CVE-2026-27027 Everon api.everon.io Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-27027

Technical details about CVE-2026-27027 are not publicly available in the provided documents. Monitor for updates from listed sources; none of the connected records disclose affected products, versions, root cause, or fixes.

CVE-2026-20748 Everon api.everon.io Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

CVE-2026-20748 Everon api.everon.io Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

CVE-2026-24696 Everon api.everon.io Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-24696 Everon api.everon.io Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-24696

Technical details (affected products, versions, exploit information) are not publicly provided in the connected documents. Monitor for updates.

CVE-2026-26288 Everon api.everon.io Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

CVE-2026-26288 Everon api.everon.io Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

CVE-2026-26288

CVE-2026-26288 involves WebSocket/OCPP endpoints lacking authentication, enabling an unauthenticated attacker to impersonate a charging station and send/receive OCPP commands as a legitimate charger. The issue can lead to privilege escalation, unauthorized control of charging infrastructure, and ...

Everon 访问控制错误漏洞

Everon is an electric vehicle charging station system developed by Everon Corporation. There is an access control vulnerability in Everon, which stems from the lack of an authentication mechanism. This vulnerability allows unverified attackers to connect to WebSocket endpoints and impersonate...

Everon 代码问题漏洞

Everon is an electric vehicle charging station system developed by Everon Corporation. There are code vulnerabilities in Everon, which stem from the WebSocket backend’s use of predictable session identifiers. These vulnerabilities may lead to session hijacking or shadow attacks, ultimately...

Everon 安全漏洞

Everon is an electric vehicle charging station system developed by Everon Corporation. There is a security vulnerability in Everon, which stems from the fact that the authentication identifiers can be accessed publicly through a web-based map platform...

Everon 安全漏洞

Everon is an electric vehicle charging station system developed by Everon Corporation. There is a security vulnerability in Everon’s system. This vulnerability stems from the lack of a limit on the number of authentication requests made through the WebSocket API, which can lead to denial-of-servi...

PT-2026-23417

Name of the Vulnerable Software and Affected Versions Everon affected versions not specified Description The software’s WebSocket endpoints do not have sufficient authentication, allowing attackers to impersonate charging stations and manipulate data sent to the backend. An unauthenticated attack...