CVE-2026-27764 Mobiliti e-mobi.hu Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

CVE-2026-2754

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...

CVE-2026-2754

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...

CVE-2026-2754

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker can retrieve internal network parameters, including ECDIS & OT information, device identifiers, and service status logs by issuing HTTP GET re...

CVE-2026-28682 Gokapi: Data Leak in Upload Status Stream

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes fileid values that are not scoped to the requesting...

EUVD-2026-9942

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

EUVD-2026-9940

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

CVE-2026-27770

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-24912

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

Everon 代码问题漏洞

Everon is an electric vehicle charging station system developed by Everon Corporation. There are code vulnerabilities in Everon, which stem from the WebSocket backend’s use of predictable session identifiers. These vulnerabilities may lead to session hijacking or shadow attacks, ultimately...

Mobiliti 代码问题漏洞

Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a code vulnerability that arises from using charging station identifiers to associate sessions, but allowing multiple endpoints to use the same session identifier for connection. This...

Everon 安全漏洞

Everon is an electric vehicle charging station system developed by Everon Corporation. There is a security vulnerability in Everon, which stems from the fact that the authentication identifiers can be accessed publicly through a web-based map platform...

Ibexa eZ Platform 安全漏洞

Ibexa eZ Platform is a content management system and website building tool provided by the Norwegian company Ibexa. The Ibexa eZ Platform 2.x version has a security vulnerability, which stems from improper access control in the REST API. This vulnerability could allow unverified attackers to acce...

Mobiliti 安全漏洞

Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a security vulnerability, as the authentication identifiers can be accessed publicly through a web-based map platform...

Navtor NavBox 安全漏洞

Navtor NavBox is a shipping information system device developed by the Norwegian company Navtor. It is used for electronic nautical chart management and synchronization of navigation data. There is a security vulnerability in Navtor NavBox, which stems from the lack of authentication in the HTTP...

ePower 代码问题漏洞

ePower is an electric vehicle charging station system owned by the Irish company ePower. ePower has a code vulnerability that stems from the predictable nature of session identifiers and the ability for multiple endpoints to use the same identifier to connect, which may lead to session hijacking ...

ePower 安全漏洞

ePower is a electric vehicle charging station system owned by the Irish company ePower. ePower has a security vulnerability, as the identity identifiers of charging stations can be accessed publicly through a web-based mapping platform...

PT-2026-23711

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

PT-2026-23719

Name of the Vulnerable Software and Affected Versions Versions affected not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This results in predictable session...

PT-2026-23715

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...