更新: 359 个文件 - 2026-03-16 23:30:01

2026-03-16 23:30:01 -07:00
--- a/07-framework-security/cms/directus/INDEX.md
+++ b/07-framework-security/cms/directus/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/cms/discourse/INDEX.md
+++ b/07-framework-security/cms/discourse/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/cms/drupal/INDEX.md
+++ b/07-framework-security/cms/drupal/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -26,6 +30,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/cms/ghost/INDEX.md
+++ b/07-framework-security/cms/ghost/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/cms/joomla/INDEX.md
+++ b/07-framework-security/cms/joomla/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/cms/mediawiki/INDEX.md
+++ b/07-framework-security/cms/mediawiki/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/cms/moodle/INDEX.md
+++ b/07-framework-security/cms/moodle/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/cms/strapi/INDEX.md
+++ b/07-framework-security/cms/strapi/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/cms/wordpress/INDEX.md
+++ b/07-framework-security/cms/wordpress/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -29,6 +33,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/ecommerce/adobe-commerce/INDEX.md
+++ b/07-framework-security/ecommerce/adobe-commerce/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -26,6 +30,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/ecommerce/magento-open-source/INDEX.md
+++ b/07-framework-security/ecommerce/magento-open-source/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -26,6 +30,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/ecommerce/medusa/INDEX.md
+++ b/07-framework-security/ecommerce/medusa/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/ecommerce/opencart/INDEX.md
+++ b/07-framework-security/ecommerce/opencart/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/ecommerce/openmage/INDEX.md
+++ b/07-framework-security/ecommerce/openmage/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/ecommerce/prestashop/INDEX.md
+++ b/07-framework-security/ecommerce/prestashop/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -26,6 +30,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/ecommerce/saleor/INDEX.md
+++ b/07-framework-security/ecommerce/saleor/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/ecommerce/shopware/INDEX.md
+++ b/07-framework-security/ecommerce/shopware/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/ecommerce/woocommerce/INDEX.md
+++ b/07-framework-security/ecommerce/woocommerce/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -27,6 +31,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/angular/INDEX.md
+++ b/07-framework-security/frameworks/angular/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/aspnet-core/INDEX.md
+++ b/07-framework-security/frameworks/aspnet-core/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -24,6 +28,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/astro/INDEX.md
+++ b/07-framework-security/frameworks/astro/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/django/INDEX.md
+++ b/07-framework-security/frameworks/django/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/echo/INDEX.md
+++ b/07-framework-security/frameworks/echo/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -24,6 +28,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/esbuild/INDEX.md
+++ b/07-framework-security/frameworks/esbuild/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/express/INDEX.md
+++ b/07-framework-security/frameworks/express/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/fastify/INDEX.md
+++ b/07-framework-security/frameworks/fastify/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/flask/INDEX.md
+++ b/07-framework-security/frameworks/flask/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/gin/INDEX.md
+++ b/07-framework-security/frameworks/gin/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -24,6 +28,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/hapi/INDEX.md
+++ b/07-framework-security/frameworks/hapi/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/koa/INDEX.md
+++ b/07-framework-security/frameworks/koa/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/laravel/INDEX.md
+++ b/07-framework-security/frameworks/laravel/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/nestjs/INDEX.md
+++ b/07-framework-security/frameworks/nestjs/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/nextjs/INDEX.md
+++ b/07-framework-security/frameworks/nextjs/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `26`
 - 近 30 天新增/更新: `5`
 - 重点 Markdown 案例数: `26`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `26`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -26,31 +30,31 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components | `low` | `generated` | `official` | `2026-02-13T00:43:52.836085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md) |
-| Next.js has Unbounded Memory Consumption via PPR Resume Endpoint  | `low` | `generated` | `official` | `2026-02-06T13:13:43.709252Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md) |
-| Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration | `low` | `generated` | `official` | `2026-02-10T01:28:46.973023Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md) |
-| Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up | `low` | `generated` | `official` | `2026-02-04T02:46:38.768104Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md) |
-| Next Server Actions Source Code Exposure  | `low` | `generated` | `official` | `2026-02-04T02:51:40.627151Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md) |
-| Next Vulnerable to Denial of Service with Server Components | `low` | `generated` | `official` | `2026-02-04T03:55:54.855562Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md) |
-| Next.js is vulnerable to RCE in React flight protocol | `low` | `generated` | `official` | `2026-02-04T03:45:15.823345Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md) |
-| Next.js Affected by Cache Key Confusion for Image Optimization API Routes | `low` | `generated` | `official` | `2026-02-04T02:50:08.291668Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md) |
-| Next.js Content Injection Vulnerability for Image Optimization | `low` | `generated` | `official` | `2026-02-04T04:35:34.538107Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md) |
-| Next.js Improper Middleware Redirect Handling Leads to SSRF | `low` | `generated` | `official` | `2026-02-04T04:20:45.658010Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md) |
-| Next.JS vulnerability can lead to DoS via cache poisoning  | `low` | `generated` | `official` | `2025-07-03T21:49:52Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md) |
-| Next.js has a Cache poisoning vulnerability due to omission of the Vary header | `low` | `generated` | `official` | `2026-02-04T02:37:18.974477Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md) |
-| Information exposure in Next.js dev server due to lack of origin verification | `medium` | `generated` | `official` | `2025-06-13T14:41:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md) |
-| Next.js Race Condition to Cache Poisoning | `low` | `generated` | `official` | `2025-09-26T17:48:29Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md) |
-| Next.js may leak x-middleware-subrequest-id to external hosts | `medium` | `generated` | `official` | `2025-10-13T15:35:50Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md) |
-| Authorization Bypass in Next.js Middleware | `low` | `generated` | `official` | `2026-03-04T15:06:29.993197Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md) |
-| Next.js Allows a Denial of Service (DoS) with Server Actions | `low` | `generated` | `official` | `2026-02-04T04:36:04.252972Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md) |
-| Next.js authorization bypass vulnerability | `low` | `generated` | `official` | `2025-09-10T21:12:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md) |
-| Denial of Service condition in Next.js image optimization | `low` | `generated` | `official` | `2026-02-04T03:25:43.295558Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md) |
-| Next.js Cache Poisoning | `low` | `generated` | `official` | `2026-02-04T03:45:33.402195Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md) |
-| Next.js Server-Side Request Forgery in Server Actions | `low` | `generated` | `official` | `2026-02-04T03:32:36.434669Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md) |
-| Unexpected server crash in Next.js. | `low` | `generated` | `official` | `2026-03-13T22:00:36.554552Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md) |
-| XSS in Image Optimization API for Next.js | `low` | `generated` | `official` | `2026-03-13T22:00:20.154452Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md) |
-| Open Redirect in Next.js | `low` | `generated` | `official` | `2026-03-13T22:00:08.038285Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md) |
-| Open Redirect in Next.js versions | `low` | `generated` | `official` | `2026-03-13T22:14:13.665535Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md) |
-| Directory Traversal in Next.js | `low` | `generated` | `official` | `2025-09-26T17:49:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md) |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-13T00:43:52.836085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md) |
+| Next.js has Unbounded Memory Consumption via PPR Resume Endpoint  | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-06T13:13:43.709252Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md) |
+| Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-10T01:28:46.973023Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md) |
+| Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:46:38.768104Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md) |
+| Next Server Actions Source Code Exposure  | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:51:40.627151Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md) |
+| Next Vulnerable to Denial of Service with Server Components | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:55:54.855562Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md) |
+| Next.js is vulnerable to RCE in React flight protocol | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:45:15.823345Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md) |
+| Next.js Affected by Cache Key Confusion for Image Optimization API Routes | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:50:08.291668Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md) |
+| Next.js Content Injection Vulnerability for Image Optimization | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:35:34.538107Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md) |
+| Next.js Improper Middleware Redirect Handling Leads to SSRF | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:20:45.658010Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md) |
+| Next.JS vulnerability can lead to DoS via cache poisoning  | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-07-03T21:49:52Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md) |
+| Next.js has a Cache poisoning vulnerability due to omission of the Vary header | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:37:18.974477Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md) |
+| Information exposure in Next.js dev server due to lack of origin verification | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-06-13T14:41:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md) |
+| Next.js Race Condition to Cache Poisoning | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-26T17:48:29Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md) |
+| Next.js may leak x-middleware-subrequest-id to external hosts | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-10-13T15:35:50Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md) |
+| Authorization Bypass in Next.js Middleware | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-04T15:06:29.993197Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md) |
+| Next.js Allows a Denial of Service (DoS) with Server Actions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:36:04.252972Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md) |
+| Next.js authorization bypass vulnerability | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-10T21:12:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md) |
+| Denial of Service condition in Next.js image optimization | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:25:43.295558Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md) |
+| Next.js Cache Poisoning | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:45:33.402195Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md) |
+| Next.js Server-Side Request Forgery in Server Actions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:32:36.434669Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md) |
+| Unexpected server crash in Next.js. | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:36.554552Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md) |
+| XSS in Image Optimization API for Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:20.154452Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md) |
+| Open Redirect in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:08.038285Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md) |
+| Open Redirect in Next.js versions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:14:13.665535Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md) |
+| Directory Traversal in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-26T17:49:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md) |
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:14:13.665535Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-x56p

 # Open Redirect in Next.js versions

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2020-15242`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md
@@ -8,6 +8,10 @@ updated_date: "2025-09-26T17:49:56Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7

 # Directory Traversal in Next.js

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2020-5284`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:00:08.038285Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-vxf5

 # Open Redirect in Next.js

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2021-37699`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:00:20.154452Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-9gr3

 # XSS in Image Optimization API for Next.js

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2021-39178`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:00:36.554552Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-25mp

 # Unexpected server crash in Next.js.

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2021-43803`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:32:36.434669Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h

 # Next.js Server-Side Request Forgery in Server Actions

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2024-34351`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:45:33.402195Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-gp8f

 # Next.js Cache Poisoning

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2024-46982`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:25:43.295558Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-g77x

 # Denial of Service condition in Next.js image optimization

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2024-47831`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md
@@ -8,6 +8,10 @@ updated_date: "2025-09-10T21:12:24Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc

 # Next.js authorization bypass vulnerability

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2024-51479`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:36:04.252972Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -35,6 +39,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-7m27

 # Next.js Allows a Denial of Service (DoS) with Server Actions

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2024-56332`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-04T15:06:29.993197Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -37,6 +41,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-f82v

 # Authorization Bypass in Next.js Middleware

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2025-29927`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md
@@ -8,6 +8,10 @@ updated_date: "2025-10-13T15:35:50Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -41,6 +45,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-223j

 # Next.js may leak x-middleware-subrequest-id to external hosts

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2025-30218`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md
@@ -8,6 +8,10 @@ updated_date: "2025-09-26T17:48:29Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-qpjv

 # Next.js Race Condition to Cache Poisoning

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2025-32421`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md
@@ -8,6 +8,10 @@ updated_date: "2025-06-13T14:41:21Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-3h52

 # Information exposure in Next.js dev server due to lack of origin verification

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2025-48068`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:37:18.974477Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-r2fc

 # Next.js has a Cache poisoning vulnerability due to omission of the Vary header

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2025-49005`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md
@@ -8,6 +8,10 @@ updated_date: "2025-07-03T21:49:52Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-67rr

 # Next.JS vulnerability can lead to DoS via cache poisoning 

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2025-49826`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:35:34.538107Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-xv57

 # Next.js Content Injection Vulnerability for Image Optimization

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2025-55173`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:50:08.291668Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg

 # Next.js Affected by Cache Key Confusion for Image Optimization API Routes

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2025-57752`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:20:45.658010Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-4342

 # Next.js Improper Middleware Redirect Handling Leads to SSRF

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2025-57822`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-10T01:28:46.973023Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-9g9p

 # Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2025-59471`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-06T13:13:43.709252Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-5f7q

 # Next.js has Unbounded Memory Consumption via PPR Resume Endpoint 

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--CVE-2025-59472`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:46:38.768104Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -48,6 +52,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-5j59

 # Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--GHSA-5j59-xgg2-r9c4`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:45:15.823345Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -43,6 +47,15 @@ primary_source: "https://github.com/facebook/react/security/advisories/GHSA-fv66

 # Next.js is vulnerable to RCE in React flight protocol

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--GHSA-9qr9-h5gf-34mp`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-13T00:43:52.836085Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -48,6 +52,15 @@ primary_source: "https://github.com/facebook/react/security/advisories/GHSA-83fc

 # Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--GHSA-h25m-26qc-wcjf`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:55:54.855562Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -49,6 +53,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-mwv6

 # Next Vulnerable to Denial of Service with Server Components

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--GHSA-mwv6-3258-q52c`
--- a/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md
+++ b/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:51:40.627151Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -47,6 +51,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-w37m

 # Next Server Actions Source Code Exposure 

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `nextjs--GHSA-w37m-7fhw-fmv9`
--- a/07-framework-security/frameworks/nodejs/INDEX.md
+++ b/07-framework-security/frameworks/nodejs/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/nuxt/INDEX.md
+++ b/07-framework-security/frameworks/nuxt/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -26,6 +30,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/rails/INDEX.md
+++ b/07-framework-security/frameworks/rails/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/react/INDEX.md
+++ b/07-framework-security/frameworks/react/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -26,6 +30,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/spring-boot/INDEX.md
+++ b/07-framework-security/frameworks/spring-boot/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/spring-framework/INDEX.md
+++ b/07-framework-security/frameworks/spring-framework/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/spring-security/INDEX.md
+++ b/07-framework-security/frameworks/spring-security/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/sveltekit/INDEX.md
+++ b/07-framework-security/frameworks/sveltekit/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/symfony/INDEX.md
+++ b/07-framework-security/frameworks/symfony/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/undici/INDEX.md
+++ b/07-framework-security/frameworks/undici/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `14`
 - 近 30 天新增/更新: `7`
 - 重点 Markdown 案例数: `14`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `14`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -25,19 +29,19 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
-| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
-| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
-| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
-| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
-| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
-| Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) |
-| undici Denial of Service attack via bad certificate data | `low` | `generated` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) |
-| Use of Insufficiently Random Values in undici | `low` | `generated` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) |
-| Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) |
-| Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) |
-| Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) |
-| undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | `low` | `generated` | `official` | `2026-02-04T03:02:08.652391Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md) |
-| ProxyAgent vulnerable to MITM | `low` | `generated` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
+| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
+| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
+| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
+| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
+| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
+| Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) |
+| undici Denial of Service attack via bad certificate data | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) |
+| Use of Insufficiently Random Values in undici | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) |
+| Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) |
+| Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) |
+| Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) |
+| undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:02:08.652391Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md) |
+| ProxyAgent vulnerable to MITM | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:02:08.652391Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-

 # undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2022-31151`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:15:23.541247Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -30,6 +34,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-

 # ProxyAgent vulnerable to MITM

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2022-32210`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:35:56.289390Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-

 # Undici's cookie header not cleared on cross-origin redirect in fetch

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2023-45143`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md
@@ -8,6 +8,10 @@ updated_date: "2025-11-04T19:44:28Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-

 # Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2024-30260`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md
@@ -8,6 +8,10 @@ updated_date: "2025-11-04T19:44:42Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-

 # Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2024-30261`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:29:26.373390Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-

 # Use of Insufficiently Random Values in undici

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2025-22150`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-06T22:08:08.311705Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-

 # undici Denial of Service attack via bad certificate data

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2025-47279`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-14T09:19:54.772219Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-

 # Undici has an HTTP Request/Response Smuggling issue

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-1525`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.563997Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-

 # Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-1526`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.572106Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-4992-

 # Undici has CRLF Injection in undici via `upgrade` option

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-1527`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-14T09:17:45.838435Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-f269-

 # Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-1528`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:56:17.456091Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-

 # Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-22036`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:26.149214Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-

 # Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-2229`
--- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md
+++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.417862Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -30,6 +34,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-

 # Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `undici--CVE-2026-2581`
--- a/07-framework-security/frameworks/vite/INDEX.md
+++ b/07-framework-security/frameworks/vite/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `12`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `12`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `12`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -26,17 +30,17 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| vite allows server.fs.deny bypass via backslash on Windows | `medium` | `generated` | `official` | `2026-02-04T04:13:38.886554Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md) |
-| Vite middleware may serve files starting with the same name with the public directory | `medium` | `generated` | `official` | `2026-02-04T04:33:22.508417Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md) |
-| Vite's `server.fs` settings were not applied to HTML files | `medium` | `generated` | `official` | `2026-02-04T04:35:16.287471Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md) |
-| Vite's server.fs.deny bypassed with /. for files under project root | `medium` | `generated` | `official` | `2026-02-04T03:27:17.681639Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md) |
-| Vite has an `server.fs.deny` bypass with an invalid `request-target` | `medium` | `generated` | `official` | `2026-02-04T04:11:44.900383Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md) |
-| Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) |
-| Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) |
-| Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) |
-| Websites were able to send any requests to the development server and read the response in vite | `low` | `generated` | `official` | `2026-02-04T04:37:03.076966Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md) |
-| Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `low` | `generated` | `official` | `2026-02-04T04:04:22.977459Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md) |
-| Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) |
-| Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | `low` | `generated` | `official` | `2026-02-04T04:17:01.410592Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md) |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| vite allows server.fs.deny bypass via backslash on Windows | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:13:38.886554Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md) |
+| Vite middleware may serve files starting with the same name with the public directory | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:33:22.508417Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md) |
+| Vite's `server.fs` settings were not applied to HTML files | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:35:16.287471Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md) |
+| Vite's server.fs.deny bypassed with /. for files under project root | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:27:17.681639Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md) |
+| Vite has an `server.fs.deny` bypass with an invalid `request-target` | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:11:44.900383Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md) |
+| Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) |
+| Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) |
+| Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) |
+| Websites were able to send any requests to the development server and read the response in vite | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:37:03.076966Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md) |
+| Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:04:22.977459Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md) |
+| Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) |
+| Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:17:01.410592Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md) |
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:17:01.410592Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -37,6 +41,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8r

 # Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2024-23331`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:05:31.919291Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -41,6 +45,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-28

 # Vite's `server.fs.deny` is bypassed when using `?import&raw`

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2024-45811`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:04:22.977459Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -43,6 +47,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g4

 # Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2024-45812`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:37:03.076966Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -38,6 +42,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rc

 # Websites were able to send any requests to the development server and read the response in vite

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-24010`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:13:24.371631Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -39,6 +43,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-x574-m8

 # Vite bypasses server.fs.deny when using ?raw??

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-30208`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:37:24.129476Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -39,6 +43,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw

 # Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-31125`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:51:38.412061Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -40,6 +44,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq

 # Vite allows server.fs.deny to be bypassed with .svg or relative paths

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-31486`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:11:44.900383Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -39,6 +43,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-356w-63

 # Vite has an `server.fs.deny` bypass with an invalid `request-target`

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-32395`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:27:17.681639Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -39,6 +43,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-859w-59

 # Vite's server.fs.deny bypassed with /. for files under project root

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-46565`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:33:22.508417Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -37,6 +41,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2

 # Vite middleware may serve files starting with the same name with the public directory

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-58751`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:35:16.287471Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -38,6 +42,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq

 # Vite's `server.fs` settings were not applied to HTML files

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-58752`
--- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md
+++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md
@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:13:38.886554Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -40,6 +44,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-93m4-66

 # vite allows server.fs.deny bypass via backslash on Windows

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `vite--CVE-2025-62522`
--- a/07-framework-security/frameworks/vue/INDEX.md
+++ b/07-framework-security/frameworks/vue/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`

 ## 目标约束

@@ -26,6 +30,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/webpack/INDEX.md
+++ b/07-framework-security/frameworks/webpack/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/frameworks/werkzeug/INDEX.md
+++ b/07-framework-security/frameworks/werkzeug/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -25,6 +29,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/07-framework-security/platforms/adminer/INDEX.md
+++ b/07-framework-security/platforms/adminer/INDEX.md
@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`

 ## 目标约束

@@ -24,6 +28,6 @@

 ## 案例列表

-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
--- a/显示更多
+++ b/显示更多