121 matches found
PT-2026-22265
Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface does not limit the number of authentication requests. This lack of rate limiting could enable an attacker t...
CVE-2026-25113
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
CVE-2026-25113 SWITCH EV swtchenergy.com Improper Restriction of Excessive Authentication Attempts
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
CVE-2026-25945
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
CVE-2026-25945 EV2GO ev2go.io Improper Restriction of Excessive Authentication Attempts
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
CVE-2026-25114
CVE-2026-25114 affects the CloudCharge WebSocket API, described across multiple sources. The core issue is no rate limiting on authentication requests, enabling potential denial-of-service by suppressing/misrouting charger telemetry and brute-force attempts to gain access. Affected software versi...
CVE-2026-20792 Chargemap chargemap.com Improper Restriction of Excessive Authentication Attempts
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or conduct brute-force attacks to gain...
CVE-2026-20792
The CVE-2026-20792 entry concerns the WebSocket API used for charger telemetry (Chargemap chargemap.com) and is triggered by insufficient rate limiting on authentication requests. The root cause is the lack of restrictions on the number of authentication attempts, which can allow denial-of-servic...
PT-2026-22240
Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface does not restrict the number of authentication requests. This lack of rate limiting could enable an attacke...
PT-2026-22233
Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface does not limit the number of authentication requests. This lack of rate limiting could enable an attacker t...
PT-2026-22242
Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface does not limit the number of authentication requests. This lack of rate limiting could enable an attacker t...
CVE-2026-25593
OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerabilit...
Missing Authentication for Critical Function
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function via config.apply. An attacker can execute arbitrary commands as the gateway process user by supplying crafted cliPath values through the Gatew...
PT-2026-6419
Summary An unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. Impact A local process on the same machine could execute arbitrary...
PT-2026-6548
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.1.20 Description An unauthenticated local client could leverage the Gateway WebSocket API to modify configuration settings through the config.apply function. Specifically, the ability to set unsafe cliPath value...
CVE-2026-24332
Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible and not actually offline because the response to a WebSocket API request includes the user in the presences array with "status": "offline", whereas offline users are omitted from the presences...
CVE-2026-24332
Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible and not actually offline because the response to a WebSocket API request includes the user in the presences array with "status": "offline", whereas offline users are omitted from the presences...
CVE-2025-12548
A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...
CVE-2025-12548 Github.com/che-incubator/che-code: eclipse che — unauthenticated rce and secret exfiltration via tcp/3333
A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...
PT-2026-2441
Name of the Vulnerable Software and Affected Versions Eclipse Che versions affected versions not specified Description A flaw exists in Eclipse Che che-machine-exec that permits unauthenticated remote arbitrary command execution and secret exfiltration, including SSH keys and tokens, from other...