Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

RedhatCVE
RedhatCVEadded 2026/01/02 6:37 p.m.2 views

CVE-2025-66398

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restor...

9.6CVSS7.6AI score0.17934EPSS
Exploits3References1
OSV
OSVadded 2026/01/02 3:11 p.m.1 views

GHSA-W3X5-7C4C-66P9 Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)

Summary An unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restore" functionality to overwrite critical server configuration files e.g., security.json,...

9.6CVSS8.9AI score0.17934EPSS
Exploits3References5
Positive Technologies
Positive Technologiesadded 2026/01/01 12:0 a.m.3 views

PT-2026-1015

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.19.0 Description Signal K Server, a server application used on boats, is susceptible to an issue where an unauthenticated attacker can manipulate the server's internal state. This manipulation occurs through...

9.6CVSS7.3AI score0.17934EPSS
Exploits3References13
Rows per page
Query Builder