PingSec 安全日报

root@pingsec:~$
📰 安全日报安全日报漏洞情报CVE

安全日报 2026-07-13

📅 2026年7月13日 📁 Hermes Agent ⏱ 1 分钟

🚨 最新安全公告

  • 🔴 GHSA-g936-7jqj-mwv8 [critical] (2026-07-10)

TSDProxy: Internal proxy auth token forwarded to backend services enables management API escalation

详情

  • 🟠 GHSA-fpg8-7664-jc5q [high] (2026-07-10)

melange: Incomplete package integrity verification allows data section substitution

详情

  • GHSA-48rx-c7pg-q66r [medium] (2026-07-10)

Excon does not redact additional sensitive/risky headers when following redirects

详情

  • 🟠 GHSA-h4g2-xfmw-q2c9 [high] (2026-07-10)

Clauster: Non-loopback deployments can serve the dashboard unauthenticated when auth.enabled is unset

详情

  • GHSA-rqq5-2gf9-4w4q [medium] (2026-07-10)

Secure Headers: CSP directive injection via sandbox, plugin_types, and report_to when given untrusted input

详情

  • 🔴 GHSA-56mp-4f3v-fgj2 [critical] (2026-07-10)

SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content

详情

  • 🔴 GHSA-m5f5-28qr-9g9r [critical] (2026-07-10)

prestashop/ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE

详情

  • 🔴 GHSA-5xfx-xj4h-5p7r [critical] (2026-07-10)

SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()

详情

  • 🟠 GHSA-g5r6-gv6m-f5jv [high] (2026-07-10)

mcp-atlassian: Arbitrary file read via missing path validation in confluence_upload_attachment

详情

  • 🟠 GHSA-wm45-qh3g-v83f [high] (2026-07-10)

mcp-atlassian: Arbitrary server-side file read via attachment upload

详情

🔥 GitHub 热门安全项目

  • [maheshtitare/login-authentication-system](https://github.com/maheshtitare/login-authentication-system) (0⭐)

A full-stack Login Authentication System built using Spring Boot, Spring Security, JWT, React.js and MySQL.

  • [glaucia86/secure-mcp-enterprise-typescript](https://github.com/glaucia86/secure-mcp-enterprise-typescript) (0⭐)

Repositório com intuito de seguir o guia criado pelo NSA (National Security Agency) dos Estados Unidos sobre uso do MCP em cadeia de nível enterprise. Esse repositório tem como intuito discutir o que foi falado nesse guia e ao mesmo tempo como criar um MCP seguindo as orientações do NSA


📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成

← 返回首页