@blamejs/exceptd-skills 0.12.31 → 0.12.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +27 -0
- package/bin/exceptd.js +68 -12
- package/data/_indexes/_meta.json +6 -6
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +869 -46
- package/data/_indexes/frequency.json +9 -0
- package/data/cve-catalog.json +18 -18
- package/data/cwe-catalog.json +31 -22
- package/data/framework-control-gaps.json +331 -6
- package/data/zeroday-lessons.json +580 -0
- package/manifest-snapshot.json +1 -1
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +44 -44
- package/package.json +1 -1
- package/sbom.cdx.json +18 -18
- package/scripts/refresh-reverse-refs.js +63 -6
|
@@ -2160,14 +2160,117 @@
|
|
|
2160
2160
|
"cvss": 9.3,
|
|
2161
2161
|
"cisa_kev": true,
|
|
2162
2162
|
"epss_score": null,
|
|
2163
|
-
"referencing_skills": [
|
|
2163
|
+
"referencing_skills": [
|
|
2164
|
+
"kernel-lpe-triage",
|
|
2165
|
+
"coordinated-vuln-disclosure"
|
|
2166
|
+
],
|
|
2164
2167
|
"chain": {
|
|
2165
|
-
"cwes": [
|
|
2168
|
+
"cwes": [
|
|
2169
|
+
{
|
|
2170
|
+
"id": "CWE-125",
|
|
2171
|
+
"name": "Out-of-bounds Read",
|
|
2172
|
+
"category": "Memory Safety"
|
|
2173
|
+
},
|
|
2174
|
+
{
|
|
2175
|
+
"id": "CWE-1357",
|
|
2176
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
2177
|
+
"category": "Supply Chain"
|
|
2178
|
+
},
|
|
2179
|
+
{
|
|
2180
|
+
"id": "CWE-362",
|
|
2181
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
2182
|
+
"category": "Concurrency"
|
|
2183
|
+
},
|
|
2184
|
+
{
|
|
2185
|
+
"id": "CWE-416",
|
|
2186
|
+
"name": "Use After Free",
|
|
2187
|
+
"category": "Memory Safety"
|
|
2188
|
+
},
|
|
2189
|
+
{
|
|
2190
|
+
"id": "CWE-672",
|
|
2191
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
2192
|
+
"category": "Memory Safety"
|
|
2193
|
+
},
|
|
2194
|
+
{
|
|
2195
|
+
"id": "CWE-787",
|
|
2196
|
+
"name": "Out-of-bounds Write",
|
|
2197
|
+
"category": "Memory Safety"
|
|
2198
|
+
}
|
|
2199
|
+
],
|
|
2166
2200
|
"atlas": [],
|
|
2167
|
-
"d3fend": [
|
|
2168
|
-
|
|
2169
|
-
|
|
2170
|
-
|
|
2201
|
+
"d3fend": [
|
|
2202
|
+
{
|
|
2203
|
+
"id": "D3-ASLR",
|
|
2204
|
+
"name": "Address Space Layout Randomization",
|
|
2205
|
+
"tactic": "Harden"
|
|
2206
|
+
},
|
|
2207
|
+
{
|
|
2208
|
+
"id": "D3-EAL",
|
|
2209
|
+
"name": "Executable Allowlisting",
|
|
2210
|
+
"tactic": "Harden"
|
|
2211
|
+
},
|
|
2212
|
+
{
|
|
2213
|
+
"id": "D3-PHRA",
|
|
2214
|
+
"name": "Process Hardware Resource Access",
|
|
2215
|
+
"tactic": "Isolate"
|
|
2216
|
+
},
|
|
2217
|
+
{
|
|
2218
|
+
"id": "D3-PSEP",
|
|
2219
|
+
"name": "Process Segment Execution Prevention",
|
|
2220
|
+
"tactic": "Harden"
|
|
2221
|
+
}
|
|
2222
|
+
],
|
|
2223
|
+
"framework_gaps": [
|
|
2224
|
+
{
|
|
2225
|
+
"id": "CIS-Controls-v8-Control7",
|
|
2226
|
+
"framework": "CIS Controls v8",
|
|
2227
|
+
"control_name": "Continuous Vulnerability Management"
|
|
2228
|
+
},
|
|
2229
|
+
{
|
|
2230
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
2231
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2232
|
+
"control_name": "Management of technical vulnerabilities"
|
|
2233
|
+
},
|
|
2234
|
+
{
|
|
2235
|
+
"id": "NIS2-Art21-patch-management",
|
|
2236
|
+
"framework": "EU NIS2 Directive",
|
|
2237
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
2238
|
+
},
|
|
2239
|
+
{
|
|
2240
|
+
"id": "NIST-800-218-SSDF",
|
|
2241
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
2242
|
+
"control_name": "Secure Software Development Framework"
|
|
2243
|
+
},
|
|
2244
|
+
{
|
|
2245
|
+
"id": "NIST-800-53-SC-8",
|
|
2246
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2247
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
2248
|
+
},
|
|
2249
|
+
{
|
|
2250
|
+
"id": "NIST-800-53-SI-2",
|
|
2251
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2252
|
+
"control_name": "Flaw Remediation"
|
|
2253
|
+
},
|
|
2254
|
+
{
|
|
2255
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
2256
|
+
"framework": "PCI DSS 4.0",
|
|
2257
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
2258
|
+
},
|
|
2259
|
+
{
|
|
2260
|
+
"id": "SOC2-CC9-vendor-management",
|
|
2261
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
2262
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
2263
|
+
}
|
|
2264
|
+
],
|
|
2265
|
+
"attack_refs": [
|
|
2266
|
+
"T1068",
|
|
2267
|
+
"T1548.001"
|
|
2268
|
+
],
|
|
2269
|
+
"rfc_refs": [
|
|
2270
|
+
"RFC-4301",
|
|
2271
|
+
"RFC-4303",
|
|
2272
|
+
"RFC-7296"
|
|
2273
|
+
]
|
|
2171
2274
|
}
|
|
2172
2275
|
},
|
|
2173
2276
|
"CVE-2026-39987": {
|
|
@@ -2192,14 +2295,101 @@
|
|
|
2192
2295
|
"cvss": 7.2,
|
|
2193
2296
|
"cisa_kev": true,
|
|
2194
2297
|
"epss_score": null,
|
|
2195
|
-
"referencing_skills": [
|
|
2298
|
+
"referencing_skills": [
|
|
2299
|
+
"kernel-lpe-triage"
|
|
2300
|
+
],
|
|
2196
2301
|
"chain": {
|
|
2197
|
-
"cwes": [
|
|
2302
|
+
"cwes": [
|
|
2303
|
+
{
|
|
2304
|
+
"id": "CWE-125",
|
|
2305
|
+
"name": "Out-of-bounds Read",
|
|
2306
|
+
"category": "Memory Safety"
|
|
2307
|
+
},
|
|
2308
|
+
{
|
|
2309
|
+
"id": "CWE-362",
|
|
2310
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
2311
|
+
"category": "Concurrency"
|
|
2312
|
+
},
|
|
2313
|
+
{
|
|
2314
|
+
"id": "CWE-416",
|
|
2315
|
+
"name": "Use After Free",
|
|
2316
|
+
"category": "Memory Safety"
|
|
2317
|
+
},
|
|
2318
|
+
{
|
|
2319
|
+
"id": "CWE-672",
|
|
2320
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
2321
|
+
"category": "Memory Safety"
|
|
2322
|
+
},
|
|
2323
|
+
{
|
|
2324
|
+
"id": "CWE-787",
|
|
2325
|
+
"name": "Out-of-bounds Write",
|
|
2326
|
+
"category": "Memory Safety"
|
|
2327
|
+
}
|
|
2328
|
+
],
|
|
2198
2329
|
"atlas": [],
|
|
2199
|
-
"d3fend": [
|
|
2200
|
-
|
|
2201
|
-
|
|
2202
|
-
|
|
2330
|
+
"d3fend": [
|
|
2331
|
+
{
|
|
2332
|
+
"id": "D3-ASLR",
|
|
2333
|
+
"name": "Address Space Layout Randomization",
|
|
2334
|
+
"tactic": "Harden"
|
|
2335
|
+
},
|
|
2336
|
+
{
|
|
2337
|
+
"id": "D3-EAL",
|
|
2338
|
+
"name": "Executable Allowlisting",
|
|
2339
|
+
"tactic": "Harden"
|
|
2340
|
+
},
|
|
2341
|
+
{
|
|
2342
|
+
"id": "D3-PHRA",
|
|
2343
|
+
"name": "Process Hardware Resource Access",
|
|
2344
|
+
"tactic": "Isolate"
|
|
2345
|
+
},
|
|
2346
|
+
{
|
|
2347
|
+
"id": "D3-PSEP",
|
|
2348
|
+
"name": "Process Segment Execution Prevention",
|
|
2349
|
+
"tactic": "Harden"
|
|
2350
|
+
}
|
|
2351
|
+
],
|
|
2352
|
+
"framework_gaps": [
|
|
2353
|
+
{
|
|
2354
|
+
"id": "CIS-Controls-v8-Control7",
|
|
2355
|
+
"framework": "CIS Controls v8",
|
|
2356
|
+
"control_name": "Continuous Vulnerability Management"
|
|
2357
|
+
},
|
|
2358
|
+
{
|
|
2359
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
2360
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2361
|
+
"control_name": "Management of technical vulnerabilities"
|
|
2362
|
+
},
|
|
2363
|
+
{
|
|
2364
|
+
"id": "NIS2-Art21-patch-management",
|
|
2365
|
+
"framework": "EU NIS2 Directive",
|
|
2366
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
2367
|
+
},
|
|
2368
|
+
{
|
|
2369
|
+
"id": "NIST-800-53-SC-8",
|
|
2370
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2371
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
2372
|
+
},
|
|
2373
|
+
{
|
|
2374
|
+
"id": "NIST-800-53-SI-2",
|
|
2375
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2376
|
+
"control_name": "Flaw Remediation"
|
|
2377
|
+
},
|
|
2378
|
+
{
|
|
2379
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
2380
|
+
"framework": "PCI DSS 4.0",
|
|
2381
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
2382
|
+
}
|
|
2383
|
+
],
|
|
2384
|
+
"attack_refs": [
|
|
2385
|
+
"T1068",
|
|
2386
|
+
"T1548.001"
|
|
2387
|
+
],
|
|
2388
|
+
"rfc_refs": [
|
|
2389
|
+
"RFC-4301",
|
|
2390
|
+
"RFC-4303",
|
|
2391
|
+
"RFC-7296"
|
|
2392
|
+
]
|
|
2203
2393
|
}
|
|
2204
2394
|
},
|
|
2205
2395
|
"CVE-2026-42897": {
|
|
@@ -2208,30 +2398,374 @@
|
|
|
2208
2398
|
"cvss": 8.1,
|
|
2209
2399
|
"cisa_kev": true,
|
|
2210
2400
|
"epss_score": null,
|
|
2211
|
-
"referencing_skills": [
|
|
2401
|
+
"referencing_skills": [
|
|
2402
|
+
"kernel-lpe-triage"
|
|
2403
|
+
],
|
|
2212
2404
|
"chain": {
|
|
2213
|
-
"cwes": [
|
|
2405
|
+
"cwes": [
|
|
2406
|
+
{
|
|
2407
|
+
"id": "CWE-125",
|
|
2408
|
+
"name": "Out-of-bounds Read",
|
|
2409
|
+
"category": "Memory Safety"
|
|
2410
|
+
},
|
|
2411
|
+
{
|
|
2412
|
+
"id": "CWE-362",
|
|
2413
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
2414
|
+
"category": "Concurrency"
|
|
2415
|
+
},
|
|
2416
|
+
{
|
|
2417
|
+
"id": "CWE-416",
|
|
2418
|
+
"name": "Use After Free",
|
|
2419
|
+
"category": "Memory Safety"
|
|
2420
|
+
},
|
|
2421
|
+
{
|
|
2422
|
+
"id": "CWE-672",
|
|
2423
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
2424
|
+
"category": "Memory Safety"
|
|
2425
|
+
},
|
|
2426
|
+
{
|
|
2427
|
+
"id": "CWE-787",
|
|
2428
|
+
"name": "Out-of-bounds Write",
|
|
2429
|
+
"category": "Memory Safety"
|
|
2430
|
+
}
|
|
2431
|
+
],
|
|
2214
2432
|
"atlas": [],
|
|
2215
|
-
"d3fend": [
|
|
2216
|
-
|
|
2217
|
-
|
|
2218
|
-
|
|
2219
|
-
|
|
2220
|
-
|
|
2221
|
-
|
|
2222
|
-
|
|
2223
|
-
|
|
2224
|
-
|
|
2225
|
-
|
|
2433
|
+
"d3fend": [
|
|
2434
|
+
{
|
|
2435
|
+
"id": "D3-ASLR",
|
|
2436
|
+
"name": "Address Space Layout Randomization",
|
|
2437
|
+
"tactic": "Harden"
|
|
2438
|
+
},
|
|
2439
|
+
{
|
|
2440
|
+
"id": "D3-EAL",
|
|
2441
|
+
"name": "Executable Allowlisting",
|
|
2442
|
+
"tactic": "Harden"
|
|
2443
|
+
},
|
|
2444
|
+
{
|
|
2445
|
+
"id": "D3-PHRA",
|
|
2446
|
+
"name": "Process Hardware Resource Access",
|
|
2447
|
+
"tactic": "Isolate"
|
|
2448
|
+
},
|
|
2449
|
+
{
|
|
2450
|
+
"id": "D3-PSEP",
|
|
2451
|
+
"name": "Process Segment Execution Prevention",
|
|
2452
|
+
"tactic": "Harden"
|
|
2453
|
+
}
|
|
2454
|
+
],
|
|
2455
|
+
"framework_gaps": [
|
|
2456
|
+
{
|
|
2457
|
+
"id": "CIS-Controls-v8-Control7",
|
|
2458
|
+
"framework": "CIS Controls v8",
|
|
2459
|
+
"control_name": "Continuous Vulnerability Management"
|
|
2460
|
+
},
|
|
2461
|
+
{
|
|
2462
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
2463
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2464
|
+
"control_name": "Management of technical vulnerabilities"
|
|
2465
|
+
},
|
|
2466
|
+
{
|
|
2467
|
+
"id": "NIS2-Art21-patch-management",
|
|
2468
|
+
"framework": "EU NIS2 Directive",
|
|
2469
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
2470
|
+
},
|
|
2471
|
+
{
|
|
2472
|
+
"id": "NIST-800-53-SC-8",
|
|
2473
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2474
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
2475
|
+
},
|
|
2476
|
+
{
|
|
2477
|
+
"id": "NIST-800-53-SI-2",
|
|
2478
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2479
|
+
"control_name": "Flaw Remediation"
|
|
2480
|
+
},
|
|
2481
|
+
{
|
|
2482
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
2483
|
+
"framework": "PCI DSS 4.0",
|
|
2484
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
2485
|
+
}
|
|
2486
|
+
],
|
|
2487
|
+
"attack_refs": [
|
|
2488
|
+
"T1068",
|
|
2489
|
+
"T1548.001"
|
|
2490
|
+
],
|
|
2491
|
+
"rfc_refs": [
|
|
2492
|
+
"RFC-4301",
|
|
2493
|
+
"RFC-4303",
|
|
2494
|
+
"RFC-7296"
|
|
2495
|
+
]
|
|
2496
|
+
}
|
|
2497
|
+
},
|
|
2498
|
+
"CVE-2026-32202": {
|
|
2499
|
+
"name": "Microsoft Windows Shell LNK Mark-of-the-Web Bypass (APT28)",
|
|
2500
|
+
"rwep": 85,
|
|
2501
|
+
"cvss": 7.5,
|
|
2502
|
+
"cisa_kev": true,
|
|
2226
2503
|
"epss_score": null,
|
|
2227
|
-
"referencing_skills": [
|
|
2504
|
+
"referencing_skills": [
|
|
2505
|
+
"kernel-lpe-triage",
|
|
2506
|
+
"ai-attack-surface",
|
|
2507
|
+
"ai-c2-detection",
|
|
2508
|
+
"email-security-anti-phishing"
|
|
2509
|
+
],
|
|
2228
2510
|
"chain": {
|
|
2229
|
-
"cwes": [
|
|
2230
|
-
|
|
2231
|
-
|
|
2232
|
-
|
|
2233
|
-
|
|
2234
|
-
|
|
2511
|
+
"cwes": [
|
|
2512
|
+
{
|
|
2513
|
+
"id": "CWE-1039",
|
|
2514
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
2515
|
+
"category": "AI/ML"
|
|
2516
|
+
},
|
|
2517
|
+
{
|
|
2518
|
+
"id": "CWE-125",
|
|
2519
|
+
"name": "Out-of-bounds Read",
|
|
2520
|
+
"category": "Memory Safety"
|
|
2521
|
+
},
|
|
2522
|
+
{
|
|
2523
|
+
"id": "CWE-1426",
|
|
2524
|
+
"name": "Improper Validation of Generative AI Output",
|
|
2525
|
+
"category": "AI/ML"
|
|
2526
|
+
},
|
|
2527
|
+
{
|
|
2528
|
+
"id": "CWE-362",
|
|
2529
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
2530
|
+
"category": "Concurrency"
|
|
2531
|
+
},
|
|
2532
|
+
{
|
|
2533
|
+
"id": "CWE-416",
|
|
2534
|
+
"name": "Use After Free",
|
|
2535
|
+
"category": "Memory Safety"
|
|
2536
|
+
},
|
|
2537
|
+
{
|
|
2538
|
+
"id": "CWE-672",
|
|
2539
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
2540
|
+
"category": "Memory Safety"
|
|
2541
|
+
},
|
|
2542
|
+
{
|
|
2543
|
+
"id": "CWE-787",
|
|
2544
|
+
"name": "Out-of-bounds Write",
|
|
2545
|
+
"category": "Memory Safety"
|
|
2546
|
+
},
|
|
2547
|
+
{
|
|
2548
|
+
"id": "CWE-94",
|
|
2549
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
2550
|
+
"category": "Injection"
|
|
2551
|
+
}
|
|
2552
|
+
],
|
|
2553
|
+
"atlas": [
|
|
2554
|
+
{
|
|
2555
|
+
"id": "AML.T0016",
|
|
2556
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
2557
|
+
"tactic": "Resource Development"
|
|
2558
|
+
},
|
|
2559
|
+
{
|
|
2560
|
+
"id": "AML.T0017",
|
|
2561
|
+
"name": "Discover ML Model Ontology",
|
|
2562
|
+
"tactic": "Discovery"
|
|
2563
|
+
},
|
|
2564
|
+
{
|
|
2565
|
+
"id": "AML.T0018",
|
|
2566
|
+
"name": "Backdoor ML Model",
|
|
2567
|
+
"tactic": "Persistence"
|
|
2568
|
+
},
|
|
2569
|
+
{
|
|
2570
|
+
"id": "AML.T0020",
|
|
2571
|
+
"name": "Poison Training Data",
|
|
2572
|
+
"tactic": "ML Attack Staging"
|
|
2573
|
+
},
|
|
2574
|
+
{
|
|
2575
|
+
"id": "AML.T0043",
|
|
2576
|
+
"name": "Craft Adversarial Data",
|
|
2577
|
+
"tactic": "ML Attack Staging"
|
|
2578
|
+
},
|
|
2579
|
+
{
|
|
2580
|
+
"id": "AML.T0051",
|
|
2581
|
+
"name": "LLM Prompt Injection",
|
|
2582
|
+
"tactic": "Execution"
|
|
2583
|
+
},
|
|
2584
|
+
{
|
|
2585
|
+
"id": "AML.T0054",
|
|
2586
|
+
"name": "LLM Jailbreak",
|
|
2587
|
+
"tactic": "Defense Evasion"
|
|
2588
|
+
},
|
|
2589
|
+
{
|
|
2590
|
+
"id": "AML.T0096",
|
|
2591
|
+
"name": "AI API as Covert C2 Channel",
|
|
2592
|
+
"tactic": "Command and Control"
|
|
2593
|
+
}
|
|
2594
|
+
],
|
|
2595
|
+
"d3fend": [
|
|
2596
|
+
{
|
|
2597
|
+
"id": "D3-ASLR",
|
|
2598
|
+
"name": "Address Space Layout Randomization",
|
|
2599
|
+
"tactic": "Harden"
|
|
2600
|
+
},
|
|
2601
|
+
{
|
|
2602
|
+
"id": "D3-CA",
|
|
2603
|
+
"name": "Certificate Analysis",
|
|
2604
|
+
"tactic": "Detect"
|
|
2605
|
+
},
|
|
2606
|
+
{
|
|
2607
|
+
"id": "D3-CSPP",
|
|
2608
|
+
"name": "Client-server Payload Profiling",
|
|
2609
|
+
"tactic": "Detect"
|
|
2610
|
+
},
|
|
2611
|
+
{
|
|
2612
|
+
"id": "D3-DA",
|
|
2613
|
+
"name": "Domain Analysis",
|
|
2614
|
+
"tactic": "Detect"
|
|
2615
|
+
},
|
|
2616
|
+
{
|
|
2617
|
+
"id": "D3-EAL",
|
|
2618
|
+
"name": "Executable Allowlisting",
|
|
2619
|
+
"tactic": "Harden"
|
|
2620
|
+
},
|
|
2621
|
+
{
|
|
2622
|
+
"id": "D3-IOPR",
|
|
2623
|
+
"name": "Input/Output Profiling Resource",
|
|
2624
|
+
"tactic": "Detect"
|
|
2625
|
+
},
|
|
2626
|
+
{
|
|
2627
|
+
"id": "D3-NI",
|
|
2628
|
+
"name": "Network Isolation",
|
|
2629
|
+
"tactic": "Isolate"
|
|
2630
|
+
},
|
|
2631
|
+
{
|
|
2632
|
+
"id": "D3-NTA",
|
|
2633
|
+
"name": "Network Traffic Analysis",
|
|
2634
|
+
"tactic": "Detect"
|
|
2635
|
+
},
|
|
2636
|
+
{
|
|
2637
|
+
"id": "D3-NTPM",
|
|
2638
|
+
"name": "Network Traffic Policy Mapping",
|
|
2639
|
+
"tactic": "Model"
|
|
2640
|
+
},
|
|
2641
|
+
{
|
|
2642
|
+
"id": "D3-PHRA",
|
|
2643
|
+
"name": "Process Hardware Resource Access",
|
|
2644
|
+
"tactic": "Isolate"
|
|
2645
|
+
},
|
|
2646
|
+
{
|
|
2647
|
+
"id": "D3-PSEP",
|
|
2648
|
+
"name": "Process Segment Execution Prevention",
|
|
2649
|
+
"tactic": "Harden"
|
|
2650
|
+
}
|
|
2651
|
+
],
|
|
2652
|
+
"framework_gaps": [
|
|
2653
|
+
{
|
|
2654
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
2655
|
+
"framework": "ALL",
|
|
2656
|
+
"control_name": "AI Pipeline Integrity"
|
|
2657
|
+
},
|
|
2658
|
+
{
|
|
2659
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
2660
|
+
"framework": "ALL",
|
|
2661
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
2662
|
+
},
|
|
2663
|
+
{
|
|
2664
|
+
"id": "CIS-Controls-v8-Control7",
|
|
2665
|
+
"framework": "CIS Controls v8",
|
|
2666
|
+
"control_name": "Continuous Vulnerability Management"
|
|
2667
|
+
},
|
|
2668
|
+
{
|
|
2669
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
2670
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2671
|
+
"control_name": "Monitoring activities"
|
|
2672
|
+
},
|
|
2673
|
+
{
|
|
2674
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
2675
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2676
|
+
"control_name": "Secure coding"
|
|
2677
|
+
},
|
|
2678
|
+
{
|
|
2679
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
2680
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2681
|
+
"control_name": "Management of technical vulnerabilities"
|
|
2682
|
+
},
|
|
2683
|
+
{
|
|
2684
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
2685
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
2686
|
+
"control_name": "AI risk management process"
|
|
2687
|
+
},
|
|
2688
|
+
{
|
|
2689
|
+
"id": "NIS2-Art21-patch-management",
|
|
2690
|
+
"framework": "EU NIS2 Directive",
|
|
2691
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
2692
|
+
},
|
|
2693
|
+
{
|
|
2694
|
+
"id": "NIST-800-53-AC-2",
|
|
2695
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2696
|
+
"control_name": "Account Management"
|
|
2697
|
+
},
|
|
2698
|
+
{
|
|
2699
|
+
"id": "NIST-800-53-SC-7",
|
|
2700
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2701
|
+
"control_name": "Boundary Protection"
|
|
2702
|
+
},
|
|
2703
|
+
{
|
|
2704
|
+
"id": "NIST-800-53-SC-8",
|
|
2705
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2706
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
2707
|
+
},
|
|
2708
|
+
{
|
|
2709
|
+
"id": "NIST-800-53-SI-2",
|
|
2710
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2711
|
+
"control_name": "Flaw Remediation"
|
|
2712
|
+
},
|
|
2713
|
+
{
|
|
2714
|
+
"id": "NIST-800-53-SI-3",
|
|
2715
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2716
|
+
"control_name": "Malicious Code Protection"
|
|
2717
|
+
},
|
|
2718
|
+
{
|
|
2719
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
2720
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
2721
|
+
"control_name": "Prompt Injection"
|
|
2722
|
+
},
|
|
2723
|
+
{
|
|
2724
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
2725
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
2726
|
+
"control_name": "Sensitive Information Disclosure"
|
|
2727
|
+
},
|
|
2728
|
+
{
|
|
2729
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
2730
|
+
"framework": "PCI DSS 4.0",
|
|
2731
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
2732
|
+
},
|
|
2733
|
+
{
|
|
2734
|
+
"id": "SOC2-CC6-logical-access",
|
|
2735
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
2736
|
+
"control_name": "Logical and Physical Access Controls"
|
|
2737
|
+
},
|
|
2738
|
+
{
|
|
2739
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
2740
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
2741
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
2742
|
+
}
|
|
2743
|
+
],
|
|
2744
|
+
"attack_refs": [
|
|
2745
|
+
"T1059",
|
|
2746
|
+
"T1068",
|
|
2747
|
+
"T1071",
|
|
2748
|
+
"T1078",
|
|
2749
|
+
"T1102",
|
|
2750
|
+
"T1190",
|
|
2751
|
+
"T1548.001",
|
|
2752
|
+
"T1566",
|
|
2753
|
+
"T1566.001",
|
|
2754
|
+
"T1566.002",
|
|
2755
|
+
"T1566.003",
|
|
2756
|
+
"T1568"
|
|
2757
|
+
],
|
|
2758
|
+
"rfc_refs": [
|
|
2759
|
+
"RFC-4301",
|
|
2760
|
+
"RFC-4303",
|
|
2761
|
+
"RFC-7296",
|
|
2762
|
+
"RFC-8446",
|
|
2763
|
+
"RFC-9000",
|
|
2764
|
+
"RFC-9114",
|
|
2765
|
+
"RFC-9180",
|
|
2766
|
+
"RFC-9421",
|
|
2767
|
+
"RFC-9458"
|
|
2768
|
+
]
|
|
2235
2769
|
}
|
|
2236
2770
|
},
|
|
2237
2771
|
"CVE-2026-33825": {
|
|
@@ -2240,14 +2774,271 @@
|
|
|
2240
2774
|
"cvss": 7.8,
|
|
2241
2775
|
"cisa_kev": true,
|
|
2242
2776
|
"epss_score": null,
|
|
2243
|
-
"referencing_skills": [
|
|
2777
|
+
"referencing_skills": [
|
|
2778
|
+
"kernel-lpe-triage",
|
|
2779
|
+
"ai-attack-surface",
|
|
2780
|
+
"ai-c2-detection",
|
|
2781
|
+
"email-security-anti-phishing"
|
|
2782
|
+
],
|
|
2244
2783
|
"chain": {
|
|
2245
|
-
"cwes": [
|
|
2246
|
-
|
|
2247
|
-
|
|
2248
|
-
|
|
2249
|
-
|
|
2250
|
-
|
|
2784
|
+
"cwes": [
|
|
2785
|
+
{
|
|
2786
|
+
"id": "CWE-1039",
|
|
2787
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
2788
|
+
"category": "AI/ML"
|
|
2789
|
+
},
|
|
2790
|
+
{
|
|
2791
|
+
"id": "CWE-125",
|
|
2792
|
+
"name": "Out-of-bounds Read",
|
|
2793
|
+
"category": "Memory Safety"
|
|
2794
|
+
},
|
|
2795
|
+
{
|
|
2796
|
+
"id": "CWE-1426",
|
|
2797
|
+
"name": "Improper Validation of Generative AI Output",
|
|
2798
|
+
"category": "AI/ML"
|
|
2799
|
+
},
|
|
2800
|
+
{
|
|
2801
|
+
"id": "CWE-362",
|
|
2802
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
2803
|
+
"category": "Concurrency"
|
|
2804
|
+
},
|
|
2805
|
+
{
|
|
2806
|
+
"id": "CWE-416",
|
|
2807
|
+
"name": "Use After Free",
|
|
2808
|
+
"category": "Memory Safety"
|
|
2809
|
+
},
|
|
2810
|
+
{
|
|
2811
|
+
"id": "CWE-672",
|
|
2812
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
2813
|
+
"category": "Memory Safety"
|
|
2814
|
+
},
|
|
2815
|
+
{
|
|
2816
|
+
"id": "CWE-787",
|
|
2817
|
+
"name": "Out-of-bounds Write",
|
|
2818
|
+
"category": "Memory Safety"
|
|
2819
|
+
},
|
|
2820
|
+
{
|
|
2821
|
+
"id": "CWE-94",
|
|
2822
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
2823
|
+
"category": "Injection"
|
|
2824
|
+
}
|
|
2825
|
+
],
|
|
2826
|
+
"atlas": [
|
|
2827
|
+
{
|
|
2828
|
+
"id": "AML.T0016",
|
|
2829
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
2830
|
+
"tactic": "Resource Development"
|
|
2831
|
+
},
|
|
2832
|
+
{
|
|
2833
|
+
"id": "AML.T0017",
|
|
2834
|
+
"name": "Discover ML Model Ontology",
|
|
2835
|
+
"tactic": "Discovery"
|
|
2836
|
+
},
|
|
2837
|
+
{
|
|
2838
|
+
"id": "AML.T0018",
|
|
2839
|
+
"name": "Backdoor ML Model",
|
|
2840
|
+
"tactic": "Persistence"
|
|
2841
|
+
},
|
|
2842
|
+
{
|
|
2843
|
+
"id": "AML.T0020",
|
|
2844
|
+
"name": "Poison Training Data",
|
|
2845
|
+
"tactic": "ML Attack Staging"
|
|
2846
|
+
},
|
|
2847
|
+
{
|
|
2848
|
+
"id": "AML.T0043",
|
|
2849
|
+
"name": "Craft Adversarial Data",
|
|
2850
|
+
"tactic": "ML Attack Staging"
|
|
2851
|
+
},
|
|
2852
|
+
{
|
|
2853
|
+
"id": "AML.T0051",
|
|
2854
|
+
"name": "LLM Prompt Injection",
|
|
2855
|
+
"tactic": "Execution"
|
|
2856
|
+
},
|
|
2857
|
+
{
|
|
2858
|
+
"id": "AML.T0054",
|
|
2859
|
+
"name": "LLM Jailbreak",
|
|
2860
|
+
"tactic": "Defense Evasion"
|
|
2861
|
+
},
|
|
2862
|
+
{
|
|
2863
|
+
"id": "AML.T0096",
|
|
2864
|
+
"name": "AI API as Covert C2 Channel",
|
|
2865
|
+
"tactic": "Command and Control"
|
|
2866
|
+
}
|
|
2867
|
+
],
|
|
2868
|
+
"d3fend": [
|
|
2869
|
+
{
|
|
2870
|
+
"id": "D3-ASLR",
|
|
2871
|
+
"name": "Address Space Layout Randomization",
|
|
2872
|
+
"tactic": "Harden"
|
|
2873
|
+
},
|
|
2874
|
+
{
|
|
2875
|
+
"id": "D3-CA",
|
|
2876
|
+
"name": "Certificate Analysis",
|
|
2877
|
+
"tactic": "Detect"
|
|
2878
|
+
},
|
|
2879
|
+
{
|
|
2880
|
+
"id": "D3-CSPP",
|
|
2881
|
+
"name": "Client-server Payload Profiling",
|
|
2882
|
+
"tactic": "Detect"
|
|
2883
|
+
},
|
|
2884
|
+
{
|
|
2885
|
+
"id": "D3-DA",
|
|
2886
|
+
"name": "Domain Analysis",
|
|
2887
|
+
"tactic": "Detect"
|
|
2888
|
+
},
|
|
2889
|
+
{
|
|
2890
|
+
"id": "D3-EAL",
|
|
2891
|
+
"name": "Executable Allowlisting",
|
|
2892
|
+
"tactic": "Harden"
|
|
2893
|
+
},
|
|
2894
|
+
{
|
|
2895
|
+
"id": "D3-IOPR",
|
|
2896
|
+
"name": "Input/Output Profiling Resource",
|
|
2897
|
+
"tactic": "Detect"
|
|
2898
|
+
},
|
|
2899
|
+
{
|
|
2900
|
+
"id": "D3-NI",
|
|
2901
|
+
"name": "Network Isolation",
|
|
2902
|
+
"tactic": "Isolate"
|
|
2903
|
+
},
|
|
2904
|
+
{
|
|
2905
|
+
"id": "D3-NTA",
|
|
2906
|
+
"name": "Network Traffic Analysis",
|
|
2907
|
+
"tactic": "Detect"
|
|
2908
|
+
},
|
|
2909
|
+
{
|
|
2910
|
+
"id": "D3-NTPM",
|
|
2911
|
+
"name": "Network Traffic Policy Mapping",
|
|
2912
|
+
"tactic": "Model"
|
|
2913
|
+
},
|
|
2914
|
+
{
|
|
2915
|
+
"id": "D3-PHRA",
|
|
2916
|
+
"name": "Process Hardware Resource Access",
|
|
2917
|
+
"tactic": "Isolate"
|
|
2918
|
+
},
|
|
2919
|
+
{
|
|
2920
|
+
"id": "D3-PSEP",
|
|
2921
|
+
"name": "Process Segment Execution Prevention",
|
|
2922
|
+
"tactic": "Harden"
|
|
2923
|
+
}
|
|
2924
|
+
],
|
|
2925
|
+
"framework_gaps": [
|
|
2926
|
+
{
|
|
2927
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
2928
|
+
"framework": "ALL",
|
|
2929
|
+
"control_name": "AI Pipeline Integrity"
|
|
2930
|
+
},
|
|
2931
|
+
{
|
|
2932
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
2933
|
+
"framework": "ALL",
|
|
2934
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
2935
|
+
},
|
|
2936
|
+
{
|
|
2937
|
+
"id": "CIS-Controls-v8-Control7",
|
|
2938
|
+
"framework": "CIS Controls v8",
|
|
2939
|
+
"control_name": "Continuous Vulnerability Management"
|
|
2940
|
+
},
|
|
2941
|
+
{
|
|
2942
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
2943
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2944
|
+
"control_name": "Monitoring activities"
|
|
2945
|
+
},
|
|
2946
|
+
{
|
|
2947
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
2948
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2949
|
+
"control_name": "Secure coding"
|
|
2950
|
+
},
|
|
2951
|
+
{
|
|
2952
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
2953
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2954
|
+
"control_name": "Management of technical vulnerabilities"
|
|
2955
|
+
},
|
|
2956
|
+
{
|
|
2957
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
2958
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
2959
|
+
"control_name": "AI risk management process"
|
|
2960
|
+
},
|
|
2961
|
+
{
|
|
2962
|
+
"id": "NIS2-Art21-patch-management",
|
|
2963
|
+
"framework": "EU NIS2 Directive",
|
|
2964
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
2965
|
+
},
|
|
2966
|
+
{
|
|
2967
|
+
"id": "NIST-800-53-AC-2",
|
|
2968
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2969
|
+
"control_name": "Account Management"
|
|
2970
|
+
},
|
|
2971
|
+
{
|
|
2972
|
+
"id": "NIST-800-53-SC-7",
|
|
2973
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2974
|
+
"control_name": "Boundary Protection"
|
|
2975
|
+
},
|
|
2976
|
+
{
|
|
2977
|
+
"id": "NIST-800-53-SC-8",
|
|
2978
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2979
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
2980
|
+
},
|
|
2981
|
+
{
|
|
2982
|
+
"id": "NIST-800-53-SI-2",
|
|
2983
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2984
|
+
"control_name": "Flaw Remediation"
|
|
2985
|
+
},
|
|
2986
|
+
{
|
|
2987
|
+
"id": "NIST-800-53-SI-3",
|
|
2988
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2989
|
+
"control_name": "Malicious Code Protection"
|
|
2990
|
+
},
|
|
2991
|
+
{
|
|
2992
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
2993
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
2994
|
+
"control_name": "Prompt Injection"
|
|
2995
|
+
},
|
|
2996
|
+
{
|
|
2997
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
2998
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
2999
|
+
"control_name": "Sensitive Information Disclosure"
|
|
3000
|
+
},
|
|
3001
|
+
{
|
|
3002
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
3003
|
+
"framework": "PCI DSS 4.0",
|
|
3004
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
3005
|
+
},
|
|
3006
|
+
{
|
|
3007
|
+
"id": "SOC2-CC6-logical-access",
|
|
3008
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
3009
|
+
"control_name": "Logical and Physical Access Controls"
|
|
3010
|
+
},
|
|
3011
|
+
{
|
|
3012
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
3013
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
3014
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
3015
|
+
}
|
|
3016
|
+
],
|
|
3017
|
+
"attack_refs": [
|
|
3018
|
+
"T1059",
|
|
3019
|
+
"T1068",
|
|
3020
|
+
"T1071",
|
|
3021
|
+
"T1078",
|
|
3022
|
+
"T1102",
|
|
3023
|
+
"T1190",
|
|
3024
|
+
"T1548.001",
|
|
3025
|
+
"T1566",
|
|
3026
|
+
"T1566.001",
|
|
3027
|
+
"T1566.002",
|
|
3028
|
+
"T1566.003",
|
|
3029
|
+
"T1568"
|
|
3030
|
+
],
|
|
3031
|
+
"rfc_refs": [
|
|
3032
|
+
"RFC-4301",
|
|
3033
|
+
"RFC-4303",
|
|
3034
|
+
"RFC-7296",
|
|
3035
|
+
"RFC-8446",
|
|
3036
|
+
"RFC-9000",
|
|
3037
|
+
"RFC-9114",
|
|
3038
|
+
"RFC-9180",
|
|
3039
|
+
"RFC-9421",
|
|
3040
|
+
"RFC-9458"
|
|
3041
|
+
]
|
|
2251
3042
|
}
|
|
2252
3043
|
},
|
|
2253
3044
|
"CWE-20": {
|
|
@@ -3317,7 +4108,9 @@
|
|
|
3317
4108
|
},
|
|
3318
4109
|
"related_cves": [
|
|
3319
4110
|
"CVE-2025-53773",
|
|
3320
|
-
"CVE-2026-30615"
|
|
4111
|
+
"CVE-2026-30615",
|
|
4112
|
+
"CVE-2026-32202",
|
|
4113
|
+
"CVE-2026-33825"
|
|
3321
4114
|
]
|
|
3322
4115
|
},
|
|
3323
4116
|
"CWE-123": {
|
|
@@ -3449,10 +4242,15 @@
|
|
|
3449
4242
|
},
|
|
3450
4243
|
"related_cves": [
|
|
3451
4244
|
"CVE-2025-53773",
|
|
4245
|
+
"CVE-2026-0300",
|
|
3452
4246
|
"CVE-2026-30615",
|
|
3453
4247
|
"CVE-2026-31431",
|
|
4248
|
+
"CVE-2026-32202",
|
|
4249
|
+
"CVE-2026-33825",
|
|
4250
|
+
"CVE-2026-42897",
|
|
3454
4251
|
"CVE-2026-43284",
|
|
3455
|
-
"CVE-2026-43500"
|
|
4252
|
+
"CVE-2026-43500",
|
|
4253
|
+
"CVE-2026-6973"
|
|
3456
4254
|
]
|
|
3457
4255
|
},
|
|
3458
4256
|
"CWE-200": {
|
|
@@ -5492,10 +6290,15 @@
|
|
|
5492
6290
|
},
|
|
5493
6291
|
"related_cves": [
|
|
5494
6292
|
"CVE-2025-53773",
|
|
6293
|
+
"CVE-2026-0300",
|
|
5495
6294
|
"CVE-2026-30615",
|
|
5496
6295
|
"CVE-2026-31431",
|
|
6296
|
+
"CVE-2026-32202",
|
|
6297
|
+
"CVE-2026-33825",
|
|
6298
|
+
"CVE-2026-42897",
|
|
5497
6299
|
"CVE-2026-43284",
|
|
5498
|
-
"CVE-2026-43500"
|
|
6300
|
+
"CVE-2026-43500",
|
|
6301
|
+
"CVE-2026-6973"
|
|
5499
6302
|
]
|
|
5500
6303
|
},
|
|
5501
6304
|
"CWE-416": {
|
|
@@ -5613,10 +6416,15 @@
|
|
|
5613
6416
|
},
|
|
5614
6417
|
"related_cves": [
|
|
5615
6418
|
"CVE-2025-53773",
|
|
6419
|
+
"CVE-2026-0300",
|
|
5616
6420
|
"CVE-2026-30615",
|
|
5617
6421
|
"CVE-2026-31431",
|
|
6422
|
+
"CVE-2026-32202",
|
|
6423
|
+
"CVE-2026-33825",
|
|
6424
|
+
"CVE-2026-42897",
|
|
5618
6425
|
"CVE-2026-43284",
|
|
5619
|
-
"CVE-2026-43500"
|
|
6426
|
+
"CVE-2026-43500",
|
|
6427
|
+
"CVE-2026-6973"
|
|
5620
6428
|
]
|
|
5621
6429
|
},
|
|
5622
6430
|
"CWE-426": {
|
|
@@ -6489,9 +7297,14 @@
|
|
|
6489
7297
|
]
|
|
6490
7298
|
},
|
|
6491
7299
|
"related_cves": [
|
|
7300
|
+
"CVE-2026-0300",
|
|
6492
7301
|
"CVE-2026-31431",
|
|
7302
|
+
"CVE-2026-32202",
|
|
7303
|
+
"CVE-2026-33825",
|
|
7304
|
+
"CVE-2026-42897",
|
|
6493
7305
|
"CVE-2026-43284",
|
|
6494
|
-
"CVE-2026-43500"
|
|
7306
|
+
"CVE-2026-43500",
|
|
7307
|
+
"CVE-2026-6973"
|
|
6495
7308
|
]
|
|
6496
7309
|
},
|
|
6497
7310
|
"CWE-732": {
|
|
@@ -6976,10 +7789,15 @@
|
|
|
6976
7789
|
},
|
|
6977
7790
|
"related_cves": [
|
|
6978
7791
|
"CVE-2025-53773",
|
|
7792
|
+
"CVE-2026-0300",
|
|
6979
7793
|
"CVE-2026-30615",
|
|
6980
7794
|
"CVE-2026-31431",
|
|
7795
|
+
"CVE-2026-32202",
|
|
7796
|
+
"CVE-2026-33825",
|
|
7797
|
+
"CVE-2026-42897",
|
|
6981
7798
|
"CVE-2026-43284",
|
|
6982
|
-
"CVE-2026-43500"
|
|
7799
|
+
"CVE-2026-43500",
|
|
7800
|
+
"CVE-2026-6973"
|
|
6983
7801
|
]
|
|
6984
7802
|
},
|
|
6985
7803
|
"CWE-798": {
|
|
@@ -8314,7 +9132,9 @@
|
|
|
8314
9132
|
},
|
|
8315
9133
|
"related_cves": [
|
|
8316
9134
|
"CVE-2025-53773",
|
|
8317
|
-
"CVE-2026-30615"
|
|
9135
|
+
"CVE-2026-30615",
|
|
9136
|
+
"CVE-2026-32202",
|
|
9137
|
+
"CVE-2026-33825"
|
|
8318
9138
|
]
|
|
8319
9139
|
},
|
|
8320
9140
|
"CWE-1188": {
|
|
@@ -8624,6 +9444,7 @@
|
|
|
8624
9444
|
},
|
|
8625
9445
|
"related_cves": [
|
|
8626
9446
|
"CVE-2025-53773",
|
|
9447
|
+
"CVE-2026-0300",
|
|
8627
9448
|
"CVE-2026-30615",
|
|
8628
9449
|
"CVE-2026-31431"
|
|
8629
9450
|
]
|
|
@@ -9086,6 +9907,8 @@
|
|
|
9086
9907
|
"related_cves": [
|
|
9087
9908
|
"CVE-2025-53773",
|
|
9088
9909
|
"CVE-2026-30615",
|
|
9910
|
+
"CVE-2026-32202",
|
|
9911
|
+
"CVE-2026-33825",
|
|
9089
9912
|
"CVE-2026-43284",
|
|
9090
9913
|
"CVE-2026-43500"
|
|
9091
9914
|
]
|