CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/05/27 8:14 p.m.•10 views

CVE-2026-9394

A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to weak password requirements. The attack needs to be done within the local network. This attack is...

3.1CVSS5.2AI score0.00016EPSS

CVE•added 2026/05/24 8:45 p.m.•11 views

CVE-2026-9398

The CVE-2026-9398 entry concerns Besen BS20 EV Charging Station with a flaw in the BLE/WiFi authentication that enables bypass via capture-replay. Affected component: BLE/WiFi, within the Besen BS20 line up to 20260426. The attack must originate from the local network; exploitation is described a...

3.1CVSS5.2AI score0.00042EPSS

Cvelist•added 2026/05/24 8:45 p.m.•9 views

CVE-2026-9398 Besen BS20 EV Charging Station BLE/WiFi authentication replay

3.1CVSS0.00042EPSS

Vulnrichment•added 2026/05/24 8:45 p.m.•7 views

CVE-2026-9398 Besen BS20 EV Charging Station BLE/WiFi authentication replay

3.1CVSS5.2AI score0.00042EPSS

ATTACKERKB•added 2026/05/24 8:15 p.m.•10 views

CVE-2026-9396

A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A...

6.3CVSS5.1AI score0.00037EPSS

Exploits0References5Affected Software1

Cvelist•added 2026/05/24 8:0 p.m.•10 views

CVE-2026-9395 Besen BS20 EV Charging Station BLE/UDP insufficiently protected credentials

A vulnerability was identified in Besen BS20 EV Charging Station up to 20260426. Affected is an unknown function of the component BLE/UDP. The manipulation leads to insufficiently protected credentials. The attack needs to be initiated within the local network. The original disclosure mentions,...

5.1CVSS0.00023EPSS

Vulnrichment•added 2026/05/24 8:0 p.m.•10 views

CVE-2026-9395 Besen BS20 EV Charging Station BLE/UDP insufficiently protected credentials

5.1CVSS5.5AI score0.00023EPSS

Vulnrichment•added 2026/05/24 7:30 p.m.•12 views

CVE-2026-9394 Besen BS20 EV Charging Station Bluetooth Low Energy weak password

3.1CVSS5.2AI score0.00016EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•10 views

PT-2026-42964

3.1CVSS5.2AI score0.00016EPSS

CNNVD•added 2026/05/24 12:0 a.m.•4 views

Besen BS20 EV Charging Station 安全漏洞

The Besen BS20 EV Charging Station is an AC electric vehicle wall-mounted charging station developed by the Chinese company Besen. The Besen BS20 EV Charging Station, including versions dated before April 2026, contains security vulnerabilities. These vulnerabilities stem from improper operation ...

5.1CVSS5.8AI score0.00023EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•8 views

PT-2026-42965

5.1CVSS5.5AI score0.00023EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•8 views

PT-2026-42967

A weakness has been identified in Besen BS20 EV Charging Station up to 20260426. Affected by this issue is some unknown functionality of the component OTA Update Installation Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. A high degree...

9.2CVSS6.5AI score0.00053EPSS

RedhatCVE•added 2026/03/27 5:9 p.m.•0 views

CVE-2026-27815

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118chargerImpl::handlesessionsetup copies a variable-length paymentoptions list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can...

9.1CVSS5.9AI score0.00015EPSS

RedhatCVE•added 2026/03/27 5:9 p.m.•1 views

CVE-2026-26070

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version 2026.2.0 contains a...

4.6CVSS5.9AI score0.0002EPSS

RedhatCVE•added 2026/03/27 5:9 p.m.•1 views

CVE-2026-27814

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race C++ UB triggered by an A 1-phase ↔ 3-phase switch request acswitchthreephaseswhilecharging during charging/waiting executes concurrently with the state machine loop. Version 2026.02.0 contains a patch...

4.2CVSS5.9AI score0.00007EPSS

CVE-2026-33009

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB potential memory corruption. This is triggered by an MQTT everestexternal/nodered/connector/cmd/switchthreephaseswhilecharging message and results in Charger::sharedcontext / internalcontext...

8.2CVSS0.0002EPSS

Exploits1References1

CVE-2026-27828

EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118chargerImpl::handlesessionsetup uses v2gctx after it has been freed when ISO15118 initialization fails e.g., no IPv6 link-local address. The EVSE process can be crashed remotely by an attacker with MQTT access who issue...

7.5CVSS0.00015EPSS

CVE-2026-27815

9.1CVSS0.00015EPSS

CVE-2026-27813

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events or delayed authorization response. Version 2026.2.0 contains a patch...

5.3CVSS0.00025EPSS