Everest Everest-core
31 CVEs affecting Everest Everest-core. Latest disclosed: 2026-03-26. Critical: 1, High: 11.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-37310 | Critical | 9.1 | 2024-07-10 | EVerest is an EV charging software stack. An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote atta… |
CVE-2026-22790 | High | 8.8 | 2026-03-26 | EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the ch… |
CVE-2026-23995 | High | 8.4 | 2026-03-26 | EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name lo… |
CVE-2026-22593 | High | 8.4 | 2026-03-26 | EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer o… |
CVE-2025-68137 | High | 8.4 | 2026-01-21 | EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer le… |
CVE-2026-33009 | High | 8.2 | 2026-03-26 | EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memory corruption). This is triggered by an… |
CVE-2026-26008 | High | 7.5 | 2026-03-26 | EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (std::vector) that leads to possible remote crash/memory cor… |
CVE-2025-68141 | High | 7.4 | 2026-01-21 | EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well… |
CVE-2025-68136 | High | 7.4 | 2026-01-21 | EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like `Sessi… |
CVE-2025-68134 | High | 7.4 | 2026-01-21 | EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` function to handle errors frequently causes the module to crash… |
CVE-2025-68133 | High | 7.4 | 2026-01-21 | EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to termina… |
CVE-2026-26074 | High | 7.0 | 2026-03-26 | EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::map<std::queue>` corruption. The trigger is CS… |
CVE-2025-68135 | Medium | 6.5 | 2026-01-21 | EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the `TbdController` loop, leading to i… |
CVE-2026-26073 | Medium | 5.9 | 2026-03-26 | EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::queue`/`std::deque` corruption. The trigger is… |
CVE-2026-27813 | Medium | 5.3 | 2026-03-26 | EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RF… |
CVE-2026-33015 | Medium | 5.2 | 2026-03-26 | EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop (StopTransaction), the EVSE can return… |
CVE-2026-33014 | Medium | 5.2 | 2026-03-26 | EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorization response restores `authorized` back… |
CVE-2026-29044 | Medium | 5.0 | 2026-03-26 | EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler… |
CVE-2025-68138 | Medium | 4.7 | 2026-01-21 | EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, po… |
CVE-2026-26070 | Medium | 4.6 | 2026-03-26 | EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map<std::optional>` concurrent access (container/option… |