Lucene search
+L

1225 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/02 4:20 p.m.1 views

CVE-2026-35038

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via from field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal...

5.3CVSS5.9AI score0.00308EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:14 p.m.3 views

CVE-2026-34083

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirecturi. Because the redirectU...

6.1CVSS5.9AI score0.00112EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/02 4:11 p.m.4 views

CVE-2026-33951 signalk-server: Unauthenticated Source Priorities Manipulation

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT...

6.9CVSS5.9AI score0.0031EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/02 12:45 p.m.28 views

CVE-2026-5330 SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control

A vulnerability was found in SourceCodester/mayurik Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=deleteuser of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access...

6.9CVSS0.00314EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

Signal K Server 信息泄露漏洞

The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.24.0 contained a vulnerability related to information leakage. This vulnerability stemmed from the from field bypassing the prototype boundary filtering mechanism, which...

6.5CVSS5.8AI score0.00308EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.9 views

Signal K Server 安全漏洞

The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.24.0-beta.4 contained a security vulnerability. This vulnerability stemmed from unvalidated administrator role injections, which could lead to privilege escalation...

9.4CVSS5.8AI score0.00418EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.13 views

PT-2026-29798

Summary SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirect uri. Because the redirectUri configuration is silently unset by default, an attacker spoof the Host header to steal OAut...

6.1CVSS6AI score0.00112EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.5 views

PT-2026-29804

Summary The /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, the developers implemented an isPrototypePollutionPath guard. However, this guard only checks the path property of incoming JSON-patch objects. It...

5.3CVSS6.5AI score0.00308EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.21 views

PT-2026-29797

Summary The SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT /signalk/v1/api/sourcePriorities, does not enforce authentication or authorization checks and directly assigns...

6.9CVSS5.9AI score0.0031EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

Signal K Server 访问控制错误漏洞

The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.24.0-beta.1 contained a access control vulnerability. This vulnerability stemmed from unverified endpoints allowing modification of data source priorities, which could lea...

7.5CVSS5.7AI score0.0031EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

Signal K Server 安全漏洞

The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.24.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of unvalidated Host headers in constructing redirect URIs, which could lead to the thef...

6.1CVSS5.8AI score0.00112EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/03/23 9:9 a.m.151 views

Exploit for OS Command Injection in Signalk Signal_K_Server

⚠️ cve-2025-66398 - Simple RCE Proof of Concept Tool !Downl...

9.6CVSS6.6AI score0.17934EPSS
Exploits3
EUVD
EUVD
added 2026/03/21 6:30 a.m.6 views

EUVD-2026-14165

Signal K set-system-time plugin vulnerable to RCE - Command Injection...

9.9CVSS5.8AI score0.04163EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/14 12:0 a.m.7 views

PT-2026-36255

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description A buffer copy without checking the size of input, known as a classic buffer overflow, occurs in the K12 RF5 file parser. This issue can lead to a crash,...

5.5CVSS5.9AI score0.00177EPSS
Exploits3References122
GithubExploit
GithubExploit
added 2026/03/10 8:20 p.m.199 views

Exploit for OS Command Injection in Signalk Signal_K_Server

CVE-2025-66398 — Signal K Server RCE PoC...

9.6CVSS6.4AI score0.17934EPSS
Exploits3
Redos
Redos
added 2026/03/06 12:0 a.m.5 views

ROS-20260306-73-0009

A vulnerability in the ath11kcorehalt function of the drivers/net/wireless/ath/ath11k/core.c module of the Linux operating system kernel is related to corruption of a node in the arvifs list as a result of incorrect resource initialization. Exploitation of the vulnerability could allow an attacke...

5.5CVSS5.8AI score0.00176EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.5 views

CVE-2026-23515

Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...

9.9CVSS5.9AI score0.04163EPSS
Exploits1References1
NVD
NVD
added 2026/02/02 11:16 p.m.8 views

CVE-2026-23515

Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...

9.9CVSS0.04163EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/02 8:43 p.m.84 views

CVE-2026-23515 RCE - Command Injection in Signal K set-system-time plugin

Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...

9.9CVSS0.04163EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/02 8:43 p.m.3 views

CVE-2026-23515 RCE - Command Injection in Signal K set-system-time plugin

Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...

9.9CVSS5.9AI score0.04163EPSS
Exploits1References2
Rows per page
Query Builder