CVE-2026-25114 CloudCharge cloudcharge.se Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-25114 CloudCharge cloudcharge.se Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-25114

CVE-2026-25114 affects the CloudCharge WebSocket API, described across multiple sources. The core issue is no rate limiting on authentication requests, enabling potential denial-of-service by suppressing/misrouting charger telemetry and brute-force attempts to gain access. Affected software versi...

CVE-2026-20781 CloudCharge cloudcharge.se Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

CVE-2026-20781

CVE-2026-20781 concerns WebSocket endpoints used for Open Charge Point Protocol (OCPP) communications that lack proper authentication. The Red Hat, NVD, CVE listings describe an unauthenticated attacker who can connect to the OCPP WebSocket endpoint using a known or discovered charging-station id...

CVE-2026-25711 Chargemap chargemap.com Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

CVE-2026-25711

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

CVE-2026-25711

CVE-2026-25711 concerns the WebSocket backend used to manage charging stations. The issue arises because session identifiers are used to bind sessions to charging stations, but the same identifier can be reused by multiple endpoints, making session identifiers predictable. This enables session hi...

CVE-2026-20792

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-20792 Chargemap chargemap.com Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-20792 Chargemap chargemap.com Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-20792

The CVE-2026-20792 entry concerns the WebSocket API used for charger telemetry (Chargemap chargemap.com) and is triggered by insufficient rate limiting on authentication requests. The root cause is the lack of restrictions on the number of authentication attempts, which can allow denial-of-servic...

CVE-2026-25851

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

CVE-2026-25851 Chargemap chargemap.com Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

CVE-2026-25851

The CVE-2026-25851 entries describe a vulnerability where WebSocket endpoints used for Open Charge Point Protocol (OCPP) communications lack authentication. The underlying issue allows an unauthenticated attacker to connect to the OCPP WebSocket endpoint (e.g., with a known or discovered charging...

EUVD-2026-8750

Storybook Dev Server is Vulnerable to WebSocket Hijacking...

Storybook Dev Server is Vulnerable to WebSocket Hijacking

Summary The WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability only affects the Storybook dev server; production builds are not impacted. Details Exploitation requires a developer to visit a malicious...

GHSA-MJF5-7G4M-GX5W Storybook Dev Server is Vulnerable to WebSocket Hijacking

Summary The WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability only affects the Storybook dev server; production builds are not impacted. Details Exploitation requires a developer to visit a malicious...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-32049: denial of Service attack to websocket server bsc1240751. CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources bsc1258120. CVE-2026-2443: out-of-bounds read when processing specially crafted...

SUSE-SU-2026:0658-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2025-32049: denial of Service attack to websocket server bsc1240751. - CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources bsc1258120. - CVE-2026-2443: out-of-bounds read when processing specially...