9 matches found
CVE-2026-44383 Hydro-Québec Le Circuit Electrique charging station backend Insufficient Session Expiration
Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...
CVE-2026-44383
CVE-2026-44383 concerns Hydro-Québec Le Circuit Electrique charging station backend with insufficient session expiration. The issue allows multiple connections using the same charging station ID, enabling attackers to deploy multiple OCPP clients to overwhelm the backend, impacting availability (...
CVE-2026-22552
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2025-55705
This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration...
PT-2026-4302
Name of the Vulnerable Software and Affected Versions Charging station software affected versions not specified Description The system allows multiple simultaneous connections to the backend using the same charging station ID. This can lead to unauthorized access, data inconsistency, or...
EVMAPA code-related vulnerabilities
EVMAPA is a navigation app for electric vehicle charging stations developed by Daniel Jurik. EVMAPA has code-related vulnerabilities. These vulnerabilities stem from the system’s ability to allow multiple concurrent connections using the same charging station ID, along with insufficient session...
Wavelog 安全漏洞
Wavelog is a web-based amateur radio logging software from Wavelog Open Source. A security vulnerability exists in Wavelog version 1.8.5, which stems from an SQL injection vulnerability contained in the stationid parameter in the getworkedmodes function on the Oqrsmodel.php page...
CVE-2024-48259
Cloudlog 2.6.15 allows Oqrs.php requestform SQL injection via stationid or callsign...
kernel: wifi: iwlwifi: mvm: guard against invalid STA ID on removal
An out-of-bounds memory access flaw was found in the Linux kernel’s Wireless WiFi Link Next-Gen AGN driver in how a user removes it. This flaw allows a local user to crash or potentially escalate their privileges on the system...