Core

This hub aggregates every CVE we track for Core, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Core.

• CVE-2024-14036Dräger Core 1.0.5 Denial of Service via Malformed SDC Message7.5Jun 2, 2026
• CVE-2026-44698Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection8.3May 29, 2026
• CVE-2026-44473Ella Core: UE Downlink Redirection via Forged PDUSessionResourceSetupResponse7.1May 27, 2026
• CVE-2026-44475Ella Core: UE Security Capability bypass on NGAP PathSwitchRequest6.1May 27, 2026
• CVE-2026-44474Ella Core: Handover failures during concurrent Security Mode Command3.7May 27, 2026
• CVE-2026-45158OPNsense: Command Injection via Attacker-Controlled DHCP Config9.1May 13, 2026
• CVE-2026-44194OPNsense: RCE on user managment9.1May 13, 2026
• CVE-2026-44195OPNsense: Authentication lockout bypass5.3May 13, 2026
• CVE-2026-44193OPNsense: RCE via XMLRPC endpoint using `opnsense.restore_config_section` method9.1May 13, 2026
• CVE-2026-42552Flight: Sensitive information disclosure via default error handler in flightphp/core7.5May 13, 2026
• CVE-2026-42551Flight: HTTP method override enabled by default enables CSRF escalation and middleware bypass in flightphp/core7.5May 13, 2026
• CVE-2026-42550Flight: SQL Injection via unvalidated identifiers in SimplePdo::insert / update / delete8.8May 13, 2026
• CVE-2026-42549Flight: Path traversal in `make:controller` CLI creates arbitrary directories outside project root4.4May 13, 2026
• CVE-2026-40583UltraDAG: SmartOp Vote Path Triggers Fatal Supply Invariant Halt8.2Apr 21, 2026
• CVE-2026-40255@adonisjs/http-server has an Open Redirect vulnerability6.1Apr 16, 2026