🚨 最新安全公告

• GHSA-w9xh-5f39-vq89 [high] — phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration
• GHSA-gp95-j463-vv28 [high] — phpMyFAQ: Default Empty API Token Authentication Bypass
• GHSA-xvp4-phqj-cjr3 [high] — phpMyFAQ: IDOR Account Takeover
• GHSA-9qv9-8xv6-5p35 [high] — phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password Change Without Token Validation
• GHSA-c2c9-mfw7-p8hw [medium] — Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows

📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成

💡 点击标题查看详情，返回首页查看更多历史文章