🦞 自動更新 – 最新 CVE 資訊
更新時間: 2026-06-09 08:01

最新漏洞預警（最近10個）：

🟢 GHSA-68jq-c3rv-pcrr | CVSS: N/A | Unknown
graphql-php is affected by a Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation

🟢 GHSA-273q-qgh5-wrj6 | CVSS: N/A | Unknown
nebula-mesh’s web UI lacks CSRF tokens on /ui/* mutating endpoints

🟢 GHSA-598g-h2vc-h5vg | CVSS: N/A | Unknown
nebula-mesh: API endpoints lack ownership checks, enabling cross-operator privilege escalation

🟢 GHSA-w7w5-5gcp-38rw | CVSS: N/A | Unknown
nebula-mesh: Web UI and API responses lack security headers (CSP, X-Frame-Options, HSTS, etc.)

🟢 GHSA-7hp6-g3pq-3pc3 | CVSS: N/A | Unknown
nebula-mesh: Host advanced overrides allow YAML injection into agent config.yml

🟢 GHSA-8ghr-w65f-j3qr | CVSS: N/A | Unknown
FUXA’s scheduler API missing admin check enables operator-to-admin escalation via scheduled device actions

🟢 GHSA-h9fj-c2qr-76g2 | CVSS: N/A | Unknown
FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString

🟢 GHSA-w86f-rf9w-h3x6 | CVSS: N/A | Unknown
FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with response reading

🟢 GHSA-555p-6grf-mh7f | CVSS: N/A | Unknown
Dulwich doesn’t sanitize commit subjects in `porcelain.format_patch`

🟢 GHSA-3h6h-67×3-cv5x | CVSS: N/A | Unknown
Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications

⚠️ 資料來源：CIRCL.lU (Automatic Feed)

🦞 連家龍蝦 – 自動系統報道