Lucene search
K

7924 matches found

EUVD
EUVD
added 2026/03/26 4:34 p.m.5 views

EUVD-2026-16228

EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118chargerImpl::handlesessionsetup uses v2gctx after it has been freed when ISO15118 initialization fails e.g., no IPv6 link-local address. The EVSE process can be crashed remotely by an attacker with MQTT access who issue...

6.9CVSS5.8AI score0.00286EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 4:34 p.m.2 views

CVE-2026-27828 EVerest: ISO15118 session_setup use-after-free can crash EVSE process

EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118chargerImpl::handlesessionsetup uses v2gctx after it has been freed when ISO15118 initialization fails e.g., no IPv6 link-local address. The EVSE process can be crashed remotely by an attacker with MQTT access who issue...

6.9CVSS5.8AI score0.00286EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 4:34 p.m.18 views

CVE-2026-27828

CVE-2026-27828 — EVerest : In EVerest prior to 2026.02.0, ISO15118_chargerImpl::handle_session_setup accesses the freed v2g_ctx after ISO15118 initialization fails (e.g., no IPv6 link-local address). An attacker with MQTT access can remotely crash the EVSE process by issuing a session_setup comma...

7.5CVSS5.8AI score0.00286EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/26 4:34 p.m.24 views

CVE-2026-27828 EVerest: ISO15118 session_setup use-after-free can crash EVSE process

EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118chargerImpl::handlesessionsetup uses v2gctx after it has been freed when ISO15118 initialization fails e.g., no IPv6 link-local address. The EVSE process can be crashed remotely by an attacker with MQTT access who issue...

6.9CVSS0.00286EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 4:34 p.m.5 views

CVE-2026-27828 EVerest: ISO15118 session_setup use-after-free can crash EVSE process

EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118chargerImpl::handlesessionsetup uses v2gctx after it has been freed when ISO15118 initialization fails e.g., no IPv6 link-local address. The EVSE process can be crashed remotely by an attacker with MQTT access who issue...

6.9CVSS5.8AI score0.00286EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/26 4:32 p.m.4 views

Malicious code in chaostoolkit-turbulence (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0d12e5d6a53ae410fe90d76b8da4f9f117a8891e73a678c5b5f49059ad31fa6b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 4:30 p.m.3 views

CVE-2026-27815 EVerest: ISO15118 session_setup payment options overflow can corrupt EVSE state

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118chargerImpl::handlesessionsetup copies a variable-length paymentoptions list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 4:30 p.m.27 views

CVE-2026-27815 EVerest: ISO15118 session_setup payment options overflow can corrupt EVSE state

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118chargerImpl::handlesessionsetup copies a variable-length paymentoptions list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can...

6.9CVSS0.00272EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 4:30 p.m.16 views

CVE-2026-27815

CVE-2026-27815 affects EVerest EV charging stack. Prior to 2026.02.0, the function ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 without bounds checking. With default schema validation disabled, oversized MQTT Cmd payl...

9.1CVSS5.8AI score0.00272EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/26 4:30 p.m.5 views

CVE-2026-27815 EVerest: ISO15118 session_setup payment options overflow can corrupt EVSE state

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118chargerImpl::handlesessionsetup copies a variable-length paymentoptions list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/26 4:21 p.m.5 views

Malicious code in magtape (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6f476b63043b398a38eb28706575478aab4fb04820ce16d7836e726df21a1a93 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/03/26 4:21 p.m.6 views

MAL-2026-2240 Malicious code in magtape (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6f476b63043b398a38eb28706575478aab4fb04820ce16d7836e726df21a1a93 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/03/26 4:21 p.m.2 views

MAL-2026-2241 Malicious code in pacbot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 77976a83e69cb239c03d7d5f13eefeaa61eaae708c066a584609d8b7d8a932bd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
NVD
NVD
added 2026/03/26 3:16 p.m.2 views

CVE-2026-22790

EVerest is an EV charging software stack. Prior to version 2026.02.0, HomeplugMessage::setuppayload trusts len after an assert; in release builds the check is removed, so oversized SLAC payloads are memcpy'd into a 1497-byte stack buffer, corrupting the stack and enabling remote code execution fr...

8.8CVSS0.00526EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.4 views

CVE-2026-4477

A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.120171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can only be done within the local network. This attack is...

3.1CVSS5.2AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.3 views

CVE-2026-3556

Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The...

8.8CVSS7.8AI score0.00514EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.7 views

CVE-2026-33634

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

9.4CVSS6.2AI score0.60368EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.4 views

CVE-2026-2992

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the /wp-json/kivicare/v1/setup-wizard/clinic REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated...

8.2CVSS5.8AI score0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 2:31 p.m.3 views

CVE-2026-22790

EVerest is an EV charging software stack. Prior to version 2026.02.0, HomeplugMessage::setuppayload trusts len after an assert; in release builds the check is removed, so oversized SLAC payloads are memcpy'd into a 1497-byte stack buffer, corrupting the stack and enabling remote code execution fr...

8.8CVSS6.5AI score0.00526EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/26 2:31 p.m.22 views

CVE-2026-22790 EVerest's unchecked SLAC payload length causes stack overflow in HomeplugMessage::setup_payload

EVerest is an EV charging software stack. Prior to version 2026.02.0, HomeplugMessage::setuppayload trusts len after an assert; in release builds the check is removed, so oversized SLAC payloads are memcpy'd into a 1497-byte stack buffer, corrupting the stack and enabling remote code execution fr...

8.8CVSS0.00526EPSS
Exploits1References1
Rows per page
Query Builder