6534 matches found
CVE-2026-30843 Wekan has Cross-Board IDOR in Custom Fields Update Endpoints
Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 have a critical Insecure Direct Object Reference IDOR issue which could allow unauthorized users to modify custom fields across boards through its custom fields update endpoints, potentially leading to unauthorized data...
EUVD-2026-10041
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
EUVD-2026-10040
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
EUVD-2026-10031
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
EUVD-2026-10036
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-27777
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-27764
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
CVE-2026-27027
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-20748
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
EUVD-2026-10039
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...
CVE-2026-27027 Everon api.everon.io Insufficiently Protected Credentials
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-27027
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-20748
Technical details about CVE-2026-20748 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.
CVE-2026-20748 Everon api.everon.io Insufficient Session Expiration
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
CVE-2026-2754
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...
CVE-2026-27777
Technical details (affected products, versions, root cause, exploitability, mitigations) are not publicly available in the provided documents. Monitor for updates from official advisories.
CVE-2026-27777 Mobiliti e-mobi.hu Insufficiently Protected Credentials
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-27777
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-27764 Mobiliti e-mobi.hu Insufficient Session Expiration
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
CVE-2026-27764
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...