CVE-2026-20748

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

Mobiliti 代码问题漏洞

Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a code vulnerability that arises from using charging station identifiers to associate sessions, but allowing multiple endpoints to use the same session identifier for connection. This...

PT-2026-23711

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

PT-2026-23581

Name of the Vulnerable Software and Affected Versions Versions affected versions not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This results in predictable...

EUVD-2026-8961

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

EUVD-2026-8960

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

CloudCharge 代码问题漏洞

CloudCharge is a website for electric vehicle charging management developed by the Swedish company CloudCharge. CloudCharge has code-related vulnerabilities; these vulnerabilities stem from the WebSocket backend, which uses charging station identifiers to associate sessions. However, multiple...

PT-2026-22264

Name of the Vulnerable Software and Affected Versions Charging station software affected versions not specified Description The WebSocket backend associates sessions using charging station identifiers, but allows multiple endpoints to connect with the same session identifier. This results in...

CVE-2026-25711

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

Uncaught Exception

Overview mcp is a Model Context Protocol SDK Affected versions of this package are vulnerable to Uncaught Exception via the receiveloop function in the shared/session.py file. An attacker can cause the server to crash and require a restart by deliberately triggering an exception after establishin...

tigervnc enhancement update

An update is available for tigervnc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Virtual Network Computing VNC is a remote display system which allows users ...

Improper Authentication

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Improper Authentication due to improper clearing of cookies through the handlehttp function of the air.py component. An attacker can gain unauthorized access to th...

CKAN < 2.8.12 Shared Session Secret

The version of CKAN installed can be impacted by a shared session secret if the application is based on one of the CKAN Docker images and if the users didn't set a custom value via an environment variable. Note that the scanner has not tested for these issues but has instead relied only on the...

CKAN 2.9.x < 2.9.7 Shared Session Secret

The version of CKAN installed can be impacted by a shared session secret if the application is based on one of the CKAN Docker images and if the users didn't set a custom value via an environment variable. Note that the scanner has not tested for these issues but has instead relied only on the...

CVE-2021-44426

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local /Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to...

DEBIAN-CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

UBUNTU-CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

PT-2009-2743 · Squirrelmail +1 · Squirrelmail +1

Name of the Vulnerable Software and Affected Versions: SquirrelMail version 1.4.8 Description: The issue allows remote authenticated users to access other users' folder lists and configuration data under certain circumstances by using the standard webmail.php interface. This occurs because a Red...