CVE-2026-22552

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

CVE-2025-55705

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration...

EVMAPA code-related vulnerabilities

EVMAPA is a navigation app for electric vehicle charging stations developed by Daniel Jurik. EVMAPA has code-related vulnerabilities. These vulnerabilities stem from the system’s ability to allow multiple concurrent connections using the same charging station ID, along with insufficient session...

PT-2026-4302

Name of the Vulnerable Software and Affected Versions Charging station software affected versions not specified Description The system allows multiple simultaneous connections to the backend using the same charging station ID. This can lead to unauthorized access, data inconsistency, or...

CVE-2024-48259

Cloudlog 2.6.15 allows Oqrs.php requestform SQL injection via stationid or callsign...

Wavelog 安全漏洞

Wavelog is a web-based amateur radio logging software from Wavelog Open Source. A security vulnerability exists in Wavelog version 1.8.5, which stems from an SQL injection vulnerability contained in the stationid parameter in the getworkedmodes function on the Oqrsmodel.php page...

kernel: wifi: iwlwifi: mvm: guard against invalid STA ID on removal

An out-of-bounds memory access flaw was found in the Linux kernel’s Wireless WiFi Link Next-Gen AGN driver in how a user removes it. This flaw allows a local user to crash or potentially escalate their privileges on the system...