Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

Core — Vulnerabilities & Security Advisories 84

All 84 CVE vulnerabilities found in Core, with AI-generated Chinese analysis, references, and POCs.

This page serves as the vulnerability aggregation hub for the core product, focusing on Common Vulnerabilities and Exposures associated with this specific software component. It collects detailed information on various security weaknesses, including but not limited to remote code execution, privilege escalation, and information disclosure flaws that have been identified within the system architecture. The data encompasses vulnerabilities reported over a comprehensive historical timeframe, allowing users to trace the evolution of security issues from initial discovery through to remediation. By accessing this centralized resource, readers can effectively track vendor advisories and monitor the status of disclosed security patches as they are released. Users are also able to gain a deeper understanding of specific weakness classes by analyzing common patterns and root causes across multiple incidents. Furthermore, this page provides a clear view of the product's vulnerability history, enabling security analysts to assess long-term trends and the overall security posture of the core product. This structured approach facilitates efficient risk management by consolidating disparate reports into a single, accessible location. The information is presented to support informed decision-making regarding updates, patches, and mitigation strategies without requiring users to search through multiple disparate sources. All entries are categorized to help users quickly locate relevant data based on severity, impact, or specific vulnerability types.

Vendor: Drupal

CVE IDTitleCVSSSeverityPublished
CVE-2026-54318 Home Assistant: Exported BroadcastReceiver allows local apps to spoof device location CWE-926 7.1 High2026-06-23
CVE-2026-54317 Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN CWE-200 7.6 High2026-06-23
CVE-2024-14036 Dräger Core 1.0.5 Denial of Service via Malformed SDC Message CWE-400 7.5 High2026-06-02
CVE-2026-44698 Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection CWE-94 8.3 High2026-05-29
CVE-2026-44473 Ella Core: UE Downlink Redirection via Forged PDUSessionResourceSetupResponse CWE-358 7.1 High2026-05-27
CVE-2026-44475 Ella Core: UE Security Capability bypass on NGAP PathSwitchRequest CWE-358 6.1 Medium2026-05-27
CVE-2026-44474 Ella Core: Handover failures during concurrent Security Mode Command CWE-358 3.7 Low2026-05-27
CVE-2026-45158 OPNsense: Command Injection via Attacker-Controlled DHCP Config CWE-88 9.1 Critical2026-05-13
CVE-2026-44194 OPNsense: RCE on user managment CWE-78 9.1 Critical2026-05-13
CVE-2026-44195 OPNsense: Authentication lockout bypass CWE-307 5.3 Medium2026-05-13
CVE-2026-44193 OPNsense: RCE via XMLRPC endpoint using `opnsense.restore_config_section` method CWE-88 9.1 Critical2026-05-13
CVE-2026-42552 Flight: Sensitive information disclosure via default error handler in flightphp/core CWE-209 7.5 High2026-05-13
CVE-2026-42551 Flight: HTTP method override enabled by default enables CSRF escalation and middleware bypass in flightphp/core CWE-436 7.5 High2026-05-13
CVE-2026-42550 Flight: SQL Injection via unvalidated identifiers in SimplePdo::insert / update / delete CWE-89 8.8 High2026-05-13
CVE-2026-42549 Flight: Path traversal in `make:controller` CLI creates arbitrary directories outside project root CWE-22 4.4 Medium2026-05-13
CVE-2026-42548 Flight: Reflected XSS via unvalidated JSONP callback in Flight::jsonp() CWE-79--2026-05-13
CVE-2026-42278 UltraDAG: Smart Account Spending Policy Bypass via Pockets CWE-284 7.5AIHighAI2026-05-08
CVE-2026-40583 UltraDAG: SmartOp Vote Path Triggers Fatal Supply Invariant Halt CWE-460 9.1AICriticalAI2026-04-21
CVE-2026-34578 OPNsense has an LDAP Injection via Unsanitized Username in Authentication CWE-90 8.2 High2026-04-09
CVE-2026-34762 Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber CWE-20 2.7 Low2026-04-02
CVE-2026-34761 Ella Core Panics Upon NGAP handover failure CWE-476 5.8 Medium2026-04-02
CVE-2026-33907 Ella Core Panics during NAS Authentication Response/Failure with missing IEs CWE-476 6.5 Medium2026-03-27
CVE-2026-33906 Ella Core has Privilege Escalation via Database Restore by NetworkManager role CWE-269 7.2 High2026-03-27
CVE-2026-33904 Ella Core has a Denial of Service via SCTP connection cleanup deadlock CWE-833 6.5 Medium2026-03-27
CVE-2026-33903 Ella Core panics when processing a crafted NGAP LocationReport message CWE-476 6.5 Medium2026-03-27
CVE-2026-33045 Home Assistant has stored XSS in history-graphs CWE-79 6.1 -2026-03-27
CVE-2026-33044 Home Assistant has stored XSS in Map-card through malicious device name CWE-79 5.4 -2026-03-27
CVE-2026-23514 Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management CWE-282 8.8 High2026-03-25
CVE-2026-33283 Ella Core panics on malformed ULNASTransport Message without a Request Type CWE-476 6.5 Medium2026-03-23
CVE-2026-33282 Ella Core panics on malformed NGAP Location Report CWE-476 7.5 High2026-03-23

All 84 known CVE vulnerabilities affecting Core with full Chinese analysis, references, and POCs where available.