72 matches found
CVE-2026-27772
CVE-2026-27772 concerns WebSocket endpoints used by OCPP in EV Energy ev.energy deployments. The authenticated requirement is missing: an unauthenticated attacker can connect to the OCPP WebSocket endpoint with a known or discovered charging-station identifier and issue or receive OCPP commands a...
EV2GO 访问控制错误漏洞
EV2GO is a electric vehicle charging facility management platform developed by the Russian company EV2GO. EV2GO has a access control vulnerability, which stems from the lack of proper authentication mechanisms in WebSocket endpoints. This vulnerability could allow unauthorized attackers to perfor...
EV Energy 访问控制错误漏洞
EV Energy is a electric vehicle charging software platform operated by the British company EV Energy. EV Energy has a security vulnerability related to access control. This vulnerability stems from the lack of proper authentication mechanisms at WebSocket endpoints, which can lead to unauthorized...
CVE-2026-27767 SWITCH EV swtchenergy.com Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27767 SWITCH EV swtchenergy.com Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-24731 EV2GO ev2go.io Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-20781
CVE-2026-20781 concerns WebSocket endpoints used for Open Charge Point Protocol (OCPP) communications that lack proper authentication. The Red Hat, NVD, CVE listings describe an unauthenticated attacker who can connect to the OCPP WebSocket endpoint using a known or discovered charging-station id...
PT-2026-22231
Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for Open Charge Point Protocol OCPP communication affected versions not specified Description WebSocket endpoints are missing appropriate authentication, allowing attackers to impersonate charging stations...
CVE-2025-68663
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates aft...
CVE-2025-68663 Outline has a suspended user authentication bypass via WebSocket connections
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates aft...
PT-2026-7662
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates aft...
Outline 授权问题漏洞
Outline is an open-source knowledge base developed by Outline. Versions prior to Outline 1.1.0 had issues with authorization vulnerabilities. These vulnerabilities stemmed from defects in the WebSocket authentication mechanism, which could allow suspended users to maintain or establish real-time...
CVE-2025-54816
This vulnerability occurs when a WebSocket endpoint does not enforce proper authentication mechanisms, allowing unauthorized users to establish connections. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that n...
CVE-2025-55070 Lack of MFA enforcement in WebSocket connections
Mattermost versions 11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events...
EUVD-2025-7066
Malicious code in bioql PyPI...
CVE-2024-10956
GPT Academy version 3.83 in the binary-husky/gptacademic repository is vulnerable to Cross-Site WebSocket Hijacking CSWSH. This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server, enabling unauthorized actions such as deleting...
CVE-2024-10956
GPT Academy version 3.83 in the binary-husky/gptacademic repository is vulnerable to Cross-Site WebSocket Hijacking CSWSH. This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server, enabling unauthorized actions such as deleting...
Directus 信息泄露漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus version 11.0.0 and versions prior to 11.3.0, which stems from a setting of WEBSOCKETSGRAPHQLAUTH or...
GHSA-W3VC-FX9P-WP4V Jupyter Server Proxy's Websocket Proxying does not require authentication
Summary jupyter-server-proxy is used to expose ports local to a Jupyter server listening to web traffic to the Jupyter server's authenticated users by proxying web requests and websockets. Dependent packages partial list also use jupyter-server-proxy to expose other popular interactive applicatio...
Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0
Summary A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Impact Malicious unauthenticated users with knowledge on the underlying...