Signalk

Signal K Server

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2025-68620

Exploit
  • EPSS 0.49%
  • Veröffentlicht 01.01.2026 18:29:35
  • Zuletzt bearbeitet 06.01.2026 17:56:51

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket...

5.3

CVE-2025-68273

Exploit
  • EPSS 0.34%
  • Veröffentlicht 01.01.2026 18:21:51
  • Zuletzt bearbeitet 06.01.2026 17:58:57

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK dat...

7.5

CVE-2025-68272

Exploit
  • EPSS 0.52%
  • Veröffentlicht 01.01.2026 18:15:40
  • Zuletzt bearbeitet 06.01.2026 18:23:55

Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint (...

8.8

CVE-2025-66398

Exploit
  • EPSS 17.93%
  • Veröffentlicht 01.01.2026 18:00:38
  • Zuletzt bearbeitet 06.01.2026 18:34:31

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state (`restoreFilePath`) of the server via the `/skServer/validateBackup` endpoint. This allo...