Signal K Server Security Advisory: Multiple Critical Vulnerabilities (Pre-2.19.0) Threat Advisories AegironJanuary 2, 2026January 2, 202610 mins0 Affected Product Signal K Server – Marine data server commonly used as a central hub on boats…continue reading..
CVE-2025-15420: Critical Unauthenticated SQL Injection in Yonyou KSOA Allows Full Database Compromise Threat Advisories AegironJanuary 2, 2026January 2, 20267 mins0 Vulnerability Overview Severity & Risk Rating This vulnerability is considered high risk due to ease of exploitation…continue reading..
CVE-2026-21428: A Silent Header Injection Flaw Turning Simple HTTP Requests into Full-Blown SSRF Attacks Threat Advisories AegironJanuary 2, 2026January 2, 20267 mins0 CVE ID: CVE-2026-21428Affected Component: cpp-httplib (C++11 header-only HTTP/HTTPS library)Affected Versions: < 0.30.0Fixed Version: 0.30.0Vulnerability Type: HTTP Header…continue reading..
CVE-2025-55065: High-Risk SQL Injection Threat Enabling Full Database Compromise Threat Advisories AegironJanuary 2, 2026January 2, 20269 mins0 Quick facts What this vulnerability really means CVE-2025-55065 is a classic SQL Injection vulnerability in the ReKord…continue reading..
CVE-2025-68620: Unauthenticated Attackers Can Steal JWT Tokens and Fully Bypass Authentication in Signal K Server Threat Advisories AegironJanuary 2, 2026January 2, 20268 mins0 CVE ID: CVE-2025-68620Affected Product: Signal K ServerAffected Versions: All versions prior to 2.19.0Severity: CriticalCVSS v3.1 Score: 9.1Attack…continue reading..
CVE-2025-66398: Critical Signal K Server Flaw Enables Unauthenticated Full System Takeover Threat Advisories AegironJanuary 2, 2026January 2, 202610 mins0 Vulnerability Overview (At a Glance) CVE ID: CVE-2025-66398Product: Signal K ServerAffected Versions: All versions prior to 2.19.0Fixed…continue reading..
CVE-2025-47411: Authenticated User Can Silently Take Over Apache StreamPipes as Administrator Threat Advisories AegironJanuary 2, 2026January 2, 202611 mins0 Vulnerability Overview This vulnerability allows a legitimate non-administrator user to escalate privileges and gain full administrative control…continue reading..
CVE-2025-48769 — Use-After-Free Vulnerability in Apache NuttX RTOS Threat Advisories CyberDefenderJanuary 2, 2026January 2, 20262 mins0 CVE-2025-48769 is a Use After Free memory corruption vulnerability in the Apache NuttX Real-Time Operating System (RTOS).…continue reading..
CVE-2025-11157: One Malicious YAML File Away from Full Kubernetes Cluster Takeover Threat Advisories AegironJanuary 2, 2026January 2, 20268 mins0 CVE ID: CVE-2025-11157Affected Project: feast-dev/feastAffected Version: 0.53.0Component: Kubernetes Materializer JobFile Path: feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py Severity & Risk Summary (at…continue reading..
The Mega Leak Aftershock: How 16 Billion Stolen Passwords Are Powering 2026’s Account Takeovers Cyber Threat Intelligence AegironJanuary 1, 2026January 1, 20269 mins0 Overview In early 2026, security teams and everyday users began noticing a sharp rise in account takeovers.…continue reading..
