| CVE-2026-41893 |
high |
7.5 |
7.5 |
|
|
|
19d ago |
Signal K Server's WebSocket Login Endpoint Lacks Rate Limiting (Credential Brute-Force) |
| CVE-2026-35038 |
medium |
6.5 |
6.5 |
|
|
|
2mo ago |
Signal K Server: Arbitrary Prototype Read via `from` Field Bypass |
| CVE-2026-39320 |
unknown |
— |
— |
|
|
|
1mo ago |
Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths |
| CVE-2026-34083 |
unknown |
— |
— |
|
|
|
2mo ago |
Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow |
| CVE-2026-33951 |
unknown |
— |
— |
|
|
|
2mo ago |
Signal K Server: Unauthenticated Source Priorities Manipulation |
| CVE-2026-33950 |
unknown |
— |
— |
|
|
|
2mo ago |
Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity |
| CVE-2026-25228 |
unknown |
— |
— |
|
|
|
4mo ago |
SignalK Server has Path Traversal leading to information disclosure |
| CVE-2025-68620 |
unknown |
— |
— |
|
|
|
5mo ago |
Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling |
| CVE-2025-69203 |
unknown |
— |
— |
|
|
|
5mo ago |
Signal K Server Vulnerable to Access Request Spoofing |
| CVE-2025-68619 |
unknown |
— |
— |
|
|
|
5mo ago |
Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package |
| CVE-2025-68273 |
unknown |
— |
— |
|
|
|
5mo ago |
Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints |
| CVE-2025-68272 |
unknown |
— |
— |
|
|
|
5mo ago |
Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding |
| CVE-2025-66398 |
unknown |
— |
— |
|
|
|
5mo ago |
Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE) |