Out-of-bounds vulnerability (CVSS 7.5)

Unsafe deserialization RCE (CVSS 7.5)

Edge3 Worker RPC RCE

XSS via unescaped reason phrase (CVSS 6.1)

Event loop blocking DoS via HTTPHeaders.add (CVSS 7.5)

Quadratic DoS via multipart parameters (CVSS 7.5)

Memory exhaustion DoS via Request.post() (CVSS 6.6)

Blocking CPU DoS via chunked messages (CVSS 6.6)

Cookie parser warning storm DoS (CVSS 6.5)

Denial of Service in virtio device emulation (CVSS 5.5)

Stack buffer overflow via vsnprintf (CVSS 4.8)

Heap buffer overflow via skipdata callback (CVSS 4.8)

Out-of-bounds write in GVCID managed parameters (CVSS 7.3)

Out-of-bounds read in AOS frame parsing (CVSS 7.5)

Race condition in state machine loop (CVSS 4.2)

Data race leading to std::map container corruption

Data race leading to concurrent access heap use-after-free

Data race leading to std::map<std::optional> corruption

Data race leading to std::queue corruption

Out-of-bounds read in energy transfer modes handling

Data race leading to std::map<std::queue> corruption

Use-after-free vulnerability from data race in plug-in events

Race condition memory corruption in context access (CVSS 8.2)

Timing flaw preventing session stop

Authorization bypass during RemoteStop processing

Logic flaw bypassing billing and safety controls

Stack-based buffer overflow via SLAC payloads

Stack-based buffer overflow in IsoMux certificate handling

Stack-based buffer overflow in CAN interface initialization

Bug Bounty Reward: 800€