hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 103 个文件 - 2026-03-18 19:24:37

浏览代码
这个提交包含在:
hao
2026-03-18 19:24:37 -07:00
父节点 8e13fcfbe0
当前提交 9b0d72b112
修改 103 个文件,包含 8985 行新增1381 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

39
07-framework-security/cms/directus/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `directus`
- 分类: `cms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `29`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `29`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,35 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Open redirect in SAML | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| directus | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Improper Permission Handling on Deleted Fields in Directus | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Conceal fields are searchable if read permissions enabled | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Information Leakage: Existing Collections | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| User Enumeration via Password Reset Timing Attack | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
344 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
46 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Store XSS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Missing permission checks for manual trigger Flows | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
40 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| directus | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unauthenticated file upload and file modification due to lacking input sanitization | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| S3 assets become unavailable after a burst of malformed transformations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Directus version number disclosure | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

37
07-framework-security/cms/discourse/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `discourse`
- 分类: `cms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `30`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `30`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -34,4 +34,33 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| 3.5.0.beta5: Improved admin search, AI forum research, easier site appearance configuration, and simpler plugin development | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 28 May 2025 05:22:52 +0000` | - |
| 3.4.4: Bug fix and UX release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 28 May 2025 05:22:48 +0000` | - |
| January 2026 Releases | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 28 Jan 2026 17:35:34 +0000` | - |
| Release v2025.11.0: AI translations improvements, chat search, new review queue, and improvements for posts with images | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 26 Nov 2025 11:02:53 +0000` | - |
| 3.4.2: Security and bug fix release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 26 Mar 2025 02:46:36 +0000` | - |
| 3.5.0.beta2: Review Queue, Welcome Banner, Admin Interface, and more | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 26 Mar 2025 02:46:32 +0000` | - |
| 3.4.6: Security fix release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 25 Jun 2025 03:38:49 +0000` | - |
| 3.5.0.beta7: Smart link editing, better invite tracking, unique icons, and fixing name management | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 25 Jun 2025 03:38:45 +0000` | - |
| 3.4.0.beta4: Redesigned emojis, exporting user data, flagging illegal content and more | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 05 Feb 2025 14:26:56 +0000` | - |
| 3.3.4: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 05 Feb 2025 14:26:22 +0000` | - |
| 3.5.1: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Sep 2025 02:59:22 +0000` | - |
| 3.6.0.beta1: Color palette editing, user fields on sign up, themeable site setting discovery, images with Google AI, and reliable drafts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Sep 2025 02:59:19 +0000` | - |
| Release v3.5.3: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Dec 2025 15:07:18 +0000` | - |
| Release v2025.11.1: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Dec 2025 15:07:04 +0000` | - |
| Release v2025.12.0: Discourse Rewind, new review queue and UI to create tags, Chat channel customisation, and live PR statuses | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 30 Dec 2025 15:06:45 +0000` | - |
| 3.4.7: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 29 Jul 2025 03:46:36 +0000` | - |
| 3.5.0.beta8: Bundled plugins, a new theme, better color management, powerful filtering, and advanced image controls | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 29 Jul 2025 03:46:34 +0000` | - |
| 3.4.3: Bug fix and UX release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 29 Apr 2025 04:43:02 +0000` | - |
| 3.5.0beta3: Full admin search, better font selection, more robust site search, category personalization, and easier configuration management | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 29 Apr 2025 04:43:00 +0000` | - |
| 3.5.2: Security and maintenance release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 28 Oct 2025 07:33:40 +0000` | - |
| 3.6.0.beta2: Built-in palette editing, live AI translation progress, and better wiki tracking | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 28 Oct 2025 07:33:37 +0000` | - |
| 3.5.0: Major release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 19 Aug 2025 08:07:12 +0000` | - |
| 3.5.0.beta9: Improving color management, core welcome banner, and staff action log filters | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 19 Aug 2025 08:07:02 +0000` | - |
| 3.4.0: Major Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 04 Feb 2025 17:07:48 +0000` | - |
| 3.4.0.beta3: Check for updates on What’s New page, filter by user in the review queue, threading in Chat DMs and group chats, and more | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 19 Dec 2024 16:53:54 +0000` | - |
| 3.4.1: Bug fix and UX release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 24 Feb 2025 05:42:05 +0000` | - |
| 3.5.0.beta1: Dark/light mode selector, better flagging info, and encouraging more valuable conversations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 24 Feb 2025 05:42:02 +0000` | - |
| 3.5.0.beta6 Security fixes release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 09 Jun 2025 05:30:17 +0000` | - |
| 3.4.5 Security fixes release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 09 Jun 2025 03:57:43 +0000` | - |
| 3.5.0.beta4 Security fix release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 05 May 2025 17:04:14 +0000` | - |

80
07-framework-security/cms/drupal/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `drupal`
- 分类: `cms`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `70`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `70`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -26,11 +26,79 @@
- `official` [Drupal Security Advisories RSS](https://www.drupal.org/security/rss.xml) (mode=core)
- `official` [NVD Drupal](https://nvd.nist.gov/vuln/search) (keyword=Drupal; mode=core)
- `ecosystem-authority` [Drupal Security Advisories Site](https://www.drupal.org/security) (mode=module)
- `ecosystem-authority` [GHSA Drupal Core](https://github.com/advisories) (ecosystem=composer; mode=core)
- `ecosystem-authority` [OSV Drupal](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Drupal core - Critical - Cache poisoning - SA-CORE-2023-006 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Sep 2023 16:23:05 +0000` | - |
| Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:29:59 +0000` | - |
| Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:27:28 +0000` | - |
| Drupal core - Less critical - Gadget chain - SA-CORE-2024-006 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:25:47 +0000` | - |
| Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:24:02 +0000` | - |
| Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:21:58 +0000` | - |
| Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 20 Nov 2024 17:20:16 +0000` | - |
| Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 19 Mar 2025 18:54:35 +0000` | - |
| Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 19 Feb 2025 17:03:28 +0000` | - |
| Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 19 Feb 2025 16:58:10 +0000` | - |
| Drupal core - Critical - Cross site scripting - SA-CORE-2025-001 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 19 Feb 2025 16:49:28 +0000` | - |
| Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 19 Apr 2023 17:06:18 +0000` | - |
| Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 17 Jan 2024 17:04:39 +0000` | - |
| Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 16 Oct 2024 16:27:27 +0000` | - |
| Drupal core - Moderately critical - Access bypass - SA-CORE-2023-004 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 15 Mar 2023 16:26:24 +0000` | - |
| Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-003 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 15 Mar 2023 16:24:29 +0000` | - |
| Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 12 Nov 2025 20:16:22 +0000` | - |
| Drupal core - Moderately critical - Defacement - SA-CORE-2025-007 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 12 Nov 2025 20:16:21 +0000` | - |
| Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 12 Nov 2025 18:34:02 +0000` | - |
| Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 12 Nov 2025 18:33:05 +0000` | - |
| CVE-2007-0505 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0506 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0136 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0124 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6646 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6647 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6528 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6529 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6530 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6531 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6386 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5608 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5475 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5476 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5477 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-4947 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4949 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4821 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4717 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4646 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4355 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4356 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4360 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4120 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4107 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4108 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4109 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4002 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3570 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3473 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2831 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2832 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2833 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2742 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2743 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2260 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1225 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1226 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1227 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1228 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0070 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3973 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3974 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3975 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2498 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1921 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2106 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1871 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-0682 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2002-1806 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |

34
07-framework-security/cms/ghost/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `ghost`
- 分类: `cms`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `23`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `23`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -26,9 +26,35 @@
- `official` [Ghost GitHub Advisories](https://github.com/TryGhost/Ghost/security/advisories) (mode=core)
- `official` [NVD Ghost](https://nvd.nist.gov/vuln/search) (keyword=Ghost CMS; mode=core)
- `ecosystem-authority` [OSV Ghost](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Issues
63 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Incomplete CSRF protections around OTC use | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SQL Injection in Members Activity Feed | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SQL injection in Content API | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| TryGhost | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SSRF via External Media Inliner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
307 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Improper authentication allows access to member information and actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Staff 2FA bypass | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| XSS via malicious Portal preview links | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Staff Token permission bypass | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Ghost | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
18 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Remote Code Execution via Malicious Themes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SSRF via oEmbed Bookmark | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

108
07-framework-security/cms/joomla/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `joomla`
- 分类: `cms`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `100`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `100`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -26,9 +26,109 @@
- `official` [Joomla Security Centre](https://developer.joomla.org/security-centre.html) (mode=core)
- `official` [NVD Joomla](https://nvd.nist.gov/vuln/search) (keyword=Joomla; mode=core)
- `ecosystem-authority` [OSV Joomla](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2006-4553 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4556 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4466 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4468 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4469 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4470 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4471 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4472 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4473 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4474 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4475 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4476 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4378 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4348 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4320 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4282 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4263 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4269 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4242 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4229 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4129 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4130 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4074 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3990 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3995 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3969 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3970 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3773 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3774 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3750 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3530 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3480 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3481 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2960 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2815 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1956 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1957 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1047 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1048 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1049 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1027 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1028 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1029 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1030 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0303 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0114 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-4650 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3771 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3772 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3773 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| API Documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Joomla! Framework | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [20260101] - Core - Inadequate content filtering for data URLs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Joomla Home | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Tracker | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Project Roadmap | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Developer Network | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [20260102] - Core - XSS vectors in the pagebreak and pagenavigation plugins | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [20250902] - Core - User-Enumeration in passkey authentication method | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Developer Network™ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Forum | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| What is Joomla? | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sponsor | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Community Portal | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| User Groups | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contribute | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Framework | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| News | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CMS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| The Joomla Foundation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [20250901] - Core - Inadequate content filtering within the checkAttribute filter code | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Trademark & Licensing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Site Showcase | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Languages | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Benefits & Features | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Service Providers Directory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Announcements | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [20250401] - Framework - SQL injection vulnerability in quoteNameStr method of Database package | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issue Tracker | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Partner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Downloads | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| GitHub | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Project & Leadership | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Extensions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security Centre | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| RSS reader. | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Certification | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Blogs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Shop | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Get a domain | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Volunteers Portal | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Magazine | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Vulnerable Extensions List | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Download | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Get a free site | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Training | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Joomla! Security Centre | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

78
07-framework-security/cms/mediawiki/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `mediawiki`
- 分类: `cms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `70`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `70`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -27,9 +27,79 @@
- `official` [MediaWiki Security Releases](https://www.mediawiki.org/wiki/Security) (mode=core)
- `official` [MediaWiki Announce RSS](https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/feed/) (mode=core)
- `official` [NVD MediaWiki](https://nvd.nist.gov/vuln/search) (keyword=MediaWiki; mode=core)
- `ecosystem-authority` [OSV MediaWiki](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.14/1.43.4/1.44.1) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 22 Oct 2025 21:44:43 +0000` | - |
| [MediaWiki-announce] Security and maintenance release: 1.39.16 / 1.43.6 / 1.44.3 / 1.45.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 10 Dec 2025 22:22:38 +0000` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.13/1.42.7/1.43.2) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 09 Jul 2025 16:53:41 +0000` | - |
| [MediaWiki-announce] Security pre-release announcement: 1.39.12 / 1.42.6 / 1.43.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 09 Apr 2025 20:57:04 +0000` | - |
| [MediaWiki-announce] Re: MediaWiki 1.44-beta has been branched | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 07 May 2025 07:47:35 +0000` | - |
| [MediaWiki-announce] Announcing MediaWiki 1.44.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 02 Jul 2025 21:30:40 +0000` | - |
| [MediaWiki-announce] Security pre-release announcement: 1.39.14 / 1.43.4 / 1.44.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Wed, 01 Oct 2025 20:33:01 +0000` | - |
| [MediaWiki-announce] Maintenance release: MediaWiki 1.39.17 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 16 Dec 2025 18:21:00 +0000` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.11/1.41.5/1.42.4) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 14 Jan 2025 19:41:18 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.45-alpha will be branched as a beta on 28-10-2025 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 07 Oct 2025 15:18:36 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.44-beta has been branched | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 06 May 2025 19:13:18 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.45-beta has been branched | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 04 Nov 2025 13:27:41 +0000` | - |
| [MediaWiki-announce] Maintenance release: MediaWiki 1.43.3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Tue, 01 Jul 2025 15:18:58 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.45.0-rc.0 is ready for testing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 20 Nov 2025 13:30:34 +0000` | - |
| [MediaWiki-announce] Security and maintenance release: 1.39.12 / 1.42.6 / 1.43.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 10 Apr 2025 16:23:30 +0000` | - |
| [MediaWiki-announce] Security and maintenance release: 1.39.14 / 1.43.4 / 1.44.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Thu, 02 Oct 2025 17:37:08 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.41 is End of Life | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Sat, 21 Dec 2024 10:46:44 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.42 is End of Life | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 30 Jun 2025 23:15:16 +0000` | - |
| [MediaWiki-announce] Security and maintenance release: 1.39.13 / 1.42.7 / 1.43.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 30 Jun 2025 18:02:30 +0000` | - |
| [MediaWiki-announce] MediaWiki 1.39 is End of Life | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 29 Dec 2025 20:36:35 +0000` | - |
| [MediaWiki-announce] Security pre-release announcement: 1.39.16 / 1.43.6 / 1.44.3 / 1.45.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 08 Dec 2025 23:43:45 +0000` | - |
| [MediaWiki-announce] Announcing MediaWiki 1.45.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 08 Dec 2025 17:01:47 +0000` | - |
| [MediaWiki-announce] Maintenance release: MediaWiki 1.42.5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Mon, 03 Feb 2025 17:39:30 +0000` | - |
| [MediaWiki-announce] Security pre-release announcement: 1.39.13 / 1.42.7 / 1.43.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 27 Jun 2025 22:25:47 +0000` | - |
| [MediaWiki-announce] Maintenance release: MediaWiki 1.39.11, 1.41.5 and 1.42.4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 20 Dec 2024 17:57:58 +0000` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.12/1.42.6/1.43.1) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 11 Apr 2025 20:47:11 +0000` | - |
| [MediaWiki-announce] Re: The Recent MediaWiki Extensions and Skins Security Release Supplement | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 11 Apr 2025 20:34:58 +0000` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.9/1.41.3/1.42.2) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 11 Apr 2025 16:56:23 +0000` | - |
| [MediaWiki-announce] MediaWiki Extensions and Skins Security Release Supplement (1.39.16/1.43.6/1.44.3/1.45.1) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 09 Jan 2026 17:54:29 +0000` | - |
| [MediaWiki-announce] Security and maintenance release: 1.39.15 / 1.43.5 / 1.44.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `Fri, 03 Oct 2025 18:45:04 +0000` | - |
| CVE-2010-1190 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2010-1189 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2009-4589 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2009-0737 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5688 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5687 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5252 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5250 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5249 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-4408 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-1318 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-0460 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-4883 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-4828 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1054 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1055 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0894 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0788 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0177 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-2895 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2611 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1498 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0322 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-4501 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-4031 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3165 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3166 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3167 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2396 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2215 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1888 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-0534 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-0536 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1245 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-0535 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1405 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2152 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2185 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2186 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2187 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |

48
07-framework-security/cms/moodle/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `moodle`
- 分类: `cms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `40`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `40`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -26,9 +26,49 @@
- `official` [Moodle Security News](https://moodle.org/security/) (mode=core)
- `official` [NVD Moodle](https://nvd.nist.gov/vuln/search) (keyword=Moodle; mode=core)
- `ecosystem-authority` [OSV Moodle](https://osv.dev/) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2008-3325 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-1502 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-0123 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-6538 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-3555 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1647 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1429 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-7048 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6625 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6626 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5219 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-4935 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4936 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4937 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4938 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4939 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4940 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4941 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4942 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4943 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4784 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4785 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4786 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3951 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0146 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0147 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3648 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3649 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2247 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1424 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1425 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2232 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2233 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2234 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2235 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2236 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-2237 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1711 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-0725 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1978 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |

37
07-framework-security/cms/strapi/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `strapi`
- 分类: `cms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `26`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `26`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -31,4 +31,33 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
16 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
214 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unauthorized Access to Private Fields via parms.lookup | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Weak Password Length Validation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Server - Side Request Forgery in Webhook function | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Leaking data via relations via the Admin Panel | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3rd party token leak and authentication bypass | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Denial-of-Service via Improper Exception Handling | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
71.6k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unauthorized Access to Private Fields in User Registration API | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
573 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Leaking sensitive user information, user reset password, tokens via content-manager views | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Field level permissions not being respected in relationship title | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| strapi | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CORS Misconfiguration Leads to Sensitive Data Exposure | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| strapi | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

149
07-framework-security/cms/wordpress/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `wordpress`
- 分类: `cms`
- 覆盖策略: `history-full`
- 总案例数: `0`
- 总案例数: `140`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
- 待人工/缺浏览器证据: `140`
- 最近渲染时间: `2026-03-19T02:23:04+00:00`
## 目标约束
@@ -24,7 +24,7 @@
## 来源
- `official` [WordPress Security News](https://wordpress.org/news/category/security/) (mode=core)
- `official` [WordPress Security News RSS](https://wordpress.org/news/category/security/feed/) (mode=core)
- `official` [NVD WordPress](https://nvd.nist.gov/vuln/search) (keyword=WordPress; mode=core)
- `ecosystem-authority` [Wordfence Vulnerability Database](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/) (mode=plugin)
- `ecosystem-authority` [Patchstack Database](https://patchstack.com/database/) (mode=plugin)
@@ -35,4 +35,143 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2007-1893 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1894 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1732 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1622 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1599 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1409 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1277 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1244 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1230 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-1049 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0539 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0540 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0541 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0262 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0233 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0106 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0107 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2007-0109 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6863 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6808 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6016 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-6017 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-5705 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2006-4743 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4208 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-4028 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3389 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-3390 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2702 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-2667 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1796 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1263 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-1012 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0985 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0986 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2006-0733 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-4463 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-3330 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2612 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1921 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2107 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2108 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2109 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-2110 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1810 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1687 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1688 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2005-1102 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1559 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| CVE-2004-1584 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-03T01:03:51.193` | - |
| Interviews | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Forums | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Swag Store ↗ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Booster for WooCommerce < 7.11.3 Broken Access Control vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Blocks | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Wicked Folders <= 4.1.0 Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Features | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Manage subscriptions | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Performance | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| How to Install WPScan | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Stats WordPress stats | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Modern Events Calendar <= 7.29.0 Broken Access Control vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Gutenberg ↗ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Showcase | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WordPress.org | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Education | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Education | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Subscriptions for WooCommerce <= 1.9.2 Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Submit vulnerabilities | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| CLI scanner | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Patterns | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Design | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Developers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Writeprint Stylometry <= 0.1 Reflected Cross-Site Scripting via 'p' Parameter vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Hosting | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CLI Scanner | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| General | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WowStore <= 4.4.3 WordPress WowStore - Store Builder & Product Blocks for WooCommerce plugin <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Disclosure policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Five for the Future | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Features | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Unpatched Vulnerability in TI WooCommerce Wishlist Plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Jannah <= 7.6.3 Local File Inclusion vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Month in WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report this content | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Contextual Related Posts < 4.2.2 Broken Access Control vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Log in now. | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Awards | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| All Posts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| News | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Enterprise | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WordPress.tv ↗ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| News | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CR]Paid Link Manager <= 0.5 Reflected Cross-Site Scripting vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WP User Frontend <= 4.2.8 Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Duplicate Post <= 4.5 Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Pricing | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Object Injection vulnerability fixed in SEOPress 7.9 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Unauthorized Plugin Installation/Activation in Hunk Companion | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| View site in Reader | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Unauthenticated Privilege Escalation in Profile-Builder plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| New Malware Campaign Targets WP-Automatic Plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Plugins | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| NEX-Forms <= 9.1.9 WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Make WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Photo Directory | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| NEX-Forms <= 9.1.9 WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Job Board ↗ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Thim Elementor Kit <= 1.3.7 Missing Authorization to Unauthenticated Private Course Disclosure vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Plugins | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Meta | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Development | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Our Stats | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Managed VDP New | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Community | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Vulnerability statistics | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Whitepaper 2026 New | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Get WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WP EasyPay <= 4.2.11 Broken Access Control vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Master Addons for Elementor <= 2.1.3 Cross Site Scripting (XSS) vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WP Go Maps <= 10.0.05 Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WordPress plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Themes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Software vendors | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Enterprise Features | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| LearnPress &#8211; Sepay Payment <= 4.0.0 Broken Authentication vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| The 10 Best Vulnerability Scanners for Effective Web Security | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Flexmls® IDX <= 3.15.9 Reflected Cross Site Scripting (XSS) vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Learn WordPress | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Royal Elementor Addons <= 1.7.1049 WordPress Royal Addons for Elementor - Addons and Templates Kit for Elementor plugin <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |