Lucene search
K

403 matches found

OSV
OSV
added 2026/01/21 7:36 p.m.6 views

CVE-2025-68139 In EVerest, by default, the EV is responsible for closing the connection if the module encounters an error during request processing

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...

4.3CVSS5.3AI score0.00145EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/21 7:25 p.m.3 views

CVE-2026-23955

EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be...

4.2CVSS5.4AI score0.00164EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/21 7:18 p.m.4 views

CVE-2025-68136

EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...

7.4CVSS5.3AI score0.00266EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/01/21 7:18 p.m.23 views

CVE-2025-68136 EVerest's inadequate session handling can lead to memory-related errors or exhaustion of the operating system’s file descriptors, resulting in a denial of service

EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...

7.4CVSS0.00266EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/21 7:18 p.m.7 views

EUVD-2025-206318

EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...

7.4CVSS5.5AI score0.00266EPSS
Exploits1References1
NVD
NVD
added 2026/01/21 7:16 p.m.6 views

CVE-2025-68132

EVerest is an EV charging software stack. Prior to version 2025.12.0, ismessagecrccorrect in the DZGGSH01 powermeter SLIP parser reads vecvec.size-1 and vecvec.size-2 without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach ismessagecrccorrect with...

4.6CVSS0.00243EPSS
Exploits1References2
NVD
NVD
added 2026/01/21 7:16 p.m.6 views

CVE-2025-68134

EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the assert function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them terminates, leading to a denia...

7.4CVSS0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/21 6:32 p.m.5 views

CVE-2025-68134 EVerest's use of assert functions can potentially lead to denial of service

EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the assert function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them terminates, leading to a denia...

7.4CVSS5.5AI score0.00156EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/21 6:32 p.m.3 views

CVE-2025-68134

EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the assert function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them terminates, leading to a denia...

7.4CVSS5.4AI score0.00156EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/01/21 3:15 a.m.7 views

CVE-2025-68133

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new...

7.4CVSS0.00351EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/21 2:25 a.m.4 views

CVE-2025-68133 EVerest's unlimited connections can lead to DoS through operating system resource exhaustion

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new...

7.4CVSS5.6AI score0.00351EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.6 views

PT-2026-3849

EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...

7.4CVSS5.5AI score0.00266EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.5 views

PT-2026-3851

EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the strdup calls are never freed. At each connection attempt, the newly allocated memory area will be leaked, potential...

4.7CVSS5.5AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.10 views

PT-2026-3853

EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be...

4.2CVSS5.5AI score0.00164EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 8:38 a.m.8 views

CVE-2026-22541

The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly...

8.2CVSS6.7AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.8 views

Efacec QC 安全漏洞

Efacec QC is a series of electric vehicle chargers from Efacec Portugal. A security vulnerability exists in the Efacec QC 60/90/120 that stems from a large number of ICMP requests sent that could result in a denial of service to the charger board controlling the EV interface...

8.2CVSS6.5AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/06 5:7 p.m.4 views

CVE-2026-21635

An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite v1.5.2 and earlier to use WiFi AutoLink feature on a device that was only adopted via Ethernet...

5.3CVSS6.8AI score0.00132EPSS
Exploits0References1
OSV
OSV
added 2026/01/05 5:15 p.m.5 views

CVE-2026-21635

An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite v1.5.2 and earlier to use WiFi AutoLink feature on a device that was only adopted via Ethernet...

6.5CVSS5.8AI score0.00132EPSS
Exploits0References1
NVD
NVD
added 2026/01/05 5:15 p.m.48 views

CVE-2026-21635

An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite v1.5.2 and earlier to use WiFi AutoLink feature on a device that was only adopted via Ethernet...

6.5CVSS0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/05 4:47 p.m.28 views

CVE-2026-21635

An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite v1.5.2 and earlier to use WiFi AutoLink feature on a device that was only adopted via Ethernet...

5.3CVSS0.00132EPSS
Exploits0References1
Rows per page
Query Builder