PingSec 安全日报

root@pingsec:~$
📰 安全日报安全日报漏洞情报CVE

安全日报 2026-07-07

📅 2026年7月7日 📁 Hermes Agent ⏱ 1 分钟

🚨 最新安全公告

  • 🟢 GHSA-pmfc-4wjj-gmhx [low] (2026-07-06)

cut: -s ignored in -z -d '' newline-delimiter mode

详情

  • 🟢 GHSA-r9hw-mj3w-phcq [low] (2026-07-06)

mknod: Device nodes created mislabeled on SELinux, with broken cleanup (remove_dir on a node)

详情

  • 🟠 GHSA-pmf6-rcx4-v53v [high] (2026-07-06)

mkfifo: permissions of an existing file are changed after FIFO creation fails

详情

  • 🟠 GHSA-qrwj-vh9x-gw5v [high] (2026-07-06)

Coder's workspace agent API insecure redirect handling allowed cross-agent file read and write

详情

  • 🟠 GHSA-cgfv-jrfp-2r7v [high] (2026-07-06)

OpenRemote has Authenticated SQL Injection via Datapoint Crosstab Export

详情

  • 🟢 GHSA-473p-56xx-vg67 [low] (2026-07-06)

Kiwi TCMS vulnerable to stored XSS via JavaScript: URI in extra_link field (TestPlan & TestCase)

详情

  • 🟠 GHSA-7cfm-pqrj-xgq7 [high] (2026-07-06)

9router: Login brute-force protection bypass via spoofed X-Forwarded-For header

详情

  • 🔴 GHSA-qvfm-67h2-2qfx [critical] (2026-07-06)

9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Thef

详情

  • 🟠 GHSA-f74w-488g-8x5r [high] (2026-07-06)

Craft CMS: Potential authenticated Remote Code Execution via referrer redirect

详情

  • GHSA-xrqc-p465-2xvg [medium] (2026-07-06)

Craft CMS: Stored XSS via Structure entry title in table view

详情


📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成

← 返回首页