@blamejs/exceptd-skills 0.12.31 → 0.12.33
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +56 -0
- package/bin/exceptd.js +68 -12
- package/data/_indexes/_meta.json +11 -11
- package/data/_indexes/activity-feed.json +4 -4
- package/data/_indexes/catalog-summaries.json +4 -4
- package/data/_indexes/chains.json +883 -44
- package/data/_indexes/frequency.json +10 -0
- package/data/_indexes/section-offsets.json +9 -9
- package/data/_indexes/token-budget.json +20 -20
- package/data/cve-catalog.json +147 -19
- package/data/cwe-catalog.json +39 -25
- package/data/d3fend-catalog.json +46 -0
- package/data/framework-control-gaps.json +331 -6
- package/data/playbooks/cloud-iam-incident.json +0 -6
- package/data/playbooks/idp-incident.json +1 -7
- package/data/zeroday-lessons.json +688 -0
- package/manifest-snapshot.json +1 -1
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +47 -47
- package/package.json +1 -1
- package/sbom.cdx.json +24 -24
- package/scripts/refresh-reverse-refs.js +63 -6
- package/skills/cloud-iam-incident/skill.md +1 -1
- package/skills/idp-incident-response/skill.md +1 -1
- package/skills/ransomware-response/skill.md +2 -2
|
@@ -2160,14 +2160,117 @@
|
|
|
2160
2160
|
"cvss": 9.3,
|
|
2161
2161
|
"cisa_kev": true,
|
|
2162
2162
|
"epss_score": null,
|
|
2163
|
-
"referencing_skills": [
|
|
2163
|
+
"referencing_skills": [
|
|
2164
|
+
"kernel-lpe-triage",
|
|
2165
|
+
"coordinated-vuln-disclosure"
|
|
2166
|
+
],
|
|
2164
2167
|
"chain": {
|
|
2165
|
-
"cwes": [
|
|
2168
|
+
"cwes": [
|
|
2169
|
+
{
|
|
2170
|
+
"id": "CWE-125",
|
|
2171
|
+
"name": "Out-of-bounds Read",
|
|
2172
|
+
"category": "Memory Safety"
|
|
2173
|
+
},
|
|
2174
|
+
{
|
|
2175
|
+
"id": "CWE-1357",
|
|
2176
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
2177
|
+
"category": "Supply Chain"
|
|
2178
|
+
},
|
|
2179
|
+
{
|
|
2180
|
+
"id": "CWE-362",
|
|
2181
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
2182
|
+
"category": "Concurrency"
|
|
2183
|
+
},
|
|
2184
|
+
{
|
|
2185
|
+
"id": "CWE-416",
|
|
2186
|
+
"name": "Use After Free",
|
|
2187
|
+
"category": "Memory Safety"
|
|
2188
|
+
},
|
|
2189
|
+
{
|
|
2190
|
+
"id": "CWE-672",
|
|
2191
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
2192
|
+
"category": "Memory Safety"
|
|
2193
|
+
},
|
|
2194
|
+
{
|
|
2195
|
+
"id": "CWE-787",
|
|
2196
|
+
"name": "Out-of-bounds Write",
|
|
2197
|
+
"category": "Memory Safety"
|
|
2198
|
+
}
|
|
2199
|
+
],
|
|
2166
2200
|
"atlas": [],
|
|
2167
|
-
"d3fend": [
|
|
2168
|
-
|
|
2169
|
-
|
|
2170
|
-
|
|
2201
|
+
"d3fend": [
|
|
2202
|
+
{
|
|
2203
|
+
"id": "D3-ASLR",
|
|
2204
|
+
"name": "Address Space Layout Randomization",
|
|
2205
|
+
"tactic": "Harden"
|
|
2206
|
+
},
|
|
2207
|
+
{
|
|
2208
|
+
"id": "D3-EAL",
|
|
2209
|
+
"name": "Executable Allowlisting",
|
|
2210
|
+
"tactic": "Harden"
|
|
2211
|
+
},
|
|
2212
|
+
{
|
|
2213
|
+
"id": "D3-PHRA",
|
|
2214
|
+
"name": "Process Hardware Resource Access",
|
|
2215
|
+
"tactic": "Isolate"
|
|
2216
|
+
},
|
|
2217
|
+
{
|
|
2218
|
+
"id": "D3-PSEP",
|
|
2219
|
+
"name": "Process Segment Execution Prevention",
|
|
2220
|
+
"tactic": "Harden"
|
|
2221
|
+
}
|
|
2222
|
+
],
|
|
2223
|
+
"framework_gaps": [
|
|
2224
|
+
{
|
|
2225
|
+
"id": "CIS-Controls-v8-Control7",
|
|
2226
|
+
"framework": "CIS Controls v8",
|
|
2227
|
+
"control_name": "Continuous Vulnerability Management"
|
|
2228
|
+
},
|
|
2229
|
+
{
|
|
2230
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
2231
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2232
|
+
"control_name": "Management of technical vulnerabilities"
|
|
2233
|
+
},
|
|
2234
|
+
{
|
|
2235
|
+
"id": "NIS2-Art21-patch-management",
|
|
2236
|
+
"framework": "EU NIS2 Directive",
|
|
2237
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
2238
|
+
},
|
|
2239
|
+
{
|
|
2240
|
+
"id": "NIST-800-218-SSDF",
|
|
2241
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
2242
|
+
"control_name": "Secure Software Development Framework"
|
|
2243
|
+
},
|
|
2244
|
+
{
|
|
2245
|
+
"id": "NIST-800-53-SC-8",
|
|
2246
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2247
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
2248
|
+
},
|
|
2249
|
+
{
|
|
2250
|
+
"id": "NIST-800-53-SI-2",
|
|
2251
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2252
|
+
"control_name": "Flaw Remediation"
|
|
2253
|
+
},
|
|
2254
|
+
{
|
|
2255
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
2256
|
+
"framework": "PCI DSS 4.0",
|
|
2257
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
2258
|
+
},
|
|
2259
|
+
{
|
|
2260
|
+
"id": "SOC2-CC9-vendor-management",
|
|
2261
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
2262
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
2263
|
+
}
|
|
2264
|
+
],
|
|
2265
|
+
"attack_refs": [
|
|
2266
|
+
"T1068",
|
|
2267
|
+
"T1548.001"
|
|
2268
|
+
],
|
|
2269
|
+
"rfc_refs": [
|
|
2270
|
+
"RFC-4301",
|
|
2271
|
+
"RFC-4303",
|
|
2272
|
+
"RFC-7296"
|
|
2273
|
+
]
|
|
2171
2274
|
}
|
|
2172
2275
|
},
|
|
2173
2276
|
"CVE-2026-39987": {
|
|
@@ -2192,14 +2295,101 @@
|
|
|
2192
2295
|
"cvss": 7.2,
|
|
2193
2296
|
"cisa_kev": true,
|
|
2194
2297
|
"epss_score": null,
|
|
2195
|
-
"referencing_skills": [
|
|
2298
|
+
"referencing_skills": [
|
|
2299
|
+
"kernel-lpe-triage"
|
|
2300
|
+
],
|
|
2196
2301
|
"chain": {
|
|
2197
|
-
"cwes": [
|
|
2302
|
+
"cwes": [
|
|
2303
|
+
{
|
|
2304
|
+
"id": "CWE-125",
|
|
2305
|
+
"name": "Out-of-bounds Read",
|
|
2306
|
+
"category": "Memory Safety"
|
|
2307
|
+
},
|
|
2308
|
+
{
|
|
2309
|
+
"id": "CWE-362",
|
|
2310
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
2311
|
+
"category": "Concurrency"
|
|
2312
|
+
},
|
|
2313
|
+
{
|
|
2314
|
+
"id": "CWE-416",
|
|
2315
|
+
"name": "Use After Free",
|
|
2316
|
+
"category": "Memory Safety"
|
|
2317
|
+
},
|
|
2318
|
+
{
|
|
2319
|
+
"id": "CWE-672",
|
|
2320
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
2321
|
+
"category": "Memory Safety"
|
|
2322
|
+
},
|
|
2323
|
+
{
|
|
2324
|
+
"id": "CWE-787",
|
|
2325
|
+
"name": "Out-of-bounds Write",
|
|
2326
|
+
"category": "Memory Safety"
|
|
2327
|
+
}
|
|
2328
|
+
],
|
|
2198
2329
|
"atlas": [],
|
|
2199
|
-
"d3fend": [
|
|
2200
|
-
|
|
2201
|
-
|
|
2202
|
-
|
|
2330
|
+
"d3fend": [
|
|
2331
|
+
{
|
|
2332
|
+
"id": "D3-ASLR",
|
|
2333
|
+
"name": "Address Space Layout Randomization",
|
|
2334
|
+
"tactic": "Harden"
|
|
2335
|
+
},
|
|
2336
|
+
{
|
|
2337
|
+
"id": "D3-EAL",
|
|
2338
|
+
"name": "Executable Allowlisting",
|
|
2339
|
+
"tactic": "Harden"
|
|
2340
|
+
},
|
|
2341
|
+
{
|
|
2342
|
+
"id": "D3-PHRA",
|
|
2343
|
+
"name": "Process Hardware Resource Access",
|
|
2344
|
+
"tactic": "Isolate"
|
|
2345
|
+
},
|
|
2346
|
+
{
|
|
2347
|
+
"id": "D3-PSEP",
|
|
2348
|
+
"name": "Process Segment Execution Prevention",
|
|
2349
|
+
"tactic": "Harden"
|
|
2350
|
+
}
|
|
2351
|
+
],
|
|
2352
|
+
"framework_gaps": [
|
|
2353
|
+
{
|
|
2354
|
+
"id": "CIS-Controls-v8-Control7",
|
|
2355
|
+
"framework": "CIS Controls v8",
|
|
2356
|
+
"control_name": "Continuous Vulnerability Management"
|
|
2357
|
+
},
|
|
2358
|
+
{
|
|
2359
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
2360
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2361
|
+
"control_name": "Management of technical vulnerabilities"
|
|
2362
|
+
},
|
|
2363
|
+
{
|
|
2364
|
+
"id": "NIS2-Art21-patch-management",
|
|
2365
|
+
"framework": "EU NIS2 Directive",
|
|
2366
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
2367
|
+
},
|
|
2368
|
+
{
|
|
2369
|
+
"id": "NIST-800-53-SC-8",
|
|
2370
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2371
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
2372
|
+
},
|
|
2373
|
+
{
|
|
2374
|
+
"id": "NIST-800-53-SI-2",
|
|
2375
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2376
|
+
"control_name": "Flaw Remediation"
|
|
2377
|
+
},
|
|
2378
|
+
{
|
|
2379
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
2380
|
+
"framework": "PCI DSS 4.0",
|
|
2381
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
2382
|
+
}
|
|
2383
|
+
],
|
|
2384
|
+
"attack_refs": [
|
|
2385
|
+
"T1068",
|
|
2386
|
+
"T1548.001"
|
|
2387
|
+
],
|
|
2388
|
+
"rfc_refs": [
|
|
2389
|
+
"RFC-4301",
|
|
2390
|
+
"RFC-4303",
|
|
2391
|
+
"RFC-7296"
|
|
2392
|
+
]
|
|
2203
2393
|
}
|
|
2204
2394
|
},
|
|
2205
2395
|
"CVE-2026-42897": {
|
|
@@ -2208,37 +2398,654 @@
|
|
|
2208
2398
|
"cvss": 8.1,
|
|
2209
2399
|
"cisa_kev": true,
|
|
2210
2400
|
"epss_score": null,
|
|
2211
|
-
"referencing_skills": [
|
|
2401
|
+
"referencing_skills": [
|
|
2402
|
+
"kernel-lpe-triage"
|
|
2403
|
+
],
|
|
2212
2404
|
"chain": {
|
|
2213
|
-
"cwes": [
|
|
2405
|
+
"cwes": [
|
|
2406
|
+
{
|
|
2407
|
+
"id": "CWE-125",
|
|
2408
|
+
"name": "Out-of-bounds Read",
|
|
2409
|
+
"category": "Memory Safety"
|
|
2410
|
+
},
|
|
2411
|
+
{
|
|
2412
|
+
"id": "CWE-362",
|
|
2413
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
2414
|
+
"category": "Concurrency"
|
|
2415
|
+
},
|
|
2416
|
+
{
|
|
2417
|
+
"id": "CWE-416",
|
|
2418
|
+
"name": "Use After Free",
|
|
2419
|
+
"category": "Memory Safety"
|
|
2420
|
+
},
|
|
2421
|
+
{
|
|
2422
|
+
"id": "CWE-672",
|
|
2423
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
2424
|
+
"category": "Memory Safety"
|
|
2425
|
+
},
|
|
2426
|
+
{
|
|
2427
|
+
"id": "CWE-787",
|
|
2428
|
+
"name": "Out-of-bounds Write",
|
|
2429
|
+
"category": "Memory Safety"
|
|
2430
|
+
}
|
|
2431
|
+
],
|
|
2214
2432
|
"atlas": [],
|
|
2215
|
-
"d3fend": [
|
|
2216
|
-
|
|
2217
|
-
|
|
2218
|
-
|
|
2219
|
-
|
|
2220
|
-
|
|
2221
|
-
|
|
2222
|
-
|
|
2223
|
-
|
|
2224
|
-
|
|
2225
|
-
|
|
2433
|
+
"d3fend": [
|
|
2434
|
+
{
|
|
2435
|
+
"id": "D3-ASLR",
|
|
2436
|
+
"name": "Address Space Layout Randomization",
|
|
2437
|
+
"tactic": "Harden"
|
|
2438
|
+
},
|
|
2439
|
+
{
|
|
2440
|
+
"id": "D3-EAL",
|
|
2441
|
+
"name": "Executable Allowlisting",
|
|
2442
|
+
"tactic": "Harden"
|
|
2443
|
+
},
|
|
2444
|
+
{
|
|
2445
|
+
"id": "D3-PHRA",
|
|
2446
|
+
"name": "Process Hardware Resource Access",
|
|
2447
|
+
"tactic": "Isolate"
|
|
2448
|
+
},
|
|
2449
|
+
{
|
|
2450
|
+
"id": "D3-PSEP",
|
|
2451
|
+
"name": "Process Segment Execution Prevention",
|
|
2452
|
+
"tactic": "Harden"
|
|
2453
|
+
}
|
|
2454
|
+
],
|
|
2455
|
+
"framework_gaps": [
|
|
2456
|
+
{
|
|
2457
|
+
"id": "CIS-Controls-v8-Control7",
|
|
2458
|
+
"framework": "CIS Controls v8",
|
|
2459
|
+
"control_name": "Continuous Vulnerability Management"
|
|
2460
|
+
},
|
|
2461
|
+
{
|
|
2462
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
2463
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2464
|
+
"control_name": "Management of technical vulnerabilities"
|
|
2465
|
+
},
|
|
2466
|
+
{
|
|
2467
|
+
"id": "NIS2-Art21-patch-management",
|
|
2468
|
+
"framework": "EU NIS2 Directive",
|
|
2469
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
2470
|
+
},
|
|
2471
|
+
{
|
|
2472
|
+
"id": "NIST-800-53-SC-8",
|
|
2473
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2474
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
2475
|
+
},
|
|
2476
|
+
{
|
|
2477
|
+
"id": "NIST-800-53-SI-2",
|
|
2478
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2479
|
+
"control_name": "Flaw Remediation"
|
|
2480
|
+
},
|
|
2481
|
+
{
|
|
2482
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
2483
|
+
"framework": "PCI DSS 4.0",
|
|
2484
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
2485
|
+
}
|
|
2486
|
+
],
|
|
2487
|
+
"attack_refs": [
|
|
2488
|
+
"T1068",
|
|
2489
|
+
"T1548.001"
|
|
2490
|
+
],
|
|
2491
|
+
"rfc_refs": [
|
|
2492
|
+
"RFC-4301",
|
|
2493
|
+
"RFC-4303",
|
|
2494
|
+
"RFC-7296"
|
|
2495
|
+
]
|
|
2496
|
+
}
|
|
2497
|
+
},
|
|
2498
|
+
"CVE-2026-32202": {
|
|
2499
|
+
"name": "Microsoft Windows Shell LNK Mark-of-the-Web Bypass (APT28)",
|
|
2500
|
+
"rwep": 85,
|
|
2501
|
+
"cvss": 7.5,
|
|
2502
|
+
"cisa_kev": true,
|
|
2226
2503
|
"epss_score": null,
|
|
2227
|
-
"referencing_skills": [
|
|
2504
|
+
"referencing_skills": [
|
|
2505
|
+
"kernel-lpe-triage",
|
|
2506
|
+
"ai-attack-surface",
|
|
2507
|
+
"ai-c2-detection",
|
|
2508
|
+
"email-security-anti-phishing"
|
|
2509
|
+
],
|
|
2228
2510
|
"chain": {
|
|
2229
|
-
"cwes": [
|
|
2230
|
-
|
|
2231
|
-
|
|
2232
|
-
|
|
2233
|
-
|
|
2234
|
-
|
|
2511
|
+
"cwes": [
|
|
2512
|
+
{
|
|
2513
|
+
"id": "CWE-1039",
|
|
2514
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
2515
|
+
"category": "AI/ML"
|
|
2516
|
+
},
|
|
2517
|
+
{
|
|
2518
|
+
"id": "CWE-125",
|
|
2519
|
+
"name": "Out-of-bounds Read",
|
|
2520
|
+
"category": "Memory Safety"
|
|
2521
|
+
},
|
|
2522
|
+
{
|
|
2523
|
+
"id": "CWE-1426",
|
|
2524
|
+
"name": "Improper Validation of Generative AI Output",
|
|
2525
|
+
"category": "AI/ML"
|
|
2526
|
+
},
|
|
2527
|
+
{
|
|
2528
|
+
"id": "CWE-362",
|
|
2529
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
2530
|
+
"category": "Concurrency"
|
|
2531
|
+
},
|
|
2532
|
+
{
|
|
2533
|
+
"id": "CWE-416",
|
|
2534
|
+
"name": "Use After Free",
|
|
2535
|
+
"category": "Memory Safety"
|
|
2536
|
+
},
|
|
2537
|
+
{
|
|
2538
|
+
"id": "CWE-672",
|
|
2539
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
2540
|
+
"category": "Memory Safety"
|
|
2541
|
+
},
|
|
2542
|
+
{
|
|
2543
|
+
"id": "CWE-787",
|
|
2544
|
+
"name": "Out-of-bounds Write",
|
|
2545
|
+
"category": "Memory Safety"
|
|
2546
|
+
},
|
|
2547
|
+
{
|
|
2548
|
+
"id": "CWE-94",
|
|
2549
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
2550
|
+
"category": "Injection"
|
|
2551
|
+
}
|
|
2552
|
+
],
|
|
2553
|
+
"atlas": [
|
|
2554
|
+
{
|
|
2555
|
+
"id": "AML.T0016",
|
|
2556
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
2557
|
+
"tactic": "Resource Development"
|
|
2558
|
+
},
|
|
2559
|
+
{
|
|
2560
|
+
"id": "AML.T0017",
|
|
2561
|
+
"name": "Discover ML Model Ontology",
|
|
2562
|
+
"tactic": "Discovery"
|
|
2563
|
+
},
|
|
2564
|
+
{
|
|
2565
|
+
"id": "AML.T0018",
|
|
2566
|
+
"name": "Backdoor ML Model",
|
|
2567
|
+
"tactic": "Persistence"
|
|
2568
|
+
},
|
|
2569
|
+
{
|
|
2570
|
+
"id": "AML.T0020",
|
|
2571
|
+
"name": "Poison Training Data",
|
|
2572
|
+
"tactic": "ML Attack Staging"
|
|
2573
|
+
},
|
|
2574
|
+
{
|
|
2575
|
+
"id": "AML.T0043",
|
|
2576
|
+
"name": "Craft Adversarial Data",
|
|
2577
|
+
"tactic": "ML Attack Staging"
|
|
2578
|
+
},
|
|
2579
|
+
{
|
|
2580
|
+
"id": "AML.T0051",
|
|
2581
|
+
"name": "LLM Prompt Injection",
|
|
2582
|
+
"tactic": "Execution"
|
|
2583
|
+
},
|
|
2584
|
+
{
|
|
2585
|
+
"id": "AML.T0054",
|
|
2586
|
+
"name": "LLM Jailbreak",
|
|
2587
|
+
"tactic": "Defense Evasion"
|
|
2588
|
+
},
|
|
2589
|
+
{
|
|
2590
|
+
"id": "AML.T0096",
|
|
2591
|
+
"name": "AI API as Covert C2 Channel",
|
|
2592
|
+
"tactic": "Command and Control"
|
|
2593
|
+
}
|
|
2594
|
+
],
|
|
2595
|
+
"d3fend": [
|
|
2596
|
+
{
|
|
2597
|
+
"id": "D3-ASLR",
|
|
2598
|
+
"name": "Address Space Layout Randomization",
|
|
2599
|
+
"tactic": "Harden"
|
|
2600
|
+
},
|
|
2601
|
+
{
|
|
2602
|
+
"id": "D3-CA",
|
|
2603
|
+
"name": "Certificate Analysis",
|
|
2604
|
+
"tactic": "Detect"
|
|
2605
|
+
},
|
|
2606
|
+
{
|
|
2607
|
+
"id": "D3-CSPP",
|
|
2608
|
+
"name": "Client-server Payload Profiling",
|
|
2609
|
+
"tactic": "Detect"
|
|
2610
|
+
},
|
|
2611
|
+
{
|
|
2612
|
+
"id": "D3-DA",
|
|
2613
|
+
"name": "Domain Analysis",
|
|
2614
|
+
"tactic": "Detect"
|
|
2615
|
+
},
|
|
2616
|
+
{
|
|
2617
|
+
"id": "D3-EAL",
|
|
2618
|
+
"name": "Executable Allowlisting",
|
|
2619
|
+
"tactic": "Harden"
|
|
2620
|
+
},
|
|
2621
|
+
{
|
|
2622
|
+
"id": "D3-IOPR",
|
|
2623
|
+
"name": "Input/Output Profiling Resource",
|
|
2624
|
+
"tactic": "Detect"
|
|
2625
|
+
},
|
|
2626
|
+
{
|
|
2627
|
+
"id": "D3-NI",
|
|
2628
|
+
"name": "Network Isolation",
|
|
2629
|
+
"tactic": "Isolate"
|
|
2630
|
+
},
|
|
2631
|
+
{
|
|
2632
|
+
"id": "D3-NTA",
|
|
2633
|
+
"name": "Network Traffic Analysis",
|
|
2634
|
+
"tactic": "Detect"
|
|
2635
|
+
},
|
|
2636
|
+
{
|
|
2637
|
+
"id": "D3-NTPM",
|
|
2638
|
+
"name": "Network Traffic Policy Mapping",
|
|
2639
|
+
"tactic": "Model"
|
|
2640
|
+
},
|
|
2641
|
+
{
|
|
2642
|
+
"id": "D3-PHRA",
|
|
2643
|
+
"name": "Process Hardware Resource Access",
|
|
2644
|
+
"tactic": "Isolate"
|
|
2645
|
+
},
|
|
2646
|
+
{
|
|
2647
|
+
"id": "D3-PSEP",
|
|
2648
|
+
"name": "Process Segment Execution Prevention",
|
|
2649
|
+
"tactic": "Harden"
|
|
2650
|
+
}
|
|
2651
|
+
],
|
|
2652
|
+
"framework_gaps": [
|
|
2653
|
+
{
|
|
2654
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
2655
|
+
"framework": "ALL",
|
|
2656
|
+
"control_name": "AI Pipeline Integrity"
|
|
2657
|
+
},
|
|
2658
|
+
{
|
|
2659
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
2660
|
+
"framework": "ALL",
|
|
2661
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
2662
|
+
},
|
|
2663
|
+
{
|
|
2664
|
+
"id": "CIS-Controls-v8-Control7",
|
|
2665
|
+
"framework": "CIS Controls v8",
|
|
2666
|
+
"control_name": "Continuous Vulnerability Management"
|
|
2667
|
+
},
|
|
2668
|
+
{
|
|
2669
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
2670
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2671
|
+
"control_name": "Monitoring activities"
|
|
2672
|
+
},
|
|
2673
|
+
{
|
|
2674
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
2675
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2676
|
+
"control_name": "Secure coding"
|
|
2677
|
+
},
|
|
2678
|
+
{
|
|
2679
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
2680
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2681
|
+
"control_name": "Management of technical vulnerabilities"
|
|
2682
|
+
},
|
|
2683
|
+
{
|
|
2684
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
2685
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
2686
|
+
"control_name": "AI risk management process"
|
|
2687
|
+
},
|
|
2688
|
+
{
|
|
2689
|
+
"id": "NIS2-Art21-patch-management",
|
|
2690
|
+
"framework": "EU NIS2 Directive",
|
|
2691
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
2692
|
+
},
|
|
2693
|
+
{
|
|
2694
|
+
"id": "NIST-800-53-AC-2",
|
|
2695
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2696
|
+
"control_name": "Account Management"
|
|
2697
|
+
},
|
|
2698
|
+
{
|
|
2699
|
+
"id": "NIST-800-53-SC-7",
|
|
2700
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2701
|
+
"control_name": "Boundary Protection"
|
|
2702
|
+
},
|
|
2703
|
+
{
|
|
2704
|
+
"id": "NIST-800-53-SC-8",
|
|
2705
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2706
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
2707
|
+
},
|
|
2708
|
+
{
|
|
2709
|
+
"id": "NIST-800-53-SI-2",
|
|
2710
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2711
|
+
"control_name": "Flaw Remediation"
|
|
2712
|
+
},
|
|
2713
|
+
{
|
|
2714
|
+
"id": "NIST-800-53-SI-3",
|
|
2715
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2716
|
+
"control_name": "Malicious Code Protection"
|
|
2717
|
+
},
|
|
2718
|
+
{
|
|
2719
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
2720
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
2721
|
+
"control_name": "Prompt Injection"
|
|
2722
|
+
},
|
|
2723
|
+
{
|
|
2724
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
2725
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
2726
|
+
"control_name": "Sensitive Information Disclosure"
|
|
2727
|
+
},
|
|
2728
|
+
{
|
|
2729
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
2730
|
+
"framework": "PCI DSS 4.0",
|
|
2731
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
2732
|
+
},
|
|
2733
|
+
{
|
|
2734
|
+
"id": "SOC2-CC6-logical-access",
|
|
2735
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
2736
|
+
"control_name": "Logical and Physical Access Controls"
|
|
2737
|
+
},
|
|
2738
|
+
{
|
|
2739
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
2740
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
2741
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
2742
|
+
}
|
|
2743
|
+
],
|
|
2744
|
+
"attack_refs": [
|
|
2745
|
+
"T1059",
|
|
2746
|
+
"T1068",
|
|
2747
|
+
"T1071",
|
|
2748
|
+
"T1078",
|
|
2749
|
+
"T1102",
|
|
2750
|
+
"T1190",
|
|
2751
|
+
"T1548.001",
|
|
2752
|
+
"T1566",
|
|
2753
|
+
"T1566.001",
|
|
2754
|
+
"T1566.002",
|
|
2755
|
+
"T1566.003",
|
|
2756
|
+
"T1568"
|
|
2757
|
+
],
|
|
2758
|
+
"rfc_refs": [
|
|
2759
|
+
"RFC-4301",
|
|
2760
|
+
"RFC-4303",
|
|
2761
|
+
"RFC-7296",
|
|
2762
|
+
"RFC-8446",
|
|
2763
|
+
"RFC-9000",
|
|
2764
|
+
"RFC-9114",
|
|
2765
|
+
"RFC-9180",
|
|
2766
|
+
"RFC-9421",
|
|
2767
|
+
"RFC-9458"
|
|
2768
|
+
]
|
|
2769
|
+
}
|
|
2770
|
+
},
|
|
2771
|
+
"CVE-2026-33825": {
|
|
2772
|
+
"name": "BlueHammer — Microsoft Defender File-Remediation TOCTOU LPE",
|
|
2773
|
+
"rwep": 68,
|
|
2774
|
+
"cvss": 7.8,
|
|
2775
|
+
"cisa_kev": true,
|
|
2776
|
+
"epss_score": null,
|
|
2777
|
+
"referencing_skills": [
|
|
2778
|
+
"kernel-lpe-triage",
|
|
2779
|
+
"ai-attack-surface",
|
|
2780
|
+
"ai-c2-detection",
|
|
2781
|
+
"email-security-anti-phishing"
|
|
2782
|
+
],
|
|
2783
|
+
"chain": {
|
|
2784
|
+
"cwes": [
|
|
2785
|
+
{
|
|
2786
|
+
"id": "CWE-1039",
|
|
2787
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
2788
|
+
"category": "AI/ML"
|
|
2789
|
+
},
|
|
2790
|
+
{
|
|
2791
|
+
"id": "CWE-125",
|
|
2792
|
+
"name": "Out-of-bounds Read",
|
|
2793
|
+
"category": "Memory Safety"
|
|
2794
|
+
},
|
|
2795
|
+
{
|
|
2796
|
+
"id": "CWE-1426",
|
|
2797
|
+
"name": "Improper Validation of Generative AI Output",
|
|
2798
|
+
"category": "AI/ML"
|
|
2799
|
+
},
|
|
2800
|
+
{
|
|
2801
|
+
"id": "CWE-362",
|
|
2802
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
2803
|
+
"category": "Concurrency"
|
|
2804
|
+
},
|
|
2805
|
+
{
|
|
2806
|
+
"id": "CWE-416",
|
|
2807
|
+
"name": "Use After Free",
|
|
2808
|
+
"category": "Memory Safety"
|
|
2809
|
+
},
|
|
2810
|
+
{
|
|
2811
|
+
"id": "CWE-672",
|
|
2812
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
2813
|
+
"category": "Memory Safety"
|
|
2814
|
+
},
|
|
2815
|
+
{
|
|
2816
|
+
"id": "CWE-787",
|
|
2817
|
+
"name": "Out-of-bounds Write",
|
|
2818
|
+
"category": "Memory Safety"
|
|
2819
|
+
},
|
|
2820
|
+
{
|
|
2821
|
+
"id": "CWE-94",
|
|
2822
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
2823
|
+
"category": "Injection"
|
|
2824
|
+
}
|
|
2825
|
+
],
|
|
2826
|
+
"atlas": [
|
|
2827
|
+
{
|
|
2828
|
+
"id": "AML.T0016",
|
|
2829
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
2830
|
+
"tactic": "Resource Development"
|
|
2831
|
+
},
|
|
2832
|
+
{
|
|
2833
|
+
"id": "AML.T0017",
|
|
2834
|
+
"name": "Discover ML Model Ontology",
|
|
2835
|
+
"tactic": "Discovery"
|
|
2836
|
+
},
|
|
2837
|
+
{
|
|
2838
|
+
"id": "AML.T0018",
|
|
2839
|
+
"name": "Backdoor ML Model",
|
|
2840
|
+
"tactic": "Persistence"
|
|
2841
|
+
},
|
|
2842
|
+
{
|
|
2843
|
+
"id": "AML.T0020",
|
|
2844
|
+
"name": "Poison Training Data",
|
|
2845
|
+
"tactic": "ML Attack Staging"
|
|
2846
|
+
},
|
|
2847
|
+
{
|
|
2848
|
+
"id": "AML.T0043",
|
|
2849
|
+
"name": "Craft Adversarial Data",
|
|
2850
|
+
"tactic": "ML Attack Staging"
|
|
2851
|
+
},
|
|
2852
|
+
{
|
|
2853
|
+
"id": "AML.T0051",
|
|
2854
|
+
"name": "LLM Prompt Injection",
|
|
2855
|
+
"tactic": "Execution"
|
|
2856
|
+
},
|
|
2857
|
+
{
|
|
2858
|
+
"id": "AML.T0054",
|
|
2859
|
+
"name": "LLM Jailbreak",
|
|
2860
|
+
"tactic": "Defense Evasion"
|
|
2861
|
+
},
|
|
2862
|
+
{
|
|
2863
|
+
"id": "AML.T0096",
|
|
2864
|
+
"name": "AI API as Covert C2 Channel",
|
|
2865
|
+
"tactic": "Command and Control"
|
|
2866
|
+
}
|
|
2867
|
+
],
|
|
2868
|
+
"d3fend": [
|
|
2869
|
+
{
|
|
2870
|
+
"id": "D3-ASLR",
|
|
2871
|
+
"name": "Address Space Layout Randomization",
|
|
2872
|
+
"tactic": "Harden"
|
|
2873
|
+
},
|
|
2874
|
+
{
|
|
2875
|
+
"id": "D3-CA",
|
|
2876
|
+
"name": "Certificate Analysis",
|
|
2877
|
+
"tactic": "Detect"
|
|
2878
|
+
},
|
|
2879
|
+
{
|
|
2880
|
+
"id": "D3-CSPP",
|
|
2881
|
+
"name": "Client-server Payload Profiling",
|
|
2882
|
+
"tactic": "Detect"
|
|
2883
|
+
},
|
|
2884
|
+
{
|
|
2885
|
+
"id": "D3-DA",
|
|
2886
|
+
"name": "Domain Analysis",
|
|
2887
|
+
"tactic": "Detect"
|
|
2888
|
+
},
|
|
2889
|
+
{
|
|
2890
|
+
"id": "D3-EAL",
|
|
2891
|
+
"name": "Executable Allowlisting",
|
|
2892
|
+
"tactic": "Harden"
|
|
2893
|
+
},
|
|
2894
|
+
{
|
|
2895
|
+
"id": "D3-IOPR",
|
|
2896
|
+
"name": "Input/Output Profiling Resource",
|
|
2897
|
+
"tactic": "Detect"
|
|
2898
|
+
},
|
|
2899
|
+
{
|
|
2900
|
+
"id": "D3-NI",
|
|
2901
|
+
"name": "Network Isolation",
|
|
2902
|
+
"tactic": "Isolate"
|
|
2903
|
+
},
|
|
2904
|
+
{
|
|
2905
|
+
"id": "D3-NTA",
|
|
2906
|
+
"name": "Network Traffic Analysis",
|
|
2907
|
+
"tactic": "Detect"
|
|
2908
|
+
},
|
|
2909
|
+
{
|
|
2910
|
+
"id": "D3-NTPM",
|
|
2911
|
+
"name": "Network Traffic Policy Mapping",
|
|
2912
|
+
"tactic": "Model"
|
|
2913
|
+
},
|
|
2914
|
+
{
|
|
2915
|
+
"id": "D3-PHRA",
|
|
2916
|
+
"name": "Process Hardware Resource Access",
|
|
2917
|
+
"tactic": "Isolate"
|
|
2918
|
+
},
|
|
2919
|
+
{
|
|
2920
|
+
"id": "D3-PSEP",
|
|
2921
|
+
"name": "Process Segment Execution Prevention",
|
|
2922
|
+
"tactic": "Harden"
|
|
2923
|
+
}
|
|
2924
|
+
],
|
|
2925
|
+
"framework_gaps": [
|
|
2926
|
+
{
|
|
2927
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
2928
|
+
"framework": "ALL",
|
|
2929
|
+
"control_name": "AI Pipeline Integrity"
|
|
2930
|
+
},
|
|
2931
|
+
{
|
|
2932
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
2933
|
+
"framework": "ALL",
|
|
2934
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
2935
|
+
},
|
|
2936
|
+
{
|
|
2937
|
+
"id": "CIS-Controls-v8-Control7",
|
|
2938
|
+
"framework": "CIS Controls v8",
|
|
2939
|
+
"control_name": "Continuous Vulnerability Management"
|
|
2940
|
+
},
|
|
2941
|
+
{
|
|
2942
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
2943
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2944
|
+
"control_name": "Monitoring activities"
|
|
2945
|
+
},
|
|
2946
|
+
{
|
|
2947
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
2948
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2949
|
+
"control_name": "Secure coding"
|
|
2950
|
+
},
|
|
2951
|
+
{
|
|
2952
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
2953
|
+
"framework": "ISO/IEC 27001:2022",
|
|
2954
|
+
"control_name": "Management of technical vulnerabilities"
|
|
2955
|
+
},
|
|
2956
|
+
{
|
|
2957
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
2958
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
2959
|
+
"control_name": "AI risk management process"
|
|
2960
|
+
},
|
|
2961
|
+
{
|
|
2962
|
+
"id": "NIS2-Art21-patch-management",
|
|
2963
|
+
"framework": "EU NIS2 Directive",
|
|
2964
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
2965
|
+
},
|
|
2966
|
+
{
|
|
2967
|
+
"id": "NIST-800-53-AC-2",
|
|
2968
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2969
|
+
"control_name": "Account Management"
|
|
2970
|
+
},
|
|
2971
|
+
{
|
|
2972
|
+
"id": "NIST-800-53-SC-7",
|
|
2973
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2974
|
+
"control_name": "Boundary Protection"
|
|
2975
|
+
},
|
|
2976
|
+
{
|
|
2977
|
+
"id": "NIST-800-53-SC-8",
|
|
2978
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2979
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
2980
|
+
},
|
|
2981
|
+
{
|
|
2982
|
+
"id": "NIST-800-53-SI-2",
|
|
2983
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2984
|
+
"control_name": "Flaw Remediation"
|
|
2985
|
+
},
|
|
2986
|
+
{
|
|
2987
|
+
"id": "NIST-800-53-SI-3",
|
|
2988
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
2989
|
+
"control_name": "Malicious Code Protection"
|
|
2990
|
+
},
|
|
2991
|
+
{
|
|
2992
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
2993
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
2994
|
+
"control_name": "Prompt Injection"
|
|
2995
|
+
},
|
|
2996
|
+
{
|
|
2997
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
2998
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
2999
|
+
"control_name": "Sensitive Information Disclosure"
|
|
3000
|
+
},
|
|
3001
|
+
{
|
|
3002
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
3003
|
+
"framework": "PCI DSS 4.0",
|
|
3004
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
3005
|
+
},
|
|
3006
|
+
{
|
|
3007
|
+
"id": "SOC2-CC6-logical-access",
|
|
3008
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
3009
|
+
"control_name": "Logical and Physical Access Controls"
|
|
3010
|
+
},
|
|
3011
|
+
{
|
|
3012
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
3013
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
3014
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
3015
|
+
}
|
|
3016
|
+
],
|
|
3017
|
+
"attack_refs": [
|
|
3018
|
+
"T1059",
|
|
3019
|
+
"T1068",
|
|
3020
|
+
"T1071",
|
|
3021
|
+
"T1078",
|
|
3022
|
+
"T1102",
|
|
3023
|
+
"T1190",
|
|
3024
|
+
"T1548.001",
|
|
3025
|
+
"T1566",
|
|
3026
|
+
"T1566.001",
|
|
3027
|
+
"T1566.002",
|
|
3028
|
+
"T1566.003",
|
|
3029
|
+
"T1568"
|
|
3030
|
+
],
|
|
3031
|
+
"rfc_refs": [
|
|
3032
|
+
"RFC-4301",
|
|
3033
|
+
"RFC-4303",
|
|
3034
|
+
"RFC-7296",
|
|
3035
|
+
"RFC-8446",
|
|
3036
|
+
"RFC-9000",
|
|
3037
|
+
"RFC-9114",
|
|
3038
|
+
"RFC-9180",
|
|
3039
|
+
"RFC-9421",
|
|
3040
|
+
"RFC-9458"
|
|
3041
|
+
]
|
|
2235
3042
|
}
|
|
2236
3043
|
},
|
|
2237
|
-
"
|
|
2238
|
-
"name": "
|
|
2239
|
-
"rwep":
|
|
2240
|
-
"cvss":
|
|
2241
|
-
"cisa_kev":
|
|
3044
|
+
"MAL-2026-NODE-IPC-STEALER": {
|
|
3045
|
+
"name": "node-ipc credential-stealer (expired-domain account-recovery compromise)",
|
|
3046
|
+
"rwep": 43,
|
|
3047
|
+
"cvss": 9.8,
|
|
3048
|
+
"cisa_kev": false,
|
|
2242
3049
|
"epss_score": null,
|
|
2243
3050
|
"referencing_skills": [],
|
|
2244
3051
|
"chain": {
|
|
@@ -3317,7 +4124,9 @@
|
|
|
3317
4124
|
},
|
|
3318
4125
|
"related_cves": [
|
|
3319
4126
|
"CVE-2025-53773",
|
|
3320
|
-
"CVE-2026-30615"
|
|
4127
|
+
"CVE-2026-30615",
|
|
4128
|
+
"CVE-2026-32202",
|
|
4129
|
+
"CVE-2026-33825"
|
|
3321
4130
|
]
|
|
3322
4131
|
},
|
|
3323
4132
|
"CWE-123": {
|
|
@@ -3449,10 +4258,15 @@
|
|
|
3449
4258
|
},
|
|
3450
4259
|
"related_cves": [
|
|
3451
4260
|
"CVE-2025-53773",
|
|
4261
|
+
"CVE-2026-0300",
|
|
3452
4262
|
"CVE-2026-30615",
|
|
3453
4263
|
"CVE-2026-31431",
|
|
4264
|
+
"CVE-2026-32202",
|
|
4265
|
+
"CVE-2026-33825",
|
|
4266
|
+
"CVE-2026-42897",
|
|
3454
4267
|
"CVE-2026-43284",
|
|
3455
|
-
"CVE-2026-43500"
|
|
4268
|
+
"CVE-2026-43500",
|
|
4269
|
+
"CVE-2026-6973"
|
|
3456
4270
|
]
|
|
3457
4271
|
},
|
|
3458
4272
|
"CWE-200": {
|
|
@@ -5492,10 +6306,15 @@
|
|
|
5492
6306
|
},
|
|
5493
6307
|
"related_cves": [
|
|
5494
6308
|
"CVE-2025-53773",
|
|
6309
|
+
"CVE-2026-0300",
|
|
5495
6310
|
"CVE-2026-30615",
|
|
5496
6311
|
"CVE-2026-31431",
|
|
6312
|
+
"CVE-2026-32202",
|
|
6313
|
+
"CVE-2026-33825",
|
|
6314
|
+
"CVE-2026-42897",
|
|
5497
6315
|
"CVE-2026-43284",
|
|
5498
|
-
"CVE-2026-43500"
|
|
6316
|
+
"CVE-2026-43500",
|
|
6317
|
+
"CVE-2026-6973"
|
|
5499
6318
|
]
|
|
5500
6319
|
},
|
|
5501
6320
|
"CWE-416": {
|
|
@@ -5613,10 +6432,15 @@
|
|
|
5613
6432
|
},
|
|
5614
6433
|
"related_cves": [
|
|
5615
6434
|
"CVE-2025-53773",
|
|
6435
|
+
"CVE-2026-0300",
|
|
5616
6436
|
"CVE-2026-30615",
|
|
5617
6437
|
"CVE-2026-31431",
|
|
6438
|
+
"CVE-2026-32202",
|
|
6439
|
+
"CVE-2026-33825",
|
|
6440
|
+
"CVE-2026-42897",
|
|
5618
6441
|
"CVE-2026-43284",
|
|
5619
|
-
"CVE-2026-43500"
|
|
6442
|
+
"CVE-2026-43500",
|
|
6443
|
+
"CVE-2026-6973"
|
|
5620
6444
|
]
|
|
5621
6445
|
},
|
|
5622
6446
|
"CWE-426": {
|
|
@@ -6489,9 +7313,14 @@
|
|
|
6489
7313
|
]
|
|
6490
7314
|
},
|
|
6491
7315
|
"related_cves": [
|
|
7316
|
+
"CVE-2026-0300",
|
|
6492
7317
|
"CVE-2026-31431",
|
|
7318
|
+
"CVE-2026-32202",
|
|
7319
|
+
"CVE-2026-33825",
|
|
7320
|
+
"CVE-2026-42897",
|
|
6493
7321
|
"CVE-2026-43284",
|
|
6494
|
-
"CVE-2026-43500"
|
|
7322
|
+
"CVE-2026-43500",
|
|
7323
|
+
"CVE-2026-6973"
|
|
6495
7324
|
]
|
|
6496
7325
|
},
|
|
6497
7326
|
"CWE-732": {
|
|
@@ -6976,10 +7805,15 @@
|
|
|
6976
7805
|
},
|
|
6977
7806
|
"related_cves": [
|
|
6978
7807
|
"CVE-2025-53773",
|
|
7808
|
+
"CVE-2026-0300",
|
|
6979
7809
|
"CVE-2026-30615",
|
|
6980
7810
|
"CVE-2026-31431",
|
|
7811
|
+
"CVE-2026-32202",
|
|
7812
|
+
"CVE-2026-33825",
|
|
7813
|
+
"CVE-2026-42897",
|
|
6981
7814
|
"CVE-2026-43284",
|
|
6982
|
-
"CVE-2026-43500"
|
|
7815
|
+
"CVE-2026-43500",
|
|
7816
|
+
"CVE-2026-6973"
|
|
6983
7817
|
]
|
|
6984
7818
|
},
|
|
6985
7819
|
"CWE-798": {
|
|
@@ -8314,7 +9148,9 @@
|
|
|
8314
9148
|
},
|
|
8315
9149
|
"related_cves": [
|
|
8316
9150
|
"CVE-2025-53773",
|
|
8317
|
-
"CVE-2026-30615"
|
|
9151
|
+
"CVE-2026-30615",
|
|
9152
|
+
"CVE-2026-32202",
|
|
9153
|
+
"CVE-2026-33825"
|
|
8318
9154
|
]
|
|
8319
9155
|
},
|
|
8320
9156
|
"CWE-1188": {
|
|
@@ -8624,6 +9460,7 @@
|
|
|
8624
9460
|
},
|
|
8625
9461
|
"related_cves": [
|
|
8626
9462
|
"CVE-2025-53773",
|
|
9463
|
+
"CVE-2026-0300",
|
|
8627
9464
|
"CVE-2026-30615",
|
|
8628
9465
|
"CVE-2026-31431"
|
|
8629
9466
|
]
|
|
@@ -9086,6 +9923,8 @@
|
|
|
9086
9923
|
"related_cves": [
|
|
9087
9924
|
"CVE-2025-53773",
|
|
9088
9925
|
"CVE-2026-30615",
|
|
9926
|
+
"CVE-2026-32202",
|
|
9927
|
+
"CVE-2026-33825",
|
|
9089
9928
|
"CVE-2026-43284",
|
|
9090
9929
|
"CVE-2026-43500"
|
|
9091
9930
|
]
|