Lucene search
K

40 matches found

NVD
NVD
added 2026/02/27 1:16 a.m.10 views

CVE-2026-26290

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

9.8CVSS0.00336EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/27 12:31 a.m.5 views

EUVD-2026-8936

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS5.5AI score0.00324EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/27 12:31 a.m.5 views

EUVD-2026-8940

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS5.5AI score0.00313EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/27 12:31 a.m.5 views

EUVD-2026-8960

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS5.4AI score0.00313EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/27 12:31 a.m.6 views

EUVD-2026-8932

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS5.5AI score0.00356EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/27 12:23 a.m.20 views

CVE-2026-27647 Mobility46 mobility46.se Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS0.00304EPSS
Exploits0References3
NVD
NVD
added 2026/02/27 12:16 a.m.14 views

CVE-2026-25711

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.5CVSS0.00324EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 12:2 a.m.2 views

CVE-2026-25778

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.5CVSS5.8AI score0.00313EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.6 views

EV Energy 代码问题漏洞

EV Energy is a electric vehicle charging software platform operated by the British company EV Energy. There are code vulnerabilities within EV Energy; these vulnerabilities stem from the WebSocket backend, which uses charging station identifiers to uniquely associate sessions but allows multiple...

9.8CVSS5.9AI score0.00336EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.6 views

PT-2026-22267

Name of the Vulnerable Software and Affected Versions Charging station software affected versions not specified Description The WebSocket backend associates sessions using charging station identifiers, but allows multiple endpoints to connect with the same session identifier. This results in...

9.8CVSS6AI score0.00304EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.8 views

PT-2026-22241

Name of the Vulnerable Software and Affected Versions WebSocket backend affected versions not specified Description The backend utilizes charging station identifiers to uniquely associate sessions but permits multiple endpoints to connect using the same session identifier. This results in...

7.5CVSS5.9AI score0.00313EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/02/26 11:48 p.m.2 views

CVE-2026-20895 EV2GO ev2go.io Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS6AI score0.00356EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/26 11:36 p.m.4 views

CVE-2026-27652 CloudCharge cloudcharge.se Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS6AI score0.00313EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/26 11:36 p.m.21 views

CVE-2026-27652 CloudCharge cloudcharge.se Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS0.00313EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/26 11:36 p.m.9 views

CVE-2026-27652

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.5CVSS5.8AI score0.00313EPSS
Exploits0References4
CVE
CVE
added 2026/02/26 11:8 p.m.12 views

CVE-2026-25711

CVE-2026-25711 concerns the WebSocket backend used to manage charging stations. The issue arises because session identifiers are used to bind sessions to charging stations, but the same identifier can be reused by multiple endpoints, making session identifiers predictable. This enables session hi...

7.5CVSS5.5AI score0.00324EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/26 11:8 p.m.3 views

CVE-2026-25711

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.6 views

PT-2026-22235

Name of the Vulnerable Software and Affected Versions WebSocket backend affected versions not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This results in...

7.5CVSS6AI score0.00313EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.8 views

PT-2026-22218

Name of the Vulnerable Software and Affected Versions Versions prior to the fixed version affected versions not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier...

7.5CVSS5.9AI score0.00324EPSS
Exploits0References7
OSV
OSV
added 2023/05/08 8:15 a.m.4 views

CVE-2023-2534

Improper Authorization vulnerability in OTRS AG OTRS 8 Websocket API backend allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. Fuzzing for...

8.1CVSS7.3AI score0.00526EPSS
Exploits0References1
Rows per page
Query Builder