CVE-2026-9039 Initialization of a resource with an insecure default in XCharge C6

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...

CVE-2026-9039

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...

CVE-2026-9395

A vulnerability was identified in Besen BS20 EV Charging Station up to 20260426. Affected is an unknown function of the component BLE/UDP. The manipulation leads to insufficiently protected credentials. The attack needs to be initiated within the local network. The original disclosure mentions,...

EUVD-2026-31550

A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. Attacks of this...

CVE-2026-9394

A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to weak password requirements. The attack needs to be done within the local network. This attack is...

EUVD-2026-31547

A vulnerability was identified in Besen BS20 EV Charging Station up to 20260426. Affected is an unknown function of the component BLE/UDP. The manipulation leads to insufficiently protected credentials. The attack needs to be initiated within the local network. The original disclosure mentions,...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered The powersupply framework is not actually designed to have long references to powersupply devices in the kernel. Specifically, unregistering a powersuppl...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Power: Supply: gpio-charger: Fixed the issue related to setting charge current limits. The issue involved devices that allow the lowest charge current limit to be greater than zero. If the requested charge current limit is below...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: cihdrcimx: Also search for ‘phys’ handle. When passing ‘phys’ in the device tree to describe the USB PHY handle which is the recommended approach according to Documentation/devicetree/bindings/usb/ci-hdrc-usb2.txt,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Power: Supply: bq25890: Fix externalpowerchanged race The bq25890chargerexternalpowerchanged callback dereferences the bq-charger variable. This variable is set in bq25890powersupplyinit like this: c bq-charger =...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

The Linux kernel before version 6.2.9 has a race condition, which can lead to a use-after-free issue in the driver/power/supply/da9150-charger.c file. This issue occurs when a physically nearby attacker disconnects a device...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-charger: Fixed the null check for powersupplygetbyname. In the cpcapusbdetect function, the powersupplygetbyname function may return NULL instead of an error pointer. To prevent potential null pointer...

Astra Linux - уязвимость в linux-5.10, linux

A issue was discovered in the Linux kernel through version 5.16-rc6. The function freechargerirq in drivers/power/supply/wm8350power.c lacks a free variable for WM8350IRQCHGFASTRDY, which is registered in wm8350initcharger...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190remove in drivers/power/supply/bq24190charger.c. It could allow a local attacker to crash the system due to a race condition...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: common: usb-conn-gpio: Fixed the issue of NULL pointer dereferencing during the charger process. When the system is powered on using an OTG cable, the IDDIG interrupt occurs before the charger is registered. This can lead to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010935)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010935 advisory. In the Linux kernel, the following vulnerability has been resolved: power: supply: adp5061: fix out-of-bounds read in adp5061getchgtype ADP5061CHGSTATUS1CHGSTATUS is...

CVE-2026-33009

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB potential memory corruption. This is triggered by an MQTT everestexternal/nodered/connector/cmd/switchthreephaseswhilecharging message and results in Charger::sharedcontext / internalcontext...

CVE-2026-33009 EVerest: MQTT Switch-Phases Command Data Race Causing Charger State Corruptio

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB potential memory corruption. This is triggered by an MQTT everestexternal/nodered/connector/cmd/switchthreephaseswhilecharging message and results in Charger::sharedcontext / internalcontext...

CVE-2026-33009

CVE-2026-33009 affects EVerest EV charging software. Pre-2026.02.0 versions have a data race causing possible C++ undefined behavior/memory corruption when processing an MQTT topic everest_external/nodered/{connector}/cmd/switch_three_phases_while_charging, leading to concurrent access of Charger...

EUVD-2026-16250

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB potential memory corruption. This is triggered by an MQTT everestexternal/nodered/connector/cmd/switchthreephaseswhilecharging message and results in Charger::sharedcontext / internalcontext...