| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-22593 | EVerest has off-by-one stack buffer overflow in IsoMux certificate filename parsing | EVerest | everest-core | High | 8.4 | 2026-03-26 13:49:27 | Deep Dive |
| CVE-2026-27070 | WordPress Everest Forms Pro plugin <= 1.9.12 - Cross Site Scripting (XSS) vulnerability | WPEverest | Everest Forms Pro | High | 7.1 | 2026-03-19 08:43:56 | Deep Dive |
| CVE-2026-22422 | WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability | wpeverest | Everest Forms | - | - | 2026-02-19 08:26:48 | Deep Dive |
| CVE-2020-37140 | Everest 5.50.2100 - 'Open File' Denial of Service | FinalWire | Everest | Medium | 5.5 | 2026-02-05 16:13:39 | Deep Dive |
| CVE-2026-24003 | EvseV2G has sequence state validation bypass | EVerest | everest-core | Medium | 4.3 | 2026-01-26 22:12:48 | Deep Dive |
| CVE-2025-68141 | EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization | EVerest | everest-core | High | 7.4 | 2026-01-21 19:56:14 | Deep Dive |
| CVE-2025-68140 | EVerest allows null session ID to bypass session ID verification | EVerest | everest-core | Medium | 4.3 | 2026-01-21 19:54:51 | Deep Dive |
| CVE-2025-68139 | In EVerest, by default, the EV is responsible for closing the connection if the module encounters an error during request processing | EVerest | everest-core | Medium | 4.3 | 2026-01-21 19:36:36 | Deep Dive |
| CVE-2025-68138 | EVerest affected by memory exhaustion in libocpp | EVerest | everest-core | Medium | 4.7 | 2026-01-21 19:30:49 | Deep Dive |
| CVE-2026-23955 | EVerest vulnerable to concatenation of strings literal and integers | EVerest | everest-core | Medium | 4.2 | 2026-01-21 19:25:12 | Deep Dive |
| CVE-2025-68137 | EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stack buffer overflow or infinite loop | EVerest | everest-core | High | 8.3 | 2026-01-21 19:20:09 | Deep Dive |
| CVE-2025-68136 | EVerest's inadequate session handling can lead to memory-related errors or exhaustion of the operating system’s file descriptors, resulting in a denial of service | EVerest | everest-core | High | 7.4 | 2026-01-21 19:18:21 | Deep Dive |
| CVE-2025-68135 | EVerest's inadequate exception handling leads to denial of service | EVerest | everest-core | Medium | 6.5 | 2026-01-21 18:56:06 | Deep Dive |
| CVE-2025-68134 | EVerest's use of assert functions can potentially lead to denial of service | EVerest | everest-core | High | 7.4 | 2026-01-21 18:32:14 | Deep Dive |
| CVE-2025-68132 | EVerest has out-of-bounds read in DZG_GSH01 SLIP CRC parser that can crash powermeter driver | EVerest | everest-core | - | - | 2026-01-21 18:28:41 | Deep Dive |
| CVE-2025-68133 | EVerest's unlimited connections can lead to DoS through operating system resource exhaustion | EVerest | everest-core | High | 7.4 | 2026-01-21 02:25:03 | Deep Dive |
| CVE-2025-62992 | WordPress Everest Backup plugin <= 2.3.11 - Cross Site Request Forgery (CSRF) vulnerability | everestthemes | Everest Backup | Medium | 6.5 | 2025-12-31 08:59:01 | Deep Dive |
| CVE-2025-10304 | Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 - Missing Authorization to Unauthenticated Backup Failure | everestthemes | Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin | Medium | 5.3 | 2025-12-03 03:27:15 | Deep Dive |
| CVE-2025-8871 | Everest Forms (Pro) <= 1.9.7 - Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature | WPEverest | Everest Forms Pro | Medium | 5.6 | 2025-11-05 02:25:52 | Deep Dive |
| CVE-2025-62946 | WordPress Everest Backup plugin <= 2.3.8 - Broken Access Control vulnerability | everestthemes | Everest Backup | Medium | 5.3 | 2025-10-27 01:34:08 | Deep Dive |