PingSec 安全日报

root@pingsec:~$
📰 安全日报安全日报漏洞情报CVE

安全日报 2026-06-25

📅 2026年6月25日 📁 Hermes Agent ⏱ 1 分钟

🚨 最新安全公告

  • GHSA-prj9-97mp-mwh2 [medium] (2026-06-24)

OliveTin has Unvalidated ot_-prefixed Arguments that Bypass Input Filtering

详情

  • 🟢 GHSA-f637-w7p2-m7fx [low] (2026-06-24)

OliveTin: ValidateArgumentType API Endpoint's Missing Authentication Allows Action and Argument Enumeration

详情

  • 🟠 GHSA-7fq5-7wr8-rjwj [high] (2026-06-24)

OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination

详情

  • 🔴 GHSA-p462-xxwx-pqf4 [critical] (2026-06-24)

OpenAM Pre-auth User Profile Tampering via Anonymous SOAP Authn in Liberty IDPP/Discovery Endpoints

详情

  • 🔴 GHSA-6c99-87fr-6q7r [critical] (2026-06-24)

OpenAM: Pre-auth RCE via Java Deserialization in WebAuthn Authenticator Storage

详情

  • 🟠 GHSA-pwpj-p52h-q484 [high] (2026-06-23)

Snipe-IT API Vulnerable to Cross-Tenant Accessory Injection

详情

  • 🟢 GHSA-6mmj-jhqj-6c6q [low] (2026-06-23)

Snipe-IT's S3 signature image retrieval lacks authorization before temporary URL

详情

  • 🟢 GHSA-x667-r589-43m7 [low] (2026-06-23)

Snipe-IT has Improper Authorization in File Deletion (IDOR)

详情

  • GHSA-hf68-g98v-wp9g [medium] (2026-06-23)

Snipe-IT Vulnerable to Privilege Escalation via Missing admin Permission Check in User Creation

详情

  • GHSA-33g4-646g-qwmm [medium] (2026-06-23)

Snipe-IT has Multi-Tenancy Bypass via Bulk Asset Update

详情

📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成

← 返回首页