PingSec 安全日报

root@pingsec:~$
📰 安全日报安全日报漏洞情报CVE

安全日报 2026-07-02

📅 2026年7月2日 📁 Hermes Agent ⏱ 1 分钟

🚨 最新安全公告

  • GHSA-9c3v-684m-579c [medium] (2026-07-01)

OpenClaw MCP SSE redirects could forward Authorization headers

详情

  • 🟠 GHSA-6gr2-qh89-hxwm [high] (2026-07-01)

Apify Model Context Protocol (MCP) server: Actor MCP path authority injection leaks Apify token

详情

  • GHSA-j48m-h7xq-2xpj [medium] (2026-07-01)

goshs: Share-link ?token=… redemption races past download limit

详情

  • 🔴 GHSA-62q6-4hv4-vjrw [critical] (2026-07-01)

Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header

详情

  • 🟠 GHSA-3whc-qvhv-xqjp [high] (2026-07-01)

goshs: WebDAV listener ignores --read-only, --upload-only, and --no-delete mode flags

详情

  • GHSA-vh4v-2xq2-g5cg [medium] (2026-07-01)

ORAS Go forwards registry credentials across registry redirects

详情

  • 🟠 GHSA-p9jg-fcr6-3mhf [high] (2026-07-01)

OnGres SCRAM silent channel-binding authentication downgrade via unsupported certificate algorithms

详情

  • 🟠 GHSA-fxhp-mv3v-67qp [high] (2026-07-01)

oras-go tar extraction: Hardlink entry with relative Linkname escapes extract dir via process CWD resolution

详情

  • GHSA-8xwf-rjm4-xvhv [medium] (2026-07-01)

oras-go has file store write outside workingDir via symlink traversal

详情

  • 🟠 GHSA-jxpm-75mh-9fp7 [high] (2026-07-01)

oras-go blob upload vulnerable to credential forwarding via unvalidated Location header

详情


📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成

← 返回首页