EUVD-2026-8935

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

PT-2026-22242

Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface does not limit the number of authentication requests. This lack of rate limiting could enable an attacker t...

CVE-2026-22539

As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6...

EUVD-2025-11144

Malicious code in bioql PyPI...

CVE-2025-31945

An unauthenticated attacker can obtain other users' charger information...

CVE-2025-31950

An unauthenticated attacker can obtain EV charger energy consumption information of other users...

CVE-2025-27575

Consolidated details from connected sources show a vulnerability affecting Growatt Cloud Applications (EV charger management) that allows an unauthenticated attacker to learn the EV charger version and firmware upgrading history by knowing the charger ID. Root cause appears to be information disc...

Growatt Cloud Applications 安全漏洞

Growatt Cloud Applications is a monitoring platform from Growatt, a Chinese company. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which originates from an unauthenticated attacker being able to gain access to other users' charger information...