core — Vulnerabilities & Security Advisories 67

All 67 CVE vulnerabilities found in core, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Paused
CVE-2025-31481	GraphQL query operations security can be bypassed CWE-863	7.5	High	2025-04-03
CVE-2023-47639	API Platform Core can leak exceptions message that may contain sensitive information CWE-209	5.3	Medium	2025-04-03
CVE-2025-23204	GraphQl securityAfterResolver not called CWE-20	4.4	Medium	2025-03-24
CVE-2025-25305	SSL validation for outgoing requests in Home Assistant Core and used libs not correct CWE-940	7.0	High	2025-02-18
CVE-2023-50715	User accounts disclosed to unauthenticated actors on the LAN CWE-200	4.3	Medium	2023-12-15
CVE-2023-41893	Account takeover via auth_callback login in Home Assistant Core CWE-200	4.3	Medium	2023-10-19
CVE-2023-41894	Local-only webhooks externally accessible via SniTun in Home Assistant Core CWE-669	5.3	Medium	2023-10-19
CVE-2023-41895	Cross-site Scripting via auth_callback login in Home Assistant Core CWE-79	8.8	High	2023-10-19
CVE-2023-41896	Fake websocket server installation permits full takeover in Home Assistant Core CWE-345	7.1	High	2023-10-19
CVE-2023-41897	Lack of XFO header allows clickjacking in Home Assistant Core CWE-1021	8.8	High	2023-10-19
CVE-2023-41899	Partial Server-Side Request Forgery in Home Assistant Core CWE-918	6.6	Medium	2023-10-19
CVE-2023-41898	Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android CWE-345	8.6	High	2023-10-19
CVE-2023-44385	Client-Side Request Forgery in Home Assistant iOS/macOS native Apps CWE-352	8.6	High	2023-10-19
CVE-2023-5256	Drupal core - Critical - Cache poisoning - SA-CORE-2023-006 CWE-200	9.1	-	2023-09-28
CVE-2022-25276	Drupal 跨站脚本漏洞	6.1	-	2023-04-26
CVE-2023-31250	Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005	6.5	-	2023-04-26
CVE-2022-25278	Drupal 访问控制错误漏洞	6.5	-	2023-04-26
CVE-2022-25277	Drupal 代码问题漏洞	8.2	-	2023-04-26
CVE-2022-25275	Drupal 安全漏洞	8.8	-	2023-04-26
CVE-2022-25273	Drupal core 输入验证错误漏洞	7.5	-	2023-04-26
CVE-2022-25274	Drupal 安全漏洞	8.1	-	2023-04-26
CVE-2023-27482	Home Assistant 授权问题漏洞 CWE-287	10.0	Critical	2023-03-08
CVE-2023-25575	Secured properties in API Platform Core may be accessible within collections CWE-842	7.7	High	2023-02-28
CVE-2022-25270	Drupal 访问控制错误漏洞	6.5	-	2022-02-16
CVE-2022-25271	Drupal 输入验证错误漏洞 CWE-20	7.5	-	2022-02-16
CVE-2020-13677	Drupal 安全漏洞 CWE-284	5.9	-	2022-02-11
CVE-2020-13676	Drupal 访问控制错误漏洞 CWE-284	6.5	-	2022-02-11
CVE-2020-13670	Drupal core 信息泄露漏洞	7.5	-	2022-02-11
CVE-2020-13674	Drupal QuickEdit module 跨站请求伪造漏洞 CWE-352	6.5	-	2022-02-11
CVE-2020-13675	Drupal 代码问题漏洞 CWE-284	9.1	-	2022-02-11

All 67 known CVE vulnerabilities affecting core with full Chinese analysis, references, and POCs where available.

Support Us — Your donation helps us keep running

core — Vulnerabilities & Security Advisories 67