PingSec 安全日报

root@pingsec:~$
📰 安全日报安全日报漏洞情报CVE

安全日报 2026-07-14

📅 2026年7月14日 📁 Hermes Agent ⏱ 1 分钟

🚨 最新安全公告

  • GHSA-vrr2-g9gh-c3jc [medium] (2026-07-13)

Kimai: Timesheet PATCH/POST allows assigning to project outside user's team via query_builder OR-bypass

详情

  • GHSA-4m8q-55qv-9pwp [medium] (2026-07-13)

Kimai: Teamlead authorization bypass in GET /api/timesheets allows reading other users' timesheet records without being

详情

  • GHSA-pgcc-vfmc-7cw5 [medium] (2026-07-13)

Kimai: Login CSRF in Default Team Creation Endpoints Allows Unauthorized Team and Permission Structure Changes

详情

  • GHSA-8f6j-263m-g72x [medium] (2026-07-13)

Apple App Store Server Python Library: SignedDataVerifier accepts stale OCSP GOOD responses and can bypass certificate r

详情

  • 🟠 GHSA-xf7x-x43h-rpqh [high] (2026-07-13)

json_repair: Circular JSON Schema $ref causes unbounded CPU DoS

详情

  • 🔴 GHSA-c67f-gmxw-mj93 [critical] (2026-07-13)

FacturaScripts: Account takeover of any 2FA-enabled user

详情

  • 🟠 GHSA-7xw9-549r-8jrc [high] (2026-07-13)

DIRAC: SQL injection and lack of access control in PilotManager service

详情

  • 🟠 GHSA-vg99-gr89-qhw9 [high] (2026-07-13)

DIRAC: Pilot code downloaded over unverified HTTPS connection

详情

  • 🔴 GHSA-m4m7-4cw8-62j6 [critical] (2026-07-13)

DIRAC is vulnerable to RCE in FileCatalog DatasetManager via SQL injection + eval

详情

  • 🟠 GHSA-h4pc-58cc-hc95 [high] (2026-07-13)

Apollo ConfigService access key authentication bypass via raw config file appId parsing

详情


📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成

← 返回首页