29 matches found
CVE-2026-20895
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
CVE-2026-25778
CVE-2026-25778 concerns the WebSocket backend used to manage charging-station sessions. The system ties sessions to charging-station identifiers but allows multiple endpoints to connect with the same session identifier, yielding predictable session IDs. This can enable session hijacking or shadow...
CVE-2026-25778
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
PT-2026-22241
Name of the Vulnerable Software and Affected Versions WebSocket backend affected versions not specified Description The backend utilizes charging station identifiers to uniquely associate sessions but permits multiple endpoints to connect using the same session identifier. This results in...
CVE-2026-20895
The CVE-2026-20895 entry describes a vulnerability in the WebSocket backend used by EV2GO ev2go.io where session identifiers are used to bind sessions to charging stations but can be reused across multiple endpoints. This leads to predictable session identifiers and enables session hijacking or s...
CVE-2026-20895 EV2GO ev2go.io Insufficient Session Expiration
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
CVE-2026-25711
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
CVE-2026-25711 Chargemap chargemap.com Insufficient Session Expiration
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...
PT-2026-22238
Name of the Vulnerable Software and Affected Versions WebSocket backend affected versions not specified Description The backend utilizes charging station identifiers to uniquely associate sessions but permits multiple endpoints to connect using the same session identifier. This results in...