EUVD-2026-4986

The $uri$args concatenation in nginx configuration file present in Open Security Issue Management OSIM prior v2025.9.0 allows path traversal attacks via query parameters...

Open Security Issue Management – Security Vulnerabilities

Open Security Issue Management is a web UI interface provided by Red Hat Product Security. Versions of Open Security Issue Management prior to v2025.9.0 contain security vulnerabilities. These vulnerabilities stem from improper concatenation of $uri$args in the nginx configuration file, which may...

PT-2026-5268

The $uri$args concatenation in nginx configuration file present in Open Security Issue Management OSIM prior v2025.9.0 allows path traversal attacks via query parameters...

CVE-2026-23955

EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be...

CVE-2025-68133

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new...

CVE-2026-23955

EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be...

CVE-2025-68140

EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...

EUVD-2025-206316

EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...

EUVD-2026-3780

EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be...

CVE-2026-23955 EVerest vulnerable to concatenation of strings literal and integers

EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be...

CVE-2026-23955

CVE-2026-23955 affects the EVerest EV charging software stack prior to version 2025.9.0. In several places, integers are concatenated to literal strings when throwing errors, causing pointer arithmetic instead of printing the integer value. This can allow a malicious operator to read unintended m...

CVE-2025-68133

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new...

CVE-2025-68133 EVerest's unlimited connections can lead to DoS through operating system resource exhaustion

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new...

EUVD-2025-206325

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new...

CVE-2025-68133

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new...

CVE-2025-68133

CVE-2025-68133 affects the EVerest EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the OS memory and terminate the module by opening an unlimited number of TCP connections that do not proceed to ISO 15118-2 communication. This occurs because a new thread is sta...

EUVD-2026-3306

ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component...

Everest-core security vulnerabilities

Everest-core is a major component of the open-source electric vehicle charging software stack developed by EVerest. Versions of Everest-core prior to 2025.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the concatenation of integer values with string literals when...

PT-2026-3853

EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be...

PT-2026-3856

EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...