many features as possible...
[SECURITY] Fedora 44 Update: plasma-systemsettings-6.6.4-1.fc44
KDE System Settings application...
[SECURITY] Fedora 44 Update: polkit-kde-6.6.4-1.fc44
Provides Policy Kit Authentication Agent that nicely fits to KDE...
[SECURITY] Fedora 44 Update: plasma-print-manager-6.6.4-1.fc44
Printer management for KDE...
[SECURITY] Fedora 44 Update: kf6-kitemmodels-6.25.0-1.fc44
KDE Frameworks 6 Tier 1 addon with item models...
[SECURITY] Fedora 44 Update: kf6-knotifyconfig-6.25.0-1.fc44
KDE Frameworks 6 Tier 3 module for KNotify configuration...
[SECURITY] Fedora 44 Update: kde-cli-tools-6.6.4-1.fc44
Provides several KDE and Plasma specific command line tools to allow better interaction with the system...
EUVD-2026-21199
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service DoS. On EX4k, and QFX5k platforms configur...
SALLIE: Safeguarding against Latent Language and Image Exploits
Large Language Models LLMs and Vision-Language Models VLMs remain highly vulnerable to textual and visual jailbreaks, as well as prompt injections arXiv:2307.15043, Greshake et al., 2023, arXiv:2306.13213. Existing defenses often degrade performance through complex input transformations or treat...
CVE-2026-33950
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time...
GHSA-QH3J-MRG8-F234 Signal K Server: Arbitrary Prototype Read via `from` Field Bypass
Summary The /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, the developers implemented an isPrototypePollutionPath guard. However, this guard only checks the path property of incoming JSON-patch objects. It...
CVE-2026-33950
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time...
CVE-2026-35038
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via from field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal...
CVE-2026-34083
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirecturi. Because the redirectU...
CVE-2026-5330 SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control
A vulnerability was found in SourceCodester/mayurik Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=deleteuser of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access...
Signal K Server 信息泄露漏洞
The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.24.0 contained a vulnerability related to information leakage. This vulnerability stemmed from the from field bypassing the prototype boundary filtering mechanism, which...