CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

72 matches found

RedhatCVE•added 2026/03/20 9:58 p.m.•2 views

CVE-2026-23538

A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...

7.5CVSS5.7AI score

Exploits0References3

Positive Technologies•added 2026/03/20 12:0 a.m.•6 views

PT-2026-26696

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS5.9AI score0.00468EPSS

Exploits0References7

CNNVD•added 2026/03/20 12:0 a.m.•5 views

CTEK Chargeportal 安全漏洞

CTEK Chargeportal is an electric vehicle charging management platform developed by the Swedish company CTEK. CTEK Chargeportal has a security vulnerability, which stems from the lack of a limit on the number of authentication requests in the WebSocket application programming interface. This...

8.7CVSS5.8AI score0.00427EPSS

Exploits0References3

OSV•added 2026/03/11 12:37 a.m.•5 views

GHSA-GV8F-WPM2-M5WR @siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection

Security Advisory: Insecure Default JWT Secret + WebSocket Auth Bypass Enables Unauthenticated RCE via Shell Injection Download: cveclaudecodeuisubmissionv2.zip  Submission Info | Field | Value | |-------|-------| | Package | @siteboon/claude-code-ui | | Ecosystem | npm | | Affected versions | =...

8.7CVSS6.2AI score0.03433EPSS

Exploits1References5

EUVD•added 2026/03/06 3:31 p.m.•8 views

EUVD-2026-10034

9.4CVSS5.8AI score0.00871EPSS

Exploits0References4

NVD•added 2026/03/06 12:16 a.m.•5 views

CVE-2026-22552

9.8CVSS0.00889EPSS

Exploits0References3

Positive Technologies•added 2026/03/06 12:0 a.m.•5 views

PT-2026-23714

Name of the Vulnerable Software and Affected Versions OCPP affected versions not specified Description The WebSocket endpoints do not have sufficient authentication, allowing attackers to impersonate charging stations and manipulate data transmitted to the backend. An unauthenticated attacker can...

9.8CVSS5.8AI score0.00871EPSS

Exploits0References9

Vulnrichment•added 2026/03/05 11:18 p.m.•2 views

CVE-2026-22552 ePower epower.ie Missing Authentication for Critical Function

9.4CVSS5.8AI score0.00889EPSS

Exploits0References3

CVE•added 2026/03/05 11:18 p.m.•11 views

CVE-2026-22552

CVE-2026-22552 involves WebSocket endpoints missing authentication in the ePower epower.ie component. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging-station identifier and impersonate a charger, sending/receiving OCPP commands as a legi...

9.8CVSS6AI score0.00889EPSS

Exploits0References3Affected Software1

OSV•added 2026/03/04 7:17 p.m.•2 views

GHSA-VVJH-F6P9-5VCF OpenClaw Canvas Authentication Bypass Vulnerability

ZDI-CAN-29311: OpenClaw Canvas Authentication Bypass Vulnerability -- ABSTRACT ------------------------------------- Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products: OpenClaw - OpenClaw -- VULNERABILITY DETAILS ------------------------ Version...

7.4CVSS6AI score

Exploits0References3

Snyk•added 2026/03/03 10:18 p.m.•2 views

Origin Validation Error

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Origin Validation Error via the WebSocket authentication process. An attacker can gain unauthorized access to operator-level WebSocket sessions and invoke privileged control-plane methods...

7.5CVSS5.8AI score0.00294EPSS

Exploits0References3

Github Security Blog•added 2026/03/03 10:18 p.m.•8 views

OpenClaw's browser-origin WebSocket auth hardening gap could enable loopback password brute-force chains

This issue is a browser-origin WebSocket auth chain on local loopback deployments using password auth. It is serious, but conditional: an attacker must get the user to open a malicious page and then successfully guess the gateway password. Context and Preconditions OpenClaw’s web/gateway surface ...

7.5CVSS6AI score0.00294EPSS

Exploits0References5Affected Software1

RedhatCVE•added 2026/02/28 1:55 a.m.•4 views

CVE-2026-27028

9.8CVSS6AI score0.00518EPSS

Exploits0References1

EUVD•added 2026/02/27 3:30 a.m.•8 views

EUVD-2026-8963

9.4CVSS5.5AI score0.00518EPSS

Exploits0References4

EUVD•added 2026/02/27 12:31 a.m.•4 views

EUVD-2026-8965

9.4CVSS5.5AI score0.00508EPSS

Exploits0References4

EUVD•added 2026/02/27 12:31 a.m.•1 views

EUVD-2026-8934

9.4CVSS5.6AI score0.00557EPSS

Exploits0References4

Cvelist•added 2026/02/27 12:20 a.m.•20 views

CVE-2026-27028 Mobility46 mobility46.se Missing Authentication for Critical Function

9.4CVSS0.00518EPSS

Exploits0References3

CVE•added 2026/02/27 12:11 a.m.•13 views

CVE-2026-24445

CVE-2026-24445 affects the WebSocket API used by EV Energy ev.energy. The vulnerability is a lack of rate limiting on authentication attempts in the WebSocket API, which could allow an attacker to perform denial-of-service by suppressing or misrouting charger telemetry and could enable brute-forc...

9.8CVSS5.4AI score0.00487EPSS

Exploits0References3Affected Software1