6.9
CVE-2025-15410 - code-projects Online Guitar Store login.php sql injection
A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument L_email leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available anβ¦
6.3
CVE-2025-69203 - Signal K Server Vulnerable to Access Request Spoofing
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable convincing social engineering attacks against adminiβ¦
7.3
CVE-2025-68619 - Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugin β¦
6.9
CVE-2025-15409 - code-projects Online Guitar Store Delete_product.php sql injection
A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Delete_product.php. Executing a manipulation of the argument del_pro can lead to sql injection. The attack may be performed from remote. The exploitβ¦
7.5
CVE-2025-55065 -
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
9.1
CVE-2025-68620 - Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated pβ¦
5.3
CVE-2025-68273 - Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints
Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installedβ¦
7.5
CVE-2025-68272 - Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding
Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint (`/signalk/v1/access/requests`). This causes a "Jaβ¦
2
CVE-2026-21437 - eopkg vulnerable to package file list integrity bypass
eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could include files that are not tracked by `eopkg`. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be shown by `lseopkg` anβ¦
5.8
CVE-2026-21436 - eopkg has Path Traversal: '../filedir' vulnerability
eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by `--destdir`. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be installed in the path givenβ¦