1225 matches found
CVE-2026-35038
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via from field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal...
CVE-2026-34083
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirecturi. Because the redirectU...
CVE-2026-33951 signalk-server: Unauthenticated Source Priorities Manipulation
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT...
CVE-2026-5330 SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control
A vulnerability was found in SourceCodester/mayurik Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=deleteuser of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access...
Signal K Server 信息泄露漏洞
The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.24.0 contained a vulnerability related to information leakage. This vulnerability stemmed from the from field bypassing the prototype boundary filtering mechanism, which...
Signal K Server 安全漏洞
The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.24.0-beta.4 contained a security vulnerability. This vulnerability stemmed from unvalidated administrator role injections, which could lead to privilege escalation...
PT-2026-29798
Summary SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirect uri. Because the redirectUri configuration is silently unset by default, an attacker spoof the Host header to steal OAut...
PT-2026-29804
Summary The /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, the developers implemented an isPrototypePollutionPath guard. However, this guard only checks the path property of incoming JSON-patch objects. It...
PT-2026-29797
Summary The SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT /signalk/v1/api/sourcePriorities, does not enforce authentication or authorization checks and directly assigns...
Signal K Server 访问控制错误漏洞
The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.24.0-beta.1 contained a access control vulnerability. This vulnerability stemmed from unverified endpoints allowing modification of data source priorities, which could lea...
Signal K Server 安全漏洞
The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.24.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of unvalidated Host headers in constructing redirect URIs, which could lead to the thef...
Exploit for OS Command Injection in Signalk Signal_K_Server
⚠️ cve-2025-66398 - Simple RCE Proof of Concept Tool !Downl...
EUVD-2026-14165
Signal K set-system-time plugin vulnerable to RCE - Command Injection...
PT-2026-36255
Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description A buffer copy without checking the size of input, known as a classic buffer overflow, occurs in the K12 RF5 file parser. This issue can lead to a crash,...
Exploit for OS Command Injection in Signalk Signal_K_Server
CVE-2025-66398 — Signal K Server RCE PoC...
ROS-20260306-73-0009
A vulnerability in the ath11kcorehalt function of the drivers/net/wireless/ath/ath11k/core.c module of the Linux operating system kernel is related to corruption of a node in the arvifs list as a result of incorrect resource initialization. Exploitation of the vulnerability could allow an attacke...
CVE-2026-23515
Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...
CVE-2026-23515
Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...
CVE-2026-23515 RCE - Command Injection in Signal K set-system-time plugin
Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...
CVE-2026-23515 RCE - Command Injection in Signal K set-system-time plugin
Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...