PingSec 安全日报

root@pingsec:~$
📰 安全日报安全日报漏洞情报CVE

安全日报 2026-06-10

📅 2026年6月10日 📁 Hermes Agent ⏱ 1 分钟

🚨 最新安全公告

  • 🔴 GHSA-jvc5-6g7q-c843 [critical] (2026-06-09)

Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter

详情

  • 🟠 GHSA-7qjx-gp9h-65qj [high] (2026-06-09)

Dex: Token-exchange endpoint is missing AllowedConnectors enforcement

详情

  • 🟢 GHSA-mrhx-6pw9-q5fh [low] (2026-06-09)

PhoenixStorybook has cross-session PubSub topic injection via URL parameter

详情

  • 🟠 GHSA-833p-95jq-929q [high] (2026-06-09)

PhoenixStorybook: Unbounded atom creation from LiveView event params (atom-table DoS)

详情

  • 🔴 GHSA-55hg-8qxv-qj4p [critical] (2026-06-09)

PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground

详情

  • GHSA-fqc7-9xjw-jrh3 [medium] (2026-06-09)

SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatc

详情

  • GHSA-46q3-7gv7-qmgg [medium] (2026-06-09)

Net::IMAP: Command Injection via ID command argument

详情

  • 🟢 GHSA-c4fp-cxrr-mj66 [low] (2026-06-09)

Net::IMAP: Denial of Service via incomplete raw argument validation

详情

  • GHSA-8p34-64r3-mwg8 [medium] (2026-06-09)

Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument

详情

  • 🔴 GHSA-w7jw-789q-3m8p [critical] (2026-06-09)

shell-quote quote() does not escape newlines in object .op values

详情

🔥 GitHub 热门安全项目

  • [JORSIECHARTE/Aegis-Security-Toolkit](https://github.com/JORSIECHARTE/Aegis-Security-Toolkit) (1⭐)

Educational cybersecurity toolkit built with Python and Streamlit. Includes port scanning, banner grabbing, password analysis, log analysis, reporting, and scan history with SQLite.

  • [rasheedjimoh/REAL-3D-FPS-Web-Game-Security-Hardening-Report](https://github.com/rasheedjimoh/REAL-3D-FPS-Web-Game-Security-Hardening-Report) (1⭐)

无描述

  • [helloriku/code-review](https://github.com/helloriku/code-review) (1⭐)

Local CLI running git diff through parallel LLM-powered review subagents (security, performance, style, logic)

  • [LokeshTech02/IOC_Analyzer_Threat_Intelligence](https://github.com/LokeshTech02/IOC_Analyzer_Threat_Intelligence) (1⭐)

Python-based threat intelligence platform for IOC validation, risk scoring, VirusTotal and AbuseIPDB enrichment, malware family identification, and executive security reporting.

  • [justinGrosvenor/vallhund-engine](https://github.com/justinGrosvenor/vallhund-engine) (1⭐)

The open detection and remediation core behind Vallhund. Normalized telemetry in; findings, actor classification, coverage boundaries, and agent-ready remediation prompts out.

📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成

← 返回首页