CVE-2026-26073

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events while OCPP not started. This results in a TSAN data race report and an ASAN/UBSAN...

CVE-2026-26073

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events while OCPP not started. This results in a TSAN data race report and an ASAN/UBSAN...

CVE-2026-26073

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events while OCPP not started. This results in a TSAN data race report and an ASAN/UBSAN...

CVE-2026-26073 EVerest: OCPP 1.6 heap corruption caused by lock-free insertion in event_queue

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events while OCPP not started. This results in a TSAN data race report and an ASAN/UBSAN...

EUVD-2026-16216

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::queue/std::deque corruption. The trigger is powermeter public key update and EV session/error events while OCPP not started. This results in a TSAN data race report and an ASAN/UBSAN...

CVE-2026-26072

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 2026.02.0 patches the...

CVE-2026-26070

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version 2026.2.0 contains a...

CVE-2026-26072 EVerest has race-condition-induced std::map corruption in OCPP 1.6 evse_soc_map

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 2026.02.0 patches the...

EUVD-2026-16207

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 2026.02.0 patches the...

CVE-2026-26072

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 2026.02.0 patches the...

CVE-2026-26072

EVerest EV charging software stack is affected. Versions prior to 2026.02.0 have a data race on concurrent access to std::mapstd::optional , potentially causing container/optional corruption during EV SoC updates with powermeter periodic updates and unplugging/SessionFinished status. The issue is...

CVE-2025-68132

CVE-2025-68132 affects EVerest EV charging software stack. The issue lies in the DZG_GSH01 powermeter SLIP parser, where is_message_crc_correct reads vec[vec.size()-1] and vec[vec.size()-2] without verifying that at least two bytes exist. Malformed SLIP frames on the serial link can reach this fu...

CVE-2025-68132 EVerest has out-of-bounds read in DZG_GSH01 SLIP CRC parser that can crash powermeter driver

EVerest is an EV charging software stack. Prior to version 2025.12.0, ismessagecrccorrect in the DZGGSH01 powermeter SLIP parser reads vecvec.size-1 and vecvec.size-2 without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach ismessagecrccorrect with...

CVE-2025-68132 EVerest has out-of-bounds read in DZG_GSH01 SLIP CRC parser that can crash powermeter driver

EVerest is an EV charging software stack. Prior to version 2025.12.0, ismessagecrccorrect in the DZGGSH01 powermeter SLIP parser reads vecvec.size-1 and vecvec.size-2 without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach ismessagecrccorrect with...

Schneider Electric PowerLogic PM8ECC Security Bypass Vulnerability

The Schneider Electric PowerLogic PM8ECC is a communication module for use in 800 series meters from Schneider Electric, France. A security bypass vulnerability exists in Schneider Electric PowerLogic PM8ECC for PowerMeter 800 prior to version 2.651, which can be exploited by an attacker to bypas...

CVE-2016-4513

Cross-site scripting XSS vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-4513

Cross-site scripting XSS vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...