CVE-2026-25774

CVE-2026-25774 affects EV Energy ev.energy charging stations. Publicly accessible authentication identifiers via web-based mapping platforms expose credentials; no exploit details provided in the documents. Relevant advisories include CISA ICS-26-057-07 (see linked sources).

CVE-2026-25774 EV Energy ev.energy Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-24445 EV Energy ev.energy Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-24445 EV Energy ev.energy Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

EV Energy 访问控制错误漏洞

EV Energy is a electric vehicle charging software platform operated by the British company EV Energy. EV Energy has a security vulnerability related to access control. This vulnerability stems from the lack of proper authentication mechanisms at WebSocket endpoints, which can lead to unauthorized...