Lucene search
K

190 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/27 12:2 a.m.2 views

CVE-2026-25778

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.5CVSS5.8AI score0.00313EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 12:2 a.m.3 views

CVE-2026-25778 SWITCH EV swtchenergy.com Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS6AI score0.00313EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/27 12:2 a.m.20 views

CVE-2026-25778 SWITCH EV swtchenergy.com Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS0.00313EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 12:2 a.m.10 views

CVE-2026-25778

CVE-2026-25778 concerns the WebSocket backend used to manage charging-station sessions. The system ties sessions to charging-station identifiers but allows multiple endpoints to connect with the same session identifier, yielding predictable session IDs. This can enable session hijacking or shadow...

7.5CVSS5.5AI score0.00313EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.5 views

PT-2026-22267

Name of the Vulnerable Software and Affected Versions Charging station software affected versions not specified Description The WebSocket backend associates sessions using charging station identifiers, but allows multiple endpoints to connect with the same session identifier. This results in...

9.8CVSS6AI score0.00304EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.7 views

PT-2026-22241

Name of the Vulnerable Software and Affected Versions WebSocket backend affected versions not specified Description The backend utilizes charging station identifiers to uniquely associate sessions but permits multiple endpoints to connect using the same session identifier. This results in...

7.5CVSS5.9AI score0.00313EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/02/26 11:48 p.m.2 views

CVE-2026-20895 EV2GO ev2go.io Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS6AI score0.00356EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/26 11:48 p.m.17 views

CVE-2026-20895 EV2GO ev2go.io Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS0.00356EPSS
Exploits0References3
CVE
CVE
added 2026/02/26 11:48 p.m.8 views

CVE-2026-20895

The CVE-2026-20895 entry describes a vulnerability in the WebSocket backend used by EV2GO ev2go.io where session identifiers are used to bind sessions to charging stations but can be reused across multiple endpoints. This leads to predictable session identifiers and enables session hijacking or s...

7.5CVSS5.5AI score0.00356EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/26 11:36 p.m.14 views

CVE-2026-27652

Summary: CVE-2026-27652 affects the CloudCharge WebSocket backend, where charging station identifiers are used to bind sessions but the system allows multiple endpoints to connect with the same session identifier. Root cause: implementation results in predictable session identifiers, enabling ses...

7.5CVSS5.5AI score0.00313EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/26 11:36 p.m.20 views

CVE-2026-27652 CloudCharge cloudcharge.se Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS0.00313EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/26 11:36 p.m.8 views

CVE-2026-27652

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.5CVSS5.8AI score0.00313EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/26 11:8 p.m.2 views

CVE-2026-25711

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/26 11:8 p.m.23 views

CVE-2026-25711 Chargemap chargemap.com Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS0.00324EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.6 views

PT-2026-22218

Name of the Vulnerable Software and Affected Versions Versions prior to the fixed version affected versions not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier...

7.5CVSS5.9AI score0.00324EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.4 views

PT-2026-22238

Name of the Vulnerable Software and Affected Versions WebSocket backend affected versions not specified Description The backend utilizes charging station identifiers to uniquely associate sessions but permits multiple endpoints to connect using the same session identifier. This results in...

7.5CVSS5.9AI score0.00356EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.5 views

PT-2026-22235

Name of the Vulnerable Software and Affected Versions WebSocket backend affected versions not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This results in...

7.5CVSS6AI score0.00313EPSS
Exploits0References7
OSV
OSV
added 2026/02/20 9:19 p.m.4 views

DEBIAN-CVE-2026-25896

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

9.3CVSS7.3AI score0.00445EPSS
Exploits1References1
NVD
NVD
added 2026/02/20 9:19 p.m.11 views

CVE-2026-25896

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

9.3CVSS0.00445EPSS
Exploits1References11
UbuntuCve
UbuntuCve
added 2026/02/20 9:19 p.m.4 views

CVE-2026-25896

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

9.3CVSS5.8AI score0.00445EPSS
Exploits1References5
Rows per page
Query Builder