CVE-2026-27028 - Mobility46 mobility46.se Missing Authentication for Critical Function
CVE ID : CVE-2026-27028
Published : Feb. 27, 2026, 12:20 a.m. | 45 minutes ago
Description : WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-27028
Published : Feb. 27, 2026, 12:20 a.m. | 45 minutes ago
Description : WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26305 - Mobility46 mobility46.se Improper Restriction of Excessive Authentication Attempts
CVE ID : CVE-2026-26305
Published : Feb. 27, 2026, 12:22 a.m. | 43 minutes ago
Description : The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-26305
Published : Feb. 27, 2026, 12:22 a.m. | 43 minutes ago
Description : The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27647 - Mobility46 mobility46.se Insufficient Session Expiration
CVE ID : CVE-2026-27647
Published : Feb. 27, 2026, 12:23 a.m. | 42 minutes ago
Description : The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-27647
Published : Feb. 27, 2026, 12:23 a.m. | 42 minutes ago
Description : The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22878 - Mobility46 mobility46.se Insufficiently Protected Credentials
CVE ID : CVE-2026-22878
Published : Feb. 27, 2026, 12:25 a.m. | 40 minutes ago
Description : Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22878
Published : Feb. 27, 2026, 12:25 a.m. | 40 minutes ago
Description : Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3273 - Tenda F453 httpd AdvSetWrlsafeset formWrlsafeset buffer overflow
CVE ID : CVE-2026-3273
Published : Feb. 27, 2026, 12:32 a.m. | 34 minutes ago
Description : A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component httpd. Such manipulation of the argument mit_ssid_index leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-3273
Published : Feb. 27, 2026, 12:32 a.m. | 34 minutes ago
Description : A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component httpd. Such manipulation of the argument mit_ssid_index leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25085 - Copeland XWEB and XWEB Pro Unexpected Status Code or Return Value
CVE ID : CVE-2026-25085
Published : Feb. 27, 2026, 12:33 a.m. | 33 minutes ago
Description : A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25085
Published : Feb. 27, 2026, 12:33 a.m. | 33 minutes ago
Description : A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21718 - Copeland XWEB and XWEB Pro Use of a Broken or Risky Cryptographic Algorithm
CVE ID : CVE-2026-21718
Published : Feb. 27, 2026, 12:34 a.m. | 31 minutes ago
Description : An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21718
Published : Feb. 27, 2026, 12:34 a.m. | 31 minutes ago
Description : An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24663 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-24663
Published : Feb. 27, 2026, 12:36 a.m. | 29 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by sending a crafted request to the libraries installation route and injecting malicious input into the request body.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24663
Published : Feb. 27, 2026, 12:36 a.m. | 29 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by sending a crafted request to the libraries installation route and injecting malicious input into the request body.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21389 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-21389
Published : Feb. 27, 2026, 12:38 a.m. | 27 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the request body sent to the contacts import route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21389
Published : Feb. 27, 2026, 12:38 a.m. | 27 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the request body sent to the contacts import route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25111 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-25111
Published : Feb. 27, 2026, 12:40 a.m. | 25 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the restore route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25111
Published : Feb. 27, 2026, 12:40 a.m. | 25 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the restore route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20742 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-20742
Published : Feb. 27, 2026, 12:42 a.m. | 24 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the templates route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-20742
Published : Feb. 27, 2026, 12:42 a.m. | 24 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the templates route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24517 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-24517
Published : Feb. 27, 2026, 12:43 a.m. | 22 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the firmware update route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24517
Published : Feb. 27, 2026, 12:43 a.m. | 22 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the firmware update route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25195 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-25195
Published : Feb. 27, 2026, 12:45 a.m. | 21 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted firmware update file via the firmware update route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25195
Published : Feb. 27, 2026, 12:45 a.m. | 21 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted firmware update file via the firmware update route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20910 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-20910
Published : Feb. 27, 2026, 12:46 a.m. | 19 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update update action to achieve remote code execution.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-20910
Published : Feb. 27, 2026, 12:46 a.m. | 19 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update update action to achieve remote code execution.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24689 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-24689
Published : Feb. 27, 2026, 12:47 a.m. | 18 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update apply action.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24689
Published : Feb. 27, 2026, 12:47 a.m. | 18 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update apply action.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25109 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-25109
Published : Feb. 27, 2026, 12:48 a.m. | 17 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route, leading to remote code execution.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25109
Published : Feb. 27, 2026, 12:48 a.m. | 17 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route, leading to remote code execution.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20902 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-20902
Published : Feb. 27, 2026, 12:49 a.m. | 16 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-20902
Published : Feb. 27, 2026, 12:49 a.m. | 16 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24695 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-24695
Published : Feb. 27, 2026, 12:51 a.m. | 15 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into OpenSSL argument fields within requests sent to the utility route, leading to remote code execution.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24695
Published : Feb. 27, 2026, 12:51 a.m. | 15 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into OpenSSL argument fields within requests sent to the utility route, leading to remote code execution.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22877 - Copeland XWEB and XWEB Pro Path Traversal
CVE ID : CVE-2026-22877
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22877
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23702 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-23702
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23702
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24452 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-24452
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24452
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...