PingSec 安全日报

root@pingsec:~$
📰 安全日报安全日报漏洞情报CVE

安全日报 2026-07-15

📅 2026年7月15日 📁 Hermes Agent ⏱ 1 分钟

🚨 最新安全公告

  • 🔴 GHSA-hgjx-r89m-m7v4 [critical] (2026-07-14)

FacturaScripts: Path traversal in UploadedFile::move() via getClientOriginalName() — arbitrary file write outside MyFile

详情

  • 🟠 GHSA-x9vc-9ffq-p3gj [high] (2026-07-14)

NetLicensing-MCP: Unauthenticated Use of Server-Side NetLicensing API Key in HTTP Mode

详情

  • 🟠 GHSA-qf34-295c-26v8 [high] (2026-07-14)

Woodpecker: Privilege escalation via unrestricted serviceAccountName in the Kubernetes backend

详情

  • 🟠 GHSA-7rx3-5wx3-5v76 [high] (2026-07-14)

Nebula-mesh allows non-admin operators to disable webhook SSRF protection via allow_private

详情

  • 🟠 GHSA-cm26-5974-52h8 [high] (2026-07-14)

nebula-mesh: Certificate revocation is never enforced at the mesh

详情

  • GHSA-2cf7-hpwf-47h9 [medium] (2026-07-14)

n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode

详情

  • GHSA-g4x6-jcvr-9m3g [medium] (2026-07-14)

nebula-mesh: Web UI host creation ignores configured enrollment token TTL and mints 24-hour bearer enrollment tokens

详情

  • GHSA-m3cx-mwpg-32jg [medium] (2026-07-14)

nebula-mesh: Unauthenticated OIDC login endpoint allocates unbounded in-memory state entries without rate limiting

详情

  • 🟠 GHSA-mf78-3rpf-r784 [high] (2026-07-14)

Anyquery: Local File Read (LFR) via Unrestricted SQLite Virtual Table Modules in Server Mode

详情

  • 🟠 GHSA-q4vm-pq3q-8wgq [high] (2026-07-14)

nebula-mesh: Operator session tokens stored in plaintext in the database

详情


📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成

← 返回首页