Lucene search
K

403 matches found

Vulnrichment
Vulnrichment
added 2026/03/26 4:23 p.m.1 views

CVE-2026-27813 EVerest has use-after-free in auth timeout timer via race condition

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events or delayed authorization response. Version 2026.2.0 contains a patch...

5.3CVSS5.9AI score0.00126EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 4:15 p.m.4 views

EUVD-2026-16216

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events while OCPP not started. This results in a TSAN data race report and an ASAN/UBSAN...

5.9CVSS5.8AI score0.00304EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 4:15 p.m.2 views

CVE-2026-26073

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events while OCPP not started. This results in a TSAN data race report and an ASAN/UBSAN...

5.9CVSS5.8AI score0.00304EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/26 2:50 p.m.26 views

CVE-2026-26072 EVerest has race-condition-induced std::map corruption in OCPP 1.6 evse_soc_map

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 2026.02.0 patches the...

4.2CVSS0.00137EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 2:48 p.m.4 views

CVE-2026-26071 EVerest: OCPP 2.0.1 EVCCID Data Race Leads to Heap Use‑After‑Free

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::string concurrent access. with heap-use-after-free possible. This is triggered by EVCCID update EV/ISO15118 and OCPP session/authorization events. Version 2026.02.0 contains a patch...

4.2CVSS5.9AI score0.00134EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/26 2:45 p.m.4 views

EUVD-2026-16203

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version 2026.2.0 contains a...

4.6CVSS5.9AI score0.00105EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 2:45 p.m.20 views

CVE-2026-26070

Summary: CVE-2026-26070 affects EVerest, the EV charging software stack. Versions prior to 2026.02.0 contain a data race that enables concurrent access to std::mapstd::optional , potentially causing container/optional corruption. The race is triggered during an EV SoC update with a periodic power...

4.6CVSS5.9AI score0.00105EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/26 2:43 p.m.3 views

CVE-2026-26008 EVerest has OOB via EVSE ID Indexing Mismatch in OCPP 2.0.1 UpdateAllowedEnergyTransferModes

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access std::vector that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the network. Version 2026.2.0 contains a patch...

7.5CVSS6AI score0.00367EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 2:43 p.m.12 views

CVE-2026-26008

The CVE concerns EVerest EV charging software stack. Versions before 2026.02.0 expose an out-of-bounds access in a std::vector triggered by UpdateAllowedEnergyTransferModes over the network via CSMS, enabling possible remote crash or memory corruption. The issue affects the affected releases prio...

7.5CVSS5.8AI score0.00367EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 2:36 p.m.1 views

CVE-2026-23995

EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ 16 to CAN open routines overflows ifreq.ifrname, corrupting adjacent stack data and enabling potential code execution. ...

8.4CVSS6.3AI score0.00211EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 2:31 p.m.3 views

CVE-2026-22790

EVerest is an EV charging software stack. Prior to version 2026.02.0, HomeplugMessage::setuppayload trusts len after an assert; in release builds the check is removed, so oversized SLAC payloads are memcpy'd into a 1497-byte stack buffer, corrupting the stack and enabling remote code execution fr...

8.8CVSS6.5AI score0.00526EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/26 2:31 p.m.15 views

CVE-2026-22790

EV charging stack EVerest is vulnerable before 2026.02.0: HomeplugMessage::setup_payload trusts len after an assert; in release builds the check is removed, enabling oversized SLAC payloads to be memcpy’d into a ~1497-byte stack buffer, corrupting the stack and allowing remote code execution from...

8.8CVSS6.5AI score0.00526EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 1:49 p.m.4 views

CVE-2026-22593

EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length equals MAXFILENAMELENGTH 100. A crafted filename in the certificate directory can overflow filenamesidx,...

8.4CVSS6.3AI score0.00138EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.13 views

PT-2026-28360

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Before version 2026.02.0, the ISO15118 chargerImpl::handle session setup function copies a variable-length payment options list into a fixed-size array o...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28361

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Prior to version 2026.02.0, the ISO15118 chargerImpl::handle update energy transfer modes function copies a variable-length list into a fixed-size array ...

6.9CVSS5.9AI score0.00197EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.7 views

PT-2026-28358

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack susceptible to a data race condition leading to a use-after-free issue. This condition is triggered by events such as EV plug-in/unplug and...

5.3CVSS5.9AI score0.00126EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

EVerest 安全漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions of EVerest prior to 2026.02.0 contained security vulnerabilities. These vulnerabilities stemmed from delayed authorization responses during RemoteStop processing, allowing the authorization...

5.2CVSS5.8AI score0.00208EPSS
Exploits1References1
CVE
CVE
added 2026/02/27 12:15 a.m.14 views

CVE-2026-25774

CVE-2026-25774 affects EV Energy ev.energy charging stations. Publicly accessible authentication identifiers via web-based mapping platforms expose credentials; no exploit details provided in the documents. Relevant advisories include CISA ICS-26-057-07 (see linked sources).

6.9CVSS5.2AI score0.00279EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/27 12:15 a.m.19 views

CVE-2026-25774 EV Energy ev.energy Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS0.00279EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/27 12:11 a.m.20 views

CVE-2026-24445 EV Energy ev.energy Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS0.00487EPSS
Exploits0References3
Rows per page
Query Builder