| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5478 | Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | High | 8.1 | 2026-04-20 19:27:08 | Deep Dive |
| CVE-2026-3296 | Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | Critical | 9.8 | 2026-04-08 01:24:44 | Deep Dive |
| CVE-2026-3300 | Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field | WPEverest | Everest Forms Pro | Critical | 9.8 | 2026-03-31 01:24:58 | Deep Dive |
| CVE-2026-33015 | EVerest has RemoteStop Bypass via BCB Toggle Session Restart | EVerest | everest-core | Medium | 5.2 | 2026-03-26 16:42:51 | Deep Dive |
| CVE-2026-33014 | EVerest has Delayed Authorization Response Bypasses Termination After RemoteStop | EVerest | everest-core | Medium | 5.2 | 2026-03-26 16:40:40 | Deep Dive |
| CVE-2026-33009 | EVerest: MQTT Switch-Phases Command Data Race Causing Charger State Corruptio | EVerest | everest-core | High | 8.2 | 2026-03-26 16:39:30 | Deep Dive |
| CVE-2026-29044 | EVerest: Charging Continues When WithdrawAuthorization Is Processed Before TransactionStarted | EVerest | everest-core | Medium | 5.0 | 2026-03-26 16:37:33 | Deep Dive |
| CVE-2026-27828 | EVerest: ISO15118 session_setup use-after-free can crash EVSE process | EVerest | everest-core | 中危 | - | 2026-03-26 16:34:24 | Deep Dive |
| CVE-2026-27816 | EVerest's ISO15118 update_energy_transfer_modes overflow can corrupt EVSE state | EVerest | everest-core | 中危 | - | 2026-03-26 16:32:05 | Deep Dive |
| CVE-2026-27815 | EVerest: ISO15118 session_setup payment options overflow can corrupt EVSE state | EVerest | everest-core | 中危 | - | 2026-03-26 16:30:30 | Deep Dive |
| CVE-2026-27814 | EVerest EvseManager phase-switch path has unsynchronized shared-state access race condition | EVerest | everest-core | Medium | 4.2 | 2026-03-26 16:27:54 | Deep Dive |
| CVE-2026-27813 | EVerest has use-after-free in auth timeout timer via race condition | EVerest | everest-core | Medium | 5.3 | 2026-03-26 16:23:19 | Deep Dive |
| CVE-2026-26074 | EVerest: OCPP201 startup event_queue lock mismatch leads to std::map/std::queue data race | EVerest | everest-core | High | 7.0 | 2026-03-26 16:19:45 | Deep Dive |
| CVE-2026-26073 | EVerest: OCPP 1.6 heap corruption caused by lock-free insertion in event_queue | EVerest | everest-core | Medium | 5.9 | 2026-03-26 16:15:23 | Deep Dive |
| CVE-2026-26072 | EVerest has race-condition-induced std::map corruption in OCPP 1.6 evse_soc_map | EVerest | everest-core | Medium | 4.2 | 2026-03-26 14:50:15 | Deep Dive |
| CVE-2026-26071 | EVerest: OCPP 2.0.1 EVCCID Data Race Leads to Heap Use‑After‑Free | EVerest | everest-core | Medium | 4.2 | 2026-03-26 14:48:30 | Deep Dive |
| CVE-2026-26070 | EVerest: OCPP 2.0.1 EV SoC Update Race Causes Charge Point Crash | EVerest | everest-core | Medium | 4.6 | 2026-03-26 14:45:37 | Deep Dive |
| CVE-2026-26008 | EVerest has OOB via EVSE ID Indexing Mismatch in OCPP 2.0.1 UpdateAllowedEnergyTransferModes | EVerest | everest-core | High | 7.5 | 2026-03-26 14:43:42 | Deep Dive |
| CVE-2026-23995 | EVerest has stack buffer overflow in ifreq.ifr_name when interface name exceeds IFNAMSIZ | EVerest | everest-core | High | 8.4 | 2026-03-26 14:36:31 | Deep Dive |
| CVE-2026-22790 | EVerest's unchecked SLAC payload length causes stack overflow in HomeplugMessage::setup_payload | EVerest | everest-core | High | 8.8 | 2026-03-26 14:31:44 | Deep Dive |