CVE-2026-28230 In SteVe, any authenticated charger can terminate any other charger's active transaction (missing ownership verification on StopTransaction)

SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transactionId a sequential integer starting from 1 without verifying that the requesting charger matches...

EUVD-2026-8917

SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transactionId a sequential integer starting from 1 without verifying that the requesting charger matches...

CVE-2026-28230

SteVe (open-source EV charging station management) versions up to 3.11.0 are vulnerable to a StopTransaction impact where a charger can terminate another charger’s active session. Root cause: OcppServerRepositoryImpl.getTransaction() queries only by transactionId and does not verify chargeBoxId o...

CVE-2026-28230

SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transactionId a sequential integer starting from 1 without verifying that the requesting charger matches...

CVE-2026-28230 In SteVe, any authenticated charger can terminate any other charger's active transaction (missing ownership verification on StopTransaction)

SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transactionId a sequential integer starting from 1 without verifying that the requesting charger matches...

CVE-2026-28230 In SteVe, any authenticated charger can terminate any other charger's active transaction (missing ownership verification on StopTransaction)

SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transactionId a sequential integer starting from 1 without verifying that the requesting charger matches...

PT-2026-22220

Name of the Vulnerable Software and Affected Versions SteVe versions up to and including 3.11.0 Description SteVe is an open-source EV charging station management system susceptible to a transaction hijacking issue. An attacker controlling a registered charger, or even without registration...

SteVe 访问控制错误漏洞

SteVe is an open platform developed by the SteVe Community. It is used for implementing, testing, and evaluating novel ideas related to electric vehicles, such as authentication protocols, charging point reservation mechanisms, and business models for electric vehicles. Versions of SteVe prior to...

CVE-2026-24526

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a throu...

Is AI moving faster than its safety net?

You’ve probably noticed that artificial intelligence, or AI, has been everywhere lately—news, phones, apps, even in your browser. It seems like everything suddenly wants to be “powered by AI.“ If it’s not, it’s considered old school and boring. It’s easy to get swept up in the promise: smarter...

EUVD-2024-54414

Malicious code in bioql PyPI...

EUVD-2024-19199

Malicious code in bioql PyPI...

EUVD-2022-1631

Malicious code in bioql PyPI...

EUVD-2025-26977

Malicious code in bioql PyPI...

CVE-2025-58800

Cross-Site Request Forgery CSRF vulnerability in Steve Truman WP Email Template wp-email-template allows Cross Site Request Forgery.This issue affects WP Email Template: from n/a through = 2.8.5...

PT-2025-36140

Name of the Vulnerable Software and Affected Versions: WP Email Template versions n/a through 2.8.3 Description: The software contains a Cross-Site Request Forgery CSRF flaw. This issue allows attackers to perform actions on behalf of authenticated users without their knowledge. Recommendations:...

🕵️ Webinar: Discover and Control Shadow AI Agents in Your Enterprise Before Hackers Do

Do you know how many AI agents are running inside your business right now? If the answer is "not sure," you're not alone—and that's exactly the concern. Across industries, AI agents are being set up every day. Sometimes by IT, but often by business units moving fast to get results. That means...

CVE-2025-55710

Insertion of Sensitive Information Into Sent Data vulnerability in Steve Burge TaxoPress simple-tags allows Retrieve Embedded Sensitive Data.This issue affects TaxoPress: from n/a through = 3.37.2...

CVE-2025-28967

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Steve Truman Contact Us page - Contact people LITE contact-us-page-contact-people allows SQL Injection.This issue affects Contact Us page - Contact people LITE: from n/a through = 3.7.4...

CVE-2024-21550

SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site...