Core
This hub aggregates every CVE we track for Core, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
95
CVEs tracked
14
Critical
41
High
2
In CISA KEV
Severity distribution
HIGH41MEDIUM38CRITICAL14LOW2
Monthly trend
0
0
0
0
0
0
1
1
3
0
0
0
0
1
2
0
0
1
4
17
5
12
4
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Core.
- CVE-2026-55844Home Assistant: iOS Companion App ignores internal SSID allowlist for connections – possible leak of access token and sensor data7.5
- CVE-2026-54318Home Assistant: Exported BroadcastReceiver allows local apps to spoof device location7.1
- CVE-2026-54317Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN7.6
- CVE-2024-14036Dräger Core 1.0.5 Denial of Service via Malformed SDC Message7.5
- CVE-2026-44698Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection8.3
- CVE-2026-44473Ella Core: UE Downlink Redirection via Forged PDUSessionResourceSetupResponse7.1
- CVE-2026-44475Ella Core: UE Security Capability bypass on NGAP PathSwitchRequest6.1
- CVE-2026-44474Ella Core: Handover failures during concurrent Security Mode Command3.7
- CVE-2026-45158OPNsense: Command Injection via Attacker-Controlled DHCP Config9.1
- CVE-2026-44194OPNsense: RCE on user managment9.1
- CVE-2026-44195OPNsense: Authentication lockout bypass5.3
- CVE-2026-44193OPNsense: RCE via XMLRPC endpoint using `opnsense.restore_config_section` method9.1
- CVE-2026-42552Flight: Sensitive information disclosure via default error handler in flightphp/core7.5
- CVE-2026-42551Flight: HTTP method override enabled by default enables CSRF escalation and middleware bypass in flightphp/core7.5
- CVE-2026-42550Flight: SQL Injection via unvalidated identifiers in SimplePdo::insert / update / delete8.8
Product normalization is registry-driven with AI assist and human review. How it works