PingSec 安全日报

root@pingsec:~$
📰 安全日报安全日报漏洞情报CVE

安全日报 2026-07-17

📅 2026年7月17日 📁 Hermes Agent ⏱ 1 分钟

🚨 最新安全公告

  • 🟠 GHSA-x8mg-6r4p-87pf [high] (2026-07-16)

ArcadeDB has cross-database IDOR: /ts/, /batch/, Prometheus and Grafana handlers bypass authorization

详情

  • 🟠 GHSA-vwjc-v7x7-cm6g [high] (2026-07-16)

ArcadeDB: Scripting authorization gate (GHSA-48qw-824m-86pr) bypassed via SQL DEFINE FUNCTION ... LANGUAGE js

详情

  • 🟠 GHSA-x9f9-r4m8-9xc2 [high] (2026-07-16)

ArcadeDB: Trigger scripts run with java.lang.* allowed, enabling OS command execution (RCE)

详情

  • 🟠 GHSA-vj7q-gjh5-988w [high] (2026-07-16)

MCP Python SDK: WebSocket server transport does not support Host/Origin validation

详情

  • 🟠 GHSA-48qw-824m-86pr [high] (2026-07-16)

ArcadeDB: Privilege escalation via reader role in /api/v1/command JS scripting language — arbitrary host file read

详情

  • 🔴 GHSA-p4h7-p9rj-2pq2 [critical] (2026-07-16)

Pheditor: Hardcoded default password 'admin' with no forced change enables full application compromise

详情

  • 🟠 GHSA-wg4w-wr5q-6vjc [high] (2026-07-16)

Pheditor: Incomplete command sanitization in terminal feature allows RCE via pipe operator, backtick substitution, and n

详情

  • GHSA-wvmp-6r4v-j6cv [medium] (2026-07-16)

kuma-dp connects to control plane without verifying TLS certificate when no CA is configured

详情

  • 🟠 GHSA-vg6x-6pg9-6qwg [high] (2026-07-16)

ArcadeDB: Read-only users can mutate database schema (incomplete fix of CVE-2026-44221)

详情

  • 🟠 GHSA-8w86-m9h8-hvqg [high] (2026-07-16)

ArcadeDB: IMPORT DATABASE allows SSRF and arbitrary local file read by authenticated users

详情

🔥 GitHub 热门安全项目

  • [nosword-fish/CIP-voice-assistant](https://github.com/nosword-fish/CIP-voice-assistant) (0⭐)

Voice-activated AI assistant (local STT/TTS + Gemini API) with sandboxed security tooling — firewall/Defender checks, network anomaly flags, and process auditing, all via an explicit function allowlist.


📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成

← 返回首页