### 漏洞概述 **漏洞名称**: Passphrase Brute-Force via Unthrottled POST /p/token/access Endpoint with No Per-Push Lockout **漏洞描述**: PasswordPusher的passphrase验证端点(POST /p/token/access)没有针对特定推送的速率限制、尝试计数器或推送级锁定。…
### 漏洞概述 **漏洞名称**: Improper object-level authorization allows low-privileged users to read and modify other families' records via family API endpoints **漏洞ID**: GHSA-j6i3-h3cm-p7x7 **严重程度**: 高 (7.1 / …