CVE-2026-20744: CWE-284 in Hydro-Québec Le Circuit Electrique charging station backend
The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation. (CVSS: 9.8)
Read the full articleYou might also wanna read
Schneider Electric PowerChute Serial Shutdown
Schneider Electric PowerChute Serial Shutdown apeterson Jul 09, 2026 Release Date July 09, 2026 Description View CSAF Summary Successful exp

Persistent XSS/RCE using WebSockets in Storybook’s dev server
CVE-2026-27148 exposes a WebSocket hijacking flaw in Storybook that can escalate into supply chain compromise. Learn the attack path, impact
Cisco Unified CM Vulnerability (CVE-2026-20230, CVSS 8.6) Actively Exploited for Root Privilege Escalation
CVE-2026-20230 has a CVSS score of 8.6 and stems from improper input validation for specific HTTP requests. Successful exploitation can let

WAF - WAF Release - 2026-04-07
This week's release introduces new detections for a critical Remote Code Execution (RCE) vulnerability in MCP Server (CVE-2026-23744), along

CVE-2026-11462: Improper Authorization Vulnerability in BeikeShop Stripe Plugin (Up to v1.6.0.22)
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file p

Comments
Sign in to join the conversation.
No comments yet. Be the first.