PT-2026-22373

Name of the Vulnerable Software and Affected Versions SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 Description The firmware contains a weakness in how session identifiers are created. This allows attackers to create valid session identifiers without logging in, potentially gaining...

Chargemap 代码问题漏洞

Chargemap is a electric vehicle service platform website operated by the French company Chargemap. Chargemap has code-related vulnerabilities; these vulnerabilities stem from the predictable nature of session identifiers and the ability for multiple endpoints to use the same session identifier to...

PT-2026-22264

Name of the Vulnerable Software and Affected Versions Charging station software affected versions not specified Description The WebSocket backend associates sessions using charging station identifiers, but allows multiple endpoints to connect with the same session identifier. This results in...

Mobility46 代码问题漏洞

Mobility46 is a digital management platform for electric vehicle charging developed by the Swedish company Mobility46. There are code-related vulnerabilities in Mobility46; these vulnerabilities stem from the WebSocket backend’s use of predictable session identifiers, which may lead to session...

EV Energy 代码问题漏洞

EV Energy is a electric vehicle charging software platform operated by the British company EV Energy. There are code vulnerabilities within EV Energy; these vulnerabilities stem from the WebSocket backend, which uses charging station identifiers to uniquely associate sessions but allows multiple...

SODOLA SL902-SWTGW124AS 安全特征问题漏洞

SODOLA SL902-SWTGW124AS is an industrial switch produced by the Spanish company SODOLA. Versions of SODOLA SL902-SWTGW124AS prior to 200.1.20 had security feature vulnerabilities. These vulnerabilities stemmed from a weak session identifier generation mechanism, which could allow attackers to...

CloudCharge 代码问题漏洞

CloudCharge is a website for electric vehicle charging management developed by the Swedish company CloudCharge. CloudCharge has code-related vulnerabilities; these vulnerabilities stem from the WebSocket backend, which uses charging station identifiers to associate sessions. However, multiple...

PT-2026-22399

Name of the Vulnerable Software and Affected Versions HTTP::Session2 versions through 1.09 Description The software does not properly validate user-provided session IDs, which could allow for code injection or other impacts depending on the session backend. For example, if memcached is used for...

PluXml CMS 授权问题漏洞

PluXml CMS is a database-free content management system developed by the French company PluXml. Versions 5.8.21 and 5.9.0-rc7 of PluXml CMS have vulnerabilities related to authorization. These vulnerabilities stem from the ability to set session identifiers before authentication, which may lead t...

SWITCH EV 代码问题漏洞

SWITCH EV is an electric vehicle charging facility management platform developed by the US company SWITCH. SWITCH EV has code-related vulnerabilities; these vulnerabilities stem from the predictable nature of session identifiers and the ability for multiple endpoints to use the same session...

CVE-2026-20895

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

CVE-2026-20895

The CVE-2026-20895 entry describes a vulnerability in the WebSocket backend used by EV2GO ev2go.io where session identifiers are used to bind sessions to charging stations but can be reused across multiple endpoints. This leads to predictable session identifiers and enables session hijacking or s...

CVE-2026-27652

Summary: CVE-2026-27652 affects the CloudCharge WebSocket backend, where charging station identifiers are used to bind sessions but the system allows multiple endpoints to connect with the same session identifier. Root cause: implementation results in predictable session identifiers, enabling ses...

CVE-2026-27652 CloudCharge cloudcharge.se Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

CVE-2026-27652

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

CVE-2025-40932

Apache::SessionX for Perl up to version 2.01 uses a default MD5-based session-id generator that seeds the MD5 with the built-in rand(), the epoch time, and the PID. This yields predictable, low-entropy session identifiers because rand() is not cryptographically secure and the epoch/PID have limit...

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

CVE-2026-25711 Chargemap chargemap.com Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

CVE-2026-25711

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...