@blamejs/exceptd-skills 0.12.30 → 0.12.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +61 -0
- package/bin/exceptd.js +105 -14
- package/data/_indexes/_meta.json +7 -7
- package/data/_indexes/activity-feed.json +3 -3
- package/data/_indexes/catalog-summaries.json +3 -3
- package/data/_indexes/chains.json +926 -7
- package/data/_indexes/frequency.json +9 -0
- package/data/cve-catalog.json +680 -2
- package/data/cwe-catalog.json +31 -22
- package/data/framework-control-gaps.json +331 -6
- package/data/zeroday-lessons.json +580 -0
- package/lib/playbook-runner.js +1 -1
- package/manifest-snapshot.json +1 -1
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +44 -44
- package/package.json +1 -1
- package/sbom.cdx.json +19 -19
- package/scripts/refresh-reverse-refs.js +63 -6
|
@@ -2154,6 +2154,893 @@
|
|
|
2154
2154
|
"rfc_refs": []
|
|
2155
2155
|
}
|
|
2156
2156
|
},
|
|
2157
|
+
"CVE-2026-0300": {
|
|
2158
|
+
"name": "PAN-UID — Palo Alto Networks PAN-OS User-ID Authentication Portal RCE",
|
|
2159
|
+
"rwep": 73,
|
|
2160
|
+
"cvss": 9.3,
|
|
2161
|
+
"cisa_kev": true,
|
|
2162
|
+
"epss_score": null,
|
|
2163
|
+
"referencing_skills": [
|
|
2164
|
+
"kernel-lpe-triage",
|
|
2165
|
+
"coordinated-vuln-disclosure"
|
|
2166
|
+
],
|
|
2167
|
+
"chain": {
|
|
2168
|
+
"cwes": [
|
|
2169
|
+
{
|
|
2170
|
+
"id": "CWE-125",
|
|
2171
|
+
"name": "Out-of-bounds Read",
|
|
2172
|
+
"category": "Memory Safety"
|
|
2173
|
+
},
|
|
2174
|
+
{
|
|
2175
|
+
"id": "CWE-1357",
|
|
2176
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
2177
|
+
"category": "Supply Chain"
|
|
2178
|
+
},
|
|
2179
|
+
{
|
|
2180
|
+
"id": "CWE-362",
|
|
2181
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
2182
|
+
"category": "Concurrency"
|
|
2183
|
+
},
|
|
2184
|
+
{
|
|
2185
|
+
"id": "CWE-416",
|
|
2186
|
+
"name": "Use After Free",
|
|
2187
|
+
"category": "Memory Safety"
|
|
2188
|
+
},
|
|
2189
|
+
{
|
|
2190
|
+
"id": "CWE-672",
|
|
2191
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
2192
|
+
"category": "Memory Safety"
|
|
2193
|
+
},
|
|
2194
|
+
{
|
|
2195
|
+
"id": "CWE-787",
|
|
2196
|
+
"name": "Out-of-bounds Write",
|
|
2197
|
+
"category": "Memory Safety"
|
|
2198
|
+
}
|
|
2199
|
+
],
|
|
2200
|
+
"atlas": [],
|
|
2201
|
+
"d3fend": [
|
|
2202
|
+
{
|
|
2203
|
+
"id": "D3-ASLR",
|
|
2204
|
+
"name": "Address Space Layout Randomization",
|
|
2205
|
+
"tactic": "Harden"
|
|
2206
|
+
},
|
|
2207
|
+
{
|
|
2208
|
+
"id": "D3-EAL",
|
|
2209
|
+
"name": "Executable Allowlisting",
|
|
2210
|
+
"tactic": "Harden"
|
|
2211
|
+
},
|
|
2212
|
+
{
|
|
2213
|
+
"id": "D3-PHRA",
|
|
2214
|
+
"name": "Process Hardware Resource Access",
|
|
2215
|
+
"tactic": "Isolate"
|
|
2216
|
+
},
|
|
2217
|
+
{
|
|
2218
|
+
"id": "D3-PSEP",
|
|
2219
|
+
"name": "Process Segment Execution Prevention",
|
|
2220
|
+
"tactic": "Harden"
|
|
2221
|
+
}
|
|
2222
|
+
],
|
|
2223
|
+
"framework_gaps": [
|
|
2224
|
+
{
|
|
2225
|
+
"id": "CIS-Controls-v8-Control7",
|
|
2226
|
+
"framework": "CIS Controls v8",
|
|
2227
|
+
"control_name": "Continuous Vulnerability Management"
|
|
2228
|
+
},
|
|
2229
|
+
{
|
|
2230
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
2231
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2232
|
+
"control_name": "Management of technical vulnerabilities"
|
|
2233
|
+
},
|
|
2234
|
+
{
|
|
2235
|
+
"id": "NIS2-Art21-patch-management",
|
|
2236
|
+
"framework": "EU NIS2 Directive",
|
|
2237
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
2238
|
+
},
|
|
2239
|
+
{
|
|
2240
|
+
"id": "NIST-800-218-SSDF",
|
|
2241
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
2242
|
+
"control_name": "Secure Software Development Framework"
|
|
2243
|
+
},
|
|
2244
|
+
{
|
|
2245
|
+
"id": "NIST-800-53-SC-8",
|
|
2246
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2247
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
2248
|
+
},
|
|
2249
|
+
{
|
|
2250
|
+
"id": "NIST-800-53-SI-2",
|
|
2251
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2252
|
+
"control_name": "Flaw Remediation"
|
|
2253
|
+
},
|
|
2254
|
+
{
|
|
2255
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
2256
|
+
"framework": "PCI DSS 4.0",
|
|
2257
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
2258
|
+
},
|
|
2259
|
+
{
|
|
2260
|
+
"id": "SOC2-CC9-vendor-management",
|
|
2261
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
2262
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
2263
|
+
}
|
|
2264
|
+
],
|
|
2265
|
+
"attack_refs": [
|
|
2266
|
+
"T1068",
|
|
2267
|
+
"T1548.001"
|
|
2268
|
+
],
|
|
2269
|
+
"rfc_refs": [
|
|
2270
|
+
"RFC-4301",
|
|
2271
|
+
"RFC-4303",
|
|
2272
|
+
"RFC-7296"
|
|
2273
|
+
]
|
|
2274
|
+
}
|
|
2275
|
+
},
|
|
2276
|
+
"CVE-2026-39987": {
|
|
2277
|
+
"name": "Marimo Python Notebook Pre-Auth WebSocket Terminal RCE",
|
|
2278
|
+
"rwep": 62,
|
|
2279
|
+
"cvss": 9.3,
|
|
2280
|
+
"cisa_kev": true,
|
|
2281
|
+
"epss_score": null,
|
|
2282
|
+
"referencing_skills": [],
|
|
2283
|
+
"chain": {
|
|
2284
|
+
"cwes": [],
|
|
2285
|
+
"atlas": [],
|
|
2286
|
+
"d3fend": [],
|
|
2287
|
+
"framework_gaps": [],
|
|
2288
|
+
"attack_refs": [],
|
|
2289
|
+
"rfc_refs": []
|
|
2290
|
+
}
|
|
2291
|
+
},
|
|
2292
|
+
"CVE-2026-6973": {
|
|
2293
|
+
"name": "Ivanti EPMM Authenticated-Admin RCE",
|
|
2294
|
+
"rwep": 62,
|
|
2295
|
+
"cvss": 7.2,
|
|
2296
|
+
"cisa_kev": true,
|
|
2297
|
+
"epss_score": null,
|
|
2298
|
+
"referencing_skills": [
|
|
2299
|
+
"kernel-lpe-triage"
|
|
2300
|
+
],
|
|
2301
|
+
"chain": {
|
|
2302
|
+
"cwes": [
|
|
2303
|
+
{
|
|
2304
|
+
"id": "CWE-125",
|
|
2305
|
+
"name": "Out-of-bounds Read",
|
|
2306
|
+
"category": "Memory Safety"
|
|
2307
|
+
},
|
|
2308
|
+
{
|
|
2309
|
+
"id": "CWE-362",
|
|
2310
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
2311
|
+
"category": "Concurrency"
|
|
2312
|
+
},
|
|
2313
|
+
{
|
|
2314
|
+
"id": "CWE-416",
|
|
2315
|
+
"name": "Use After Free",
|
|
2316
|
+
"category": "Memory Safety"
|
|
2317
|
+
},
|
|
2318
|
+
{
|
|
2319
|
+
"id": "CWE-672",
|
|
2320
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
2321
|
+
"category": "Memory Safety"
|
|
2322
|
+
},
|
|
2323
|
+
{
|
|
2324
|
+
"id": "CWE-787",
|
|
2325
|
+
"name": "Out-of-bounds Write",
|
|
2326
|
+
"category": "Memory Safety"
|
|
2327
|
+
}
|
|
2328
|
+
],
|
|
2329
|
+
"atlas": [],
|
|
2330
|
+
"d3fend": [
|
|
2331
|
+
{
|
|
2332
|
+
"id": "D3-ASLR",
|
|
2333
|
+
"name": "Address Space Layout Randomization",
|
|
2334
|
+
"tactic": "Harden"
|
|
2335
|
+
},
|
|
2336
|
+
{
|
|
2337
|
+
"id": "D3-EAL",
|
|
2338
|
+
"name": "Executable Allowlisting",
|
|
2339
|
+
"tactic": "Harden"
|
|
2340
|
+
},
|
|
2341
|
+
{
|
|
2342
|
+
"id": "D3-PHRA",
|
|
2343
|
+
"name": "Process Hardware Resource Access",
|
|
2344
|
+
"tactic": "Isolate"
|
|
2345
|
+
},
|
|
2346
|
+
{
|
|
2347
|
+
"id": "D3-PSEP",
|
|
2348
|
+
"name": "Process Segment Execution Prevention",
|
|
2349
|
+
"tactic": "Harden"
|
|
2350
|
+
}
|
|
2351
|
+
],
|
|
2352
|
+
"framework_gaps": [
|
|
2353
|
+
{
|
|
2354
|
+
"id": "CIS-Controls-v8-Control7",
|
|
2355
|
+
"framework": "CIS Controls v8",
|
|
2356
|
+
"control_name": "Continuous Vulnerability Management"
|
|
2357
|
+
},
|
|
2358
|
+
{
|
|
2359
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
2360
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2361
|
+
"control_name": "Management of technical vulnerabilities"
|
|
2362
|
+
},
|
|
2363
|
+
{
|
|
2364
|
+
"id": "NIS2-Art21-patch-management",
|
|
2365
|
+
"framework": "EU NIS2 Directive",
|
|
2366
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
2367
|
+
},
|
|
2368
|
+
{
|
|
2369
|
+
"id": "NIST-800-53-SC-8",
|
|
2370
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2371
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
2372
|
+
},
|
|
2373
|
+
{
|
|
2374
|
+
"id": "NIST-800-53-SI-2",
|
|
2375
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2376
|
+
"control_name": "Flaw Remediation"
|
|
2377
|
+
},
|
|
2378
|
+
{
|
|
2379
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
2380
|
+
"framework": "PCI DSS 4.0",
|
|
2381
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
2382
|
+
}
|
|
2383
|
+
],
|
|
2384
|
+
"attack_refs": [
|
|
2385
|
+
"T1068",
|
|
2386
|
+
"T1548.001"
|
|
2387
|
+
],
|
|
2388
|
+
"rfc_refs": [
|
|
2389
|
+
"RFC-4301",
|
|
2390
|
+
"RFC-4303",
|
|
2391
|
+
"RFC-7296"
|
|
2392
|
+
]
|
|
2393
|
+
}
|
|
2394
|
+
},
|
|
2395
|
+
"CVE-2026-42897": {
|
|
2396
|
+
"name": "Microsoft Exchange OWA Stored XSS / Spoofing Zero-Day",
|
|
2397
|
+
"rwep": 93,
|
|
2398
|
+
"cvss": 8.1,
|
|
2399
|
+
"cisa_kev": true,
|
|
2400
|
+
"epss_score": null,
|
|
2401
|
+
"referencing_skills": [
|
|
2402
|
+
"kernel-lpe-triage"
|
|
2403
|
+
],
|
|
2404
|
+
"chain": {
|
|
2405
|
+
"cwes": [
|
|
2406
|
+
{
|
|
2407
|
+
"id": "CWE-125",
|
|
2408
|
+
"name": "Out-of-bounds Read",
|
|
2409
|
+
"category": "Memory Safety"
|
|
2410
|
+
},
|
|
2411
|
+
{
|
|
2412
|
+
"id": "CWE-362",
|
|
2413
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
2414
|
+
"category": "Concurrency"
|
|
2415
|
+
},
|
|
2416
|
+
{
|
|
2417
|
+
"id": "CWE-416",
|
|
2418
|
+
"name": "Use After Free",
|
|
2419
|
+
"category": "Memory Safety"
|
|
2420
|
+
},
|
|
2421
|
+
{
|
|
2422
|
+
"id": "CWE-672",
|
|
2423
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
2424
|
+
"category": "Memory Safety"
|
|
2425
|
+
},
|
|
2426
|
+
{
|
|
2427
|
+
"id": "CWE-787",
|
|
2428
|
+
"name": "Out-of-bounds Write",
|
|
2429
|
+
"category": "Memory Safety"
|
|
2430
|
+
}
|
|
2431
|
+
],
|
|
2432
|
+
"atlas": [],
|
|
2433
|
+
"d3fend": [
|
|
2434
|
+
{
|
|
2435
|
+
"id": "D3-ASLR",
|
|
2436
|
+
"name": "Address Space Layout Randomization",
|
|
2437
|
+
"tactic": "Harden"
|
|
2438
|
+
},
|
|
2439
|
+
{
|
|
2440
|
+
"id": "D3-EAL",
|
|
2441
|
+
"name": "Executable Allowlisting",
|
|
2442
|
+
"tactic": "Harden"
|
|
2443
|
+
},
|
|
2444
|
+
{
|
|
2445
|
+
"id": "D3-PHRA",
|
|
2446
|
+
"name": "Process Hardware Resource Access",
|
|
2447
|
+
"tactic": "Isolate"
|
|
2448
|
+
},
|
|
2449
|
+
{
|
|
2450
|
+
"id": "D3-PSEP",
|
|
2451
|
+
"name": "Process Segment Execution Prevention",
|
|
2452
|
+
"tactic": "Harden"
|
|
2453
|
+
}
|
|
2454
|
+
],
|
|
2455
|
+
"framework_gaps": [
|
|
2456
|
+
{
|
|
2457
|
+
"id": "CIS-Controls-v8-Control7",
|
|
2458
|
+
"framework": "CIS Controls v8",
|
|
2459
|
+
"control_name": "Continuous Vulnerability Management"
|
|
2460
|
+
},
|
|
2461
|
+
{
|
|
2462
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
2463
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2464
|
+
"control_name": "Management of technical vulnerabilities"
|
|
2465
|
+
},
|
|
2466
|
+
{
|
|
2467
|
+
"id": "NIS2-Art21-patch-management",
|
|
2468
|
+
"framework": "EU NIS2 Directive",
|
|
2469
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
2470
|
+
},
|
|
2471
|
+
{
|
|
2472
|
+
"id": "NIST-800-53-SC-8",
|
|
2473
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2474
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
2475
|
+
},
|
|
2476
|
+
{
|
|
2477
|
+
"id": "NIST-800-53-SI-2",
|
|
2478
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2479
|
+
"control_name": "Flaw Remediation"
|
|
2480
|
+
},
|
|
2481
|
+
{
|
|
2482
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
2483
|
+
"framework": "PCI DSS 4.0",
|
|
2484
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
2485
|
+
}
|
|
2486
|
+
],
|
|
2487
|
+
"attack_refs": [
|
|
2488
|
+
"T1068",
|
|
2489
|
+
"T1548.001"
|
|
2490
|
+
],
|
|
2491
|
+
"rfc_refs": [
|
|
2492
|
+
"RFC-4301",
|
|
2493
|
+
"RFC-4303",
|
|
2494
|
+
"RFC-7296"
|
|
2495
|
+
]
|
|
2496
|
+
}
|
|
2497
|
+
},
|
|
2498
|
+
"CVE-2026-32202": {
|
|
2499
|
+
"name": "Microsoft Windows Shell LNK Mark-of-the-Web Bypass (APT28)",
|
|
2500
|
+
"rwep": 85,
|
|
2501
|
+
"cvss": 7.5,
|
|
2502
|
+
"cisa_kev": true,
|
|
2503
|
+
"epss_score": null,
|
|
2504
|
+
"referencing_skills": [
|
|
2505
|
+
"kernel-lpe-triage",
|
|
2506
|
+
"ai-attack-surface",
|
|
2507
|
+
"ai-c2-detection",
|
|
2508
|
+
"email-security-anti-phishing"
|
|
2509
|
+
],
|
|
2510
|
+
"chain": {
|
|
2511
|
+
"cwes": [
|
|
2512
|
+
{
|
|
2513
|
+
"id": "CWE-1039",
|
|
2514
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
2515
|
+
"category": "AI/ML"
|
|
2516
|
+
},
|
|
2517
|
+
{
|
|
2518
|
+
"id": "CWE-125",
|
|
2519
|
+
"name": "Out-of-bounds Read",
|
|
2520
|
+
"category": "Memory Safety"
|
|
2521
|
+
},
|
|
2522
|
+
{
|
|
2523
|
+
"id": "CWE-1426",
|
|
2524
|
+
"name": "Improper Validation of Generative AI Output",
|
|
2525
|
+
"category": "AI/ML"
|
|
2526
|
+
},
|
|
2527
|
+
{
|
|
2528
|
+
"id": "CWE-362",
|
|
2529
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
2530
|
+
"category": "Concurrency"
|
|
2531
|
+
},
|
|
2532
|
+
{
|
|
2533
|
+
"id": "CWE-416",
|
|
2534
|
+
"name": "Use After Free",
|
|
2535
|
+
"category": "Memory Safety"
|
|
2536
|
+
},
|
|
2537
|
+
{
|
|
2538
|
+
"id": "CWE-672",
|
|
2539
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
2540
|
+
"category": "Memory Safety"
|
|
2541
|
+
},
|
|
2542
|
+
{
|
|
2543
|
+
"id": "CWE-787",
|
|
2544
|
+
"name": "Out-of-bounds Write",
|
|
2545
|
+
"category": "Memory Safety"
|
|
2546
|
+
},
|
|
2547
|
+
{
|
|
2548
|
+
"id": "CWE-94",
|
|
2549
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
2550
|
+
"category": "Injection"
|
|
2551
|
+
}
|
|
2552
|
+
],
|
|
2553
|
+
"atlas": [
|
|
2554
|
+
{
|
|
2555
|
+
"id": "AML.T0016",
|
|
2556
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
2557
|
+
"tactic": "Resource Development"
|
|
2558
|
+
},
|
|
2559
|
+
{
|
|
2560
|
+
"id": "AML.T0017",
|
|
2561
|
+
"name": "Discover ML Model Ontology",
|
|
2562
|
+
"tactic": "Discovery"
|
|
2563
|
+
},
|
|
2564
|
+
{
|
|
2565
|
+
"id": "AML.T0018",
|
|
2566
|
+
"name": "Backdoor ML Model",
|
|
2567
|
+
"tactic": "Persistence"
|
|
2568
|
+
},
|
|
2569
|
+
{
|
|
2570
|
+
"id": "AML.T0020",
|
|
2571
|
+
"name": "Poison Training Data",
|
|
2572
|
+
"tactic": "ML Attack Staging"
|
|
2573
|
+
},
|
|
2574
|
+
{
|
|
2575
|
+
"id": "AML.T0043",
|
|
2576
|
+
"name": "Craft Adversarial Data",
|
|
2577
|
+
"tactic": "ML Attack Staging"
|
|
2578
|
+
},
|
|
2579
|
+
{
|
|
2580
|
+
"id": "AML.T0051",
|
|
2581
|
+
"name": "LLM Prompt Injection",
|
|
2582
|
+
"tactic": "Execution"
|
|
2583
|
+
},
|
|
2584
|
+
{
|
|
2585
|
+
"id": "AML.T0054",
|
|
2586
|
+
"name": "LLM Jailbreak",
|
|
2587
|
+
"tactic": "Defense Evasion"
|
|
2588
|
+
},
|
|
2589
|
+
{
|
|
2590
|
+
"id": "AML.T0096",
|
|
2591
|
+
"name": "AI API as Covert C2 Channel",
|
|
2592
|
+
"tactic": "Command and Control"
|
|
2593
|
+
}
|
|
2594
|
+
],
|
|
2595
|
+
"d3fend": [
|
|
2596
|
+
{
|
|
2597
|
+
"id": "D3-ASLR",
|
|
2598
|
+
"name": "Address Space Layout Randomization",
|
|
2599
|
+
"tactic": "Harden"
|
|
2600
|
+
},
|
|
2601
|
+
{
|
|
2602
|
+
"id": "D3-CA",
|
|
2603
|
+
"name": "Certificate Analysis",
|
|
2604
|
+
"tactic": "Detect"
|
|
2605
|
+
},
|
|
2606
|
+
{
|
|
2607
|
+
"id": "D3-CSPP",
|
|
2608
|
+
"name": "Client-server Payload Profiling",
|
|
2609
|
+
"tactic": "Detect"
|
|
2610
|
+
},
|
|
2611
|
+
{
|
|
2612
|
+
"id": "D3-DA",
|
|
2613
|
+
"name": "Domain Analysis",
|
|
2614
|
+
"tactic": "Detect"
|
|
2615
|
+
},
|
|
2616
|
+
{
|
|
2617
|
+
"id": "D3-EAL",
|
|
2618
|
+
"name": "Executable Allowlisting",
|
|
2619
|
+
"tactic": "Harden"
|
|
2620
|
+
},
|
|
2621
|
+
{
|
|
2622
|
+
"id": "D3-IOPR",
|
|
2623
|
+
"name": "Input/Output Profiling Resource",
|
|
2624
|
+
"tactic": "Detect"
|
|
2625
|
+
},
|
|
2626
|
+
{
|
|
2627
|
+
"id": "D3-NI",
|
|
2628
|
+
"name": "Network Isolation",
|
|
2629
|
+
"tactic": "Isolate"
|
|
2630
|
+
},
|
|
2631
|
+
{
|
|
2632
|
+
"id": "D3-NTA",
|
|
2633
|
+
"name": "Network Traffic Analysis",
|
|
2634
|
+
"tactic": "Detect"
|
|
2635
|
+
},
|
|
2636
|
+
{
|
|
2637
|
+
"id": "D3-NTPM",
|
|
2638
|
+
"name": "Network Traffic Policy Mapping",
|
|
2639
|
+
"tactic": "Model"
|
|
2640
|
+
},
|
|
2641
|
+
{
|
|
2642
|
+
"id": "D3-PHRA",
|
|
2643
|
+
"name": "Process Hardware Resource Access",
|
|
2644
|
+
"tactic": "Isolate"
|
|
2645
|
+
},
|
|
2646
|
+
{
|
|
2647
|
+
"id": "D3-PSEP",
|
|
2648
|
+
"name": "Process Segment Execution Prevention",
|
|
2649
|
+
"tactic": "Harden"
|
|
2650
|
+
}
|
|
2651
|
+
],
|
|
2652
|
+
"framework_gaps": [
|
|
2653
|
+
{
|
|
2654
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
2655
|
+
"framework": "ALL",
|
|
2656
|
+
"control_name": "AI Pipeline Integrity"
|
|
2657
|
+
},
|
|
2658
|
+
{
|
|
2659
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
2660
|
+
"framework": "ALL",
|
|
2661
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
2662
|
+
},
|
|
2663
|
+
{
|
|
2664
|
+
"id": "CIS-Controls-v8-Control7",
|
|
2665
|
+
"framework": "CIS Controls v8",
|
|
2666
|
+
"control_name": "Continuous Vulnerability Management"
|
|
2667
|
+
},
|
|
2668
|
+
{
|
|
2669
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
2670
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2671
|
+
"control_name": "Monitoring activities"
|
|
2672
|
+
},
|
|
2673
|
+
{
|
|
2674
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
2675
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2676
|
+
"control_name": "Secure coding"
|
|
2677
|
+
},
|
|
2678
|
+
{
|
|
2679
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
2680
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2681
|
+
"control_name": "Management of technical vulnerabilities"
|
|
2682
|
+
},
|
|
2683
|
+
{
|
|
2684
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
2685
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
2686
|
+
"control_name": "AI risk management process"
|
|
2687
|
+
},
|
|
2688
|
+
{
|
|
2689
|
+
"id": "NIS2-Art21-patch-management",
|
|
2690
|
+
"framework": "EU NIS2 Directive",
|
|
2691
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
2692
|
+
},
|
|
2693
|
+
{
|
|
2694
|
+
"id": "NIST-800-53-AC-2",
|
|
2695
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2696
|
+
"control_name": "Account Management"
|
|
2697
|
+
},
|
|
2698
|
+
{
|
|
2699
|
+
"id": "NIST-800-53-SC-7",
|
|
2700
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2701
|
+
"control_name": "Boundary Protection"
|
|
2702
|
+
},
|
|
2703
|
+
{
|
|
2704
|
+
"id": "NIST-800-53-SC-8",
|
|
2705
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2706
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
2707
|
+
},
|
|
2708
|
+
{
|
|
2709
|
+
"id": "NIST-800-53-SI-2",
|
|
2710
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2711
|
+
"control_name": "Flaw Remediation"
|
|
2712
|
+
},
|
|
2713
|
+
{
|
|
2714
|
+
"id": "NIST-800-53-SI-3",
|
|
2715
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2716
|
+
"control_name": "Malicious Code Protection"
|
|
2717
|
+
},
|
|
2718
|
+
{
|
|
2719
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
2720
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
2721
|
+
"control_name": "Prompt Injection"
|
|
2722
|
+
},
|
|
2723
|
+
{
|
|
2724
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
2725
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
2726
|
+
"control_name": "Sensitive Information Disclosure"
|
|
2727
|
+
},
|
|
2728
|
+
{
|
|
2729
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
2730
|
+
"framework": "PCI DSS 4.0",
|
|
2731
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
2732
|
+
},
|
|
2733
|
+
{
|
|
2734
|
+
"id": "SOC2-CC6-logical-access",
|
|
2735
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
2736
|
+
"control_name": "Logical and Physical Access Controls"
|
|
2737
|
+
},
|
|
2738
|
+
{
|
|
2739
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
2740
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
2741
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
2742
|
+
}
|
|
2743
|
+
],
|
|
2744
|
+
"attack_refs": [
|
|
2745
|
+
"T1059",
|
|
2746
|
+
"T1068",
|
|
2747
|
+
"T1071",
|
|
2748
|
+
"T1078",
|
|
2749
|
+
"T1102",
|
|
2750
|
+
"T1190",
|
|
2751
|
+
"T1548.001",
|
|
2752
|
+
"T1566",
|
|
2753
|
+
"T1566.001",
|
|
2754
|
+
"T1566.002",
|
|
2755
|
+
"T1566.003",
|
|
2756
|
+
"T1568"
|
|
2757
|
+
],
|
|
2758
|
+
"rfc_refs": [
|
|
2759
|
+
"RFC-4301",
|
|
2760
|
+
"RFC-4303",
|
|
2761
|
+
"RFC-7296",
|
|
2762
|
+
"RFC-8446",
|
|
2763
|
+
"RFC-9000",
|
|
2764
|
+
"RFC-9114",
|
|
2765
|
+
"RFC-9180",
|
|
2766
|
+
"RFC-9421",
|
|
2767
|
+
"RFC-9458"
|
|
2768
|
+
]
|
|
2769
|
+
}
|
|
2770
|
+
},
|
|
2771
|
+
"CVE-2026-33825": {
|
|
2772
|
+
"name": "BlueHammer — Microsoft Defender File-Remediation TOCTOU LPE",
|
|
2773
|
+
"rwep": 68,
|
|
2774
|
+
"cvss": 7.8,
|
|
2775
|
+
"cisa_kev": true,
|
|
2776
|
+
"epss_score": null,
|
|
2777
|
+
"referencing_skills": [
|
|
2778
|
+
"kernel-lpe-triage",
|
|
2779
|
+
"ai-attack-surface",
|
|
2780
|
+
"ai-c2-detection",
|
|
2781
|
+
"email-security-anti-phishing"
|
|
2782
|
+
],
|
|
2783
|
+
"chain": {
|
|
2784
|
+
"cwes": [
|
|
2785
|
+
{
|
|
2786
|
+
"id": "CWE-1039",
|
|
2787
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
2788
|
+
"category": "AI/ML"
|
|
2789
|
+
},
|
|
2790
|
+
{
|
|
2791
|
+
"id": "CWE-125",
|
|
2792
|
+
"name": "Out-of-bounds Read",
|
|
2793
|
+
"category": "Memory Safety"
|
|
2794
|
+
},
|
|
2795
|
+
{
|
|
2796
|
+
"id": "CWE-1426",
|
|
2797
|
+
"name": "Improper Validation of Generative AI Output",
|
|
2798
|
+
"category": "AI/ML"
|
|
2799
|
+
},
|
|
2800
|
+
{
|
|
2801
|
+
"id": "CWE-362",
|
|
2802
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
2803
|
+
"category": "Concurrency"
|
|
2804
|
+
},
|
|
2805
|
+
{
|
|
2806
|
+
"id": "CWE-416",
|
|
2807
|
+
"name": "Use After Free",
|
|
2808
|
+
"category": "Memory Safety"
|
|
2809
|
+
},
|
|
2810
|
+
{
|
|
2811
|
+
"id": "CWE-672",
|
|
2812
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
2813
|
+
"category": "Memory Safety"
|
|
2814
|
+
},
|
|
2815
|
+
{
|
|
2816
|
+
"id": "CWE-787",
|
|
2817
|
+
"name": "Out-of-bounds Write",
|
|
2818
|
+
"category": "Memory Safety"
|
|
2819
|
+
},
|
|
2820
|
+
{
|
|
2821
|
+
"id": "CWE-94",
|
|
2822
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
2823
|
+
"category": "Injection"
|
|
2824
|
+
}
|
|
2825
|
+
],
|
|
2826
|
+
"atlas": [
|
|
2827
|
+
{
|
|
2828
|
+
"id": "AML.T0016",
|
|
2829
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
2830
|
+
"tactic": "Resource Development"
|
|
2831
|
+
},
|
|
2832
|
+
{
|
|
2833
|
+
"id": "AML.T0017",
|
|
2834
|
+
"name": "Discover ML Model Ontology",
|
|
2835
|
+
"tactic": "Discovery"
|
|
2836
|
+
},
|
|
2837
|
+
{
|
|
2838
|
+
"id": "AML.T0018",
|
|
2839
|
+
"name": "Backdoor ML Model",
|
|
2840
|
+
"tactic": "Persistence"
|
|
2841
|
+
},
|
|
2842
|
+
{
|
|
2843
|
+
"id": "AML.T0020",
|
|
2844
|
+
"name": "Poison Training Data",
|
|
2845
|
+
"tactic": "ML Attack Staging"
|
|
2846
|
+
},
|
|
2847
|
+
{
|
|
2848
|
+
"id": "AML.T0043",
|
|
2849
|
+
"name": "Craft Adversarial Data",
|
|
2850
|
+
"tactic": "ML Attack Staging"
|
|
2851
|
+
},
|
|
2852
|
+
{
|
|
2853
|
+
"id": "AML.T0051",
|
|
2854
|
+
"name": "LLM Prompt Injection",
|
|
2855
|
+
"tactic": "Execution"
|
|
2856
|
+
},
|
|
2857
|
+
{
|
|
2858
|
+
"id": "AML.T0054",
|
|
2859
|
+
"name": "LLM Jailbreak",
|
|
2860
|
+
"tactic": "Defense Evasion"
|
|
2861
|
+
},
|
|
2862
|
+
{
|
|
2863
|
+
"id": "AML.T0096",
|
|
2864
|
+
"name": "AI API as Covert C2 Channel",
|
|
2865
|
+
"tactic": "Command and Control"
|
|
2866
|
+
}
|
|
2867
|
+
],
|
|
2868
|
+
"d3fend": [
|
|
2869
|
+
{
|
|
2870
|
+
"id": "D3-ASLR",
|
|
2871
|
+
"name": "Address Space Layout Randomization",
|
|
2872
|
+
"tactic": "Harden"
|
|
2873
|
+
},
|
|
2874
|
+
{
|
|
2875
|
+
"id": "D3-CA",
|
|
2876
|
+
"name": "Certificate Analysis",
|
|
2877
|
+
"tactic": "Detect"
|
|
2878
|
+
},
|
|
2879
|
+
{
|
|
2880
|
+
"id": "D3-CSPP",
|
|
2881
|
+
"name": "Client-server Payload Profiling",
|
|
2882
|
+
"tactic": "Detect"
|
|
2883
|
+
},
|
|
2884
|
+
{
|
|
2885
|
+
"id": "D3-DA",
|
|
2886
|
+
"name": "Domain Analysis",
|
|
2887
|
+
"tactic": "Detect"
|
|
2888
|
+
},
|
|
2889
|
+
{
|
|
2890
|
+
"id": "D3-EAL",
|
|
2891
|
+
"name": "Executable Allowlisting",
|
|
2892
|
+
"tactic": "Harden"
|
|
2893
|
+
},
|
|
2894
|
+
{
|
|
2895
|
+
"id": "D3-IOPR",
|
|
2896
|
+
"name": "Input/Output Profiling Resource",
|
|
2897
|
+
"tactic": "Detect"
|
|
2898
|
+
},
|
|
2899
|
+
{
|
|
2900
|
+
"id": "D3-NI",
|
|
2901
|
+
"name": "Network Isolation",
|
|
2902
|
+
"tactic": "Isolate"
|
|
2903
|
+
},
|
|
2904
|
+
{
|
|
2905
|
+
"id": "D3-NTA",
|
|
2906
|
+
"name": "Network Traffic Analysis",
|
|
2907
|
+
"tactic": "Detect"
|
|
2908
|
+
},
|
|
2909
|
+
{
|
|
2910
|
+
"id": "D3-NTPM",
|
|
2911
|
+
"name": "Network Traffic Policy Mapping",
|
|
2912
|
+
"tactic": "Model"
|
|
2913
|
+
},
|
|
2914
|
+
{
|
|
2915
|
+
"id": "D3-PHRA",
|
|
2916
|
+
"name": "Process Hardware Resource Access",
|
|
2917
|
+
"tactic": "Isolate"
|
|
2918
|
+
},
|
|
2919
|
+
{
|
|
2920
|
+
"id": "D3-PSEP",
|
|
2921
|
+
"name": "Process Segment Execution Prevention",
|
|
2922
|
+
"tactic": "Harden"
|
|
2923
|
+
}
|
|
2924
|
+
],
|
|
2925
|
+
"framework_gaps": [
|
|
2926
|
+
{
|
|
2927
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
2928
|
+
"framework": "ALL",
|
|
2929
|
+
"control_name": "AI Pipeline Integrity"
|
|
2930
|
+
},
|
|
2931
|
+
{
|
|
2932
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
2933
|
+
"framework": "ALL",
|
|
2934
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
2935
|
+
},
|
|
2936
|
+
{
|
|
2937
|
+
"id": "CIS-Controls-v8-Control7",
|
|
2938
|
+
"framework": "CIS Controls v8",
|
|
2939
|
+
"control_name": "Continuous Vulnerability Management"
|
|
2940
|
+
},
|
|
2941
|
+
{
|
|
2942
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
2943
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2944
|
+
"control_name": "Monitoring activities"
|
|
2945
|
+
},
|
|
2946
|
+
{
|
|
2947
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
2948
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2949
|
+
"control_name": "Secure coding"
|
|
2950
|
+
},
|
|
2951
|
+
{
|
|
2952
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
2953
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2954
|
+
"control_name": "Management of technical vulnerabilities"
|
|
2955
|
+
},
|
|
2956
|
+
{
|
|
2957
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
2958
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
2959
|
+
"control_name": "AI risk management process"
|
|
2960
|
+
},
|
|
2961
|
+
{
|
|
2962
|
+
"id": "NIS2-Art21-patch-management",
|
|
2963
|
+
"framework": "EU NIS2 Directive",
|
|
2964
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
2965
|
+
},
|
|
2966
|
+
{
|
|
2967
|
+
"id": "NIST-800-53-AC-2",
|
|
2968
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2969
|
+
"control_name": "Account Management"
|
|
2970
|
+
},
|
|
2971
|
+
{
|
|
2972
|
+
"id": "NIST-800-53-SC-7",
|
|
2973
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2974
|
+
"control_name": "Boundary Protection"
|
|
2975
|
+
},
|
|
2976
|
+
{
|
|
2977
|
+
"id": "NIST-800-53-SC-8",
|
|
2978
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2979
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
2980
|
+
},
|
|
2981
|
+
{
|
|
2982
|
+
"id": "NIST-800-53-SI-2",
|
|
2983
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2984
|
+
"control_name": "Flaw Remediation"
|
|
2985
|
+
},
|
|
2986
|
+
{
|
|
2987
|
+
"id": "NIST-800-53-SI-3",
|
|
2988
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2989
|
+
"control_name": "Malicious Code Protection"
|
|
2990
|
+
},
|
|
2991
|
+
{
|
|
2992
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
2993
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
2994
|
+
"control_name": "Prompt Injection"
|
|
2995
|
+
},
|
|
2996
|
+
{
|
|
2997
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
2998
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
2999
|
+
"control_name": "Sensitive Information Disclosure"
|
|
3000
|
+
},
|
|
3001
|
+
{
|
|
3002
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
3003
|
+
"framework": "PCI DSS 4.0",
|
|
3004
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
3005
|
+
},
|
|
3006
|
+
{
|
|
3007
|
+
"id": "SOC2-CC6-logical-access",
|
|
3008
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
3009
|
+
"control_name": "Logical and Physical Access Controls"
|
|
3010
|
+
},
|
|
3011
|
+
{
|
|
3012
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
3013
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
3014
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
3015
|
+
}
|
|
3016
|
+
],
|
|
3017
|
+
"attack_refs": [
|
|
3018
|
+
"T1059",
|
|
3019
|
+
"T1068",
|
|
3020
|
+
"T1071",
|
|
3021
|
+
"T1078",
|
|
3022
|
+
"T1102",
|
|
3023
|
+
"T1190",
|
|
3024
|
+
"T1548.001",
|
|
3025
|
+
"T1566",
|
|
3026
|
+
"T1566.001",
|
|
3027
|
+
"T1566.002",
|
|
3028
|
+
"T1566.003",
|
|
3029
|
+
"T1568"
|
|
3030
|
+
],
|
|
3031
|
+
"rfc_refs": [
|
|
3032
|
+
"RFC-4301",
|
|
3033
|
+
"RFC-4303",
|
|
3034
|
+
"RFC-7296",
|
|
3035
|
+
"RFC-8446",
|
|
3036
|
+
"RFC-9000",
|
|
3037
|
+
"RFC-9114",
|
|
3038
|
+
"RFC-9180",
|
|
3039
|
+
"RFC-9421",
|
|
3040
|
+
"RFC-9458"
|
|
3041
|
+
]
|
|
3042
|
+
}
|
|
3043
|
+
},
|
|
2157
3044
|
"CWE-20": {
|
|
2158
3045
|
"name": "Improper Input Validation",
|
|
2159
3046
|
"category": "Validation",
|
|
@@ -3221,7 +4108,9 @@
|
|
|
3221
4108
|
},
|
|
3222
4109
|
"related_cves": [
|
|
3223
4110
|
"CVE-2025-53773",
|
|
3224
|
-
"CVE-2026-30615"
|
|
4111
|
+
"CVE-2026-30615",
|
|
4112
|
+
"CVE-2026-32202",
|
|
4113
|
+
"CVE-2026-33825"
|
|
3225
4114
|
]
|
|
3226
4115
|
},
|
|
3227
4116
|
"CWE-123": {
|
|
@@ -3353,10 +4242,15 @@
|
|
|
3353
4242
|
},
|
|
3354
4243
|
"related_cves": [
|
|
3355
4244
|
"CVE-2025-53773",
|
|
4245
|
+
"CVE-2026-0300",
|
|
3356
4246
|
"CVE-2026-30615",
|
|
3357
4247
|
"CVE-2026-31431",
|
|
4248
|
+
"CVE-2026-32202",
|
|
4249
|
+
"CVE-2026-33825",
|
|
4250
|
+
"CVE-2026-42897",
|
|
3358
4251
|
"CVE-2026-43284",
|
|
3359
|
-
"CVE-2026-43500"
|
|
4252
|
+
"CVE-2026-43500",
|
|
4253
|
+
"CVE-2026-6973"
|
|
3360
4254
|
]
|
|
3361
4255
|
},
|
|
3362
4256
|
"CWE-200": {
|
|
@@ -5396,10 +6290,15 @@
|
|
|
5396
6290
|
},
|
|
5397
6291
|
"related_cves": [
|
|
5398
6292
|
"CVE-2025-53773",
|
|
6293
|
+
"CVE-2026-0300",
|
|
5399
6294
|
"CVE-2026-30615",
|
|
5400
6295
|
"CVE-2026-31431",
|
|
6296
|
+
"CVE-2026-32202",
|
|
6297
|
+
"CVE-2026-33825",
|
|
6298
|
+
"CVE-2026-42897",
|
|
5401
6299
|
"CVE-2026-43284",
|
|
5402
|
-
"CVE-2026-43500"
|
|
6300
|
+
"CVE-2026-43500",
|
|
6301
|
+
"CVE-2026-6973"
|
|
5403
6302
|
]
|
|
5404
6303
|
},
|
|
5405
6304
|
"CWE-416": {
|
|
@@ -5517,10 +6416,15 @@
|
|
|
5517
6416
|
},
|
|
5518
6417
|
"related_cves": [
|
|
5519
6418
|
"CVE-2025-53773",
|
|
6419
|
+
"CVE-2026-0300",
|
|
5520
6420
|
"CVE-2026-30615",
|
|
5521
6421
|
"CVE-2026-31431",
|
|
6422
|
+
"CVE-2026-32202",
|
|
6423
|
+
"CVE-2026-33825",
|
|
6424
|
+
"CVE-2026-42897",
|
|
5522
6425
|
"CVE-2026-43284",
|
|
5523
|
-
"CVE-2026-43500"
|
|
6426
|
+
"CVE-2026-43500",
|
|
6427
|
+
"CVE-2026-6973"
|
|
5524
6428
|
]
|
|
5525
6429
|
},
|
|
5526
6430
|
"CWE-426": {
|
|
@@ -6393,9 +7297,14 @@
|
|
|
6393
7297
|
]
|
|
6394
7298
|
},
|
|
6395
7299
|
"related_cves": [
|
|
7300
|
+
"CVE-2026-0300",
|
|
6396
7301
|
"CVE-2026-31431",
|
|
7302
|
+
"CVE-2026-32202",
|
|
7303
|
+
"CVE-2026-33825",
|
|
7304
|
+
"CVE-2026-42897",
|
|
6397
7305
|
"CVE-2026-43284",
|
|
6398
|
-
"CVE-2026-43500"
|
|
7306
|
+
"CVE-2026-43500",
|
|
7307
|
+
"CVE-2026-6973"
|
|
6399
7308
|
]
|
|
6400
7309
|
},
|
|
6401
7310
|
"CWE-732": {
|
|
@@ -6880,10 +7789,15 @@
|
|
|
6880
7789
|
},
|
|
6881
7790
|
"related_cves": [
|
|
6882
7791
|
"CVE-2025-53773",
|
|
7792
|
+
"CVE-2026-0300",
|
|
6883
7793
|
"CVE-2026-30615",
|
|
6884
7794
|
"CVE-2026-31431",
|
|
7795
|
+
"CVE-2026-32202",
|
|
7796
|
+
"CVE-2026-33825",
|
|
7797
|
+
"CVE-2026-42897",
|
|
6885
7798
|
"CVE-2026-43284",
|
|
6886
|
-
"CVE-2026-43500"
|
|
7799
|
+
"CVE-2026-43500",
|
|
7800
|
+
"CVE-2026-6973"
|
|
6887
7801
|
]
|
|
6888
7802
|
},
|
|
6889
7803
|
"CWE-798": {
|
|
@@ -8218,7 +9132,9 @@
|
|
|
8218
9132
|
},
|
|
8219
9133
|
"related_cves": [
|
|
8220
9134
|
"CVE-2025-53773",
|
|
8221
|
-
"CVE-2026-30615"
|
|
9135
|
+
"CVE-2026-30615",
|
|
9136
|
+
"CVE-2026-32202",
|
|
9137
|
+
"CVE-2026-33825"
|
|
8222
9138
|
]
|
|
8223
9139
|
},
|
|
8224
9140
|
"CWE-1188": {
|
|
@@ -8528,6 +9444,7 @@
|
|
|
8528
9444
|
},
|
|
8529
9445
|
"related_cves": [
|
|
8530
9446
|
"CVE-2025-53773",
|
|
9447
|
+
"CVE-2026-0300",
|
|
8531
9448
|
"CVE-2026-30615",
|
|
8532
9449
|
"CVE-2026-31431"
|
|
8533
9450
|
]
|
|
@@ -8990,6 +9907,8 @@
|
|
|
8990
9907
|
"related_cves": [
|
|
8991
9908
|
"CVE-2025-53773",
|
|
8992
9909
|
"CVE-2026-30615",
|
|
9910
|
+
"CVE-2026-32202",
|
|
9911
|
+
"CVE-2026-33825",
|
|
8993
9912
|
"CVE-2026-43284",
|
|
8994
9913
|
"CVE-2026-43500"
|
|
8995
9914
|
]
|