Critical
CVSS: 9.3
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without…
Medium
CVSS: 5.2
EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop (StopTransaction), the EVSE can return to `PrepareCharging` via the EV's BCB toggle, allowing session restart. This brea…
Medium
CVSS: 5.2
EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorization response restores `authorized` back to true, defeating the `stop_transaction()` call condition on PowerOff events. A…
High
CVSS: 8.2
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memory corruption). This is triggered by an MQTT `everest_external/nodered/{connector}/cmd/switch_three_phases_while_chargin…
Medium
CVSS: 5.0
EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines `transaction_active=false` and only calls `withdraw_authorization_call…
Medium
CVSS: 5.5
EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address). The EVSE process ca…
Medium
CVSS: 5.5
EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_transfer_modes copies a variable-length list into a fixed-size array of length 6 without bounds checking. With schema valid…
Medium
CVSS: 5.5
EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 without bounds checking. With schema vali…
Medium
CVSS: 4.2
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race (C++ UB) triggered by an A 1-phase ↔ 3-phase switch request (`ac_switch_three_phases_while_charging`) during charging/waiting executes concurrently with…
Medium
CVSS: 5.3
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events (or delayed authorization response). Ver…
High
CVSS: 7.0
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::map` corruption. The trigger is CSMS GetLog/UpdateFirmware request (network) with an EVSE fault event (physical). This results…
Medium
CVSS: 5.9
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::queue`/`std::deque` corruption. The trigger is powermeter public key update and EV session/error events (while OCPP not started…
Medium
CVSS: 4.2
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map` concurrent access (container/optional corruption possible). The trigger is EV SoC update with powermeter periodic update and unplug…
Medium
CVSS: 4.2
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::string` concurrent access. with heap-use-after-free possible. This is triggered by EVCCID update (EV/ISO15118) and OCPP session/authoriz…
Medium
CVSS: 4.6
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map` concurrent access (container/optional corruption possible). The trigger is an EV SoC update with powermeter periodic update and unp…
High
CVSS: 7.5
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (std::vector) that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the…
High
CVSS: 8.4
EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN open routines overflows `ifreq.ifr_name`, corrupti…
High
CVSS: 8.8
EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payloads are `memcpy`'d into a ~1497-byte stack…
High
CVSS: 8.4
EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length equals `MAX_FILE_NAME_LENGTH` (100). A crafted fil…
Medium
CVSS: 4.3
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message tracing headers can indicate that the tra…