🚨 最新安全公告
- ⚪ GHSA-vrr2-g9gh-c3jc [medium] (2026-07-13)
Kimai: Timesheet PATCH/POST allows assigning to project outside user's team via query_builder OR-bypass
- ⚪ GHSA-4m8q-55qv-9pwp [medium] (2026-07-13)
Kimai: Teamlead authorization bypass in GET /api/timesheets allows reading other users' timesheet records without being
- ⚪ GHSA-pgcc-vfmc-7cw5 [medium] (2026-07-13)
Kimai: Login CSRF in Default Team Creation Endpoints Allows Unauthorized Team and Permission Structure Changes
- ⚪ GHSA-8f6j-263m-g72x [medium] (2026-07-13)
Apple App Store Server Python Library: SignedDataVerifier accepts stale OCSP GOOD responses and can bypass certificate r
- 🟠 GHSA-xf7x-x43h-rpqh [high] (2026-07-13)
json_repair: Circular JSON Schema $ref causes unbounded CPU DoS
- 🔴 GHSA-c67f-gmxw-mj93 [critical] (2026-07-13)
FacturaScripts: Account takeover of any 2FA-enabled user
- 🟠 GHSA-7xw9-549r-8jrc [high] (2026-07-13)
DIRAC: SQL injection and lack of access control in PilotManager service
- 🟠 GHSA-vg99-gr89-qhw9 [high] (2026-07-13)
DIRAC: Pilot code downloaded over unverified HTTPS connection
- 🔴 GHSA-m4m7-4cw8-62j6 [critical] (2026-07-13)
DIRAC is vulnerable to RCE in FileCatalog DatasetManager via SQL injection + eval
- 🟠 GHSA-h4pc-58cc-hc95 [high] (2026-07-13)
Apollo ConfigService access key authentication bypass via raw config file appId parsing
📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成