403 matches found
CVE-2026-27813 EVerest has use-after-free in auth timeout timer via race condition
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events or delayed authorization response. Version 2026.2.0 contains a patch...
EUVD-2026-16216
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events while OCPP not started. This results in a TSAN data race report and an ASAN/UBSAN...
CVE-2026-26073
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events while OCPP not started. This results in a TSAN data race report and an ASAN/UBSAN...
CVE-2026-26072 EVerest has race-condition-induced std::map corruption in OCPP 1.6 evse_soc_map
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 2026.02.0 patches the...
CVE-2026-26071 EVerest: OCPP 2.0.1 EVCCID Data Race Leads to Heap Use‑After‑Free
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::string concurrent access. with heap-use-after-free possible. This is triggered by EVCCID update EV/ISO15118 and OCPP session/authorization events. Version 2026.02.0 contains a patch...
EUVD-2026-16203
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version 2026.2.0 contains a...
CVE-2026-26070
Summary: CVE-2026-26070 affects EVerest, the EV charging software stack. Versions prior to 2026.02.0 contain a data race that enables concurrent access to std::mapstd::optional , potentially causing container/optional corruption. The race is triggered during an EV SoC update with a periodic power...
CVE-2026-26008 EVerest has OOB via EVSE ID Indexing Mismatch in OCPP 2.0.1 UpdateAllowedEnergyTransferModes
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access std::vector that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the network. Version 2026.2.0 contains a patch...
CVE-2026-26008
The CVE concerns EVerest EV charging software stack. Versions before 2026.02.0 expose an out-of-bounds access in a std::vector triggered by UpdateAllowedEnergyTransferModes over the network via CSMS, enabling possible remote crash or memory corruption. The issue affects the affected releases prio...
CVE-2026-23995
EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ 16 to CAN open routines overflows ifreq.ifrname, corrupting adjacent stack data and enabling potential code execution. ...
CVE-2026-22790
EVerest is an EV charging software stack. Prior to version 2026.02.0, HomeplugMessage::setuppayload trusts len after an assert; in release builds the check is removed, so oversized SLAC payloads are memcpy'd into a 1497-byte stack buffer, corrupting the stack and enabling remote code execution fr...
CVE-2026-22790
EV charging stack EVerest is vulnerable before 2026.02.0: HomeplugMessage::setup_payload trusts len after an assert; in release builds the check is removed, enabling oversized SLAC payloads to be memcpy’d into a ~1497-byte stack buffer, corrupting the stack and allowing remote code execution from...
CVE-2026-22593
EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length equals MAXFILENAMELENGTH 100. A crafted filename in the certificate directory can overflow filenamesidx,...
PT-2026-28360
Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Before version 2026.02.0, the ISO15118 chargerImpl::handle session setup function copies a variable-length payment options list into a fixed-size array o...
PT-2026-28361
Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Prior to version 2026.02.0, the ISO15118 chargerImpl::handle update energy transfer modes function copies a variable-length list into a fixed-size array ...
PT-2026-28358
Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack susceptible to a data race condition leading to a use-after-free issue. This condition is triggered by events such as EV plug-in/unplug and...
EVerest 安全漏洞
EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions of EVerest prior to 2026.02.0 contained security vulnerabilities. These vulnerabilities stemmed from delayed authorization responses during RemoteStop processing, allowing the authorization...
CVE-2026-25774
CVE-2026-25774 affects EV Energy ev.energy charging stations. Publicly accessible authentication identifiers via web-based mapping platforms expose credentials; no exploit details provided in the documents. Relevant advisories include CISA ICS-26-057-07 (see linked sources).
CVE-2026-25774 EV Energy ev.energy Insufficiently Protected Credentials
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-24445 EV Energy ev.energy Improper Restriction of Excessive Authentication Attempts
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...