VYPR

npm package

@signalk/set-system-time

pkg:npm/%40signalk/set-system-time

Vulnerabilities (1)

  • CVE-2026-23515Feb 2, 2026
    affected < 1.5.0fixed 1.5.0

    Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled.