更新: 359 个文件 - 2026-03-16 23:30:01

07-framework-security/frameworks/angular/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/aspnet-core/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -24,6 +28,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/astro/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/django/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/echo/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -24,6 +28,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/esbuild/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/express/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/fastify/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/flask/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/gin/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -24,6 +28,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/hapi/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/koa/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/laravel/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/nestjs/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/nextjs/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `26`
 - 近 30 天新增/更新: `5`
 - 重点 Markdown 案例数: `26`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `26`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`
 
 ## 目标约束
 
@@ -26,31 +30,31 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components | `low` | `generated` | `official` | `2026-02-13T00:43:52.836085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md) |
-| Next.js has Unbounded Memory Consumption via PPR Resume Endpoint  | `low` | `generated` | `official` | `2026-02-06T13:13:43.709252Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md) |
-| Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration | `low` | `generated` | `official` | `2026-02-10T01:28:46.973023Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md) |
-| Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up | `low` | `generated` | `official` | `2026-02-04T02:46:38.768104Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md) |
-| Next Server Actions Source Code Exposure  | `low` | `generated` | `official` | `2026-02-04T02:51:40.627151Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md) |
-| Next Vulnerable to Denial of Service with Server Components | `low` | `generated` | `official` | `2026-02-04T03:55:54.855562Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md) |
-| Next.js is vulnerable to RCE in React flight protocol | `low` | `generated` | `official` | `2026-02-04T03:45:15.823345Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md) |
-| Next.js Affected by Cache Key Confusion for Image Optimization API Routes | `low` | `generated` | `official` | `2026-02-04T02:50:08.291668Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md) |
-| Next.js Content Injection Vulnerability for Image Optimization | `low` | `generated` | `official` | `2026-02-04T04:35:34.538107Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md) |
-| Next.js Improper Middleware Redirect Handling Leads to SSRF | `low` | `generated` | `official` | `2026-02-04T04:20:45.658010Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md) |
-| Next.JS vulnerability can lead to DoS via cache poisoning  | `low` | `generated` | `official` | `2025-07-03T21:49:52Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md) |
-| Next.js has a Cache poisoning vulnerability due to omission of the Vary header | `low` | `generated` | `official` | `2026-02-04T02:37:18.974477Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md) |
-| Information exposure in Next.js dev server due to lack of origin verification | `medium` | `generated` | `official` | `2025-06-13T14:41:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md) |
-| Next.js Race Condition to Cache Poisoning | `low` | `generated` | `official` | `2025-09-26T17:48:29Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md) |
-| Next.js may leak x-middleware-subrequest-id to external hosts | `medium` | `generated` | `official` | `2025-10-13T15:35:50Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md) |
-| Authorization Bypass in Next.js Middleware | `low` | `generated` | `official` | `2026-03-04T15:06:29.993197Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md) |
-| Next.js Allows a Denial of Service (DoS) with Server Actions | `low` | `generated` | `official` | `2026-02-04T04:36:04.252972Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md) |
-| Next.js authorization bypass vulnerability | `low` | `generated` | `official` | `2025-09-10T21:12:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md) |
-| Denial of Service condition in Next.js image optimization | `low` | `generated` | `official` | `2026-02-04T03:25:43.295558Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md) |
-| Next.js Cache Poisoning | `low` | `generated` | `official` | `2026-02-04T03:45:33.402195Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md) |
-| Next.js Server-Side Request Forgery in Server Actions | `low` | `generated` | `official` | `2026-02-04T03:32:36.434669Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md) |
-| Unexpected server crash in Next.js. | `low` | `generated` | `official` | `2026-03-13T22:00:36.554552Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md) |
-| XSS in Image Optimization API for Next.js | `low` | `generated` | `official` | `2026-03-13T22:00:20.154452Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md) |
-| Open Redirect in Next.js | `low` | `generated` | `official` | `2026-03-13T22:00:08.038285Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md) |
-| Open Redirect in Next.js versions | `low` | `generated` | `official` | `2026-03-13T22:14:13.665535Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md) |
-| Directory Traversal in Next.js | `low` | `generated` | `official` | `2025-09-26T17:49:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md) |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-13T00:43:52.836085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md) |
+| Next.js has Unbounded Memory Consumption via PPR Resume Endpoint  | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-06T13:13:43.709252Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md) |
+| Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-10T01:28:46.973023Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md) |
+| Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:46:38.768104Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md) |
+| Next Server Actions Source Code Exposure  | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:51:40.627151Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md) |
+| Next Vulnerable to Denial of Service with Server Components | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:55:54.855562Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md) |
+| Next.js is vulnerable to RCE in React flight protocol | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:45:15.823345Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md) |
+| Next.js Affected by Cache Key Confusion for Image Optimization API Routes | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:50:08.291668Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md) |
+| Next.js Content Injection Vulnerability for Image Optimization | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:35:34.538107Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md) |
+| Next.js Improper Middleware Redirect Handling Leads to SSRF | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:20:45.658010Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md) |
+| Next.JS vulnerability can lead to DoS via cache poisoning  | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-07-03T21:49:52Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md) |
+| Next.js has a Cache poisoning vulnerability due to omission of the Vary header | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:37:18.974477Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md) |
+| Information exposure in Next.js dev server due to lack of origin verification | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-06-13T14:41:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md) |
+| Next.js Race Condition to Cache Poisoning | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-26T17:48:29Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md) |
+| Next.js may leak x-middleware-subrequest-id to external hosts | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-10-13T15:35:50Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md) |
+| Authorization Bypass in Next.js Middleware | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-04T15:06:29.993197Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md) |
+| Next.js Allows a Denial of Service (DoS) with Server Actions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:36:04.252972Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md) |
+| Next.js authorization bypass vulnerability | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-10T21:12:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md) |
+| Denial of Service condition in Next.js image optimization | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:25:43.295558Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md) |
+| Next.js Cache Poisoning | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:45:33.402195Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md) |
+| Next.js Server-Side Request Forgery in Server Actions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:32:36.434669Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md) |
+| Unexpected server crash in Next.js. | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:36.554552Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md) |
+| XSS in Image Optimization API for Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:20.154452Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md) |
+| Open Redirect in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:08.038285Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md) |
+| Open Redirect in Next.js versions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:14:13.665535Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md) |
+| Directory Traversal in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-26T17:49:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md) |

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:14:13.665535Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-x56p
 
 # Open Redirect in Next.js versions
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2020-15242`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md

@@ -8,6 +8,10 @@ updated_date: "2025-09-26T17:49:56Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7
 
 # Directory Traversal in Next.js
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2020-5284`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:00:08.038285Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-vxf5
 
 # Open Redirect in Next.js
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2021-37699`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:00:20.154452Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-9gr3
 
 # XSS in Image Optimization API for Next.js
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2021-39178`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:00:36.554552Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-25mp
 
 # Unexpected server crash in Next.js.
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2021-43803`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:32:36.434669Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h
 
 # Next.js Server-Side Request Forgery in Server Actions
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2024-34351`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:45:33.402195Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-gp8f
 
 # Next.js Cache Poisoning
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2024-46982`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:25:43.295558Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-g77x
 
 # Denial of Service condition in Next.js image optimization
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2024-47831`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md

@@ -8,6 +8,10 @@ updated_date: "2025-09-10T21:12:24Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc
 
 # Next.js authorization bypass vulnerability
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2024-51479`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:36:04.252972Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -35,6 +39,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-7m27
 
 # Next.js Allows a Denial of Service (DoS) with Server Actions
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2024-56332`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-04T15:06:29.993197Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -37,6 +41,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-f82v
 
 # Authorization Bypass in Next.js Middleware
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2025-29927`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md

@@ -8,6 +8,10 @@ updated_date: "2025-10-13T15:35:50Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -41,6 +45,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-223j
 
 # Next.js may leak x-middleware-subrequest-id to external hosts
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2025-30218`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md

@@ -8,6 +8,10 @@ updated_date: "2025-09-26T17:48:29Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-qpjv
 
 # Next.js Race Condition to Cache Poisoning
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2025-32421`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md

@@ -8,6 +8,10 @@ updated_date: "2025-06-13T14:41:21Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-3h52
 
 # Information exposure in Next.js dev server due to lack of origin verification
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2025-48068`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:37:18.974477Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-r2fc
 
 # Next.js has a Cache poisoning vulnerability due to omission of the Vary header
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2025-49005`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md

@@ -8,6 +8,10 @@ updated_date: "2025-07-03T21:49:52Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-67rr
 
 # Next.JS vulnerability can lead to DoS via cache poisoning 
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2025-49826`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:35:34.538107Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-xv57
 
 # Next.js Content Injection Vulnerability for Image Optimization
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2025-55173`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:50:08.291668Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg
 
 # Next.js Affected by Cache Key Confusion for Image Optimization API Routes
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2025-57752`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:20:45.658010Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-4342
 
 # Next.js Improper Middleware Redirect Handling Leads to SSRF
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2025-57822`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-10T01:28:46.973023Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-9g9p
 
 # Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2025-59471`

07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-06T13:13:43.709252Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-5f7q
 
 # Next.js has Unbounded Memory Consumption via PPR Resume Endpoint 
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--CVE-2025-59472`

07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:46:38.768104Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -48,6 +52,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-5j59
 
 # Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--GHSA-5j59-xgg2-r9c4`

07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:45:15.823345Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -43,6 +47,15 @@ primary_source: "https://github.com/facebook/react/security/advisories/GHSA-fv66
 
 # Next.js is vulnerable to RCE in React flight protocol
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--GHSA-9qr9-h5gf-34mp`

07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-13T00:43:52.836085Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -48,6 +52,15 @@ primary_source: "https://github.com/facebook/react/security/advisories/GHSA-83fc
 
 # Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--GHSA-h25m-26qc-wcjf`

07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:55:54.855562Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -49,6 +53,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-mwv6
 
 # Next Vulnerable to Denial of Service with Server Components
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--GHSA-mwv6-3258-q52c`

07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:51:40.627151Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -47,6 +51,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-w37m
 
 # Next Server Actions Source Code Exposure 
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `nextjs--GHSA-w37m-7fhw-fmv9`

07-framework-security/frameworks/nodejs/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/nuxt/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`
 
 ## 目标约束
 
@@ -26,6 +30,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/rails/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/react/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`
 
 ## 目标约束
 
@@ -26,6 +30,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/spring-boot/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/spring-framework/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/spring-security/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/sveltekit/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/symfony/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/undici/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `14`
 - 近 30 天新增/更新: `7`
 - 重点 Markdown 案例数: `14`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `14`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,19 +29,19 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
-| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
-| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
-| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
-| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
-| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
-| Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) |
-| undici Denial of Service attack via bad certificate data | `low` | `generated` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) |
-| Use of Insufficiently Random Values in undici | `low` | `generated` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) |
-| Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) |
-| Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) |
-| Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) |
-| undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | `low` | `generated` | `official` | `2026-02-04T03:02:08.652391Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md) |
-| ProxyAgent vulnerable to MITM | `low` | `generated` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) |
+| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) |
+| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) |
+| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) |
+| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) |
+| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) |
+| Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) |
+| undici Denial of Service attack via bad certificate data | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) |
+| Use of Insufficiently Random Values in undici | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) |
+| Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) |
+| Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) |
+| Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) |
+| undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:02:08.652391Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md) |
+| ProxyAgent vulnerable to MITM | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) |

07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:02:08.652391Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-
 
 # undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `undici--CVE-2022-31151`

07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:15:23.541247Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -30,6 +34,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-
 
 # ProxyAgent vulnerable to MITM
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `undici--CVE-2022-32210`

07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:35:56.289390Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -31,6 +35,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768-
 
 # Undici's cookie header not cleared on cross-origin redirect in fetch
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `undici--CVE-2023-45143`

07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md

@@ -8,6 +8,10 @@ updated_date: "2025-11-04T19:44:28Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-
 
 # Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `undici--CVE-2024-30260`

07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md

@@ -8,6 +8,10 @@ updated_date: "2025-11-04T19:44:42Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-
 
 # Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `undici--CVE-2024-30261`

07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:29:26.373390Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-
 
 # Use of Insufficiently Random Values in undici
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `undici--CVE-2025-22150`

07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-06T22:08:08.311705Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-
 
 # undici Denial of Service attack via bad certificate data
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `undici--CVE-2025-47279`

07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-14T09:19:54.772219Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-
 
 # Undici has an HTTP Request/Response Smuggling issue
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `undici--CVE-2026-1525`

07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.563997Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-
 
 # Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `undici--CVE-2026-1526`

07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.572106Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-4992-
 
 # Undici has CRLF Injection in undici via `upgrade` option
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `undici--CVE-2026-1527`

07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-14T09:17:45.838435Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-f269-
 
 # Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `undici--CVE-2026-1528`

07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:56:17.456091Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-
 
 # Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `undici--CVE-2026-22036`

07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:26.149214Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-
 
 # Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `undici--CVE-2026-2229`

07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.417862Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -30,6 +34,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-
 
 # Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `undici--CVE-2026-2581`

07-framework-security/frameworks/vite/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `12`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `12`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `12`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`
 
 ## 目标约束
 
@@ -26,17 +30,17 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| vite allows server.fs.deny bypass via backslash on Windows | `medium` | `generated` | `official` | `2026-02-04T04:13:38.886554Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md) |
-| Vite middleware may serve files starting with the same name with the public directory | `medium` | `generated` | `official` | `2026-02-04T04:33:22.508417Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md) |
-| Vite's `server.fs` settings were not applied to HTML files | `medium` | `generated` | `official` | `2026-02-04T04:35:16.287471Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md) |
-| Vite's server.fs.deny bypassed with /. for files under project root | `medium` | `generated` | `official` | `2026-02-04T03:27:17.681639Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md) |
-| Vite has an `server.fs.deny` bypass with an invalid `request-target` | `medium` | `generated` | `official` | `2026-02-04T04:11:44.900383Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md) |
-| Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) |
-| Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) |
-| Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) |
-| Websites were able to send any requests to the development server and read the response in vite | `low` | `generated` | `official` | `2026-02-04T04:37:03.076966Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md) |
-| Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `low` | `generated` | `official` | `2026-02-04T04:04:22.977459Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md) |
-| Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) |
-| Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | `low` | `generated` | `official` | `2026-02-04T04:17:01.410592Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md) |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| vite allows server.fs.deny bypass via backslash on Windows | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:13:38.886554Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md) |
+| Vite middleware may serve files starting with the same name with the public directory | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:33:22.508417Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md) |
+| Vite's `server.fs` settings were not applied to HTML files | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:35:16.287471Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md) |
+| Vite's server.fs.deny bypassed with /. for files under project root | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:27:17.681639Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md) |
+| Vite has an `server.fs.deny` bypass with an invalid `request-target` | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:11:44.900383Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md) |
+| Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) |
+| Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) |
+| Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) |
+| Websites were able to send any requests to the development server and read the response in vite | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:37:03.076966Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md) |
+| Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:04:22.977459Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md) |
+| Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) |
+| Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:17:01.410592Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md) |

07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:17:01.410592Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -37,6 +41,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8r
 
 # Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `vite--CVE-2024-23331`

07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:05:31.919291Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -41,6 +45,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-28
 
 # Vite's `server.fs.deny` is bypassed when using `?import&raw`
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `vite--CVE-2024-45811`

07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:04:22.977459Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -43,6 +47,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g4
 
 # Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `vite--CVE-2024-45812`

07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:37:03.076966Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -38,6 +42,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rc
 
 # Websites were able to send any requests to the development server and read the response in vite
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `vite--CVE-2025-24010`

07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:13:24.371631Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -39,6 +43,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-x574-m8
 
 # Vite bypasses server.fs.deny when using ?raw??
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `vite--CVE-2025-30208`

07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:37:24.129476Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -39,6 +43,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw
 
 # Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `vite--CVE-2025-31125`

07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:51:38.412061Z"
 severity: "low"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -40,6 +44,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq
 
 # Vite allows server.fs.deny to be bypassed with .svg or relative paths
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `vite--CVE-2025-31486`

07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:11:44.900383Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -39,6 +43,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-356w-63
 
 # Vite has an `server.fs.deny` bypass with an invalid `request-target`
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `vite--CVE-2025-32395`

07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:27:17.681639Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -39,6 +43,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-859w-59
 
 # Vite's server.fs.deny bypassed with /. for files under project root
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `vite--CVE-2025-46565`

07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:33:22.508417Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -37,6 +41,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2
 
 # Vite middleware may serve files starting with the same name with the public directory
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `vite--CVE-2025-58751`

07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:35:16.287471Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -38,6 +42,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq
 
 # Vite's `server.fs` settings were not applied to HTML files
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `vite--CVE-2025-58752`

07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md

@@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:13:38.886554Z"
 severity: "medium"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -40,6 +44,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-93m4-66
 
 # vite allows server.fs.deny bypass via backslash on Windows
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `vite--CVE-2025-62522`

07-framework-security/frameworks/vue/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:45+00:00`
 
 ## 目标约束
 
@@ -26,6 +30,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/webpack/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/frameworks/werkzeug/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |