Lucene search
K

80 matches found

CNNVD
CNNVD
added 2026/03/06 12:0 a.m.8 views

Mobiliti 访问控制错误漏洞

Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a security access control vulnerability, which stems from the lack of proper authentication mechanisms for WebSocket endpoints. This vulnerability could allow unauthorized sites to...

9.8CVSS5.8AI score0.00871EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 11:18 p.m.3 views

CVE-2026-22552

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS6AI score0.00889EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/05 11:18 p.m.28 views

CVE-2026-22552 ePower epower.ie Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS0.00889EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.4 views

PT-2026-23574

Name of the Vulnerable Software and Affected Versions affected versions not specified Description WebSocket endpoints are missing appropriate authentication, allowing attackers to impersonate charging stations and manipulate backend data. An unauthenticated attacker can connect to the OCPP...

9.8CVSS5.8AI score0.00889EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.4 views

CVE-2026-25851

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.8CVSS6AI score0.00643EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.5 views

CVE-2026-27767

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.8CVSS6AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.6 views

CVE-2026-27772

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.8CVSS6AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.4 views

CVE-2026-24731

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.8CVSS6AI score0.00557EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 1:54 a.m.6 views

CVE-2026-20781

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.8CVSS6AI score0.00518EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 12:31 a.m.5 views

EUVD-2026-8937

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS5.6AI score0.00643EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/27 12:31 a.m.6 views

EUVD-2026-8929

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS5.6AI score0.00518EPSS
Exploits0References4
CVE
CVE
added 2026/02/27 12:20 a.m.15 views

CVE-2026-27028

CVE-2026-27028 affects WebSocket endpoints used by OCPP implementations. The issue is lack of authentication, allowing unauthenticated attackers to connect with a charging station identifier and impersonate a charger, issue or receive OCPP commands, and potentially escalate privileges, take unaut...

9.8CVSS5.5AI score0.00518EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 12:20 a.m.6 views

CVE-2026-27028 Mobility46 mobility46.se Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS6AI score0.00518EPSS
Exploits0References3
NVD
NVD
added 2026/02/27 12:16 a.m.8 views

CVE-2026-27767

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.8CVSS0.00508EPSS
Exploits0References3
NVD
NVD
added 2026/02/27 12:16 a.m.7 views

CVE-2026-27772

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.8CVSS0.00531EPSS
Exploits0References3
NVD
NVD
added 2026/02/27 12:16 a.m.10 views

CVE-2026-25851

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.8CVSS0.00643EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/27 12:9 a.m.4 views

CVE-2026-27772 EV Energy ev.energy Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS6AI score0.00531EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.12 views

PT-2026-22266

Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for the Open Charge Point Protocol OCPP affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, allowing attackers to perform unauthorized station impersonati...

9.8CVSS6AI score0.00518EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.7 views

PT-2026-22244

Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for the Open Charge Point Protocol OCPP affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, allowing unauthenticated attackers to connect and impersonate...

9.8CVSS5.9AI score0.00531EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.7 views

Mobility46 访问控制错误漏洞

Mobility46 is a digital management platform for electric vehicle charging developed by the Swedish company Mobility46. There is an access control vulnerability in Mobility46; this vulnerability stems from the lack of proper authentication mechanisms in WebSocket endpoints, which may allow...

9.8CVSS5.8AI score0.00518EPSS
Exploits0References3
Rows per page
Query Builder