PingSec 安全日报

root@pingsec:~$
📰 安全日报安全日报漏洞情报CVE

安全日报 2026-07-09

📅 2026年7月9日 📁 Hermes Agent ⏱ 1 分钟

🚨 最新安全公告

  • 🟠 GHSA-37h2-6p4f-mp3q [high] (2026-07-08)

Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE

详情

  • 🟠 GHSA-6h3c-r723-7fx3 [high] (2026-07-08)

NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak

详情

  • GHSA-qpm9-h556-mwxm [medium] (2026-07-08)

NL Portal: Missing per-user authorization on document and decision GraphQL queries in nl-portal-backend-libraries

详情

  • 🟢 GHSA-43fc-v873-qw85 [low] (2026-07-08)

Waku has an Open Redirect via unstable_redirect Helper

详情

  • GHSA-75w3-gmqx-993q [medium] (2026-07-08)

Waku: Cross-Origin CSRF on RSC Server Action Dispatch

详情

  • 🔴 GHSA-xqhv-chqm-fhcc [critical] (2026-07-08)

Joro: Unauthenticated Cross-Origin Plugin Upload Leads to RCE

详情

  • GHSA-q95x-7g78-rccv [medium] (2026-07-08)

OneRingBuf has a Use After Free Vulnerability

详情

  • GHSA-9qm4-rh6w-pq5x [medium] (2026-07-08)

DSpace: Path Traversal is possible through LDN message generation

详情

  • GHSA-c827-pw3m-67w7 [medium] (2026-07-08)

DSpace: ORE resource URI does not validate scheme for non-web resources

详情

  • GHSA-v66x-68f2-pxf5 [medium] (2026-07-08)

DSpace has a possible Path Traversal Vulnerability in its Curation Task Reporter output path

详情

🔥 GitHub 热门安全项目

  • [tom-acco/ha-warden](https://github.com/tom-acco/ha-warden) (0⭐)

A Home Assistant custom integration for structured, tamper-evident security event logging.


📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成

← 返回首页