Signalk

Signal K Server

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2026-25228

Exploit
  • EPSS 0.01%
  • Veröffentlicht 02.02.2026 23:16:10
  • Zuletzt bearbeitet 20.02.2026 15:13:59

Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary fil...

8.8

CVE-2026-23515

Exploit
  • EPSS 5.31%
  • Veröffentlicht 02.02.2026 23:16:07
  • Zuletzt bearbeitet 27.02.2026 13:46:54

Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-...

8.8

CVE-2025-69203

Exploit
  • EPSS 0.02%
  • Veröffentlicht 01.01.2026 18:37:11
  • Zuletzt bearbeitet 06.01.2026 17:54:35

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable con...

7.2

CVE-2025-68619

Exploit
  • EPSS 0.05%
  • Veröffentlicht 01.01.2026 18:35:19
  • Zuletzt bearbeitet 06.01.2026 17:57:24

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package n...

9.1

CVE-2025-68620

Exploit
  • EPSS 0.06%
  • Veröffentlicht 01.01.2026 18:29:35
  • Zuletzt bearbeitet 06.01.2026 17:56:51

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket...

5.3

CVE-2025-68273

Exploit
  • EPSS 0.02%
  • Veröffentlicht 01.01.2026 18:21:51
  • Zuletzt bearbeitet 06.01.2026 17:58:57

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK dat...

7.5

CVE-2025-68272

Exploit
  • EPSS 0.04%
  • Veröffentlicht 01.01.2026 18:15:40
  • Zuletzt bearbeitet 06.01.2026 18:23:55

Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint (...

8.8

CVE-2025-66398

Exploit
  • EPSS 0.09%
  • Veröffentlicht 01.01.2026 18:00:38
  • Zuletzt bearbeitet 06.01.2026 18:34:31

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state (`restoreFilePath`) of the server via the `/skServer/validateBackup` endpoint. This allo...