9516 matches found
CVE-2026-27767
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27767 SWITCH EV swtchenergy.com Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27767 SWITCH EV swtchenergy.com Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27767
The CVE-2026-27767 issue concerns WebSocket endpoints used for Open Charge Point Protocol (OCPP) in charging-station infrastructure. The underlying vulnerability is lack of authentication on these endpoints, allowing an unauthenticated attacker to connect with a known or discovered charging-stati...
CVE-2026-24731
CVE-2026-24731 affects EV2GO EV2GO ev2go.io: WebSocket endpoints lack authentication, allowing unauthenticated charging stations to impersonate a station and issue/receive OCPP commands to the backend. Root cause: missing authentication at the OCPP WebSocket endpoint enabling privilege escalation...
CVE-2026-20781
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-20781 CloudCharge cloudcharge.se Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-25851 Chargemap chargemap.com Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-28215 hoppscotch Vulnerable to Unauthenticated Onboarding Config Takeover
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticated attacker can overwrite the entire infrastructure configuration of a self-hosted Hoppscotch instance including OAuth provider credentials and SMTP settings by sending a single HTTP POST request wi...
CVE-2026-20033
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation when processing specific Ethernet frames. An attacker cou...
CVE-2026-27647
creationtimestamp| type| source ---|---|--- 2026-02-26 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-08 2026-02-27 02:58:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfspoue6r42e 2026-03-03 00:00:15+00:00| seen|...
[SECURITY] Fedora 43 Update: opentofu-1.11.5-1.fc43
OpenTofu lets you declaratively manage your cloud infrastructure...
Hoppscotch 授权问题漏洞
Hoppscotch is an open-source API development ecosystem developed by Hoppscotch. Versions of Hoppscotch prior to 2026.2.0 had authorization-related vulnerabilities. These vulnerabilities allowed unverified attackers to override entire infrastructure configurations with a single HTTP POST request,...
PT-2026-22232
Name of the Vulnerable Software and Affected Versions EV2GO affected versions not specified Description The software’s WebSocket endpoints do not have sufficient authentication, allowing attackers to impersonate charging stations without authorization and manipulate data transmitted to the backen...
PT-2026-22231
Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for Open Charge Point Protocol OCPP communication affected versions not specified Description WebSocket endpoints are missing appropriate authentication, allowing attackers to impersonate charging stations...
EUVD-2026-8672
A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. To exploit this vulnerability, the attacker...
EUVD-2026-8668
A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper processing when...
CVE-2026-20033
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation when processing specific Ethernet frames. An attacker cou...
CVE-2026-20033 Cisco NX-OS Software Denial of Service Vulnerability
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation when processing specific Ethernet frames. An attacker cou...
CVE-2026-20107 Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability
A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. To exploit this vulnerability, the attacker...