EVerest 安全漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions of EVerest prior to 2026.02.0 contained security vulnerabilities. These vulnerabilities stemmed from delayed authorization responses during RemoteStop processing, allowing the authorization...

EVerest 竞争条件问题漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions of EVerest prior to 2026.02.0 contained a race condition vulnerability. This vulnerability stemmed from undefined C++ behavior due to data races, which could lead to memory corruption...

EVerest 安全漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions prior to EVerest 2026.02.0 contain security vulnerabilities; these vulnerabilities stem from data competition and could lead to queue or double-ended queue corruption...

EVerest 竞争条件问题漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions prior to EVerest 2026.02.0 contained a race condition vulnerability, which was caused by data competition and could lead to mapping or queue corruption...

Siemens Heliox EV Chargers

SUMMARY Heliox EV Chargers listed below contain improper access control vulnerability that could allow an attacker to reach unauthorized services via the charging cable. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL...

CVE-2026-28230

SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transactionId a sequential integer starting from 1 without verifying that the requesting charger matches...

CVE-2026-28230 In SteVe, any authenticated charger can terminate any other charger's active transaction (missing ownership verification on StopTransaction)

SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transactionId a sequential integer starting from 1 without verifying that the requesting charger matches...

CVE-2026-28230 In SteVe, any authenticated charger can terminate any other charger's active transaction (missing ownership verification on StopTransaction)

SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transactionId a sequential integer starting from 1 without verifying that the requesting charger matches...

CVE-2026-28230 In SteVe, any authenticated charger can terminate any other charger's active transaction (missing ownership verification on StopTransaction)

SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transactionId a sequential integer starting from 1 without verifying that the requesting charger matches...

EVerest security vulnerabilities

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions of EVerest prior to 2025.12.1 contain security vulnerabilities. These vulnerabilities stem from a vulnerability that allows bypassing sequence state verification and authentication, potentiall...

Pwn2Own: Researchers Earn $1 Million for 76 Zero-Days

Discover how TrendAI Zero Day Initiative ZDI identified critical vulnerabilities across connected vehicles, EV chargers, and automotive systems...

CVE-2021-22724

A CVE-352 Cross-Site Request Forgery CSRF vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22...

Efacec QC 安全漏洞

Efacec QC is a series of electric vehicle chargers from Efacec Portugal. A security vulnerability exists in the Efacec QC 60/90/120 that stems from a large number of ICMP requests sent that could result in a denial of service to the charger board controlling the EV interface...

PT-2026-1664

Name of the Vulnerable Software and Affected Versions EFACEC EV chargers affected versions not specified Description A large number of ARP requests can cause a denial of service on a control board within the EV charger, impacting the EV interfaces. The affected board's proper operation is essenti...

CVE-2025-12357

CVE-2025-12357 concerns the SLAC protocol used in ISO 15118-2-compliant EV charging systems. The Red Hat/NVD/EUVD entries describe that an attacker can manipulate SLAC measurements to perform a man-in-the-middle between an electric vehicle and the charging station, potentially enabling wireless M...

EUVD-2025-11149

Malicious code in bioql PyPI...

EUVD-2025-11132

Malicious code in bioql PyPI...

EUVD-2024-40401

Malicious code in bioql PyPI...

New Choicejacking Attack Steals Data from Phones via Public Chargers

Choicejacking is a new USB attack that tricks phones into sharing data at public charging stations, bypassing security prompts in milliseconds...

LITEON IC48A and IC80A EV Chargers

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information when accessing the Liteon EV chargers. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...