[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-85979":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":15,"stars7d":15,"stars30d":15,"stars90d":15,"forks30d":15,"starsTrendScore":15,"compositeScore":16,"rankGlobal":10,"rankLanguage":10,"license":17,"archived":18,"fork":18,"defaultBranch":19,"hasWiki":20,"hasPages":18,"topics":21,"createdAt":10,"pushedAt":10,"updatedAt":36,"readmeContent":37,"aiSummary":10,"trendingCount":15,"starSnapshotCount":15,"syncStatus":38,"lastSyncTime":39,"discoverSource":40},85979,"AutoCVE","larlarua\u002FAutoCVE","larlarua","Agent-driven automated CVE discovery platform for source code auditing, vulnerability verification, and report generation.","",null,"Python",109,4,1,0,36.9,"GNU Affero General Public License v3.0",false,"main",true,[22,23,24,25,26,27,28,29,30,31,32,33,34,35],"agent","ai-security","code-audit","cve","fastapi","llm-agent","multi-agent","penetration-testing","react","security-audit","security-tools","source-code-analysis","vulnerability-detection","vulnerability-research","2026-06-20 00:08:42","\u003Cdiv align=\"center\">\n\n# AutoCVE - 一键挖掘 CVE，筛项目、审源码、验漏洞、出报告，全流程自动化\n\n\u003Cimg src=\".\u002Fdocs\u002Fassets\u002Fimage\u002Flogo.png\" alt=\"AutoCVE Logo\" width=\"72%\">\n\n\n[![License: AGPL-3.0](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-AGPL--3.0-blue.svg)](https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fagpl-3.0)\n[![Python](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPython-3.11+-3776AB?logo=python\\&logoColor=white)](https:\u002F\u002Fwww.python.org\u002F)\n[![FastAPI](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FFastAPI-0.100+-009688?logo=fastapi\\&logoColor=white)](https:\u002F\u002Ffastapi.tiangolo.com\u002F)\n[![React](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FReact-18-61DAFB?logo=react\\&logoColor=white)](https:\u002F\u002Freact.dev\u002F)\n[![PostgreSQL](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPostgreSQL-15-4169E1?logo=postgresql\\&logoColor=white)](https:\u002F\u002Fwww.postgresql.org\u002F)\n\n\u003Cbr>\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\".\u002Fdocs\u002Fassets\u002FGIF\u002Fdemo.gif\" alt=\"AutoCVE Demo\" width=\"72%\">\n\u003C\u002Fp>\n\n[📚 项目文档](#-项目文档) ·\n[✨ 核心能力](#-核心能力) ·\n[🚀 快速开始](#-快速开始) ·\n[🏆 CVE 成果](#-cve-挖掘成果)\n\n\u003Cp>\n  \u003Cstrong>简体中文\u003C\u002Fstrong> | \u003Ca href=\".\u002FREADME_EN.md\">English\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003C\u002Fdiv>\n\n---\n\n## 📚 项目文档\n\n### 📖 [用户使用手册](.\u002Fdocs\u002FUSER_GUIDE.md)\n\n涵盖环境部署、模型配置、项目导入、Agent 审计、一键 CVE、漏洞管理和 Skills 管理完整使用说明，并提供各功能界面预览。\n\n### 🏗️ [架构设计文档](.\u002Fdocs\u002FARCHITECTURE_DESIGN.md)\n\n介绍 AutoCVE 的整体架构、Agent 工作流、工具编排、权限保护、Agent Runtime 以及 ReAct Loop 状态机设计。\n\n### 🔌 [接口文档](.\u002Fdocs\u002FAPI_DOCUMENTATION.md)\n\n提供后端 API、数据结构、请求参数及接口调试说明。\n\n---\n\n## ✨ 核心能力\n\n### 🚀 一键完成 CVE 挖掘\n\n实现从项目筛选、仓库导入、审计任务创建、Agent 漏洞挖掘到 CVE 申报报告生成的全流程自动化。用户仅需复制报告内容并提交，即可完成后续 CVE 申请。\n\n### 🤖 Multi-Agent 协同审计\n\n通过 Orchestrator 统一调度 Recon、Scan、Triage、Finding 和 Verification 等 Agent，协同完成信息收集、工具扫描、误报过滤、漏洞深挖与动态验证。\n\n```mermaid\nflowchart LR\n    O[\"Orchestrator\"] --> R[\"Recon\"]\n    R --> S[\"Scan\"]\n    S --> T[\"Triage\"]\n    R --> F[\"Finding\"]\n    T --> V[\"Verification\"]\n    F --> V\n    V --> M[\"Merge \u002F Finalize\"]\n```\n\n### 🧩 三种审计模式\n\n根据不同审计目标灵活选择增强扫描、智能审计或综合审计，兼顾扫描效率、挖掘深度与审计覆盖范围。\n\n|     审计模式    |         核心 Agent        | 适用场景                        |\n| :---------: | :---------------------: | :-------------------------- |\n|  ⚡ **增强扫描** |      Scan → Triage      | 快速分析工具扫描结果并过滤误报             |\n| 🧠 **智能审计** |         Finding         | 深度挖掘高价值漏洞，适用于 CVE 和 0Day 研究 |\n| 🔍 **综合审计** | Scan → Triage + Finding | 融合工具扫描与源码分析，开展全量审计          |\n\n### 🎯 面向 CVE 挖掘的专用 Agent\n\nFinding Agent 是 AutoCVE 的核心审计能力，专为 CVE 挖掘场景设计。它可直接分析项目源码，并结合 ReAct Loop、专项工具调用、Nudge 纠偏及 `FinalizeFinding` 结构化终止机制，最终产出符合 CVE 申报条件的高价值漏洞。\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>💬 交互式审计与全过程追踪\u003C\u002Fstrong>\u003C\u002Fsummary>\n\n\u003Cbr>\n\n* **支持用户交互**：将完整审计过程作为会话上下文，用户可围绕审计结果继续追问，让 Agent 补充证据、解释攻击链、完善复现步骤或扩展漏洞分析。\n* **可视化审计追踪**：集中展示活动日志、Agent Tree、工具调用、阶段进度、初步报告和审计会话，方便复盘每次审计的执行路径与关键过程。\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>🗂️ 智能漏洞管理与 Skills 扩展\u003C\u002Fstrong>\u003C\u002Fsummary>\n\n\u003Cbr>\n\n* **智能化漏洞管理**：审计发现的漏洞由 Agent 调用工具自动提交，经过去重后以结构化形式入库，并在漏洞管理模块中统一维护。\n* **专属 Skills 配置**：支持根据实际需求为不同 Agent 配置专属 Skills，灵活扩展各 Agent 的能力边界。\n\n\u003C\u002Fdetails>\n\n---\n\n## 🚀 快速开始\n\n### ⚡ 一行命令部署\n\n无需克隆仓库，一行命令即可启动：\n\nLinux \u002F macOS \u002F Git Bash :\n\n```bash\ncurl -fsSL https:\u002F\u002Fraw.githubusercontent.com\u002Flarlarua\u002FAutoCVE\u002Fv1.0.0\u002Fdocker-compose.prod.yml \\\n  | docker compose -f - up -d\n```\nWindows PowerShell \u002F CMD :\n```bash\ncurl.exe -fsSL https:\u002F\u002Fraw.githubusercontent.com\u002Flarlarua\u002FAutoCVE\u002Fv1.0.0\u002Fdocker-compose.prod.yml | docker compose -f - up -d\n```\n\n### 🛠️ 源码部署\n\n适用于本地开发、功能调试或二次开发：\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Flarlarua\u002FAutoCVE.git\ncd AutoCVE\ndocker compose up -d --build\n```\n\n### 🌐 服务访问\n\n服务启动完成后，可通过以下地址访问：\n\n| 服务          | 访问地址                       | 用途           |\n| :---------- | :------------------------- | :----------- |\n| 🖥️ 前端      | http:\u002F\u002Flocalhost:3000      | AutoCVE 用户界面 |\n| ⚙️ 后端 API   | http:\u002F\u002Flocalhost:8000      | 后端接口服务       |\n| 📘 Swagger  | http:\u002F\u002Flocalhost:8000\u002Fdocs | API 文档与接口调试  |\n| 🗄️ Adminer | http:\u002F\u002Flocalhost:8080      | 数据库管理        |\n\n> [!TIP]\n> **快速体验完整审计流程**\n>\n> 配置模型 → 导入项目 → 创建审计任务 → 跟踪实时审计 → 管理漏洞 → 编辑或导出报告\n\n---\n\n## 🏆 CVE 挖掘成果\n\n\u003Cp align=\"left\">\n  \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FCVE-30-success?style=for-the-badge\" alt=\"30 CVEs\">\n  \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FProjects-14-blue?style=for-the-badge\" alt=\"14 Projects\">\n  \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FMax%20CVSS-9.9-critical?style=for-the-badge\" alt=\"Max CVSS 9.9\">\n  \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FTest%20Period-7%20Days-orange?style=for-the-badge\" alt=\"7 Days\">\n\u003C\u002Fp>\n\n> [!NOTE]\n> AutoCVE 在为期一周的测试中，共发现并提交了 **30 个安全漏洞**，覆盖 **14 个开源项目**。\n>\n> 点击表格中的 CVE 编号可查看官方记录，完整漏洞报告收录于\n> **[larlarua\u002Fvulnerability-reports](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002F)**。\n\n\u003Cdetails open>\n\u003Csummary>\u003Cstrong>🔍 查看 CVE 成果明细（30）\u003C\u002Fstrong>\u003C\u002Fsummary>\n\n\u003Cbr>\n\n| CVE 编号 | 项目 | 项目热度 | 漏洞类型 | CVSS | 漏洞内容 |\n|:---:|:---:|:---:|:---:|:----:|:----:|\n| [CVE-2026-40904](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-40904) |  Chartbrew  |   ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fchartbrew\u002Fchartbrew?style=social)   | Improper Access Control | **8.1** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-40904\u002Fdetail_en.md) |\n| [CVE-2026-40603](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-40603) |  Chartbrew  |   ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fchartbrew\u002Fchartbrew?style=social)   | Improper Access Control | **6.5** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-40603\u002Fdetail_en.md) |\n| [CVE-2026-40601](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-40601) |  Chartbrew  |   ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fchartbrew\u002Fchartbrew?style=social)   | Missing Authorization   | **7.5** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-40601\u002Fdetail_en.md) |\n| [CVE-2026-40600](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-40600) |  Chartbrew  |   ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fchartbrew\u002Fchartbrew?style=social)   | Improper Access Control | **8.1** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-40600\u002Fdetail_en.md) |\n| [CVE-2026-40595](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-40595) |  Chartbrew  |   ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fchartbrew\u002Fchartbrew?style=social)   | Improper Access Control | **7.5** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-40595\u002Fdetail_en.md) |\n| [CVE-2026-42181](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-42181) |    Lemmy    |      ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FLemmyNet\u002Flemmy?style=social)     | SSRF                    | **6.5** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-42181\u002Fdetail_en.md) |\n| [CVE-2026-42180](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-42180) |    Lemmy    |      ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FLemmyNet\u002Flemmy?style=social)     | SSRF                    | **6.3** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-42180\u002Fdetail_en.md) |\n|  [CVE-2026-7290](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-7290)  |  JeecgBoot  |   ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fjeecgboot\u002FJeecgBoot?style=social)   | SQL Injection           | **6.3** |  [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-7290\u002Fdetail_en.md) |\n|  [CVE-2026-7291](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-7291)  |     o2oa    |        ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fo2oa\u002Fo2oa?style=social)        | SSRF                    | **6.3** |  [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-7291\u002Fdetail_en.md) |\n|  [CVE-2026-7292](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-7292)  |     o2oa    |        ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fo2oa\u002Fo2oa?style=social)        | RCE                     | **5.6** |  [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-7292\u002Fdetail_en.md) |\n|  [CVE-2026-7303](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-7303)  |   xxl-job   |     ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fxuxueli\u002Fxxl-job?style=social)     | Improper Access Control | **3.7** |   [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-7303\u002Fdetail.md)   |\n|  [CVE-2026-7305](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-7305)  |   xxl-job   |     ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fxuxueli\u002Fxxl-job?style=social)     | SSRF                    | **6.3** |   [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-7305\u002Fdetail.md)   |\n|  [CVE-2026-7306](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-7306)  |   xxl-job   |     ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fxuxueli\u002Fxxl-job?style=social)     | Hard-coded Key          | **5.6** |   [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-7306\u002Fdetail.md)   |\n| [CVE-2026-40610](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-40610) |   BentoML   |     ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fbentoml\u002FBentoML?style=social)     | Link Following          | **5.5** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-40610\u002Fdetail_en.md) |\n| [CVE-2026-48763](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-48763) |  typebot.io | ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FbaptisteArno\u002Ftypebot.io?style=social) | Missing Authorization   | **8.2** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-48763\u002Fdetail_en.md) |\n| [CVE-2026-48764](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-48764) |  typebot.io | ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FbaptisteArno\u002Ftypebot.io?style=social) | SSRF                    | **8.2** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-48764\u002Fdetail_en.md) |\n| [CVE-2026-48765](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-48765) |  typebot.io | ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FbaptisteArno\u002Ftypebot.io?style=social) | Authorization Bypass    | **9.9** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-48765\u002Fdetail_en.md) |\n| [CVE-2026-48766](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-48766) |  typebot.io | ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FbaptisteArno\u002Ftypebot.io?style=social) | Sensitive Data Exposure | **7.6** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-48766\u002Fdetail_en.md) |\n| [CVE-2026-48767](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-48767) |  typebot.io | ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FbaptisteArno\u002Ftypebot.io?style=social) | Sensitive Data Exposure | **7.6** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-48767\u002Fdetail_en.md) |\n| [CVE-2026-45296](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-45296) |  OpenReplay |  ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fopenreplay\u002Fopenreplay?style=social)  | Improper Access Control | **7.7** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-45296\u002Fdetail_en.md) |\n| [CVE-2026-46372](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-46372) | SillyTavern | ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FSillyTavern\u002FSillyTavern?style=social) | SSRF                    | **8.5** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-46372\u002Fdetail_en.md) |\n| [CVE-2026-45260](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-45260) |   pimcore   |     ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fpimcore\u002Fpimcore?style=social)     | Missing Authorization   | **8.1** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-45260\u002Fdetail_en.md) |\n| [CVE-2026-41235](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-41235) |   froxlor   |     ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Ffroxlor\u002Ffroxlor?style=social)     | Incorrect Authorization | **8.8** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-41235\u002Fdetail_en.md) |\n| [CVE-2026-41236](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-41236) |   froxlor   |     ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Ffroxlor\u002Ffroxlor?style=social)     | Link Following          | **8.8** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-41236\u002Fdetail_en.md) |\n| [CVE-2026-43984](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-43984) |   Tautulli  |    ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FTautulli\u002FTautulli?style=social)    | Stored XSS              | **8.9** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-43984\u002Fdetail_en.md) |\n| [CVE-2026-43985](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-43985) |   Tautulli  |    ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FTautulli\u002FTautulli?style=social)    | CSRF                    | **8.8** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-43985\u002Fdetail_en.md) |\n| [CVE-2026-43986](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-43986) |   Tautulli  |    ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FTautulli\u002FTautulli?style=social)    | SSRF                    | **9.9** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-43986\u002Fdetail_en.md) |\n| [CVE-2026-54091](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-54091) | filebrowser | ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Ffilebrowser\u002Ffilebrowser?style=social) | Incorrect Authorization | **7.5** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-54091\u002Fdetail_en.md) |\n| [CVE-2026-50279](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-50279) |   craftcms  |       ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fcraftcms\u002Fcms?style=social)      | Improper Authorization  | **6.5** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-50279\u002Fdetail_en.md) |\n| [CVE-2026-50280](https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-50280) |   craftcms  |       ![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fcraftcms\u002Fcms?style=social)      | Improper Access Control | **6.5** | [查看详情](https:\u002F\u002Fgithub.com\u002Flarlarua\u002Fvulnerability-reports\u002Fblob\u002Fmain\u002FCVE-2026-50280\u002Fdetail_en.md) |\n\n\u003C\u002Fdetails>\n\n---\n\n\n## ⚠️ 安全与合规\n\n> [!WARNING]\n>\n> 本项目仅限用于已获授权的安全研究、代码审计及学习交流，严禁将其用于任何未经授权的漏洞扫描、渗透测试或安全评估。\n>\n> 请确保仅在获得明确授权的目标与环境中执行扫描、漏洞验证或 PoC 测试。\n\n> [!IMPORTANT]\n>\n> 提交漏洞时，请遵循目标项目的安全政策及漏洞披露规范，包括但不限于：\n>\n> * `SECURITY.md`\n> * GitHub Private Vulnerability Reporting\n> * CNA 提交流程\n> * 其他负责任的漏洞披露机制\n\n---\n\n## 💬 交流与反馈\n\n> [!TIP]\n>\n>AutoCVE 的设计初衷，是探索 Agent 在自动化 CVE 挖掘场景中的应用与实践。目前，项目仍在持续迭代和完善，架构设计和功能实现都有不少需要打磨的地方。欢迎大家提交 Issue、PR，分享使用反馈或功能建议，共同提升 AutoCVE 的可靠性与实用性。\n>\n>也欢迎随时来找我交流探讨！无论是技术问题、功能建议，还是 CVE 挖掘过程中遇到的疑问，都可以通过以下方式联系我：\n>\n> * 📧 **Email：** [359111529@qq.com](mailto:359111529@qq.com)\n> * 🐙 **GitHub：** [@larlarua](https:\u002F\u002Fgithub.com\u002Flarlarua)\n\n---\n\n## License\n\n本项目基于 [AGPL-3.0](.\u002FLICENSE) 发布。\n",2,"2026-06-19 02:30:36","CREATED_QUERY"]