PingSec 安全日报

root@pingsec:~$
📰 安全日报安全日报漏洞情报CVE

安全日报 2026-07-11

📅 2026年7月11日 📁 Hermes Agent ⏱ 1 分钟

🚨 最新安全公告

  • 🔴 GHSA-g936-7jqj-mwv8 [critical] (2026-07-10)

TSDProxy: Internal proxy auth token forwarded to backend services enables management API escalation

详情

  • 🟠 GHSA-fpg8-7664-jc5q [high] (2026-07-10)

melange: Incomplete package integrity verification allows data section substitution

详情

  • GHSA-48rx-c7pg-q66r [medium] (2026-07-10)

Excon does not redact additional sensitive/risky headers when following redirects

详情

  • 🟠 GHSA-h4g2-xfmw-q2c9 [high] (2026-07-10)

Clauster: Non-loopback deployments can serve the dashboard unauthenticated when auth.enabled is unset

详情

  • GHSA-rqq5-2gf9-4w4q [medium] (2026-07-10)

Secure Headers: CSP directive injection via sandbox, plugin_types, and report_to when given untrusted input

详情

  • 🔴 GHSA-56mp-4f3v-fgj2 [critical] (2026-07-10)

SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content

详情

  • 🔴 GHSA-m5f5-28qr-9g9r [critical] (2026-07-10)

prestashop/ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE

详情

  • 🔴 GHSA-5xfx-xj4h-5p7r [critical] (2026-07-10)

SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()

详情

  • 🟠 GHSA-g5r6-gv6m-f5jv [high] (2026-07-10)

mcp-atlassian: Arbitrary file read via missing path validation in confluence_upload_attachment

详情

  • 🟠 GHSA-wm45-qh3g-v83f [high] (2026-07-10)

mcp-atlassian: Arbitrary server-side file read via attachment upload

详情


📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成

← 返回首页