signalk-server
12 known vulnerabilities · 1 critical · 0 high
Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding
Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints
SignalK Server has Path Traversal leading to information disclosure
Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package
Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling
Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths
Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow
Signal K Server: Unauthenticated Source Priorities Manipulation
Signal K Server: Arbitrary Prototype Read via `from` Field Bypass
Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)
Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity