Lucene search
+L

507 matches found

EUVD
EUVD
added 2026/03/06 6:31 p.m.7 views

EUVD-2026-10035

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS5.8AI score0.00637EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/06 3:3 p.m.33 views

CVE-2026-26051 Mobiliti e-mobi.hu Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS0.00871EPSS
Exploits0References3
ICS
ICS
added 2026/03/03 7:0 a.m.7 views

Labkotec LID-3300IP

RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to gain unauthorized control over system operations, leading to disruption of normal functionality and potential safety hazards. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...

8.8CVSS6AI score0.00758EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/03/02 4:53 p.m.5 views

CVE-2025-47378 Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain...

7.1CVSS5.9AI score0.0007EPSS
Exploits0References1
CVE
CVE
added 2026/03/02 4:53 p.m.26 views

CVE-2025-47378

CVE-2025-47378 is described as a cryptographic issue where a shared VM reference allows HLOS to boot the loader and access the certificate chain. Connected sources corroborate a cryptographic exposure affecting HLOS/boot chain components and reference related advisories from Red Hat and NCSC; how...

7.1CVSS5.9AI score0.0007EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/02/27 12:31 a.m.6 views

EUVD-2026-8937

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS5.6AI score0.00643EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/27 12:31 a.m.7 views

EUVD-2026-8965

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS5.5AI score0.00508EPSS
Exploits0References4
CVE
CVE
added 2026/02/27 12:20 a.m.21 views

CVE-2026-27028

CVE-2026-27028 affects WebSocket endpoints used by OCPP implementations. The issue is lack of authentication, allowing unauthenticated attackers to connect with a charging station identifier and impersonate a charger, issue or receive OCPP commands, and potentially escalate privileges, take unaut...

9.8CVSS5.5AI score0.00518EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/27 12:20 a.m.3 views

CVE-2026-27028

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.8CVSS5.8AI score0.00518EPSS
Exploits0References4
NVD
NVD
added 2026/02/27 12:16 a.m.8 views

CVE-2026-24731

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.8CVSS0.00557EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/26 11:43 p.m.26 views

CVE-2026-24731 EV2GO ev2go.io Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS0.00557EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/26 11:4 p.m.3 views

CVE-2026-25851

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.8CVSS5.8AI score0.00643EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/26 11:4 p.m.22 views

CVE-2026-25851 Chargemap chargemap.com Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS0.00643EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.8 views

PT-2026-22219

Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for Open Charge Point Protocol OCPP communications affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, allowing attackers to perform unauthorized station...

9.8CVSS6AI score0.00643EPSS
Exploits0References10
Snyk
Snyk
added 2026/02/25 9:22 p.m.7 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to insufficient restrictions in the Python Code node sandbox. An attacker can access sensitive files or execute arbitra...

9.9CVSS6.3AI score0.00352EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/24 11:2 p.m.10 views

CVE-2026-3075

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Jeff Starr Simple Ajax Chat simple-ajax-chat allows Retrieve Embedded Sensitive Data.This issue affects Simple Ajax Chat: from n/a through = 20251121...

5.3CVSS5.4AI score0.00304EPSS
Exploits0References1
NVD
NVD
added 2026/02/23 9:19 p.m.10 views

CVE-2026-3075

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Jeff Starr Simple Ajax Chat simple-ajax-chat allows Retrieve Embedded Sensitive Data.This issue affects Simple Ajax Chat: from n/a through = 20251121...

5.3CVSS0.00304EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/23 8:48 p.m.25 views

CVE-2026-3075 WordPress Simple Ajax Chat plugin <= 20251121 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Jeff Starr Simple Ajax Chat simple-ajax-chat allows Retrieve Embedded Sensitive Data.This issue affects Simple Ajax Chat: from n/a through = 20251121...

5.3CVSS0.00304EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.11 views

PT-2026-21561

Name of the Vulnerable Software and Affected Versions Jeff Starr Simple Ajax Chat versions prior to 20251122 Description A flaw exists in Jeff Starr Simple Ajax Chat that allows retrieval of embedded sensitive data, potentially exposing sensitive system information to an unauthorized control...

5.2AI score0.00304EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/20 1:27 p.m.5 views

CVE-2026-25325

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through = 4.7.8...

5.3CVSS5.5AI score0.00316EPSS
Exploits0References1
Rows per page
Query Builder