Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

26 matches found

RedhatCVE
RedhatCVEadded 2026/03/27 5:9 p.m.1 views

CVE-2026-33014

EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorization response restores authorized back to true, defeating the stoptransaction call condition on PowerOff events. As a result, the transaction can remain open even after a remote...

5.2CVSS5.9AI score0.00208EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/27 5:9 p.m.4 views

CVE-2026-22593

EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length equals MAXFILENAMELENGTH 100. A crafted filename in the certificate directory can overflow filenamesidx,...

8.4CVSS6.3AI score0.00138EPSS
Exploits1References1
NVD
NVDadded 2026/03/26 5:16 p.m.6 views

CVE-2026-33015

EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop StopTransaction, the EVSE can return to PrepareCharging via the EV's BCB toggle, allowing session restart. This breaks the irreversibility of remote stop and can bypass...

5.2CVSS0.00214EPSS
Exploits1References1
NVD
NVDadded 2026/03/26 5:16 p.m.6 views

CVE-2026-33014

EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorization response restores authorized back to true, defeating the stoptransaction call condition on PowerOff events. As a result, the transaction can remain open even after a remote...

5.2CVSS0.00208EPSS
Exploits1References1
NVD
NVDadded 2026/03/26 5:16 p.m.1 views

CVE-2026-29044

EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines transactionactive=false and only calls withdrawauthorizationcallback. This path ultimately calls Charger::deauthorize, but no...

6.5CVSS0.00288EPSS
Exploits1References1
NVD
NVDadded 2026/03/26 5:16 p.m.0 views

CVE-2026-26073

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events while OCPP not started. This results in a TSAN data race report and an ASAN/UBSAN...

5.9CVSS0.00304EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/26 4:42 p.m.3 views

EUVD-2026-16254

EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop StopTransaction, the EVSE can return to PrepareCharging via the EV's BCB toggle, allowing session restart. This breaks the irreversibility of remote stop and can bypass...

5.2CVSS5.9AI score0.00214EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/03/26 4:40 p.m.20 views

CVE-2026-33014 EVerest has Delayed Authorization Response Bypasses Termination After RemoteStop

EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorization response restores authorized back to true, defeating the stoptransaction call condition on PowerOff events. As a result, the transaction can remain open even after a remote...

5.2CVSS0.00208EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/03/26 4:40 p.m.0 views

CVE-2026-33014

EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorization response restores authorized back to true, defeating the stoptransaction call condition on PowerOff events. As a result, the transaction can remain open even after a remote...

5.2CVSS5.9AI score0.00208EPSS
Exploits1References2Affected Software1
EUVD
EUVDadded 2026/03/26 4:37 p.m.1 views

EUVD-2026-16230

EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines transactionactive=false and only calls withdrawauthorizationcallback. This path ultimately calls Charger::deauthorize, but no...

5CVSS5.8AI score0.00288EPSS
Exploits1References1
CVE
CVEadded 2026/03/26 4:37 p.m.6 views

CVE-2026-29044

EVerest EV charging software stack vulnerability CVE-2026-29044: before version 2026.02.0, processing WithdrawAuthorization prior to TransactionStarted can leave transaction_active=false and trigger deauthorize without performing StopTransaction in the Charging state, enabling authorization withd...

6.5CVSS5.8AI score0.00288EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/26 4:34 p.m.6 views

CVE-2026-27828

EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118chargerImpl::handlesessionsetup uses v2gctx after it has been freed when ISO15118 initialization fails e.g., no IPv6 link-local address. The EVSE process can be crashed remotely by an attacker with MQTT access who issue...

6.9CVSS5.8AI score0.00286EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/26 4:34 p.m.2 views

CVE-2026-27828 EVerest: ISO15118 session_setup use-after-free can crash EVSE process

EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118chargerImpl::handlesessionsetup uses v2gctx after it has been freed when ISO15118 initialization fails e.g., no IPv6 link-local address. The EVSE process can be crashed remotely by an attacker with MQTT access who issue...

6.9CVSS5.8AI score0.00286EPSS
Exploits0References1
CVE
CVEadded 2026/03/26 4:32 p.m.9 views

CVE-2026-27816

EVerest prior to version 2026.02.0 has a buffer overflow in ISO15118_chargerImpl::handle_update_energy_transfer_modes where a variable-length list is copied into a fixed-size 6-element array without bounds checks. With default schema validation disabled, oversized MQTT Cmd payloads can cause out-...

9.1CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/03/26 4:30 p.m.22 views

CVE-2026-27815 EVerest: ISO15118 session_setup payment options overflow can corrupt EVSE state

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118chargerImpl::handlesessionsetup copies a variable-length paymentoptions list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can...

6.9CVSS0.00272EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/26 4:27 p.m.0 views

CVE-2026-27814

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race C++ UB triggered by an A 1-phase ↔ 3-phase switch request acswitchthreephaseswhilecharging during charging/waiting executes concurrently with the state machine loop. Version 2026.02.0 contains a patch...

4.2CVSS5.8AI score0.00134EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/26 4:27 p.m.1 views

CVE-2026-27814 EVerest EvseManager phase-switch path has unsynchronized shared-state access race condition

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race C++ UB triggered by an A 1-phase ↔ 3-phase switch request acswitchthreephaseswhilecharging during charging/waiting executes concurrently with the state machine loop. Version 2026.02.0 contains a patch...

4.2CVSS5.8AI score0.00134EPSS
Exploits0References1
CVE
CVEadded 2026/03/26 4:27 p.m.6 views

CVE-2026-27814

EVerest EV charging software stack is affected: a data race (C++ undefined behavior) in ac_switch_three_phases_while_charging triggers when a 1-phase ↔ 3-phase switch request runs concurrently with the state machine loop. Affected versions are prior to 2026.02.0; version 2026.02.0 contains the pa...

4.2CVSS5.8AI score0.00134EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/03/26 4:19 p.m.19 views

CVE-2026-26074 EVerest: OCPP201 startup event_queue lock mismatch leads to std::map/std::queue data race

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::map corruption. The trigger is CSMS GetLog/UpdateFirmware request network with an EVSE fault event physical. This results in TSAN reports concurrent access data race to eventqueue...

7CVSS0.0014EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/03/26 4:15 p.m.20 views

CVE-2026-26073 EVerest: OCPP 1.6 heap corruption caused by lock-free insertion in event_queue

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events while OCPP not started. This results in a TSAN data race report and an ASAN/UBSAN...

5.9CVSS0.00304EPSS
Exploits0References1
Rows per page
Query Builder