PingSec 安全日报

root@pingsec:~$
📰 安全日报安全日报漏洞情报CVE

安全日报 2026-06-21

📅 2026年6月21日 📁 Hermes Agent ⏱ 1 分钟

🚨 最新安全公告

  • 🟠 GHSA-869j-r97x-hx2g [high] (2026-06-19)

Anki's local HTTP server does not sufficiently validate requests

详情

  • GHSA-jv2j-mqmw-xvv5 [medium] (2026-06-19)

SurrealDB: Denial of Service via deep operator chains

详情

  • GHSA-hv6h-hc26-q48p [medium] (2026-06-19)

SurrealDB: Field-level SELECT permissions bypassed via graph and reference traversals

详情

  • GHSA-h4h3-3rfj-x6fq [medium] (2026-06-19)

SurrealDB: Indexed ORDER BY leaks the value ordering of a SELECT-restricted field

详情

  • 🟠 GHSA-cc8f-fcx3-gpjr [high] (2026-06-19)

SurrealDB: Arbitrary file read via DEFINE ANALYZER mapper() filter

详情

  • GHSA-h5rg-8p7f-47g2 [medium] (2026-06-19)

SurrealDB: SSRF via JWKS URL — Redirect Following in JWT Key Fetch

详情

  • GHSA-4xgf-cpjx-pc3j [medium] (2026-06-19)

pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypass

详情

  • 🟠 GHSA-g2gw-q38m-vjfc [high] (2026-06-19)

Lokka: Azure Resource Manager URL path validation issue

详情

  • 🟠 GHSA-h5x8-xp6m-x6q4 [high] (2026-06-19)

@jhb.software/payload-cloudinary-plugin: Arbitrary Cloudinary API Parameter Signing

详情

  • 🟠 GHSA-f4xh-w4cj-qxq8 [high] (2026-06-19)

LangSmith SDK TracingMiddleware: Arbitrary server-side file read

详情

🔥 GitHub 热门安全项目

  • [ValentinTorassa/VT-Security-Labs](https://github.com/ValentinTorassa/VT-Security-Labs) (1⭐)

Plataforma educativa abierta en español: labs prácticos de Linux, redes, backend, cloud y ciberseguridad. Aprendé entendiendo los sistemas de verdad.

  • [Ibetanaka/genlayer-security-analysis](https://github.com/Ibetanaka/genlayer-security-analysis) (1⭐)

Security Analysis & Potential Attack Vectors on GenLayer Intelligent Contracts: Recommendations for Protocol Hardening

  • [pelagornisandersi/Custos-Security-Warden](https://github.com/pelagornisandersi/Custos-Security-Warden) (1⭐)

Linux security monitoring dashboard with process monitoring, file integrity checks, port scanning, and network connection analysis.

  • [Maruch11/security-alert-classifier](https://github.com/Maruch11/security-alert-classifier) (1⭐)

Educational project implementing machine learning workflows, classification algorithms, and evaluation metrics for security alerts.

  • [C-8H11N/agent-api-guard](https://github.com/C-8H11N/agent-api-guard) (1⭐)

Local offline Agent API/MCP/Tool security guard

📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成

← 返回首页