Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

core — Vulnerabilities & Security Advisories 67

All 67 CVE vulnerabilities found in core, with AI-generated Chinese analysis, references, and POCs.

Vendor: Drupal

CVE IDTitleCVSSSeverityPaused
CVE-2026-40583 UltraDAG: SmartOp Vote Path Triggers Fatal Supply Invariant Halt CWE-460 9.1AICriticalAI2026-04-21
CVE-2026-34578 OPNsense has an LDAP Injection via Unsanitized Username in Authentication CWE-90 8.2 High2026-04-09
CVE-2026-34762 Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber CWE-20 2.7 Low2026-04-02
CVE-2026-34761 Ella Core Panics Upon NGAP handover failure CWE-476 5.8 Medium2026-04-02
CVE-2026-33907 Ella Core Panics during NAS Authentication Response/Failure with missing IEs CWE-476 6.5 Medium2026-03-27
CVE-2026-33906 Ella Core has Privilege Escalation via Database Restore by NetworkManager role CWE-269 7.2 High2026-03-27
CVE-2026-33904 Ella Core has a Denial of Service via SCTP connection cleanup deadlock CWE-833 6.5 Medium2026-03-27
CVE-2026-33903 Ella Core panics when processing a crafted NGAP LocationReport message CWE-476 6.5 Medium2026-03-27
CVE-2026-33045 Home Assistant has stored XSS in history-graphs CWE-79 6.1 -2026-03-27
CVE-2026-33044 Home Assistant has stored XSS in Map-card through malicious device name CWE-79 5.4 -2026-03-27
CVE-2026-23514 Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management CWE-282 8.8 High2026-03-25
CVE-2026-33283 Ella Core panics on malformed ULNASTransport Message without a Request Type CWE-476 6.5 Medium2026-03-23
CVE-2026-33282 Ella Core panics on malformed NGAP Location Report CWE-476 7.5 High2026-03-23
CVE-2026-33281 Ella Core panics on invalid PDU Session IDs in NGAP messages CWE-129 6.5 Medium2026-03-23
CVE-2026-32320 Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings CWE-125 6.5 Medium2026-03-12
CVE-2026-32319 Ella Core: Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload CWE-125 7.5 High2026-03-12
CVE-2026-31889 Shopware has a potential take over of app credentials CWE-290 8.9 High2026-03-11
CVE-2026-31888 Shopware has user enumeration via distinct error codes on Store API login endpoint CWE-204 5.3 Medium2026-03-11
CVE-2026-31887 Shopware unauthenticated data extraction possible through store-api.order endpoint CWE-863 9.1AICriticalAI2026-03-11
CVE-2026-30868 Cross-Site Request Forgery (CSRF) in opnsense/core CWE-352 6.3 Medium2026-03-11
CVE-2026-27621 TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload CWE-79 5.4AIMediumAI2026-02-25
CVE-2026-25577 Emmett has an Unhandled CookieError Exception Causing Denial of Service CWE-248 7.5 High2026-02-10
CVE-2026-25762 AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection CWE-400 7.5 High2026-02-06
CVE-2026-25754 AdonisJS multipart body parsing has Prototype Pollution issue CWE-1321 7.2 High2026-02-06
CVE-2026-21440 AdonisJS Path Traversal in Multipart File Handling CWE-22 7.5 -2026-01-02
CVE-2025-62370 Alloy Core has a DoS vulnerability on `alloy_dyn_abi::TypedData` hashing CWE-248 7.5 High2025-10-15
CVE-2025-59429 FreePBX core module vulnerable to reflected cross-site scripting via Asterisk HTTP Status page CWE-79 6.1AIMediumAI2025-10-14
CVE-2025-62172 Home Assistant vulnerable to Stored XSS in Energy dashboard from Energy Entity Name CWE-80 5.4AIMediumAI2025-10-14
CVE-2014-125127 Denial of Service (DoS) vulnerability in mikecao/flight CWE-770 7.5 High2025-09-03
CVE-2025-31485 GraphQL grant on a property might be cached with different objects CWE-696 7.5 High2025-04-03

All 67 known CVE vulnerabilities affecting core with full Chinese analysis, references, and POCs where available.