Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

everest-core — Vulnerabilities & Security Advisories 31

All 31 CVE vulnerabilities found in everest-core, with AI-generated Chinese analysis, references, and POCs.

Vendor: EVerest

CVE IDTitleCVSSSeverityPublished
CVE-2026-33015 EVerest has RemoteStop Bypass via BCB Toggle Session Restart CWE-863 5.2 Medium2026-03-26
CVE-2026-33014 EVerest has Delayed Authorization Response Bypasses Termination After RemoteStop CWE-863 5.2 Medium2026-03-26
CVE-2026-33009 EVerest: MQTT Switch-Phases Command Data Race Causing Charger State Corruptio CWE-362 8.2 High2026-03-26
CVE-2026-29044 EVerest: Charging Continues When WithdrawAuthorization Is Processed Before TransactionStarted CWE-863 5.0 Medium2026-03-26
CVE-2026-27828 EVerest: ISO15118 session_setup use-after-free can crash EVSE process CWE-416 7.5 -2026-03-26
CVE-2026-27816 EVerest's ISO15118 update_energy_transfer_modes overflow can corrupt EVSE state CWE-787 8.2 -2026-03-26
CVE-2026-27815 EVerest: ISO15118 session_setup payment options overflow can corrupt EVSE state CWE-787 8.2 -2026-03-26
CVE-2026-27814 EVerest EvseManager phase-switch path has unsynchronized shared-state access race condition CWE-362 4.2 Medium2026-03-26
CVE-2026-27813 EVerest has use-after-free in auth timeout timer via race condition CWE-416 5.3 Medium2026-03-26
CVE-2026-26074 EVerest: OCPP201 startup event_queue lock mismatch leads to std::map/std::queue data race CWE-362 7.0 High2026-03-26
CVE-2026-26073 EVerest: OCPP 1.6 heap corruption caused by lock-free insertion in event_queue CWE-122 5.9 Medium2026-03-26
CVE-2026-26072 EVerest has race-condition-induced std::map corruption in OCPP 1.6 evse_soc_map CWE-362 4.2 Medium2026-03-26
CVE-2026-26071 EVerest: OCPP 2.0.1 EVCCID Data Race Leads to Heap Use‑After‑Free CWE-362 4.2 Medium2026-03-26
CVE-2026-26070 EVerest: OCPP 2.0.1 EV SoC Update Race Causes Charge Point Crash CWE-362 4.6 Medium2026-03-26
CVE-2026-26008 EVerest has OOB via EVSE ID Indexing Mismatch in OCPP 2.0.1 UpdateAllowedEnergyTransferModes CWE-125 7.5 High2026-03-26
CVE-2026-23995 EVerest has stack buffer overflow in ifreq.ifr_name when interface name exceeds IFNAMSIZ CWE-121 8.4 High2026-03-26
CVE-2026-22790 EVerest's unchecked SLAC payload length causes stack overflow in HomeplugMessage::setup_payload CWE-121 8.8 High2026-03-26
CVE-2026-22593 EVerest has off-by-one stack buffer overflow in IsoMux certificate filename parsing CWE-193 8.4 High2026-03-26
CVE-2026-24003 EvseV2G has sequence state validation bypass CWE-287 4.3 Medium2026-01-26
CVE-2025-68141 EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization CWE-476 7.4 High2026-01-21
CVE-2025-68140 EVerest allows null session ID to bypass session ID verification CWE-863 4.3 Medium2026-01-21
CVE-2025-68139 In EVerest, by default, the EV is responsible for closing the connection if the module encounters an error during request processing CWE-384 4.3 Medium2026-01-21
CVE-2025-68138 EVerest affected by memory exhaustion in libocpp CWE-770 4.7 Medium2026-01-21
CVE-2026-23955 EVerest vulnerable to concatenation of strings literal and integers CWE-1046 4.2 Medium2026-01-21
CVE-2025-68137 EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stack buffer overflow or infinite loop CWE-120 8.4 High2026-01-21
CVE-2025-68136 EVerest's inadequate session handling can lead to memory-related errors or exhaustion of the operating system’s file descriptors, resulting in a denial of service CWE-770 7.4 High2026-01-21
CVE-2025-68135 EVerest's inadequate exception handling leads to denial of service CWE-703 6.5 Medium2026-01-21
CVE-2025-68134 EVerest's use of assert functions can potentially lead to denial of service CWE-20 7.4 High2026-01-21
CVE-2025-68132 EVerest has out-of-bounds read in DZG_GSH01 SLIP CRC parser that can crash powermeter driver CWE-125 9.1AICriticalAI2026-01-21
CVE-2025-68133 EVerest's unlimited connections can lead to DoS through operating system resource exhaustion CWE-770 7.4 High2026-01-21

All 31 known CVE vulnerabilities affecting everest-core with full Chinese analysis, references, and POCs where available.