24 matches found
CVE-2025-68136
EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...
CVE-2025-68136
EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...
CVE-2025-68141 EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization
EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...
CVE-2025-68137
EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in SdpPacket::parseheader allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtract...
CVE-2025-68137 EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stack buffer overflow or infinite loop
EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in SdpPacket::parseheader allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtract...
EUVD-2025-206317
EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in SdpPacket::parseheader allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtract...
CVE-2025-68136
EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...
EUVD-2025-206318
EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...
CVE-2025-68134
EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the assert function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them terminates, leading to a denia...
CVE-2025-68135 EVerest's inadequate exception handling leads to denial of service
EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the TbdController loop, leading to its caller and itself to silently terminates. Thus, this leads to a denial of service as it is responsible of SDP and ISO15118-20 servers...
CVE-2025-68134
EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the assert function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them terminates, leading to a denia...
CVE-2025-68134 EVerest's use of assert functions can potentially lead to denial of service
EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the assert function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them terminates, leading to a denia...
CVE-2025-68134 EVerest's use of assert functions can potentially lead to denial of service
EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the assert function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them terminates, leading to a denia...
CVE-2025-68134
Summary: CVE-2025-68134 affects EVerest before version 2025.10.0, where repeated use of the assert function to handle errors can cause a crash of the module. The manager behavior (shutting down other modules and exiting on a crash) can lead to a denial of service in setups with multiple EVSE. Imp...
EUVD-2025-206324
EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the assert function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them terminates, leading to a denia...
CVE-2025-68133 EVerest's unlimited connections can lead to DoS through operating system resource exhaustion
EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new...
PT-2026-3752
Name of the Vulnerable Software and Affected Versions EVerest versions 2025.9.0 and below Description EVerest is an EV charging software stack susceptible to a denial-of-service condition. An attacker can exhaust the operating system's memory, leading to the termination of the module and affectin...
PT-2026-3850
Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2025.10.0 Description EVerest is an EV charging software stack. An integer overflow in the SdpPacket::parse header function can occur when processing data. Specifically, the current buffer length can be set to 7 after...
CVE-2025-61775
Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address...
CVE-2025-61775 Vickey's unexpired email confirmation link can be reused to send repeated confirmation emails
Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address...