Lucene search
K

1218 matches found

CVE
CVE
added 2026/04/21 12:7 a.m.23 views

CVE-2026-39320

The Signal K Server CVE-2026-39320 affects versions prior to 2.25.0, where an unauthenticated Regular Expression Denial of Service (ReDoS) can be triggered via WebSocket subscription handling. The root cause is injection of unescaped regex metacharacters into the context parameter of a stream sub...

7.5CVSS5.8AI score0.00427EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/21 12:7 a.m.31 views

CVE-2026-39320 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within the WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the...

7.5CVSS0.00427EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.13 views

Signal K Server 安全漏洞

The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.25.0 contained a security vulnerability. This vulnerability stemmed from improper validation of the context parameter in the WebSocket subscription processing logic, which...

7.5CVSS5.8AI score0.00427EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.8 views

PT-2026-33877

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.25.0 Description An unauthenticated Regular Expression Denial of Service ReDoS exists within the WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the context parameter ...

7.5CVSS5.7AI score0.00427EPSS
Exploits1References9
Fedora
Fedora
added 2026/04/18 12:54 a.m.12 views

[SECURITY] Fedora 43 Update: smb4k-4.0.6-1.fc43

Smb4K is an SMB/CIFS share browser for KDE. It uses the Samba software suite to access the SMB/CIFS shares of the local network neighborhood. Its purpose is to provide a program that's easy to use and has as many features as possible...

7.3CVSS7.1AI score0.00144EPSS
Exploits0
Fedora
Fedora
added 2026/04/16 11:42 p.m.6 views

[SECURITY] Fedora 44 Update: plasma-systemsettings-6.6.4-1.fc44

KDE System Settings application...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/04/16 11:42 p.m.13 views

[SECURITY] Fedora 44 Update: polkit-kde-6.6.4-1.fc44

Provides Policy Kit Authentication Agent that nicely fits to KDE...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/04/16 11:42 p.m.6 views

[SECURITY] Fedora 44 Update: plasma-print-manager-6.6.4-1.fc44

Printer management for KDE...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/04/16 11:42 p.m.9 views

[SECURITY] Fedora 44 Update: kf6-kitemmodels-6.25.0-1.fc44

KDE Frameworks 6 Tier 1 addon with item models...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/04/16 11:42 p.m.9 views

[SECURITY] Fedora 44 Update: kf6-knotifyconfig-6.25.0-1.fc44

KDE Frameworks 6 Tier 3 module for KNotify configuration...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/04/16 11:42 p.m.13 views

[SECURITY] Fedora 44 Update: kde-cli-tools-6.6.4-1.fc44

Provides several KDE and Plasma specific command line tools to allow better interaction with the system...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/04/10 12:30 a.m.9 views

EUVD-2026-21199

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service DoS. On EX4k, and QFX5k platforms configur...

7.1CVSS6AI score0.00165EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/04/06 12:0 a.m.9 views

SALLIE: Safeguarding against Latent Language and Image Exploits

Large Language Models LLMs and Vision-Language Models VLMs remain highly vulnerable to textual and visual jailbreaks, as well as prompt injections arXiv:2307.15043, Greshake et al., 2023, arXiv:2306.13213. Existing defenses often degrade performance through complex input transformations or treat...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/03 4:59 p.m.3 views

CVE-2026-33950

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time...

9.4CVSS5.9AI score0.00418EPSS
Exploits1References1
OSV
OSV
added 2026/04/03 4:4 a.m.2 views

GHSA-QH3J-MRG8-F234 Signal K Server: Arbitrary Prototype Read via `from` Field Bypass

Summary The /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, the developers implemented an isPrototypePollutionPath guard. However, this guard only checks the path property of incoming JSON-patch objects. It...

5.3CVSS6.5AI score0.00308EPSS
Exploits1References4
NVD
NVD
added 2026/04/02 5:16 p.m.7 views

CVE-2026-33950

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time...

9.4CVSS0.00418EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:20 p.m.1 views

CVE-2026-35038

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via from field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal...

5.3CVSS5.9AI score0.00308EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:14 p.m.3 views

CVE-2026-34083

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirecturi. Because the redirectU...

6.1CVSS5.9AI score0.00112EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/02 12:45 p.m.26 views

CVE-2026-5330 SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control

A vulnerability was found in SourceCodester/mayurik Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=deleteuser of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access...

6.9CVSS0.00314EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

Signal K Server 信息泄露漏洞

The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.24.0 contained a vulnerability related to information leakage. This vulnerability stemmed from the from field bypassing the prototype boundary filtering mechanism, which...

6.5CVSS5.8AI score0.00308EPSS
Exploits1References2
Rows per page
Query Builder