CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

EUVD•added 2026/03/21 12:31 a.m.•2 views

EUVD-2026-13846

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS5.9AI score0.00147EPSS

Exploits0References4

NVD•added 2026/03/20 11:16 p.m.•3 views

CVE-2026-29796

9.8CVSS0.00063EPSS

Exploits0References2

Cvelist•added 2026/03/20 10:42 p.m.•18 views

CVE-2026-25192 CTEK Chargeportal Missing Authentication for Critical Function

9.4CVSS0.00147EPSS

Exploits0References3

RedhatCVE•added 2026/03/07 7:31 p.m.•3 views

CVE-2026-26051

9.4CVSS5.8AI score0.00187EPSS

Exploits0References1

EUVD•added 2026/03/06 6:31 p.m.•3 views

EUVD-2026-10035

9.4CVSS5.8AI score0.00175EPSS

Exploits0References3

NVD•added 2026/03/06 4:16 p.m.•1 views

CVE-2026-26288

9.8CVSS0.00175EPSS

Exploits0References2

EUVD•added 2026/03/06 3:31 p.m.•4 views

EUVD-2026-10034

9.4CVSS5.8AI score0.00187EPSS

Exploits0References4

ATTACKERKB•added 2026/03/06 3:15 p.m.•3 views

CVE-2026-26288

9.4CVSS5.8AI score0.00175EPSS

Exploits0References3

CVE•added 2026/03/06 3:3 p.m.•5 views

CVE-2026-26051

CVE-2026-26051 affects WebSocket/OCPP endpoints where no authentication is required. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier and issue or receive OCPP commands as a legitimate charger, enabling privilege escala...

9.8CVSS5.8AI score0.00187EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/03/06 3:3 p.m.•25 views

CVE-2026-26051 Mobiliti e-mobi.hu Missing Authentication for Critical Function

9.4CVSS0.00187EPSS

Exploits0References3

CNNVD•added 2026/03/06 12:0 a.m.•2 views

ePower 访问控制错误漏洞

ePower is a electric vehicle charging station system owned by the Irish company ePower. ePower has a security access control vulnerability, which stems from the lack of an authentication mechanism in WebSocket endpoints. This vulnerability could allow unverified attackers to perform unauthorized...

9.8CVSS5.7AI score0.00139EPSS

Exploits0References3

CNNVD•added 2026/03/06 12:0 a.m.•3 views

Mobiliti 访问控制错误漏洞

Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a security access control vulnerability, which stems from the lack of proper authentication mechanisms for WebSocket endpoints. This vulnerability could allow unauthorized sites to...

9.8CVSS5.8AI score0.00187EPSS

Exploits0References3

Positive Technologies•added 2026/03/06 12:0 a.m.•3 views

PT-2026-23714

Name of the Vulnerable Software and Affected Versions OCPP affected versions not specified Description The WebSocket endpoints do not have sufficient authentication, allowing attackers to impersonate charging stations and manipulate data transmitted to the backend. An unauthenticated attacker can...

9.8CVSS5.8AI score0.00187EPSS

Exploits0References9

ATTACKERKB•added 2026/03/05 11:18 p.m.•1 views

CVE-2026-22552

9.4CVSS6AI score0.00139EPSS

Exploits0References4

Positive Technologies•added 2026/03/05 12:0 a.m.•1 views

PT-2026-23574

Name of the Vulnerable Software and Affected Versions affected versions not specified Description WebSocket endpoints are missing appropriate authentication, allowing attackers to impersonate charging stations and manipulate backend data. An unauthenticated attacker can connect to the OCPP...

9.8CVSS5.8AI score0.00139EPSS

Exploits0References12

RedhatCVE•added 2026/02/28 1:55 a.m.•1 views

CVE-2026-24731

9.8CVSS6AI score0.00197EPSS

Exploits0References1

NVD•added 2026/02/27 1:16 a.m.•3 views

CVE-2026-27028

9.8CVSS0.00197EPSS

Exploits0References3

EUVD•added 2026/02/27 12:31 a.m.•1 views

EUVD-2026-8966