Lucene search
K

403 matches found

Vulnrichment
Vulnrichment
added 2026/02/27 12:11 a.m.6 views

CVE-2026-24445 EV Energy ev.energy Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS6AI score0.00487EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/27 12:3 a.m.1 views

CVE-2026-27773 SWITCH EV swtchenergy.com Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.7 views

SWITCH EV 访问控制错误漏洞

SWITCH EV is a electric vehicle charging facility management platform developed by the US company SWITCH. SWITCH EV has a security vulnerability related to access control. This vulnerability stems from the lack of proper authentication mechanisms at WebSocket endpoints, which can lead to...

9.8CVSS5.7AI score0.00508EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.6 views

SWITCH EV 安全漏洞

SWITCH EV is a electric vehicle charging facility management platform developed by the US company SWITCH. SWITCH EV has a security vulnerability, which stems from the lack of a limit on the number of authentication requests in the WebSocket application programming interface. This vulnerability...

9.8CVSS5.8AI score0.00465EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.8 views

EV Energy 安全漏洞

EV Energy is an electric vehicle charging software platform operated by the British company EV Energy. There is a security vulnerability within EV Energy; this vulnerability stems from the lack of restrictions on the number of authentication requests, which could lead to denial-of-service attacks...

9.8CVSS5.8AI score0.00487EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.8 views

EV Energy 访问控制错误漏洞

EV Energy is a electric vehicle charging software platform operated by the British company EV Energy. EV Energy has a security vulnerability related to access control. This vulnerability stems from the lack of proper authentication mechanisms at WebSocket endpoints, which can lead to unauthorized...

9.8CVSS5.7AI score0.00531EPSS
Exploits0References3
NVD
NVD
added 2026/01/26 10:15 p.m.11 views

CVE-2026-24003

EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state verification including authentication, and send requests that transition to forbidden states relative to the current one, thereby updating the current context with...

5.3CVSS0.00254EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/26 10:12 p.m.4 views

CVE-2026-24003

EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state verification including authentication, and send requests that transition to forbidden states relative to the current one, thereby updating the current context with...

4.3CVSS5.8AI score0.00254EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/01/26 10:12 p.m.4 views

EUVD-2026-4652

EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state verification including authentication, and send requests that transition to forbidden states relative to the current one, thereby updating the current context with...

4.3CVSS5.8AI score0.00254EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/22 8:22 p.m.4 views

CVE-2025-68140

EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...

4.3CVSS5.4AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/22 8:22 p.m.8 views

CVE-2026-23955

EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be...

4.2CVSS5.5AI score0.00164EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/22 7:22 p.m.8 views

CVE-2025-68134

EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the assert function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them terminates, leading to a denia...

7.4CVSS5.6AI score0.00156EPSS
Exploits0References1
NVD
NVD
added 2026/01/21 8:16 p.m.8 views

CVE-2025-68139

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...

4.3CVSS0.00145EPSS
Exploits0References1
NVD
NVD
added 2026/01/21 8:16 p.m.6 views

CVE-2025-68136

EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...

7.4CVSS0.00266EPSS
Exploits1References1
CVE
CVE
added 2026/01/21 7:56 p.m.14 views

CVE-2025-68141

CVE-2025-68141 affects the EVerest EV charging software stack. Before version 2025.10.0, deserializing a DC_ChargeLoopRes message that includes Receipt and TaxCosts can access the vector tax_costs in Receipt out of bounds, in the function template void convert(const struct iso20_dc_DetailedTaxTy...

7.4CVSS5.6AI score0.00248EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/21 7:56 p.m.4 views

CVE-2025-68141

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...

7.4CVSS5.5AI score0.00248EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/21 7:56 p.m.6 views

CVE-2025-68141 EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...

7.4CVSS5.6AI score0.00248EPSS
Exploits1References1
CVE
CVE
added 2026/01/21 7:54 p.m.21 views

CVE-2025-68140

Summary: CVE-2025-68140 affects EVerest EV charging software stack prior to 2025.9.0, where an unregistered session can be assumed as 0, allowing unauthorized and anonymous indirect emission of MQTT messages and communication with V2G message handlers, potentially updating a session context. Tech...

4.3CVSS5.4AI score0.00136EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/21 7:54 p.m.4 views

CVE-2025-68140

EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...

4.3CVSS5.2AI score0.00136EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/21 7:36 p.m.5 views

CVE-2025-68139

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...

4.3CVSS5AI score0.00145EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder