7.3
CVE-2025-68619 - Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugin β¦
6.9
CVE-2025-15409 - code-projects Online Guitar Store Delete_product.php sql injection
A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Delete_product.php. Executing a manipulation of the argument del_pro can lead to sql injection. The attack may be performed from remote. The exploitβ¦
7.5
CVE-2025-55065 -
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
9.1
CVE-2025-68620 - Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated pβ¦
5.3
CVE-2025-68273 - Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints
Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installedβ¦
7.5
CVE-2025-68272 - Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding
Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint (`/signalk/v1/access/requests`). This causes a "Jaβ¦
2
CVE-2026-21437 - eopkg vulnerable to package file list integrity bypass
eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could include files that are not tracked by `eopkg`. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be shown by `lseopkg` anβ¦
5.8
CVE-2026-21436 - eopkg has Path Traversal: '../filedir' vulnerability
eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by `--destdir`. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be installed in the path givenβ¦
6.9
CVE-2025-15408 - code-projects Online Guitar Store Create_product.php sql injection
A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. Performing a manipulation of the argument dre_title results in sql injection. The attack is possible to be carried out remotely. The exploit has been made publiβ¦
9.7
CVE-2025-66398 - Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state (`restoreFilePath`) of the server via the `/skServer/validateBackup` endpoint. This allows the attacker to hijack the administrator's "Reβ¦