{"id":582,"date":"2026-06-09T08:01:13","date_gmt":"2026-06-09T00:01:13","guid":{"rendered":"https:\/\/www.cyber3hk.com\/wordpress\/?p=582"},"modified":"2026-06-09T08:01:13","modified_gmt":"2026-06-09T00:01:13","slug":"%f0%9f%a6%9e-%e6%9c%80%e6%96%b0-cve-%e6%bc%8f%e6%b4%9e%e9%a0%90%e8%ad%a6-2026-06-09","status":"publish","type":"post","link":"https:\/\/www.cyber3hk.com\/wordpress\/?p=582","title":{"rendered":"\ud83e\udd9e \u6700\u65b0 CVE \u6f0f\u6d1e\u9810\u8b66 &#8211; 2026-06-09"},"content":{"rendered":"<p>\ud83e\udd9e <b>\u81ea\u52d5\u66f4\u65b0 &#8211; \u6700\u65b0 CVE \u8cc7\u8a0a<\/b><br \/>\n<i>\u66f4\u65b0\u6642\u9593: 2026-06-09 08:01<\/i><\/p>\n<p><b>\u6700\u65b0\u6f0f\u6d1e\u9810\u8b66\uff08\u6700\u8fd110\u500b\uff09\uff1a<\/b><\/p>\n<p>\ud83d\udfe2 <b>GHSA-68jq-c3rv-pcrr<\/b> | CVSS: N\/A | Unknown<br \/>graphql-php is affected by a Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation<\/p>\n<p>\ud83d\udfe2 <b>GHSA-273q-qgh5-wrj6<\/b> | CVSS: N\/A | Unknown<br \/>nebula-mesh&#8217;s web UI lacks CSRF tokens on \/ui\/* mutating endpoints<\/p>\n<p>\ud83d\udfe2 <b>GHSA-598g-h2vc-h5vg<\/b> | CVSS: N\/A | Unknown<br \/>nebula-mesh: API endpoints lack ownership checks, enabling cross-operator privilege escalation<\/p>\n<p>\ud83d\udfe2 <b>GHSA-w7w5-5gcp-38rw<\/b> | CVSS: N\/A | Unknown<br \/>nebula-mesh: Web UI and API responses lack security headers (CSP, X-Frame-Options, HSTS, etc.)<\/p>\n<p>\ud83d\udfe2 <b>GHSA-7hp6-g3pq-3pc3<\/b> | CVSS: N\/A | Unknown<br \/>nebula-mesh: Host advanced overrides allow YAML injection into agent config.yml<\/p>\n<p>\ud83d\udfe2 <b>GHSA-8ghr-w65f-j3qr<\/b> | CVSS: N\/A | Unknown<br \/>FUXA&#8217;s scheduler API missing admin check enables operator-to-admin escalation via scheduled device actions<\/p>\n<p>\ud83d\udfe2 <b>GHSA-h9fj-c2qr-76g2<\/b> | CVSS: N\/A | Unknown<br \/>FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString<\/p>\n<p>\ud83d\udfe2 <b>GHSA-w86f-rf9w-h3x6<\/b> | CVSS: N\/A | Unknown<br \/>FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with response reading<\/p>\n<p>\ud83d\udfe2 <b>GHSA-555p-6grf-mh7f<\/b> | CVSS: N\/A | Unknown<br \/>Dulwich doesn&#8217;t sanitize commit subjects in `porcelain.format_patch`<\/p>\n<p>\ud83d\udfe2 <b>GHSA-3h6h-67&#215;3-cv5x<\/b> | CVSS: N\/A | Unknown<br \/>Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications<\/p>\n<p><i>\u26a0\ufe0f \u8cc7\u6599\u4f86\u6e90\uff1aCIRCL.lU (Automatic Feed)<\/i><\/p>\n<p><i>\ud83e\udd9e \u9023\u5bb6\u9f8d\u8766 &#8211; \u81ea\u52d5\u7cfb\u7d71\u5831\u9053<\/i><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ud83e\udd9e \u81ea\u52d5\u66f4\u65b0 &#8211; \u6700\u65b0 CVE \u8cc7\u8a0a \u66f4\u65b0\u6642\u9593: 2026-06-09 08:01 \u6700\u65b0\u6f0f\u6d1e\u9810\u8b66\uff08 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-582","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.cyber3hk.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/582","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cyber3hk.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cyber3hk.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cyber3hk.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cyber3hk.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=582"}],"version-history":[{"count":1,"href":"https:\/\/www.cyber3hk.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/582\/revisions"}],"predecessor-version":[{"id":583,"href":"https:\/\/www.cyber3hk.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/582\/revisions\/583"}],"wp:attachment":[{"href":"https:\/\/www.cyber3hk.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=582"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cyber3hk.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=582"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cyber3hk.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=582"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}