PingSec 安全日报

root@pingsec:~$
📰 安全日报安全日报漏洞情报CVE

安全日报 2026-06-18

📅 2026年6月18日 📁 Hermes Agent ⏱ 1 分钟

🚨 最新安全公告

  • GHSA-hhpq-7wg4-36jm [medium] (2026-06-17)

CakePHP Authentication: Open redirect weakness via backslash bypass

详情

  • 🔴 GHSA-8fq9-273g-6mrg [critical] (2026-06-17)

Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privileg

详情

  • GHSA-x2qc-cmh9-f4hf [medium] (2026-06-17)

Deno: Denial of service via non-ASCII bytes in WebSocket response headers

详情

  • 🔴 GHSA-2f55-g35j-5jmf [critical] (2026-06-17)

HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory

详情

  • 🟠 GHSA-fxj4-p9xp-37v5 [high] (2026-06-17)

HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDo

详情

  • 🔴 GHSA-x223-p2gf-v735 [critical] (2026-06-17)

Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak

详情

  • 🟠 GHSA-r4gv-qr8j-p3pg [high] (2026-06-17)

handlebars.java FileTemplateLoader Path Traversal

详情

  • 🟠 GHSA-m9cv-24rx-8mv7 [high] (2026-06-17)

Filament: Disabled RichEditor field state can be used for XSS

详情

  • 🟠 GHSA-2mfg-cc43-9pcj [high] (2026-06-17)

LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector

详情

  • GHSA-gwxr-7h77-7777 [medium] (2026-06-17)

Capsule: Incomplete fix of CVE-2026-30963: singular/plural typo leaves namespaces/finalize unprotected

详情

🔥 GitHub 热门安全项目

  • [PSY99/DeepDRAC](https://github.com/PSY99/DeepDRAC) (3⭐)

Paper: DeepDRAC: Disposition Recommendation for Alert Clusters Based on Security Event Patterns — IEEE Transactions on Information Forensics and Security (T-IFS), 2025.

  • [crertel/stonkler](https://github.com/crertel/stonkler) (2⭐)

Easy Golang securities tool.

  • [cevin/Simple.Security](https://github.com/cevin/Simple.Security) (1⭐)

无描述

  • [creator-kev/security-writeups](https://github.com/creator-kev/security-writeups) (1⭐)

my Technical writeups

  • [qimkln95/bandwagon-security-guide](https://github.com/qimkln95/bandwagon-security-guide) (1⭐)

搬瓦工安全性怎么样?从账户保护到数据隐私,这些问题你应该提前想清楚:IP 被封怎么办、正规使用有没有风险、KiwiVM 里哪些功能是真正有用的(附各档套餐完整对比)

📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成

← 返回首页