This vulnerability in the Signal Level Attenuation Characterization (SLAC) protocol allows attackers to conduct man-in-the-middle attacks against electric vehicles and ISO 15118-2 compliant chargers by injecting spoofed signal level measurements. An attacker within close electromagnetic proximity can intercept and manipulate the wireless communication between EVs and chargers, potentially compromising the confidentiality and integrity of charging transactions. While the CVSS score of 6.3 indicates medium severity with low complexity exploitation, the EPSS score of 0.03% (6th percentile) suggests minimal real-world exploitation likelihood despite the critical nature of EV charging infrastructure.
Stack-based buffer overflow in QEMU's e1000 network device emulation allows local guest users to crash the QEMU process via crafted short frames in loopback mode, causing denial of service on the host. The vulnerability exists in the e1000_receive_iov() function where frame padding logic was removed from the device layer but loopback mode still processes short frames unsafely. No public exploit code or active exploitation in KEV has been reported at time of analysis.
Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard bardwp allows Cross Site Request Forgery.This issue affects Bard: from n/a through <= 1.6.
Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce wt-smart-coupons-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Coupons for WooCommerce: from n/a through <= 2.2.3.
Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner advanced-database-cleaner allows Cross Site Request Forgery.This issue affects Advanced Database Cleaner: from n/a through <= 3.1.6.