Lucene search
K

322 matches found

Vulnrichment
Vulnrichment
added 2026/03/26 4:23 p.m.2 views

CVE-2026-27813 EVerest has use-after-free in auth timeout timer via race condition

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events or delayed authorization response. Version 2026.2.0 contains a patch...

5.3CVSS5.9AI score0.00126EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 4:19 p.m.5 views

CVE-2026-26074 EVerest: OCPP201 startup event_queue lock mismatch leads to std::map/std::queue data race

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::map corruption. The trigger is CSMS GetLog/UpdateFirmware request network with an EVSE fault event physical. This results in TSAN reports concurrent access data race to eventqueue...

7CVSS5.9AI score0.0014EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 4:15 p.m.2 views

CVE-2026-26073 EVerest: OCPP 1.6 heap corruption caused by lock-free insertion in event_queue

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events while OCPP not started. This results in a TSAN data race report and an ASAN/UBSAN...

5.9CVSS5.9AI score0.00304EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/26 4:15 p.m.23 views

CVE-2026-26073 EVerest: OCPP 1.6 heap corruption caused by lock-free insertion in event_queue

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events while OCPP not started. This results in a TSAN data race report and an ASAN/UBSAN...

5.9CVSS0.00304EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 4:15 p.m.2 views

CVE-2026-26073

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events while OCPP not started. This results in a TSAN data race report and an ASAN/UBSAN...

5.9CVSS5.8AI score0.00304EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.6 views

CVE-2026-29796

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS5.9AI score0.00468EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 2:50 p.m.27 views

CVE-2026-26072 EVerest has race-condition-induced std::map corruption in OCPP 1.6 evse_soc_map

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 2026.02.0 patches the...

4.2CVSS0.00137EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 2:50 p.m.4 views

EUVD-2026-16207

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 2026.02.0 patches the...

4.2CVSS5.8AI score0.00137EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 2:50 p.m.18 views

CVE-2026-26072

EVerest EV charging software stack is affected. Versions prior to 2026.02.0 have a data race on concurrent access to std::mapstd::optional , potentially causing container/optional corruption during EV SoC updates with powermeter periodic updates and unplugging/SessionFinished status. The issue is...

4.2CVSS5.8AI score0.00137EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/26 2:50 p.m.6 views

CVE-2026-26072 EVerest has race-condition-induced std::map corruption in OCPP 1.6 evse_soc_map

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 2026.02.0 patches the...

4.2CVSS5.9AI score0.00137EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/26 2:48 p.m.6 views

EUVD-2026-16205

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::string concurrent access. with heap-use-after-free possible. This is triggered by EVCCID update EV/ISO15118 and OCPP session/authorization events. Version 2026.02.0 contains a patch...

4.2CVSS5.8AI score0.00134EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 2:45 p.m.3 views

CVE-2026-26070 EVerest: OCPP 2.0.1 EV SoC Update Race Causes Charge Point Crash

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version 2026.2.0 contains a...

4.6CVSS5.9AI score0.00105EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/26 2:45 p.m.24 views

CVE-2026-26070 EVerest: OCPP 2.0.1 EV SoC Update Race Causes Charge Point Crash

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version 2026.2.0 contains a...

4.6CVSS0.00105EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 2:45 p.m.4 views

EUVD-2026-16203

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version 2026.2.0 contains a...

4.6CVSS5.9AI score0.00105EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 2:45 p.m.7 views

CVE-2026-26070

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version 2026.2.0 contains a...

4.6CVSS5.9AI score0.00105EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/26 2:45 p.m.22 views

CVE-2026-26070

Summary: CVE-2026-26070 affects EVerest, the EV charging software stack. Versions prior to 2026.02.0 contain a data race that enables concurrent access to std::mapstd::optional , potentially causing container/optional corruption. The race is triggered during an EV SoC update with a periodic power...

4.6CVSS5.9AI score0.00105EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 2:45 p.m.5 views

CVE-2026-26070 EVerest: OCPP 2.0.1 EV SoC Update Race Causes Charge Point Crash

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version 2026.2.0 contains a...

4.6CVSS5.9AI score0.00105EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 2:43 p.m.3 views

CVE-2026-26008 EVerest has OOB via EVSE ID Indexing Mismatch in OCPP 2.0.1 UpdateAllowedEnergyTransferModes

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access std::vector that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the network. Version 2026.2.0 contains a patch...

7.5CVSS6AI score0.00367EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/26 2:43 p.m.2 views

CVE-2026-26008 EVerest has OOB via EVSE ID Indexing Mismatch in OCPP 2.0.1 UpdateAllowedEnergyTransferModes

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access std::vector that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the network. Version 2026.2.0 contains a patch...

7.5CVSS5.8AI score0.00367EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28350

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race condition that can lead to concurrent access to std::map, potentially causing container or optional...

4.2CVSS5.9AI score0.00137EPSS
Exploits0References3
Rows per page
Query Builder