Lucene search
K

189 matches found

NVD
NVD
added 2026/03/06 4:16 p.m.4 views

CVE-2026-20748

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

8.6CVSS0.00252EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 3:18 p.m.3 views

CVE-2026-20748 Everon api.everon.io Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS5.8AI score0.00252EPSS
Exploits0References2
CVE
CVE
added 2026/03/06 3:18 p.m.12 views

CVE-2026-20748

Technical details about CVE-2026-20748 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.

8.6CVSS5.8AI score0.00252EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/06 3:18 p.m.31 views

CVE-2026-20748 Everon api.everon.io Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS0.00252EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 3:18 p.m.2 views

CVE-2026-20748

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS5.8AI score0.00252EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/06 3:7 p.m.5 views

CVE-2026-27764

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS5.8AI score0.00295EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/06 3:7 p.m.2 views

CVE-2026-27764 Mobiliti e-mobi.hu Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS5.8AI score0.00295EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/06 3:7 p.m.39 views

CVE-2026-27764 Mobiliti e-mobi.hu Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS0.00295EPSS
Exploits0References3
CVE
CVE
added 2026/03/06 3:7 p.m.14 views

CVE-2026-27764

Summary (CVE-2026-27764): The vulnerability affects Mobiliti e-mobi.hu’s WebSocket backend used to manage charging stations. The system uses charging-station identifiers to bind sessions but allows multiple endpoints to connect with the same session identifier, creating predictable session IDs. T...

8.6CVSS5.8AI score0.00295EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/06 12:16 a.m.11 views

CVE-2026-24912

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

8.6CVSS0.00386EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.10 views

PT-2026-23731

Name of the Vulnerable Software and Affected Versions TimescaleDB versions 2.23.0 through 2.25.1 Description TimescaleDB is a time-series database that functions as a Postgres extension. A flaw exists where PostgreSQL’s use of the search path setting can allow a malicious user to create functions...

8.8CVSS6AI score0.00136EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.5 views

PT-2026-23719

Name of the Vulnerable Software and Affected Versions Versions affected not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This results in predictable session...

8.6CVSS5.8AI score0.00295EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.7 views

PT-2026-23711

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS5.8AI score0.00252EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/05 11:38 p.m.4 views

CVE-2026-24912

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS6AI score0.00386EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 11:38 p.m.20 views

CVE-2026-24912

CVE-2026-24912 affects ePower epower.ie WebSocket backend used for charging stations. The backend associates sessions by station identifiers, but allows multiple endpoints to use the same session identifier, producing predictable session IDs. This enables session hijacking/shadowing where a newer...

8.6CVSS6AI score0.00386EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/05 11:38 p.m.29 views

CVE-2026-24912 ePower epower.ie Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS0.00386EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.6 views

PT-2026-23581

Name of the Vulnerable Software and Affected Versions Versions affected versions not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This results in predictable...

7.3CVSS5.8AI score0.00386EPSS
Exploits0References6
Veracode
Veracode
added 2026/03/04 7:38 a.m.5 views

XML External Entity (XXE)

fast-xml-parser is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of a dot . in DOCTYPE entity names, which is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities and bypass entity encoding, thereby...

9.3CVSS5.9AI score0.00445EPSS
Exploits1References12Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.4 views

CVE-2026-25711

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.5CVSS6AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.5 views

CVE-2026-27647

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

9.8CVSS6AI score0.00304EPSS
Exploits0References1
Rows per page
Query Builder