CVE-2026-24003 EvseV2G has sequence state validation bypass

EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state verification including authentication, and send requests that transition to forbidden states relative to the current one, thereby updating the current context with...

PT-2026-4826

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2025.12.1 Description EVerest is an EV charging software stack susceptible to a bypass of sequence state verification, including authentication. This allows sending requests that transition to forbidden states,...

EUVD-2025-27191

Malicious code in bioql PyPI...

PYSEC-2025-141

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in modeldict = torch.loadfullpath, maplocation=torch.devicedevice, weightsonly=True in monai/bundle/scripts.py , weightsonly=True is loaded securely. However, insecure loading method...

CVE-2024-32649

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the sqrt builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the buildIR function of the sqrt builtin doesn't cache the argument to...