Lucene search
K

807 matches found

RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.4 views

CVE-2026-27814

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race C++ UB triggered by an A 1-phase ↔ 3-phase switch request acswitchthreephaseswhilecharging during charging/waiting executes concurrently with the state machine loop. Version 2026.02.0 contains a patch...

4.2CVSS5.9AI score0.00134EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.6 views

CVE-2026-26008

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access std::vector that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the network. Version 2026.2.0 contains a patch...

7.5CVSS5.9AI score0.00367EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.3 views

CVE-2026-33009

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB potential memory corruption. This is triggered by an MQTT everestexternal/nodered/connector/cmd/switchthreephaseswhilecharging message and results in Charger::sharedcontext / internalcontext...

8.2CVSS5.9AI score0.00248EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.8 views

Home Assistant 跨站脚本漏洞

Home Assistant is an open-source family automation management system developed by Home Assistant. This system is primarily used to control household automation devices. In versions of Home Assistant from 2025.02 to 2026.01, there was a cross-site scripting vulnerability. This vulnerability...

8.8CVSS5.7AI score0.00202EPSS
Exploits1References3
NVD
NVD
added 2026/03/26 5:16 p.m.11 views

CVE-2026-33009

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB potential memory corruption. This is triggered by an MQTT everestexternal/nodered/connector/cmd/switchthreephaseswhilecharging message and results in Charger::sharedcontext / internalcontext...

8.2CVSS0.00248EPSS
Exploits1References1
NVD
NVD
added 2026/03/26 5:16 p.m.7 views

CVE-2026-27815

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118chargerImpl::handlesessionsetup copies a variable-length paymentoptions list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can...

9.1CVSS0.00272EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 5:16 p.m.4 views

CVE-2026-29044

EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines transactionactive=false and only calls withdrawauthorizationcallback. This path ultimately calls Charger::deauthorize, but no...

6.5CVSS0.00288EPSS
Exploits1References1
NVD
NVD
added 2026/03/26 5:16 p.m.9 views

CVE-2026-27828

EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118chargerImpl::handlesessionsetup uses v2gctx after it has been freed when ISO15118 initialization fails e.g., no IPv6 link-local address. The EVSE process can be crashed remotely by an attacker with MQTT access who issue...

7.5CVSS0.00286EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 5:16 p.m.4 views

CVE-2026-27814

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race C++ UB triggered by an A 1-phase ↔ 3-phase switch request acswitchthreephaseswhilecharging during charging/waiting executes concurrently with the state machine loop. Version 2026.02.0 contains a patch...

4.2CVSS0.00134EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 5:16 p.m.4 views

CVE-2026-27813

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events or delayed authorization response. Version 2026.2.0 contains a patch...

5.3CVSS0.00126EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 5:16 p.m.3 views

CVE-2026-26073

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events while OCPP not started. This results in a TSAN data race report and an ASAN/UBSAN...

5.9CVSS0.00304EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 4:42 p.m.3 views

CVE-2026-33015

EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop StopTransaction, the EVSE can return to PrepareCharging via the EV's BCB toggle, allowing session restart. This breaks the irreversibility of remote stop and can bypass...

5.2CVSS5.9AI score0.00214EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/26 4:42 p.m.6 views

EUVD-2026-16254

EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop StopTransaction, the EVSE can return to PrepareCharging via the EV's BCB toggle, allowing session restart. This breaks the irreversibility of remote stop and can bypass...

5.2CVSS5.9AI score0.00214EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 4:42 p.m.4 views

CVE-2026-33015 EVerest has RemoteStop Bypass via BCB Toggle Session Restart

EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop StopTransaction, the EVSE can return to PrepareCharging via the EV's BCB toggle, allowing session restart. This breaks the irreversibility of remote stop and can bypass...

5.2CVSS5.9AI score0.00214EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/26 4:40 p.m.25 views

CVE-2026-33014 EVerest has Delayed Authorization Response Bypasses Termination After RemoteStop

EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorization response restores authorized back to true, defeating the stoptransaction call condition on PowerOff events. As a result, the transaction can remain open even after a remote...

5.2CVSS0.00208EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/26 4:39 p.m.1 views

CVE-2026-33009 EVerest: MQTT Switch-Phases Command Data Race Causing Charger State Corruptio

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB potential memory corruption. This is triggered by an MQTT everestexternal/nodered/connector/cmd/switchthreephaseswhilecharging message and results in Charger::sharedcontext / internalcontext...

8.2CVSS5.9AI score0.00248EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 4:39 p.m.2 views

CVE-2026-33009

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB potential memory corruption. This is triggered by an MQTT everestexternal/nodered/connector/cmd/switchthreephaseswhilecharging message and results in Charger::sharedcontext / internalcontext...

8.2CVSS5.8AI score0.00248EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/26 4:37 p.m.24 views

CVE-2026-29044 EVerest: Charging Continues When WithdrawAuthorization Is Processed Before TransactionStarted

EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines transactionactive=false and only calls withdrawauthorizationcallback. This path ultimately calls Charger::deauthorize, but no...

5CVSS0.00288EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/26 4:37 p.m.4 views

EUVD-2026-16230

EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines transactionactive=false and only calls withdrawauthorizationcallback. This path ultimately calls Charger::deauthorize, but no...

5CVSS5.8AI score0.00288EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 4:37 p.m.3 views

CVE-2026-29044

EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines transactionactive=false and only calls withdrawauthorizationcallback. This path ultimately calls Charger::deauthorize, but no...

5CVSS5.8AI score0.00288EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder