CVE-2026-27813

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events or delayed authorization response. Version 2026.2.0 contains a patch...

CVE-2026-27813 EVerest has use-after-free in auth timeout timer via race condition

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events or delayed authorization response. Version 2026.2.0 contains a patch...

CVE-2026-27813

CVE-2026-27813 affects the EVerest EV charging software stack. Versions prior to 2026.02.0 contain a data race that can lead to a use-after-free condition. The issue is triggered by EV plug-in/unplug events and RFID/RemoteStart/OCPP authorization events (or delayed authorization responses). A pat...

PT-2026-28358

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack susceptible to a data race condition leading to a use-after-free issue. This condition is triggered by events such as EV plug-in/unplug and...

EUVD-2025-28895

Malicious code in bioql PyPI...

CVE-2025-6785

Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle. Testing completed on Tesla Model 3 vehicles with software version v11.1 2023.20.9 ee6de92ddac5...

CVE-2025-6785

Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle. Testing completed on Tesla Model 3 vehicles with software version v11.1 2023.20.9...

CVE-2025-6785 Tesla Model 3 Physical CAN Bus Injection

Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle. Testing completed on Tesla Model 3 vehicles with software version v11.1 2023.20.9...

CVE-2025-6785

CVE-2025-6785 affects Tesla Model 3 software versions from 2023.Xx before 2023.44. The vulnerability stems from insecure handling of externally accessible CAN wiring, which can grant physical access to the CAN bus and enable injection of specially formed CAN messages to control remote start funct...

CVE-2025-6785 Tesla Model 3 Physical CAN Bus Injection

Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle. Testing completed on Tesla Model 3 vehicles with software version v11.1 2023.20.9...

Tesla Model 3 安全漏洞

The Tesla Model 3 is an electric vehicle from Tesla, an American company. A security vulnerability exists in Tesla Model 3 versions prior to 2023.44 that stems from improper physical access control of the CAN bus, which could lead to the remote start function being controlled...

PT-2025-35942

Name of the Vulnerable Software and Affected Versions: Tesla Model 3 versions 2023.Xx through 2023.43 Description: Securing externally available CAN wires can easily allow physical access to the CAN bus, potentially enabling the injection of specially formed CAN messages to control remote start...

OpenVPN 安全漏洞

OpenVPN is a software package from OpenVPN, Inc. that creates encrypted tunnels for virtual private networks VPNs, uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or usernames/passwords. A...

A Remote-Start App Exposed Thousands of Cars to Hackers

The bugs could have let an industrious hacker locate cars, unlock them, and start them up from anywhere with an internet connection...

MyCar Controls uses hard-coded credentials

Overview The MyCar Controls mobile applications prior to v3.4.24 on iOS and prior to v4.1.2 on Android contains hard-coded admin credentials. Description MyCar is a small aftermarket telematics unit from AutoMobility Distribution Inc. MyCar add smartphone-controlled geolocation, remote start/stop...

Subaru car software vulnerability analysis—never a failure of token-vulnerability warning-the black bar safety net

Not long ago, one from California car, information security researcher Aaron Guzman, in Australia, held a computer security conference to introduce a black into the Subaru car of the method. In his own 2017 Subaru WRX STI was found in a surprising number of software vulnerabilities, through these...

Hyundai Patches Leaky Blue Link Mobile App

Hyundai Motor America has patched a vulnerability in its Blue Link mobile application that exposed personal and vehicle information to an attacker. Updated versions of the app 3.9.6 were released to Google Play and the Apple App Store on March 8, a little more than one month after Rapid7 learned...

Oracle WebLogic Server Node Manager Detection

The remote service is Node Manager, a utility included with Oracle WebLogic Server and used to remotely start and stop Administration Server and Managed Server instances. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description...

System in a variety of hidden super user method-vulnerability warning-the black bar safety net

One, how in the graphical interface to establish a hidden super user Graphical interface for local or open 3 3 8 9 Terminal Services the broiler. Above I mentioned that the author said the method is very good, but more complex, 还要用到psu.exelet the program to the system user identity of the running...