CVE-2026-26070 EVerest: OCPP 2.0.1 EV SoC Update Race Causes Charge Point Crash

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version 2026.2.0 contains a...

Event Timeline <= 1.1.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a Timeline, put the following payload in the "Text" field at the bottom: alert/XSS/ Click save...

Exploit for Download of Code Without Integrity Check in Caphyon Advanced_Installer

CVE-2022-27438 Caphyon Ltd Advanced Installer 19.3 "CustomDe...

GHSA-59FM-6X3Q-Q3Q5 Missing permissions check in Jenkins Core

Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service service disruption...

CVE-2017-9033

Cross-site request forgery CSRF vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoptionset.cgi, related to the...