76 matches found
CVE-2026-25192
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-25192
CVE-2026-25192 affects WebSocket endpoints (OCPP) used for charging stations, where no authentication is required. The Red Hat, EUVD, and NVD entries describe an unauthenticated attacker connecting to the OCPP WebSocket endpoint with a known or discovered charging station identifier and issuing o...
CVE-2026-25192 CTEK Chargeportal Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
Jenkins 安全漏洞
Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.554 and earlier, as well as LTS 2.541.2 and earlier, have security vulnerabilitie...
GO-2026-4661 Linkdave Missing Authentication on REST and WebSocket endpoints in github.com/shi-gg/linkdave
Linkdave Missing Authentication on REST and WebSocket endpoints in github.com/shi-gg/linkdave...
GHSA-XV8G-FJ9H-6GMV Linkdave Missing Authentication on REST and WebSocket endpoints
The linkdave server does not enforce authentication on its REST and WebSocket routes in versions prior to 0.1.5. Impact An attacker with network access to the server port can: - Connect to the WebSocket endpoint /ws and receive a valid sessionid in the OpReady response. - Use that session to invo...
Linkdave Missing Authentication on REST and WebSocket endpoints
The linkdave server does not enforce authentication on its REST and WebSocket routes in versions prior to 0.1.5. Impact An attacker with network access to the server port can: - Connect to the WebSocket endpoint /ws and receive a valid sessionid in the OpReady response. - Use that session to invo...
CVE-2026-26051
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-26288
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
EUVD-2026-10035
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-26288
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-26288
CVE-2026-26288 involves WebSocket/OCPP endpoints lacking authentication, enabling an unauthenticated attacker to impersonate a charging station and send/receive OCPP commands as a legitimate charger. The issue can lead to privilege escalation, unauthorized control of charging infrastructure, and ...
CVE-2026-26288 Everon api.everon.io Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-26288 Everon api.everon.io Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-26051
CVE-2026-26051 affects WebSocket/OCPP endpoints where no authentication is required. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier and issue or receive OCPP commands as a legitimate charger, enabling privilege escala...
EUVD-2026-9939
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
Mobiliti 访问控制错误漏洞
Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a security access control vulnerability, which stems from the lack of proper authentication mechanisms for WebSocket endpoints. This vulnerability could allow unauthorized sites to...
CVE-2026-22552 ePower epower.ie Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-22552
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
PT-2026-23574
Name of the Vulnerable Software and Affected Versions affected versions not specified Description WebSocket endpoints are missing appropriate authentication, allowing attackers to impersonate charging stations and manipulate backend data. An unauthenticated attacker can connect to the OCPP...