红队攻防
近两年免杀技术年鉴
Python免杀技术实录
AD域攻防系列微课程
免杀技术入门基础知识
深入理解CodeQL代审
开源安全项目二开计划
搞懂攻防内存马研究
深入理解SAST代审测试
C2的发展和技术分析
Fastjson姿势技巧集合
武装你的BurpSuite插件篇
CS4.5二开过HR及内扫
C#安全内网渗透工具集
红队文档书籍PDF资源
邮件钓鱼免杀完全指南
AD内网域技战法总结
渗透测试红队之信息收集
免杀致盲底层驱动BYOVD
SpringBoot常见安全风险
WIN系统红队Rootkit项目2
WIN系统红队Rootkit项目
Ghost Bits项目绕防护神器
自研新型C2(LeekShell)
国外红队通用笔记对抗录
红队钓鱼风险演练平台
Payload渗透测试平台
一键挖掘CVE自动化
小迪安全知识库
-
+
首页
一键挖掘CVE自动化
一键挖掘CVE自动化
# AutoCVE - 一键挖掘 CVE,筛项目、审源码、验漏洞、出报告,全流程自动化 项目地址:https://github.com/larlarua/AutoCVE [](https://github.com/larlarua/AutoCVE/blob/main/docs/assets/GIF/demo.gif) ## 项目文档 [](https://github.com/larlarua/AutoCVE#-%E9%A1%B9%E7%9B%AE%E6%96%87%E6%A1%A3) ### 📖 [用户使用手册](https://github.com/larlarua/AutoCVE/blob/main/docs/USER_GUIDE.md) [](https://github.com/larlarua/AutoCVE#-%E7%94%A8%E6%88%B7%E4%BD%BF%E7%94%A8%E6%89%8B%E5%86%8C) 涵盖环境部署、模型配置、项目导入、Agent 审计、一键 CVE、漏洞管理和 Skills 管理完整使用说明,并提供各功能界面预览。 ### 🏗️ [架构设计文档](https://github.com/larlarua/AutoCVE/blob/main/docs/ARCHITECTURE_DESIGN.md) [](https://github.com/larlarua/AutoCVE#%EF%B8%8F-%E6%9E%B6%E6%9E%84%E8%AE%BE%E8%AE%A1%E6%96%87%E6%A1%A3) 介绍 AutoCVE 的整体架构、Agent 工作流、工具编排、权限保护、Agent Runtime 以及 ReAct Loop 状态机设计。 ### 🔌 [接口文档](https://github.com/larlarua/AutoCVE/blob/main/docs/API_DOCUMENTATION.md) [](https://github.com/larlarua/AutoCVE#-%E6%8E%A5%E5%8F%A3%E6%96%87%E6%A1%A3) 提供后端 API、数据结构、请求参数及接口调试说明。 ## 核心能力 [](https://github.com/larlarua/AutoCVE#-%E6%A0%B8%E5%BF%83%E8%83%BD%E5%8A%9B) ### 🚀 一键完成 CVE 挖掘 [](https://github.com/larlarua/AutoCVE#-%E4%B8%80%E9%94%AE%E5%AE%8C%E6%88%90-cve-%E6%8C%96%E6%8E%98) 实现从项目筛选、仓库导入、审计任务创建、Agent 漏洞挖掘到 CVE 申报报告生成的全流程自动化。用户仅需复制报告内容并提交,即可完成后续 CVE 申请。 ### 🤖 Multi-Agent 协同审计 [](https://github.com/larlarua/AutoCVE#-multi-agent-%E5%8D%8F%E5%90%8C%E5%AE%A1%E8%AE%A1) 通过 Orchestrator 统一调度 Recon、Scan、Triage、Finding 和 Verification 等 Agent,协同完成信息收集、工具扫描、误报过滤、漏洞深挖与动态验证。 ### 🧩 三种审计模式 [](https://github.com/larlarua/AutoCVE#-%E4%B8%89%E7%A7%8D%E5%AE%A1%E8%AE%A1%E6%A8%A1%E5%BC%8F) 根据不同审计目标灵活选择增强扫描、智能审计或综合审计,兼顾扫描 - [ ] | 审计模式 | 核心 Agent | 适用场景 | |---------|-------------------------|-----------------------------| | ⚡ 增强扫描 | Scan → Triage | 快速分析工具扫描结果并过滤误报 | | 🧠 智能审计 | Finding | 深度挖掘高价值漏洞,适用于 CVE 和 0Day 研究 | | 🔍 综合审计 | Scan → Triage + Finding | 融合工具扫描与源码分析,开展全量审计 | ### 面向 CVE 挖掘的专用 Agent [](https://github.com/larlarua/AutoCVE#-%E9%9D%A2%E5%90%91-cve-%E6%8C%96%E6%8E%98%E7%9A%84%E4%B8%93%E7%94%A8-agent) Finding Agent 是 AutoCVE 的核心审计能力,专为 CVE 挖掘场景设计。它可直接分析项目源码,并结合 ReAct Loop、专项工具调用、Nudge 纠偏及 `FinalizeFinding` 结构化终止机制,最终产出符合 CVE 申报条件的高价值漏洞。 **💬 交互式审计与全过程追踪** **🗂️ 智能漏洞管理与 Skills 扩展** * * * ## 🚀 快速开始 [](https://github.com/larlarua/AutoCVE#-%E5%BF%AB%E9%80%9F%E5%BC%80%E5%A7%8B) ### ⚡ 一行命令部署 [](https://github.com/larlarua/AutoCVE#-%E4%B8%80%E8%A1%8C%E5%91%BD%E4%BB%A4%E9%83%A8%E7%BD%B2) 无需克隆仓库,一行命令即可启动: Linux / macOS / Git Bash : curl -fsSL https://raw.githubusercontent.com/larlarua/AutoCVE/v1.0.4/docker-compose.prod.yml \\ | docker compose -f - up -d Windows PowerShell / CMD : curl.exe -fsSL https://raw.githubusercontent.com/larlarua/AutoCVE/v1.0.4/docker-compose.prod.yml | docker compose -f - up -d ### 🛠️ 源码部署 [](https://github.com/larlarua/AutoCVE#%EF%B8%8F-%E6%BA%90%E7%A0%81%E9%83%A8%E7%BD%B2) 适用于本地开发、功能调试或二次开发: git clone https://github.com/larlarua/AutoCVE.git cd AutoCVE docker compose up -d --build ### 🌐 服务访问 [](https://github.com/larlarua/AutoCVE#-%E6%9C%8D%E5%8A%A1%E8%AE%BF%E9%97%AE) 服务启动完成后,可通过以下地址访问: 服务 访问地址 用途 🖥️ 前端 [http://localhost:3000](http://localhost:3000/) AutoCVE 用户界面 ⚙️ 后端 API [http://localhost:8000](http://localhost:8000/) 后端接口服务 📘 Swagger [http://localhost:8000/docs](http://localhost:8000/docs) API 文档与接口调试 🗄️ Adminer [http://localhost:8080](http://localhost:8080/) 数据库管理 Tip **快速体验完整审计流程** 配置模型 → 导入项目 → 创建审计任务 → 跟踪实时审计 → 管理漏洞 → 编辑或导出报告 * * * ## 🏆 CVE 挖掘成果 [](https://github.com/larlarua/AutoCVE#-cve-%E6%8C%96%E6%8E%98%E6%88%90%E6%9E%9C) [](https://camo.githubusercontent.com/33649e3bc205d761e5a7a81ea4d42a5e76fe21d355a6c259d0763dbc109569ea/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4356452d33302d737563636573733f7374796c653d666f722d7468652d6261646765) [](https://camo.githubusercontent.com/0d1584da1d828f80fbf350dd88e22fdd81eea8dcbd49568f60f337499ee6c224/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f50726f6a656374732d31342d626c75653f7374796c653d666f722d7468652d6261646765) [](https://camo.githubusercontent.com/8769bd4db4d111bf04d718dbb14594d135869fcfff557415bbab1a7c4bf82cf2/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4d6178253230435653532d392e392d637269746963616c3f7374796c653d666f722d7468652d6261646765) [](https://camo.githubusercontent.com/ab5bb6cdcecfec3f6daf534a750fcd27da0538744c1891ace69eeacb1df7747e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f54657374253230506572696f642d37253230446179732d6f72616e67653f7374796c653d666f722d7468652d6261646765) Note AutoCVE 在为期一周的测试中,共发现并提交了 **30 个安全漏洞**,覆盖 **14 个开源项目**。 点击表格中的 CVE 编号可查看官方记录,完整漏洞报告收录于 **[larlarua/vulnerability-reports](https://github.com/larlarua/vulnerability-reports/)**。 **🔍 查看 CVE 成果明细(30)** CVE 编号 项目 项目热度 漏洞类型 CVSS 漏洞内容 [CVE-2026-40904](https://www.cve.org/CVERecord?id=CVE-2026-40904) Chartbrew [](https://camo.githubusercontent.com/9fb653ef3558beea90b4f8e6202a932a6e3a57faa534293e23c2f2cd6bc30866/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6368617274627265772f6368617274627265773f7374796c653d736f6369616c) Improper Access Control **8.1** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-40904/detail_en.md) [CVE-2026-40603](https://www.cve.org/CVERecord?id=CVE-2026-40603) Chartbrew [](https://camo.githubusercontent.com/9fb653ef3558beea90b4f8e6202a932a6e3a57faa534293e23c2f2cd6bc30866/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6368617274627265772f6368617274627265773f7374796c653d736f6369616c) Improper Access Control **6.5** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-40603/detail_en.md) [CVE-2026-40601](https://www.cve.org/CVERecord?id=CVE-2026-40601) Chartbrew [](https://camo.githubusercontent.com/9fb653ef3558beea90b4f8e6202a932a6e3a57faa534293e23c2f2cd6bc30866/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6368617274627265772f6368617274627265773f7374796c653d736f6369616c) Missing Authorization **7.5** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-40601/detail_en.md) [CVE-2026-40600](https://www.cve.org/CVERecord?id=CVE-2026-40600) Chartbrew [](https://camo.githubusercontent.com/9fb653ef3558beea90b4f8e6202a932a6e3a57faa534293e23c2f2cd6bc30866/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6368617274627265772f6368617274627265773f7374796c653d736f6369616c) Improper Access Control **8.1** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-40600/detail_en.md) [CVE-2026-40595](https://www.cve.org/CVERecord?id=CVE-2026-40595) Chartbrew [](https://camo.githubusercontent.com/9fb653ef3558beea90b4f8e6202a932a6e3a57faa534293e23c2f2cd6bc30866/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6368617274627265772f6368617274627265773f7374796c653d736f6369616c) Improper Access Control **7.5** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-40595/detail_en.md) [CVE-2026-42181](https://www.cve.org/CVERecord?id=CVE-2026-42181) Lemmy [](https://camo.githubusercontent.com/e5089773e583e74a7fe34a90b8ebd02a2125930c36ff635a7af171eb53a4a4cf/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4c656d6d794e65742f6c656d6d793f7374796c653d736f6369616c) SSRF **6.5** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-42181/detail_en.md) [CVE-2026-42180](https://www.cve.org/CVERecord?id=CVE-2026-42180) Lemmy [](https://camo.githubusercontent.com/e5089773e583e74a7fe34a90b8ebd02a2125930c36ff635a7af171eb53a4a4cf/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4c656d6d794e65742f6c656d6d793f7374796c653d736f6369616c) SSRF **6.3** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-42180/detail_en.md) [CVE-2026-7290](https://www.cve.org/CVERecord?id=CVE-2026-7290) JeecgBoot [](https://camo.githubusercontent.com/337c37f10c2f57137b112d400c09e0218423d8131abf0af526b014f9ae742332/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a65656367626f6f742f4a65656367426f6f743f7374796c653d736f6369616c) SQL Injection **6.3** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-7290/detail_en.md) [CVE-2026-7291](https://www.cve.org/CVERecord?id=CVE-2026-7291) o2oa [](https://camo.githubusercontent.com/cc42c3d595f04e93f3cf2ab6cb1eb8115e6a7dfcee9212cc572d6cad1b4a08ff/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6f326f612f6f326f613f7374796c653d736f6369616c) SSRF **6.3** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-7291/detail_en.md) [CVE-2026-7292](https://www.cve.org/CVERecord?id=CVE-2026-7292) o2oa [](https://camo.githubusercontent.com/cc42c3d595f04e93f3cf2ab6cb1eb8115e6a7dfcee9212cc572d6cad1b4a08ff/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6f326f612f6f326f613f7374796c653d736f6369616c) RCE **5.6** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-7292/detail_en.md) [CVE-2026-7303](https://www.cve.org/CVERecord?id=CVE-2026-7303) xxl-job [](https://camo.githubusercontent.com/e78adb634c96647839cb2034cefc850845bb6c2a11bca1d31abd9d010b91a745/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f78757875656c692f78786c2d6a6f623f7374796c653d736f6369616c) Improper Access Control **3.7** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-7303/detail.md) [CVE-2026-7305](https://www.cve.org/CVERecord?id=CVE-2026-7305) xxl-job [](https://camo.githubusercontent.com/e78adb634c96647839cb2034cefc850845bb6c2a11bca1d31abd9d010b91a745/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f78757875656c692f78786c2d6a6f623f7374796c653d736f6369616c) SSRF **6.3** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-7305/detail.md) [CVE-2026-7306](https://www.cve.org/CVERecord?id=CVE-2026-7306) xxl-job [](https://camo.githubusercontent.com/e78adb634c96647839cb2034cefc850845bb6c2a11bca1d31abd9d010b91a745/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f78757875656c692f78786c2d6a6f623f7374796c653d736f6369616c) Hard-coded Key **5.6** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-7306/detail.md) [CVE-2026-40610](https://www.cve.org/CVERecord?id=CVE-2026-40610) BentoML [](https://camo.githubusercontent.com/a2820e0eab687bfe1ab2c0382a1ff283649ba3a14aba02b118a137a77d3ad7c8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f62656e746f6d6c2f42656e746f4d4c3f7374796c653d736f6369616c) Link Following **5.5** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-40610/detail_en.md) [CVE-2026-48763](https://www.cve.org/CVERecord?id=CVE-2026-48763) typebot.io [](https://camo.githubusercontent.com/90300c123be90038f1f53de103f78d80ca336673011020abc6725d3ee137ea05/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f626170746973746541726e6f2f74797065626f742e696f3f7374796c653d736f6369616c) Missing Authorization **8.2** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-48763/detail_en.md) [CVE-2026-48764](https://www.cve.org/CVERecord?id=CVE-2026-48764) typebot.io [](https://camo.githubusercontent.com/90300c123be90038f1f53de103f78d80ca336673011020abc6725d3ee137ea05/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f626170746973746541726e6f2f74797065626f742e696f3f7374796c653d736f6369616c) SSRF **8.2** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-48764/detail_en.md) [CVE-2026-48765](https://www.cve.org/CVERecord?id=CVE-2026-48765) typebot.io [](https://camo.githubusercontent.com/90300c123be90038f1f53de103f78d80ca336673011020abc6725d3ee137ea05/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f626170746973746541726e6f2f74797065626f742e696f3f7374796c653d736f6369616c) Authorization Bypass **9.9** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-48765/detail_en.md) [CVE-2026-48766](https://www.cve.org/CVERecord?id=CVE-2026-48766) typebot.io [](https://camo.githubusercontent.com/90300c123be90038f1f53de103f78d80ca336673011020abc6725d3ee137ea05/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f626170746973746541726e6f2f74797065626f742e696f3f7374796c653d736f6369616c) Sensitive Data Exposure **7.6** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-48766/detail_en.md) [CVE-2026-48767](https://www.cve.org/CVERecord?id=CVE-2026-48767) typebot.io [](https://camo.githubusercontent.com/90300c123be90038f1f53de103f78d80ca336673011020abc6725d3ee137ea05/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f626170746973746541726e6f2f74797065626f742e696f3f7374796c653d736f6369616c) Sensitive Data Exposure **7.6** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-48767/detail_en.md) [CVE-2026-45296](https://www.cve.org/CVERecord?id=CVE-2026-45296) OpenReplay [](https://camo.githubusercontent.com/8963fd84246fd794074d4ad1c1032674ae42049e2c03a71437cb37d8675df9f8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6f70656e7265706c61792f6f70656e7265706c61793f7374796c653d736f6369616c) Improper Access Control **7.7** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-45296/detail_en.md) [CVE-2026-46372](https://www.cve.org/CVERecord?id=CVE-2026-46372) SillyTavern [](https://camo.githubusercontent.com/7a6756e4e3b6f5052f3b61d89f13bd1cbcbe044c1895aeb918e5a18a2349e64d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53696c6c7954617665726e2f53696c6c7954617665726e3f7374796c653d736f6369616c) SSRF **8.5** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-46372/detail_en.md) [CVE-2026-45260](https://www.cve.org/CVERecord?id=CVE-2026-45260) pimcore [](https://camo.githubusercontent.com/22c6a29b476ce9f19acb1c049130a661f889ff8170d4cca3706cc170cc086027/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70696d636f72652f70696d636f72653f7374796c653d736f6369616c) Missing Authorization **8.1** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-45260/detail_en.md) [CVE-2026-41235](https://www.cve.org/CVERecord?id=CVE-2026-41235) froxlor [](https://camo.githubusercontent.com/d01528d6ebc65742607609b15d8501734d249d05fc0ae83460f55bc67a3e99fd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f66726f786c6f722f66726f786c6f723f7374796c653d736f6369616c) Incorrect Authorization **8.8** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-41235/detail_en.md) [CVE-2026-41236](https://www.cve.org/CVERecord?id=CVE-2026-41236) froxlor [](https://camo.githubusercontent.com/d01528d6ebc65742607609b15d8501734d249d05fc0ae83460f55bc67a3e99fd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f66726f786c6f722f66726f786c6f723f7374796c653d736f6369616c) Link Following **8.8** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-41236/detail_en.md) [CVE-2026-43984](https://www.cve.org/CVERecord?id=CVE-2026-43984) Tautulli [](https://camo.githubusercontent.com/54a23ece15ad3dc5e129de5f8a3843b6411a5d53459e9303c3a18d5186ea77e2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f54617574756c6c692f54617574756c6c693f7374796c653d736f6369616c) Stored XSS **8.9** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-43984/detail_en.md) [CVE-2026-43985](https://www.cve.org/CVERecord?id=CVE-2026-43985) Tautulli [](https://camo.githubusercontent.com/54a23ece15ad3dc5e129de5f8a3843b6411a5d53459e9303c3a18d5186ea77e2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f54617574756c6c692f54617574756c6c693f7374796c653d736f6369616c) CSRF **8.8** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-43985/detail_en.md) [CVE-2026-43986](https://www.cve.org/CVERecord?id=CVE-2026-43986) Tautulli [](https://camo.githubusercontent.com/54a23ece15ad3dc5e129de5f8a3843b6411a5d53459e9303c3a18d5186ea77e2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f54617574756c6c692f54617574756c6c693f7374796c653d736f6369616c) SSRF **9.9** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-43986/detail_en.md) [CVE-2026-54091](https://www.cve.org/CVERecord?id=CVE-2026-54091) filebrowser [](https://camo.githubusercontent.com/563bd986e1f4045a17d02a8525ed4c21f2f83ab2df6d427b3d5bd7345439d44e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f66696c6562726f777365722f66696c6562726f777365723f7374796c653d736f6369616c) Incorrect Authorization **7.5** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-54091/detail_en.md) [CVE-2026-50279](https://www.cve.org/CVERecord?id=CVE-2026-50279) craftcms [](https://camo.githubusercontent.com/d8a7a17100c8239603e61c95e75383f6c77268a71ea851734a658a5b8d404d32/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6372616674636d732f636d733f7374796c653d736f6369616c) Improper Authorization **6.5** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-50279/detail_en.md) [CVE-2026-50280](https://www.cve.org/CVERecord?id=CVE-2026-50280) craftcms [](https://camo.githubusercontent.com/d8a7a17100c8239603e61c95e75383f6c77268a71ea851734a658a5b8d404d32/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6372616674636d732f636d733f7374796c653d736f6369616c) Improper Access Control **6.5** [查看详情](https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2026-50280/detail_en.md) * * * ## ⚠️ 安全与合规 [](https://github.com/larlarua/AutoCVE#%EF%B8%8F-%E5%AE%89%E5%85%A8%E4%B8%8E%E5%90%88%E8%A7%84) Warning 本项目仅限用于已获授权的安全研究、代码审计及学习交流,严禁将其用于任何未经授权的漏洞扫描、渗透测试或安全评估。 请确保仅在获得明确授权的目标与环境中执行扫描、漏洞验证或 PoC 测试。 Important 提交漏洞时,请遵循目标项目的安全政策及漏洞披露规范,包括但不限于: * `SECURITY.md` * GitHub Private Vulnerability Reporting * CNA 提交流程 * 其他负责任的漏洞披露机制 * * * ## 💬 交流与反馈 [](https://github.com/larlarua/AutoCVE#-%E4%BA%A4%E6%B5%81%E4%B8%8E%E5%8F%8D%E9%A6%88) Tip AutoCVE 的设计初衷,是探索 Agent 在自动化 CVE 挖掘场景中的应用与实践。目前,项目仍在持续迭代和完善,架构设计和功能实现都有不少需要打磨的地方。欢迎大家提交 Issue、PR,分享使用反馈或功能建议,共同提升 AutoCVE 的可靠性与实用性。 也欢迎随时来找我交流探讨!无论是技术问题、功能建议,还是 CVE 挖掘过程中遇到的疑问,都可以通过以下方式联系我: * 📧 **Email:** [359111529@qq.com](mailto:359111529@qq.com) * 🐙 **GitHub:** [@larlarua](https://github.com/larlarua) * * * ## 🙏 致谢 [](https://github.com/larlarua/AutoCVE#-%E8%87%B4%E8%B0%A2) Note AutoCVE 项目在开发初期参考并学习了 [DeepAudit](https://github.com/lintsinghua/DeepAudit) 的工程架构,这为本项目的快速起步提供了重要帮助。 谨此向 DeepAudit 项目及其开发者致以诚挚的谢意。 **🧩 关于 AutoCVE 的工程设计** * * * ## License [](https://github.com/larlarua/AutoCVE#license) 本项目基于 [AGPL-3.0](https://github.com/larlarua/AutoCVE/blob/main/LICENSE) 发布。 ## About Agent-driven automated CVE discovery platform for source code auditing, vulnerability verification, and report generation. ### Topics [react](https://github.com/topics/react "Topic: react") [agent](https://github.com/topics/agent "Topic: agent") [security-audit](https://github.com/topics/security-audit "Topic: security-audit") [multi-agent](https://github.com/topics/multi-agent "Topic: multi-agent") [penetration-testing](https://github.com/topics/penetration-testing "Topic: penetration-testing") [cve](https://github.com/topics/cve "Topic: cve") [vulnerability-detection](https://github.com/topics/vulnerability-detection "Topic: vulnerability-detection") [security-tools](https://github.com/topics/security-tools "Topic: security-tools") [source-code-analysis](https://github.com/topics/source-code-analysis "Topic: source-code-analysis") [vulnerability-research](https://github.com/topics/vulnerability-research "Topic: vulnerability-research") [code-audit](https://github.com/topics/code-audit "Topic: code-audit") [ai-security](https://github.com/topics/ai-security "Topic: ai-security") [fastapi](https://github.com/topics/fastapi "Topic: fastapi") [llm-agent](https://github.com/topics/llm-agent "Topic: llm-agent") ### Resources [Readme](https://github.com/larlarua/AutoCVE#readme-ov-file) ### License [AGPL-3.0 license](https://github.com/larlarua/AutoCVE#AGPL-3.0-1-ov-file) ### Security policy [Security policy](https://github.com/larlarua/AutoCVE#security-ov-file) [Activity](https://github.com/larlarua/AutoCVE/activity) ### Stars **1.1k** stars ### Watchers **5** watching ### Forks [**71** forks](https://github.com/larlarua/AutoCVE/forks) [Report repository](https://github.com/contact/report-content?content_url=https%3A%2F%2Fgithub.com%2Flarlarua%2FAutoCVE&report=larlarua+%28user%29) ## [Releases 5](https://github.com/larlarua/AutoCVE/releases) [ Release v1.0.4Latest 4 days ago ](https://github.com/larlarua/AutoCVE/releases/tag/v1.0.4) [\+ 4 releases](https://github.com/larlarua/AutoCVE/releases) ## [Packages3](https://github.com/users/larlarua/packages?repo_name=AutoCVE) * [autocve-backend](https://github.com/users/larlarua/packages/container/package/autocve-backend) * [autocve-sandbox](https://github.com/users/larlarua/packages/container/package/autocve-sandbox) * [autocve-frontend](https://github.com/users/larlarua/packages/container/package/autocve-frontend) ## [Contributors1](https://github.com/larlarua/AutoCVE/graphs/contributors) * [](https://github.com/larlarua)[**larlarua** cil](https://github.com/larlarua) ## Languages * [Python70.5%](https://github.com/larlarua/AutoCVE/search?l=python) * [TypeScript27.0%](https://github.com/larlarua/AutoCVE/search?l=typescript) * [Shell0.8%](https://github.com/larlarua/AutoCVE/search?l=shell) * [PowerShell0.5%](https://github.com/larlarua/AutoCVE/search?l=powershell) * [CSS0.4%](https://github.com/larlarua/AutoCVE/search?l=css) * [JavaScript0.2%](https://github.com/larlarua/AutoCVE/search?l=javascript) * Other0.6% ## Footer [](https://github.com/)© 2026 GitHub, Inc. ### Footer navigation * [Terms](https://docs.github.com/site-policy/github-terms/github-terms-of-service) * [Privacy](https://docs.github.com/site-policy/privacy-policies/github-privacy-statement) * [Security](https://github.com/security) * [Status](https://www.githubstatus.com/) * [Community](https://github.community/) * [Docs](https://docs.github.com/) * [Contact](https://support.github.com/?tags=dotcom-footer) * Manage cookies * Do not share my personal information
xiaodi
2026年7月9日 01:26
37
0 条评论
转发
收藏文档
上一篇
下一篇
手机扫码
复制链接
手机扫一扫转发分享
复制链接
分享
链接
类型
密码
更新密码
有效期
Markdown文件
Word文件
PDF文档
PDF文档(打印)