Signalk

Signal K Server

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-41893

Exploit
  • EPSS 0.33%
  • Veröffentlicht 09.05.2026 19:12:10
  • Zuletzt bearbeitet 15.05.2026 19:14:13

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.25.0, the HTTP login endpoints (POST /login and POST /signalk/v1/auth/login) are protected by express-rate-limit (default: 100 attempts per 10-minute win...

7.5

CVE-2026-39320

Exploit
  • EPSS 0.43%
  • Veröffentlicht 21.04.2026 00:07:10
  • Zuletzt bearbeitet 24.04.2026 20:51:54

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated Regular Expression Denial of Service (ReDoS) attack within the WebSocket subscription handling logic. By injec...

6.5

CVE-2026-35038

Exploit
  • EPSS 0.31%
  • Veröffentlicht 02.04.2026 16:20:17
  • Zuletzt bearbeitet 29.04.2026 01:00:01

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via `from` field bypass. This vulnerability allows a low-privileged authenticated user to bypass...

6.1

CVE-2026-34083

Exploit
  • EPSS 0.11%
  • Veröffentlicht 02.04.2026 16:14:38
  • Zuletzt bearbeitet 06.04.2026 15:01:58

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construc...

7.5

CVE-2026-33951

  • EPSS 0.31%
  • Veröffentlicht 02.04.2026 16:11:58
  • Zuletzt bearbeitet 06.04.2026 15:03:50

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This e...

9.4

CVE-2026-33950

Exploit
  • EPSS 0.42%
  • Veröffentlicht 02.04.2026 16:08:59
  • Zuletzt bearbeitet 06.04.2026 15:04:42

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Adminis...

4.3

CVE-2026-25228

Exploit
  • EPSS 0.38%
  • Veröffentlicht 02.02.2026 23:16:10
  • Zuletzt bearbeitet 20.02.2026 15:13:59

Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary fil...

8.8

CVE-2026-23515

Exploit
  • EPSS 4.16%
  • Veröffentlicht 02.02.2026 23:16:07
  • Zuletzt bearbeitet 27.02.2026 13:46:54

Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-...

8.8

CVE-2025-69203

Exploit
  • EPSS 0.27%
  • Veröffentlicht 01.01.2026 18:37:11
  • Zuletzt bearbeitet 06.01.2026 17:54:35

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable con...

7.2

CVE-2025-68619

Exploit
  • EPSS 0.65%
  • Veröffentlicht 01.01.2026 18:35:19
  • Zuletzt bearbeitet 06.01.2026 17:57:24

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package n...