{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T06:05:31.987","vulnerabilities":[{"cve":{"id":"CVE-2026-23955","sourceIdentifier":"security-advisories@github.com","published":"2026-01-21T20:16:12.517","lastModified":"2026-02-06T21:21:59.107","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be used by malicious operator to read unintended memory regions, including the heap and the stack. Version 2025.9.0 fixes the issue."},{"lang":"es","value":"EVerest es una pila de software de carga de VE. Antes de la versión 2025.9.0, en varios lugares, los valores enteros se concatenan a cadenas literales al lanzar errores. Esto resulta en aritmética de punteros en lugar de imprimir el valor entero como se espera, como la mayoría de los lenguajes interpretados. Esto puede ser utilizado por un operador malicioso para leer regiones de memoria no intencionadas, incluyendo el montón y la pila. La versión 2025.9.0 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.6,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-1046"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linuxfoundation:everest:*:*:*:*:*:*:*:*","versionEndExcluding":"2025.9.0","matchCriteriaId":"B1D746C7-49D6-43DE-90B2-C79F58ADB9B7"}]}]}],"references":[{"url":"https://github.com/EVerest/everest-core/security/advisories/GHSA-px57-jx97-hrff","source":"security-advisories@github.com","tags":["Vendor Advisory","Exploit"]}]}}]}