VYPR

Vendor CVEs

Everest

All CVEs

39 total · sorted by risk
  • CVE-2026-27816CriMar 26, 2026
    risk 0.52cvss 9.1epss 0.00

    EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_transfer_modes copies a variable-length list into a fixed-size array of length 6 without bounds checking. With schema validation disabled by default, oversized…

  • CVE-2026-27815CriMar 26, 2026
    risk 0.52cvss 9.1epss 0.00

    EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized…

  • CVE-2024-37310CriJul 10, 2024
    risk 0.52cvss 9.0epss 0.01

    EVerest is an EV charging software stack. An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process' heap. This vulnerability is fixed in 2024.3.1 and 2024.6.0.

  • CVE-2026-27828HigMar 26, 2026
    risk 0.42cvss 7.5epss 0.00

    EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address). The EVSE process can be crashed remotely by an attacker…

  • CVE-2025-8871MedNov 5, 2025
    risk 0.36cvss 5.6epss 0.00

    The Everest Forms (Pro) plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mime_content_type() function. This makes it possible for unauthenticated attackers to inject a PHP Object.…

  • CVE-2025-3421MedApr 11, 2025
    risk 0.33cvss 6.1epss 0.00

    The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization…

  • CVE-2026-29044MedMar 26, 2026
    risk 0.26cvss 5.0epss 0.00

    EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines `transaction_active=false` and only calls `withdraw_authorization_callback`. This path ultimately calls…

  • CVE-2026-27814MedMar 26, 2026
    risk 0.20cvss 4.2epss 0.00

    EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race (C++ UB) triggered by an A 1-phase ↔ 3-phase switch request (`ac_switch_three_phases_while_charging`) during charging/waiting executes concurrently with the state machine loop. Version…

  • CVE-2025-59399LowSep 15, 2025
    risk 0.13cvss 3.1epss 0.00

    libocpp before 0.28.0 allows a denial of service (EVerest crash) because a secondary exception is thrown during error message generation.

  • CVE-2025-59398LowSep 15, 2025
    risk 0.13cvss 3.1epss 0.00

    The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 characters, because a CiString<255> object is created with StringTooLarge set to Throw.

  • CVE-2026-33015Mar 26, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop (StopTransaction), the EVSE can return to `PrepareCharging` via the EV's BCB toggle, allowing session restart. This breaks the irreversibility of remote stop…

  • CVE-2026-33014Mar 26, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorization response restores `authorized` back to true, defeating the `stop_transaction()` call condition on PowerOff events. As a result, the transaction can remain…

  • CVE-2026-33009Mar 26, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memory corruption). This is triggered by an MQTT `everest_external/nodered/{connector}/cmd/switch_three_phases_while_charging` message and results in…

  • CVE-2026-27813Mar 26, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events (or delayed authorization response). Version 2026.2.0 contains a patch.

  • CVE-2026-26074Mar 26, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::map<std::queue>` corruption. The trigger is CSMS GetLog/UpdateFirmware request (network) with an EVSE fault event (physical). This results in TSAN reports concurrent…

  • CVE-2026-26073Mar 26, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::queue`/`std::deque` corruption. The trigger is powermeter public key update and EV session/error events (while OCPP not started). This results in a TSAN data race…

  • CVE-2026-26072Mar 26, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map<std::optional>` concurrent access (container/optional corruption possible). The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished…

  • CVE-2026-26071Mar 26, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::string` concurrent access. with heap-use-after-free possible. This is triggered by EVCCID update (EV/ISO15118) and OCPP session/authorization events. Version 2026.02.0…

  • CVE-2026-26070Mar 26, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map<std::optional>` concurrent access (container/optional corruption possible). The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished…

  • CVE-2026-26008Mar 26, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (std::vector) that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the network. Version 2026.2.0 contains a…

  • CVE-2026-23995Mar 26, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN open routines overflows `ifreq.ifr_name`, corrupting adjacent stack data and enabling…

  • CVE-2026-22790Mar 26, 2026
    risk 0.00cvss epss 0.01

    EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payloads are `memcpy`'d into a ~1497-byte stack buffer, corrupting the stack and…

  • CVE-2026-22593Mar 26, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length equals `MAX_FILE_NAME_LENGTH` (100). A crafted filename in the certificate directory can…

  • CVE-2026-24003Jan 26, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state verification including authentication, and send requests that transition to forbidden states relative to the current one, thereby updating the current…

  • CVE-2025-68141Jan 21, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `tax_costs` in the target `Receipt` structure is accessed out of bounds. This…

  • CVE-2025-68140Jan 21, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0.…

  • CVE-2025-68139Jan 21, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for `terminate_connection_on_failed_response` is `False`, which leaves the responsibility for session and connection termination to the EV. In this configuration, any…

  • CVE-2025-68138Jan 21, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the `strdup` calls are never freed. At each connection attempt, the newly allocated memory area will…

  • CVE-2026-23955Jan 21, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted…

  • CVE-2025-68137Jan 21, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the…

  • CVE-2025-68136Jan 21, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like `Session`, `IConnection` which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created…

  • CVE-2025-68135Jan 21, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the `TbdController` loop, leading to its caller and itself to silently terminates. Thus, this leads to a denial of service as it is responsible of SDP and…

  • CVE-2025-68134Jan 21, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them…

  • CVE-2025-68132Jan 21, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. Prior to version 2025.12.0, `is_message_crc_correct` in the DZG_GSH01 powermeter SLIP parser reads `vec[vec.size()-1]` and `vec[vec.size()-2]` without checking that at least two bytes are present. Malformed SLIP frames on the serial link…

  • CVE-2025-68133Jan 21, 2026
    risk 0.00cvss epss 0.00

    EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is…

  • CVE-2024-8542May 15, 2025
    risk 0.00cvss epss 0.00

    The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2025-3422Apr 11, 2025
    risk 0.00cvss epss 0.00

    The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action…

  • CVE-2025-3439Apr 11, 2025
    risk 0.00cvss epss 0.01

    The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'field_value' parameter. This…

  • CVE-2015-6454Sep 26, 2015
    risk 0.00cvss epss 0.03

    Everest PeakHMI before 8.7.0.2, when the video server is used, allows remote attackers to cause a denial of service (incorrect pointer dereference and daemon crash) via a crafted packet.