PingSec 安全日报

root@pingsec:~$
📰 安全日报安全日报漏洞情报CVE

安全日报 2026-07-08

📅 2026年7月8日 📁 Hermes Agent ⏱ 1 分钟

🚨 最新安全公告

  • GHSA-vmfc-9982-2m45 [medium] (2026-07-07)

Weblate SSRF: outbound URL guard misses some private ranges

详情

  • GHSA-2jcc-mxv7-p3f9 [medium] (2026-07-07)

oasdiff does not enforce --allow-external-refs=false on the git-revision load path (SSRF / local file read)

详情

  • GHSA-6w3m-4hhp-775q [medium] (2026-07-07)

KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping

详情

  • GHSA-f66q-9rf6-8795 [medium] (2026-07-07)

Flask-Security-Too: WebAuthn reauthentication freshness bypass via cross-user assertion

详情

  • 🟠 GHSA-4g5x-hcwm-82jw [high] (2026-07-07)

Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise

详情

  • 🔴 GHSA-26rh-24rg-j3vv [critical] (2026-07-07)

Goploy: Cross-namespace IDOR and RCE via body-supplied row id in project and project_file handlers

详情

  • GHSA-q855-8rh5-jfgq [medium] (2026-07-07)

ha-mcp: Add-on settings and policy routes are reachable without authentication at the bare root path

详情

  • 🟢 GHSA-cwv4-h3j5-w3cf [low] (2026-07-07)

rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path

详情

  • GHSA-v3q9-hj7j-63hq [medium] (2026-07-07)

aiosmtplib vulnerable to SMTP command injection via CR/LF in sender/recipient address

详情

  • GHSA-gvhc-wv3v-7pf8 [medium] (2026-07-07)

Kite has an authenticated cluster RBAC bypass in /api/v1/overview

详情


📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成

← 返回首页