🚨 最新安全公告
- 🟢 GHSA-pmfc-4wjj-gmhx [low] (2026-07-06)
cut: -s ignored in -z -d '' newline-delimiter mode
- 🟢 GHSA-r9hw-mj3w-phcq [low] (2026-07-06)
mknod: Device nodes created mislabeled on SELinux, with broken cleanup (remove_dir on a node)
- 🟠 GHSA-pmf6-rcx4-v53v [high] (2026-07-06)
mkfifo: permissions of an existing file are changed after FIFO creation fails
- 🟠 GHSA-qrwj-vh9x-gw5v [high] (2026-07-06)
Coder's workspace agent API insecure redirect handling allowed cross-agent file read and write
- 🟠 GHSA-cgfv-jrfp-2r7v [high] (2026-07-06)
OpenRemote has Authenticated SQL Injection via Datapoint Crosstab Export
- 🟢 GHSA-473p-56xx-vg67 [low] (2026-07-06)
Kiwi TCMS vulnerable to stored XSS via JavaScript: URI in extra_link field (TestPlan & TestCase)
- 🟠 GHSA-7cfm-pqrj-xgq7 [high] (2026-07-06)
9router: Login brute-force protection bypass via spoofed X-Forwarded-For header
- 🔴 GHSA-qvfm-67h2-2qfx [critical] (2026-07-06)
9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Thef
- 🟠 GHSA-f74w-488g-8x5r [high] (2026-07-06)
Craft CMS: Potential authenticated Remote Code Execution via referrer redirect
- ⚪ GHSA-xrqc-p465-2xvg [medium] (2026-07-06)
Craft CMS: Stored XSS via Structure entry title in table view
📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成