CVE-2026-29796

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

CVE-2026-32663

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

CVE-2026-27649

Summary: CVE-2026-27649 describes a flaw in the WebSocket backend where charging-station session identifiers are not unique, allowing multiple endpoints to reuse the same session ID. This leads to predictable session identifiers and enables session hijacking or shadowing, where a newer connection...

Parse Server LiveQuery subscription query depth bypass

Impact Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription requests. An attacker can send a subscription with deeply nested logical operators, causing excessive recursion and CPU consumption that degrade...

CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

DEBIAN-CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

UBUNTU-CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

CVE-2026-33151 socket.io allows an unbounded number of binary attachments

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

CVE-2026-33151 socket.io allows an unbounded number of binary attachments

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

CVE-2026-33151

CVE-2026-33151 affects Socket.IO. In affected releases (prior to 3.3.5, 3.4.4, and 4.2.6) a crafted Socket.IO packet can cause the server to buffer a large number of binary attachments, potentially exhausting memory. The vulnerability is patched in 3.3.5, 3.4.4, and 4.2.6. Some connected IBM bull...

CVE-2026-33151 socket.io allows an unbounded number of binary attachments

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

PT-2026-26686

Name of the Vulnerable Software and Affected Versions CTEK Chargeport affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that is due to an authorization bypass vulnerability in the WebSocket connection path. An attacker can exploit the vulnerability to perform administrator-only...

Socket.IO 代码问题漏洞

Socket.IO is a JavaScript library developed by Socket.IO Inc., aimed at real-time web applications. Versions of Socket.IO prior to 3.3.5, 3.4.4, and 4.2.6 contained code vulnerabilities. These vulnerabilities stemmed from the fact that servers would buffer large amounts of binary attachments when...

IGL-Technologies eParking.fi 访问控制错误漏洞

IGL-Technologies eParking.fi is an intelligent parking platform provided by IGL-Technologies, offering features for parking management, charging, and parking space monitoring. IGL-Technologies eParking.fi has a security vulnerability related to access control. This vulnerability stems from the la...

Linux Distros Unpatched Vulnerability : CVE-2026-23277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: teql: fix NULL pointer dereference in iptunnelxmit on TEQL slave xmit teqlmasterxmit calls netdevstartxmitskb, slave to transmit through slave device...

EUVD-2026-13253

OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authentication hardening vulnerability that is due to an authentication hardening vulnerability in the browser-sourced WebSocket client in a loopback deployment. An attacker can exploit the...