更新: 359 个文件 - 2026-03-16 23:30:01

07-framework-security/platforms/adminer/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -24,6 +28,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/platforms/gitea/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `37`
 - 近 30 天新增/更新: `37`
 - 重点 Markdown 案例数: `37`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `37`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,42 +29,42 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:54.518308Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-0798.md) |
-| Gitea has improper access control for uploaded attachments in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:53.977351Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20736.md) |
-| Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:57.697708Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20750.md) |
-| Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:54.012782Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20800.md) |
-| Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:54.692700Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20883.md) |
-| Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:56.025932Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20888.md) |
-| Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:55.339967Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20897.md) |
-| Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:54.244003Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20904.md) |
-| Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:55.747880Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md) |
-| Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:49.801641Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md) |
-| Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:49.095775Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md) |
-| Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:48.777563Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md) |
-| Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:50.087298Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md) |
-| Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:50.339953Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md) |
-| Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:49.781753Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md) |
-| Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:49.213758Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68943.md) |
-| Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:50.526913Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68944.md) |
-| Gitea: anonymous user can visit private user's project in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:51.457970Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68945.md) |
-| Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:50.473303Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68946.md) |
-| Gitea vulnerable to Argument Injection in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:52:41.181693Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-42968.md) |
-| Improper Privilege Management in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:52:33.136607Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45330.md) |
-| Gitea Remote Code Execution (RCE) in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:52:20.787387Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md) |
-| Denial of Service in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:52:17.939867Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md) |
-| Cross-site Scripting in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:52:18.307544Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md) |
-| Gitea Missing Authorization vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:50:45.472605Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-0905.md) |
-| Stored Cross-site Scripting in gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:50:45.577318Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1928.md) |
-| Arbitrary file deletion in gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:50:19.647131Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-27313.md) |
-| Shell command injection in gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:50:23.949796Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-30781.md) |
-| Path Traversal in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:50:06.638863Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-29134.md) |
-| Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:52:07.604662Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45331.md) |
-| Capture-replay in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:52:07.840324Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45327.md) |
-| Gitea erroneous repo clones in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:54:07.076900Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38795.md) |
-| Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:54:04.686907Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md) |
-| Gitea XSS Vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:53:57.848904Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md) |
-| Gitea allowed assignment of private issues in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:55:04.505871Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38183.md) |
-| Buffer Overflow in gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:55:15.307648Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-3382.md) |
-| Gitea Open Redirect in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:51:49.844240Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1058.md) |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:54.518308Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-0798.md) |
+| Gitea has improper access control for uploaded attachments in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:53.977351Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20736.md) |
+| Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:57.697708Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20750.md) |
+| Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:54.012782Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20800.md) |
+| Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:54.692700Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20883.md) |
+| Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:56.025932Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20888.md) |
+| Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:55.339967Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20897.md) |
+| Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:54.244003Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20904.md) |
+| Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:55.747880Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md) |
+| Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.801641Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md) |
+| Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.095775Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md) |
+| Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:48.777563Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md) |
+| Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:50.087298Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md) |
+| Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:50.339953Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md) |
+| Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.781753Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md) |
+| Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.213758Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68943.md) |
+| Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:50.526913Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68944.md) |
+| Gitea: anonymous user can visit private user's project in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:51.457970Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68945.md) |
+| Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:50.473303Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68946.md) |
+| Gitea vulnerable to Argument Injection in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:41.181693Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-42968.md) |
+| Improper Privilege Management in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:33.136607Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45330.md) |
+| Gitea Remote Code Execution (RCE) in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:20.787387Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md) |
+| Denial of Service in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:17.939867Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md) |
+| Cross-site Scripting in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:18.307544Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md) |
+| Gitea Missing Authorization vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:50:45.472605Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-0905.md) |
+| Stored Cross-site Scripting in gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:50:45.577318Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1928.md) |
+| Arbitrary file deletion in gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:50:19.647131Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-27313.md) |
+| Shell command injection in gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:50:23.949796Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-30781.md) |
+| Path Traversal in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:50:06.638863Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-29134.md) |
+| Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:07.604662Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45331.md) |
+| Capture-replay in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:07.840324Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45327.md) |
+| Gitea erroneous repo clones in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:54:07.076900Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38795.md) |
+| Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:54:04.686907Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md) |
+| Gitea XSS Vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:53:57.848904Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md) |
+| Gitea allowed assignment of private issues in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:55:04.505871Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38183.md) |
+| Buffer Overflow in gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:55:15.307648Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-3382.md) |
+| Gitea Open Redirect in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:51:49.844240Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1058.md) |

07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:54:04.686907Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -35,6 +39,15 @@ primary_source: "https://github.com/advisories/GHSA-fg3x-rwq9-74cw"
 
 # Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2018-15192`

07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:20.787387Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/advisories/GHSA-hf6f-jq25-8gq9"
 
 # Gitea Remote Code Execution (RCE) in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2018-18926`

07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:53:57.848904Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-5rh7-6gfj-mc87"
 
 # Gitea XSS Vulnerability in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2019-1010261`

07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:17.939867Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-g2qx-6ghw-67hm"
 
 # Denial of Service in Gitea in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2020-13246`

07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:18.307544Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-g95p-88p4-76cm"
 
 # Cross-site Scripting in Gitea in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2021-28378`

07-framework-security/platforms/gitea/cases/gitea-cve-2021-29134.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:50:06.638863Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-h3q4-vmw4-cpr5"
 
 # Path Traversal in Gitea in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2021-29134`

07-framework-security/platforms/gitea/cases/gitea-cve-2021-3382.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:55:15.307648Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-9f8c-pfvv-p4gm"
 
 # Buffer Overflow in gitea in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2021-3382`

07-framework-security/platforms/gitea/cases/gitea-cve-2021-45327.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:07.840324Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-jrpg-35hw-m4p9"
 
 # Capture-replay in Gitea in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2021-45327`

07-framework-security/platforms/gitea/cases/gitea-cve-2021-45330.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:33.136607Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-pg38-r834-g45j"
 
 # Improper Privilege Management in Gitea in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2021-45330`

07-framework-security/platforms/gitea/cases/gitea-cve-2021-45331.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:07.604662Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-hfmf-q69j-6m5p"
 
 # Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2021-45331`

07-framework-security/platforms/gitea/cases/gitea-cve-2022-0905.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:50:45.472605Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-jr9c-h74f-2v28"
 
 # Gitea Missing Authorization vulnerability in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2022-0905`

07-framework-security/platforms/gitea/cases/gitea-cve-2022-1058.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:51:49.844240Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-4rqq-rxvc-v2rc"
 
 # Gitea Open Redirect in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2022-1058`

07-framework-security/platforms/gitea/cases/gitea-cve-2022-1928.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:50:45.577318Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-ph3w-2843-72mx"
 
 # Stored Cross-site Scripting in gitea in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2022-1928`

07-framework-security/platforms/gitea/cases/gitea-cve-2022-27313.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:50:19.647131Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-g7p7-x6w7-w6qg"
 
 # Arbitrary file deletion in gitea in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2022-27313`

07-framework-security/platforms/gitea/cases/gitea-cve-2022-30781.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:50:23.949796Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-p5f9-c9j9-g8qx"
 
 # Shell command injection in gitea in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2022-30781`

07-framework-security/platforms/gitea/cases/gitea-cve-2022-38183.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:55:04.505871Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-fhv8-m4j4-cww2"
 
 # Gitea allowed assignment of private issues in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2022-38183`

07-framework-security/platforms/gitea/cases/gitea-cve-2022-38795.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:54:07.076900Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-8j3v-68w3-3848"
 
 # Gitea erroneous repo clones in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2022-38795`

07-framework-security/platforms/gitea/cases/gitea-cve-2022-42968.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:41.181693Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-w8xw-7crf-h23x"
 
 # Gitea vulnerable to Argument Injection in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2022-42968`

07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:49.095775Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-cm54-pfmc-xrwx"
 
 # Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2025-68938`

07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:48.777563Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-263q-5cv3-xq9g"
 
 # Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2025-68939`

07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:50.087298Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-rrcw-5rjv-vj26"
 
 # Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2025-68940`

07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:50.339953Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-xfq3-qj7j-4565"
 
 # Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2025-68941`

07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:49.781753Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-898p-hh3p-hf9r"
 
 # Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2025-68942`

07-framework-security/platforms/gitea/cases/gitea-cve-2025-68943.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:49.213758Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-jhx5-4vr4-f327"
 
 # Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2025-68943`

07-framework-security/platforms/gitea/cases/gitea-cve-2025-68944.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:50.526913Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-f85h-c7m6-cfpm"
 
 # Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2025-68944`

07-framework-security/platforms/gitea/cases/gitea-cve-2025-68945.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:51.457970Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-7xq4-mwcp-q8fx"
 
 # Gitea: anonymous user can visit private user's project in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2025-68945`

07-framework-security/platforms/gitea/cases/gitea-cve-2025-68946.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:50.473303Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-hq57-c72x-4774"
 
 # Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2025-68946`

07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:49.801641Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-pc73-rj2c-wvf9"
 
 # Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2025-69413`

07-framework-security/platforms/gitea/cases/gitea-cve-2026-0798.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:54.518308Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-8fwc-qjw5-rvgp"
 
 # Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2026-0798`

07-framework-security/platforms/gitea/cases/gitea-cve-2026-20736.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:53.977351Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -35,6 +39,15 @@ primary_source: "https://github.com/advisories/GHSA-hgr3-x44x-33hx"
 
 # Gitea has improper access control for uploaded attachments in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2026-20736`

07-framework-security/platforms/gitea/cases/gitea-cve-2026-20750.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:57.697708Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-rw22-5hhq-pfpf"
 
 # Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2026-20750`

07-framework-security/platforms/gitea/cases/gitea-cve-2026-20800.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:54.012782Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-2vgv-hgv4-22mh"
 
 # Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2026-20800`

07-framework-security/platforms/gitea/cases/gitea-cve-2026-20883.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:54.692700Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-j8xr-c56q-m8jj"
 
 # Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2026-20883`

07-framework-security/platforms/gitea/cases/gitea-cve-2026-20888.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:56.025932Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-9cgq-wp42-4rpq"
 
 # Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2026-20888`

07-framework-security/platforms/gitea/cases/gitea-cve-2026-20897.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:55.339967Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-393c-qgvj-3xph"
 
 # Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2026-20897`

07-framework-security/platforms/gitea/cases/gitea-cve-2026-20904.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:54.244003Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-qqgv-v353-cv8p"
 
 # Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2026-20904`

07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md

@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:55.747880Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
   - "lab-local"
   - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-4xx9-vc8v-87hv"
 
 # Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea
 
+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层
 
 - Canonical ID: `gitea--CVE-2026-20912`

07-framework-security/platforms/gitlab-ce/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -26,6 +30,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/platforms/grafana/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/platforms/jenkins/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/platforms/kibana/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/platforms/mattermost/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/platforms/phpmyadmin/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

07-framework-security/platforms/redmine/INDEX.md

@@ -8,7 +8,11 @@
 - 总案例数: `0`
 - 近 30 天新增/更新: `0`
 - 重点 Markdown 案例数: `0`
-- 最近渲染时间: `2026-03-17T04:37:52+00:00`
+- 已实证(真实版本): `0`
+- 已实证(synthetic): `0`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `0`
+- 最近渲染时间: `2026-03-17T06:28:46+00:00`
 
 ## 目标约束
 
@@ -25,6 +29,6 @@
 
 ## 案例列表
 
-| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |
-|------|--------|------|------------|----------|--------|
-| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |
+| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
+|------|--------|----------|----------|----------|------------|----------|--------|
+| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |