@blamejs/exceptd-skills 0.13.1 → 0.13.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +34 -0
- package/bin/exceptd.js +35 -6
- package/data/_indexes/_meta.json +25 -25
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +1772 -88
- package/data/_indexes/frequency.json +8 -0
- package/data/_indexes/section-offsets.json +517 -517
- package/data/_indexes/token-budget.json +66 -66
- package/data/atlas-ttps.json +2 -0
- package/data/attack-techniques.json +22 -3
- package/data/cve-catalog.json +0 -28
- package/data/cwe-catalog.json +19 -3
- package/data/framework-control-gaps.json +291 -1
- package/data/zeroday-lessons.json +818 -0
- package/lib/lint-skills.js +50 -1
- package/manifest.json +60 -60
- package/orchestrator/index.js +8 -1
- package/package.json +1 -1
- package/sbom.cdx.json +47 -36
- package/scripts/check-test-count.js +146 -0
- package/scripts/predeploy.js +16 -0
- package/skills/age-gates-child-safety/skill.md +1 -0
- package/skills/ai-risk-management/skill.md +1 -0
- package/skills/defensive-countermeasure-mapping/skill.md +1 -0
- package/skills/email-security-anti-phishing/skill.md +1 -0
- package/skills/fuzz-testing-strategy/skill.md +1 -0
- package/skills/mlops-security/skill.md +1 -0
- package/skills/ot-ics-security/skill.md +1 -0
- package/skills/researcher/skill.md +1 -0
- package/skills/sector-energy/skill.md +1 -0
- package/skills/sector-federal-government/skill.md +1 -0
- package/skills/sector-telecom/skill.md +1 -0
- package/skills/skill-update-loop/skill.md +1 -0
- package/skills/threat-model-currency/skill.md +1 -0
- package/skills/threat-modeling-methodology/skill.md +1 -0
- package/skills/webapp-security/skill.md +1 -0
- package/skills/zeroday-gap-learn/skill.md +1 -0
|
@@ -3539,14 +3539,222 @@
|
|
|
3539
3539
|
"cvss": 8.1,
|
|
3540
3540
|
"cisa_kev": false,
|
|
3541
3541
|
"epss_score": 0.012,
|
|
3542
|
-
"referencing_skills": [
|
|
3542
|
+
"referencing_skills": [
|
|
3543
|
+
"mcp-agent-trust",
|
|
3544
|
+
"cloud-security",
|
|
3545
|
+
"container-runtime-security"
|
|
3546
|
+
],
|
|
3543
3547
|
"chain": {
|
|
3544
|
-
"cwes": [
|
|
3545
|
-
|
|
3546
|
-
|
|
3547
|
-
|
|
3548
|
-
|
|
3549
|
-
|
|
3548
|
+
"cwes": [
|
|
3549
|
+
{
|
|
3550
|
+
"id": "CWE-1188",
|
|
3551
|
+
"name": "Initialization of a Resource with an Insecure Default",
|
|
3552
|
+
"category": "Configuration"
|
|
3553
|
+
},
|
|
3554
|
+
{
|
|
3555
|
+
"id": "CWE-1395",
|
|
3556
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
3557
|
+
"category": "Supply Chain"
|
|
3558
|
+
},
|
|
3559
|
+
{
|
|
3560
|
+
"id": "CWE-200",
|
|
3561
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
3562
|
+
"category": "Information Exposure"
|
|
3563
|
+
},
|
|
3564
|
+
{
|
|
3565
|
+
"id": "CWE-22",
|
|
3566
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
3567
|
+
"category": "Path/Resource"
|
|
3568
|
+
},
|
|
3569
|
+
{
|
|
3570
|
+
"id": "CWE-269",
|
|
3571
|
+
"name": "Improper Privilege Management",
|
|
3572
|
+
"category": "Authorization"
|
|
3573
|
+
},
|
|
3574
|
+
{
|
|
3575
|
+
"id": "CWE-287",
|
|
3576
|
+
"name": "Improper Authentication",
|
|
3577
|
+
"category": "Authentication"
|
|
3578
|
+
},
|
|
3579
|
+
{
|
|
3580
|
+
"id": "CWE-345",
|
|
3581
|
+
"name": "Insufficient Verification of Data Authenticity",
|
|
3582
|
+
"category": "Authenticity / Supply Chain"
|
|
3583
|
+
},
|
|
3584
|
+
{
|
|
3585
|
+
"id": "CWE-352",
|
|
3586
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
3587
|
+
"category": "Session"
|
|
3588
|
+
},
|
|
3589
|
+
{
|
|
3590
|
+
"id": "CWE-434",
|
|
3591
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
3592
|
+
"category": "File Handling"
|
|
3593
|
+
},
|
|
3594
|
+
{
|
|
3595
|
+
"id": "CWE-494",
|
|
3596
|
+
"name": "Download of Code Without Integrity Check",
|
|
3597
|
+
"category": "Supply Chain"
|
|
3598
|
+
},
|
|
3599
|
+
{
|
|
3600
|
+
"id": "CWE-732",
|
|
3601
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
3602
|
+
"category": "Authorization"
|
|
3603
|
+
},
|
|
3604
|
+
{
|
|
3605
|
+
"id": "CWE-77",
|
|
3606
|
+
"name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
|
|
3607
|
+
"category": "Injection"
|
|
3608
|
+
},
|
|
3609
|
+
{
|
|
3610
|
+
"id": "CWE-787",
|
|
3611
|
+
"name": "Out-of-bounds Write",
|
|
3612
|
+
"category": "Memory Safety"
|
|
3613
|
+
},
|
|
3614
|
+
{
|
|
3615
|
+
"id": "CWE-798",
|
|
3616
|
+
"name": "Use of Hard-coded Credentials",
|
|
3617
|
+
"category": "Credentials"
|
|
3618
|
+
},
|
|
3619
|
+
{
|
|
3620
|
+
"id": "CWE-862",
|
|
3621
|
+
"name": "Missing Authorization",
|
|
3622
|
+
"category": "Authorization"
|
|
3623
|
+
},
|
|
3624
|
+
{
|
|
3625
|
+
"id": "CWE-918",
|
|
3626
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
3627
|
+
"category": "Network"
|
|
3628
|
+
},
|
|
3629
|
+
{
|
|
3630
|
+
"id": "CWE-94",
|
|
3631
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
3632
|
+
"category": "Injection"
|
|
3633
|
+
}
|
|
3634
|
+
],
|
|
3635
|
+
"atlas": [
|
|
3636
|
+
{
|
|
3637
|
+
"id": "AML.T0010",
|
|
3638
|
+
"name": "ML Supply Chain Compromise",
|
|
3639
|
+
"tactic": "Initial Access"
|
|
3640
|
+
},
|
|
3641
|
+
{
|
|
3642
|
+
"id": "AML.T0016",
|
|
3643
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
3644
|
+
"tactic": "Resource Development"
|
|
3645
|
+
},
|
|
3646
|
+
{
|
|
3647
|
+
"id": "AML.T0017",
|
|
3648
|
+
"name": "Discover ML Model Ontology",
|
|
3649
|
+
"tactic": "Discovery"
|
|
3650
|
+
},
|
|
3651
|
+
{
|
|
3652
|
+
"id": "AML.T0096",
|
|
3653
|
+
"name": "AI API as Covert C2 Channel",
|
|
3654
|
+
"tactic": "Command and Control"
|
|
3655
|
+
}
|
|
3656
|
+
],
|
|
3657
|
+
"d3fend": [
|
|
3658
|
+
{
|
|
3659
|
+
"id": "D3-CBAN",
|
|
3660
|
+
"name": "Certificate-based Authentication",
|
|
3661
|
+
"tactic": "Harden"
|
|
3662
|
+
},
|
|
3663
|
+
{
|
|
3664
|
+
"id": "D3-CSPP",
|
|
3665
|
+
"name": "Client-server Payload Profiling",
|
|
3666
|
+
"tactic": "Detect"
|
|
3667
|
+
},
|
|
3668
|
+
{
|
|
3669
|
+
"id": "D3-EAL",
|
|
3670
|
+
"name": "Executable Allowlisting",
|
|
3671
|
+
"tactic": "Harden"
|
|
3672
|
+
},
|
|
3673
|
+
{
|
|
3674
|
+
"id": "D3-EHB",
|
|
3675
|
+
"name": "Executable Hashbased Allowlist",
|
|
3676
|
+
"tactic": "Harden"
|
|
3677
|
+
},
|
|
3678
|
+
{
|
|
3679
|
+
"id": "D3-MFA",
|
|
3680
|
+
"name": "Multi-factor Authentication",
|
|
3681
|
+
"tactic": "Harden"
|
|
3682
|
+
}
|
|
3683
|
+
],
|
|
3684
|
+
"framework_gaps": [
|
|
3685
|
+
{
|
|
3686
|
+
"id": "ALL-MCP-TOOL-TRUST",
|
|
3687
|
+
"framework": "ALL",
|
|
3688
|
+
"control_name": "MCP/Agent Tool Trust Boundaries"
|
|
3689
|
+
},
|
|
3690
|
+
{
|
|
3691
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
3692
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
3693
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
3694
|
+
},
|
|
3695
|
+
{
|
|
3696
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
3697
|
+
"framework": "ISO/IEC 27001:2022",
|
|
3698
|
+
"control_name": "Secure coding"
|
|
3699
|
+
},
|
|
3700
|
+
{
|
|
3701
|
+
"id": "ISO-27001-2022-A.8.30",
|
|
3702
|
+
"framework": "ISO/IEC 27001:2022",
|
|
3703
|
+
"control_name": "Outsourced development"
|
|
3704
|
+
},
|
|
3705
|
+
{
|
|
3706
|
+
"id": "NIST-800-53-CM-7",
|
|
3707
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
3708
|
+
"control_name": "Least Functionality"
|
|
3709
|
+
},
|
|
3710
|
+
{
|
|
3711
|
+
"id": "NIST-800-53-SA-12",
|
|
3712
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
3713
|
+
"control_name": "Supply Chain Protection"
|
|
3714
|
+
},
|
|
3715
|
+
{
|
|
3716
|
+
"id": "OWASP-LLM-Top-10-2025-LLM06",
|
|
3717
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
3718
|
+
"control_name": "Excessive Agency"
|
|
3719
|
+
},
|
|
3720
|
+
{
|
|
3721
|
+
"id": "SLSA-v1.0-Build-L3",
|
|
3722
|
+
"framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
|
|
3723
|
+
"control_name": "Hardened build platform with non-falsifiable provenance"
|
|
3724
|
+
},
|
|
3725
|
+
{
|
|
3726
|
+
"id": "SOC2-CC9-vendor-management",
|
|
3727
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
3728
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
3729
|
+
},
|
|
3730
|
+
{
|
|
3731
|
+
"id": "SWIFT-CSCF-v2026-1.1",
|
|
3732
|
+
"framework": "SWIFT Customer Security Controls Framework v2026",
|
|
3733
|
+
"control_name": "SWIFT Environment Protection"
|
|
3734
|
+
}
|
|
3735
|
+
],
|
|
3736
|
+
"attack_refs": [
|
|
3737
|
+
"T1059",
|
|
3738
|
+
"T1068",
|
|
3739
|
+
"T1078",
|
|
3740
|
+
"T1190",
|
|
3741
|
+
"T1195.001",
|
|
3742
|
+
"T1530",
|
|
3743
|
+
"T1552",
|
|
3744
|
+
"T1610",
|
|
3745
|
+
"T1611"
|
|
3746
|
+
],
|
|
3747
|
+
"rfc_refs": [
|
|
3748
|
+
"RFC-6749",
|
|
3749
|
+
"RFC-7519",
|
|
3750
|
+
"RFC-8032",
|
|
3751
|
+
"RFC-8446",
|
|
3752
|
+
"RFC-8725",
|
|
3753
|
+
"RFC-9114",
|
|
3754
|
+
"RFC-9180",
|
|
3755
|
+
"RFC-9421",
|
|
3756
|
+
"RFC-9700"
|
|
3757
|
+
]
|
|
3550
3758
|
}
|
|
3551
3759
|
},
|
|
3552
3760
|
"CVE-2023-43472": {
|
|
@@ -3555,38 +3763,303 @@
|
|
|
3555
3763
|
"cvss": 7.5,
|
|
3556
3764
|
"cisa_kev": false,
|
|
3557
3765
|
"epss_score": 0.014,
|
|
3558
|
-
"referencing_skills": [
|
|
3559
|
-
|
|
3560
|
-
"
|
|
3561
|
-
"
|
|
3562
|
-
"
|
|
3563
|
-
"
|
|
3564
|
-
"
|
|
3565
|
-
|
|
3566
|
-
}
|
|
3567
|
-
},
|
|
3568
|
-
"CVE-2020-10148": {
|
|
3569
|
-
"name": "SolarWinds Orion API authentication bypass (SUNBURST chain)",
|
|
3570
|
-
"rwep": 75,
|
|
3571
|
-
"cvss": 9.8,
|
|
3572
|
-
"cisa_kev": true,
|
|
3573
|
-
"epss_score": 0.945,
|
|
3574
|
-
"referencing_skills": [],
|
|
3766
|
+
"referencing_skills": [
|
|
3767
|
+
"ai-attack-surface",
|
|
3768
|
+
"rag-pipeline-security",
|
|
3769
|
+
"threat-modeling-methodology",
|
|
3770
|
+
"webapp-security",
|
|
3771
|
+
"api-security",
|
|
3772
|
+
"container-runtime-security"
|
|
3773
|
+
],
|
|
3575
3774
|
"chain": {
|
|
3576
|
-
"cwes": [
|
|
3577
|
-
|
|
3578
|
-
|
|
3579
|
-
|
|
3580
|
-
|
|
3581
|
-
|
|
3582
|
-
|
|
3583
|
-
|
|
3584
|
-
|
|
3585
|
-
|
|
3586
|
-
|
|
3775
|
+
"cwes": [
|
|
3776
|
+
{
|
|
3777
|
+
"id": "CWE-1039",
|
|
3778
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
3779
|
+
"category": "AI/ML"
|
|
3780
|
+
},
|
|
3781
|
+
{
|
|
3782
|
+
"id": "CWE-1188",
|
|
3783
|
+
"name": "Initialization of a Resource with an Insecure Default",
|
|
3784
|
+
"category": "Configuration"
|
|
3785
|
+
},
|
|
3786
|
+
{
|
|
3787
|
+
"id": "CWE-1395",
|
|
3788
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
3789
|
+
"category": "Supply Chain"
|
|
3790
|
+
},
|
|
3791
|
+
{
|
|
3792
|
+
"id": "CWE-1426",
|
|
3793
|
+
"name": "Improper Validation of Generative AI Output",
|
|
3794
|
+
"category": "AI/ML"
|
|
3795
|
+
},
|
|
3796
|
+
{
|
|
3797
|
+
"id": "CWE-200",
|
|
3798
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
3799
|
+
"category": "Information Exposure"
|
|
3800
|
+
},
|
|
3801
|
+
{
|
|
3802
|
+
"id": "CWE-22",
|
|
3803
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
3804
|
+
"category": "Path/Resource"
|
|
3805
|
+
},
|
|
3806
|
+
{
|
|
3807
|
+
"id": "CWE-269",
|
|
3808
|
+
"name": "Improper Privilege Management",
|
|
3809
|
+
"category": "Authorization"
|
|
3810
|
+
},
|
|
3811
|
+
{
|
|
3812
|
+
"id": "CWE-287",
|
|
3813
|
+
"name": "Improper Authentication",
|
|
3814
|
+
"category": "Authentication"
|
|
3815
|
+
},
|
|
3816
|
+
{
|
|
3817
|
+
"id": "CWE-352",
|
|
3818
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
3819
|
+
"category": "Session"
|
|
3820
|
+
},
|
|
3821
|
+
{
|
|
3822
|
+
"id": "CWE-434",
|
|
3823
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
3824
|
+
"category": "File Handling"
|
|
3825
|
+
},
|
|
3826
|
+
{
|
|
3827
|
+
"id": "CWE-502",
|
|
3828
|
+
"name": "Deserialization of Untrusted Data",
|
|
3829
|
+
"category": "Serialization"
|
|
3830
|
+
},
|
|
3831
|
+
{
|
|
3832
|
+
"id": "CWE-732",
|
|
3833
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
3834
|
+
"category": "Authorization"
|
|
3835
|
+
},
|
|
3836
|
+
{
|
|
3837
|
+
"id": "CWE-77",
|
|
3838
|
+
"name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
|
|
3839
|
+
"category": "Injection"
|
|
3840
|
+
},
|
|
3841
|
+
{
|
|
3842
|
+
"id": "CWE-78",
|
|
3843
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
3844
|
+
"category": "Injection"
|
|
3845
|
+
},
|
|
3846
|
+
{
|
|
3847
|
+
"id": "CWE-787",
|
|
3848
|
+
"name": "Out-of-bounds Write",
|
|
3849
|
+
"category": "Memory Safety"
|
|
3850
|
+
},
|
|
3851
|
+
{
|
|
3852
|
+
"id": "CWE-79",
|
|
3853
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
3854
|
+
"category": "Injection"
|
|
3855
|
+
},
|
|
3856
|
+
{
|
|
3857
|
+
"id": "CWE-862",
|
|
3858
|
+
"name": "Missing Authorization",
|
|
3859
|
+
"category": "Authorization"
|
|
3860
|
+
},
|
|
3861
|
+
{
|
|
3862
|
+
"id": "CWE-863",
|
|
3863
|
+
"name": "Incorrect Authorization",
|
|
3864
|
+
"category": "Authorization"
|
|
3865
|
+
},
|
|
3866
|
+
{
|
|
3867
|
+
"id": "CWE-89",
|
|
3868
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
3869
|
+
"category": "Injection"
|
|
3870
|
+
},
|
|
3871
|
+
{
|
|
3872
|
+
"id": "CWE-918",
|
|
3873
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
3874
|
+
"category": "Network"
|
|
3875
|
+
},
|
|
3876
|
+
{
|
|
3877
|
+
"id": "CWE-94",
|
|
3878
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
3879
|
+
"category": "Injection"
|
|
3880
|
+
}
|
|
3881
|
+
],
|
|
3882
|
+
"atlas": [
|
|
3883
|
+
{
|
|
3884
|
+
"id": "AML.T0010",
|
|
3885
|
+
"name": "ML Supply Chain Compromise",
|
|
3886
|
+
"tactic": "Initial Access"
|
|
3887
|
+
},
|
|
3888
|
+
{
|
|
3889
|
+
"id": "AML.T0016",
|
|
3890
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
3891
|
+
"tactic": "Resource Development"
|
|
3892
|
+
},
|
|
3893
|
+
{
|
|
3894
|
+
"id": "AML.T0017",
|
|
3895
|
+
"name": "Discover ML Model Ontology",
|
|
3896
|
+
"tactic": "Discovery"
|
|
3897
|
+
},
|
|
3898
|
+
{
|
|
3899
|
+
"id": "AML.T0018",
|
|
3900
|
+
"name": "Backdoor ML Model",
|
|
3901
|
+
"tactic": "Persistence"
|
|
3902
|
+
},
|
|
3903
|
+
{
|
|
3904
|
+
"id": "AML.T0020",
|
|
3905
|
+
"name": "Poison Training Data",
|
|
3906
|
+
"tactic": "ML Attack Staging"
|
|
3907
|
+
},
|
|
3908
|
+
{
|
|
3909
|
+
"id": "AML.T0043",
|
|
3910
|
+
"name": "Craft Adversarial Data",
|
|
3911
|
+
"tactic": "ML Attack Staging"
|
|
3912
|
+
},
|
|
3913
|
+
{
|
|
3914
|
+
"id": "AML.T0051",
|
|
3915
|
+
"name": "LLM Prompt Injection",
|
|
3916
|
+
"tactic": "Execution"
|
|
3917
|
+
},
|
|
3918
|
+
{
|
|
3919
|
+
"id": "AML.T0054",
|
|
3920
|
+
"name": "LLM Jailbreak",
|
|
3921
|
+
"tactic": "Defense Evasion"
|
|
3922
|
+
},
|
|
3923
|
+
{
|
|
3924
|
+
"id": "AML.T0096",
|
|
3925
|
+
"name": "AI API as Covert C2 Channel",
|
|
3926
|
+
"tactic": "Command and Control"
|
|
3927
|
+
}
|
|
3928
|
+
],
|
|
3929
|
+
"d3fend": [
|
|
3930
|
+
{
|
|
3931
|
+
"id": "D3-CSPP",
|
|
3932
|
+
"name": "Client-server Payload Profiling",
|
|
3933
|
+
"tactic": "Detect"
|
|
3934
|
+
},
|
|
3935
|
+
{
|
|
3936
|
+
"id": "D3-IOPR",
|
|
3937
|
+
"name": "Input/Output Profiling Resource",
|
|
3938
|
+
"tactic": "Detect"
|
|
3939
|
+
},
|
|
3940
|
+
{
|
|
3941
|
+
"id": "D3-NTA",
|
|
3942
|
+
"name": "Network Traffic Analysis",
|
|
3943
|
+
"tactic": "Detect"
|
|
3944
|
+
}
|
|
3945
|
+
],
|
|
3946
|
+
"framework_gaps": [
|
|
3947
|
+
{
|
|
3948
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
3949
|
+
"framework": "ALL",
|
|
3950
|
+
"control_name": "AI Pipeline Integrity"
|
|
3951
|
+
},
|
|
3952
|
+
{
|
|
3953
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
3954
|
+
"framework": "ALL",
|
|
3955
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
3956
|
+
},
|
|
3957
|
+
{
|
|
3958
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
3959
|
+
"framework": "ISO/IEC 27001:2022",
|
|
3960
|
+
"control_name": "Secure coding"
|
|
3961
|
+
},
|
|
3962
|
+
{
|
|
3963
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
3964
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
3965
|
+
"control_name": "AI risk management process"
|
|
3966
|
+
},
|
|
3967
|
+
{
|
|
3968
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
3969
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
3970
|
+
"control_name": "AI risk assessment"
|
|
3971
|
+
},
|
|
3972
|
+
{
|
|
3973
|
+
"id": "NIST-800-218-SSDF",
|
|
3974
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
3975
|
+
"control_name": "Secure Software Development Framework"
|
|
3976
|
+
},
|
|
3977
|
+
{
|
|
3978
|
+
"id": "NIST-800-53-AC-2",
|
|
3979
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
3980
|
+
"control_name": "Account Management"
|
|
3981
|
+
},
|
|
3982
|
+
{
|
|
3983
|
+
"id": "NIST-800-53-CM-7",
|
|
3984
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
3985
|
+
"control_name": "Least Functionality"
|
|
3986
|
+
},
|
|
3987
|
+
{
|
|
3988
|
+
"id": "NIST-800-53-SI-12",
|
|
3989
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
3990
|
+
"control_name": "Information Management and Retention"
|
|
3991
|
+
},
|
|
3992
|
+
{
|
|
3993
|
+
"id": "NIST-800-53-SI-3",
|
|
3994
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
3995
|
+
"control_name": "Malicious Code Protection"
|
|
3996
|
+
},
|
|
3997
|
+
{
|
|
3998
|
+
"id": "NIST-AI-RMF-MEASURE-2.5",
|
|
3999
|
+
"framework": "NIST AI RMF 1.0",
|
|
4000
|
+
"control_name": "AI system to human interaction evaluation"
|
|
4001
|
+
},
|
|
4002
|
+
{
|
|
4003
|
+
"id": "OWASP-ASVS-v5.0-V14",
|
|
4004
|
+
"framework": "OWASP ASVS v5.0",
|
|
4005
|
+
"control_name": "Configuration verification"
|
|
4006
|
+
},
|
|
4007
|
+
{
|
|
4008
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
4009
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
4010
|
+
"control_name": "Prompt Injection"
|
|
4011
|
+
},
|
|
4012
|
+
{
|
|
4013
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
4014
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
4015
|
+
"control_name": "Sensitive Information Disclosure"
|
|
4016
|
+
},
|
|
4017
|
+
{
|
|
4018
|
+
"id": "OWASP-LLM-Top-10-2025-LLM08",
|
|
4019
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
4020
|
+
"control_name": "Vector and Embedding Weaknesses"
|
|
4021
|
+
},
|
|
4022
|
+
{
|
|
4023
|
+
"id": "SLSA-v1.0-Build-L3",
|
|
4024
|
+
"framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
|
|
4025
|
+
"control_name": "Hardened build platform with non-falsifiable provenance"
|
|
4026
|
+
},
|
|
4027
|
+
{
|
|
4028
|
+
"id": "SOC2-CC6-logical-access",
|
|
4029
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
4030
|
+
"control_name": "Logical and Physical Access Controls"
|
|
4031
|
+
}
|
|
4032
|
+
],
|
|
4033
|
+
"attack_refs": [
|
|
4034
|
+
"T1059",
|
|
4035
|
+
"T1068",
|
|
4036
|
+
"T1078",
|
|
4037
|
+
"T1190",
|
|
4038
|
+
"T1505",
|
|
4039
|
+
"T1565",
|
|
4040
|
+
"T1566",
|
|
4041
|
+
"T1567",
|
|
4042
|
+
"T1610",
|
|
4043
|
+
"T1611"
|
|
4044
|
+
],
|
|
4045
|
+
"rfc_refs": [
|
|
4046
|
+
"RFC-6749",
|
|
4047
|
+
"RFC-7519",
|
|
4048
|
+
"RFC-8032",
|
|
4049
|
+
"RFC-8446",
|
|
4050
|
+
"RFC-8725",
|
|
4051
|
+
"RFC-9114",
|
|
4052
|
+
"RFC-9421",
|
|
4053
|
+
"RFC-9700"
|
|
4054
|
+
]
|
|
4055
|
+
}
|
|
4056
|
+
},
|
|
4057
|
+
"CVE-2020-10148": {
|
|
4058
|
+
"name": "SolarWinds Orion API authentication bypass (SUNBURST chain)",
|
|
4059
|
+
"rwep": 75,
|
|
3587
4060
|
"cvss": 9.8,
|
|
3588
4061
|
"cisa_kev": true,
|
|
3589
|
-
"epss_score": 0.
|
|
4062
|
+
"epss_score": 0.945,
|
|
3590
4063
|
"referencing_skills": [],
|
|
3591
4064
|
"chain": {
|
|
3592
4065
|
"cwes": [],
|
|
@@ -3597,6 +4070,109 @@
|
|
|
3597
4070
|
"rfc_refs": []
|
|
3598
4071
|
}
|
|
3599
4072
|
},
|
|
4073
|
+
"CVE-2023-3519": {
|
|
4074
|
+
"name": "Citrix NetScaler ADC/Gateway unauth RCE (CitrixBleed precursor)",
|
|
4075
|
+
"rwep": 80,
|
|
4076
|
+
"cvss": 9.8,
|
|
4077
|
+
"cisa_kev": true,
|
|
4078
|
+
"epss_score": 0.967,
|
|
4079
|
+
"referencing_skills": [
|
|
4080
|
+
"kernel-lpe-triage"
|
|
4081
|
+
],
|
|
4082
|
+
"chain": {
|
|
4083
|
+
"cwes": [
|
|
4084
|
+
{
|
|
4085
|
+
"id": "CWE-125",
|
|
4086
|
+
"name": "Out-of-bounds Read",
|
|
4087
|
+
"category": "Memory Safety"
|
|
4088
|
+
},
|
|
4089
|
+
{
|
|
4090
|
+
"id": "CWE-362",
|
|
4091
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
4092
|
+
"category": "Concurrency"
|
|
4093
|
+
},
|
|
4094
|
+
{
|
|
4095
|
+
"id": "CWE-416",
|
|
4096
|
+
"name": "Use After Free",
|
|
4097
|
+
"category": "Memory Safety"
|
|
4098
|
+
},
|
|
4099
|
+
{
|
|
4100
|
+
"id": "CWE-672",
|
|
4101
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
4102
|
+
"category": "Memory Safety"
|
|
4103
|
+
},
|
|
4104
|
+
{
|
|
4105
|
+
"id": "CWE-787",
|
|
4106
|
+
"name": "Out-of-bounds Write",
|
|
4107
|
+
"category": "Memory Safety"
|
|
4108
|
+
}
|
|
4109
|
+
],
|
|
4110
|
+
"atlas": [],
|
|
4111
|
+
"d3fend": [
|
|
4112
|
+
{
|
|
4113
|
+
"id": "D3-ASLR",
|
|
4114
|
+
"name": "Address Space Layout Randomization",
|
|
4115
|
+
"tactic": "Harden"
|
|
4116
|
+
},
|
|
4117
|
+
{
|
|
4118
|
+
"id": "D3-EAL",
|
|
4119
|
+
"name": "Executable Allowlisting",
|
|
4120
|
+
"tactic": "Harden"
|
|
4121
|
+
},
|
|
4122
|
+
{
|
|
4123
|
+
"id": "D3-PHRA",
|
|
4124
|
+
"name": "Process Hardware Resource Access",
|
|
4125
|
+
"tactic": "Isolate"
|
|
4126
|
+
},
|
|
4127
|
+
{
|
|
4128
|
+
"id": "D3-PSEP",
|
|
4129
|
+
"name": "Process Segment Execution Prevention",
|
|
4130
|
+
"tactic": "Harden"
|
|
4131
|
+
}
|
|
4132
|
+
],
|
|
4133
|
+
"framework_gaps": [
|
|
4134
|
+
{
|
|
4135
|
+
"id": "CIS-Controls-v8-Control7",
|
|
4136
|
+
"framework": "CIS Controls v8",
|
|
4137
|
+
"control_name": "Continuous Vulnerability Management"
|
|
4138
|
+
},
|
|
4139
|
+
{
|
|
4140
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
4141
|
+
"framework": "ISO/IEC 27001:2022",
|
|
4142
|
+
"control_name": "Management of technical vulnerabilities"
|
|
4143
|
+
},
|
|
4144
|
+
{
|
|
4145
|
+
"id": "NIS2-Art21-patch-management",
|
|
4146
|
+
"framework": "EU NIS2 Directive",
|
|
4147
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
4148
|
+
},
|
|
4149
|
+
{
|
|
4150
|
+
"id": "NIST-800-53-SC-8",
|
|
4151
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4152
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
4153
|
+
},
|
|
4154
|
+
{
|
|
4155
|
+
"id": "NIST-800-53-SI-2",
|
|
4156
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4157
|
+
"control_name": "Flaw Remediation"
|
|
4158
|
+
},
|
|
4159
|
+
{
|
|
4160
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
4161
|
+
"framework": "PCI DSS 4.0",
|
|
4162
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
4163
|
+
}
|
|
4164
|
+
],
|
|
4165
|
+
"attack_refs": [
|
|
4166
|
+
"T1068",
|
|
4167
|
+
"T1548.001"
|
|
4168
|
+
],
|
|
4169
|
+
"rfc_refs": [
|
|
4170
|
+
"RFC-4301",
|
|
4171
|
+
"RFC-4303",
|
|
4172
|
+
"RFC-7296"
|
|
4173
|
+
]
|
|
4174
|
+
}
|
|
4175
|
+
},
|
|
3600
4176
|
"CVE-2024-1709": {
|
|
3601
4177
|
"name": "ConnectWise ScreenConnect auth-bypass",
|
|
3602
4178
|
"rwep": 75,
|
|
@@ -3635,14 +4211,136 @@
|
|
|
3635
4211
|
"cvss": 5.9,
|
|
3636
4212
|
"cisa_kev": false,
|
|
3637
4213
|
"epss_score": 0.005,
|
|
3638
|
-
"referencing_skills": [
|
|
4214
|
+
"referencing_skills": [
|
|
4215
|
+
"ai-c2-detection",
|
|
4216
|
+
"dlp-gap-analysis"
|
|
4217
|
+
],
|
|
3639
4218
|
"chain": {
|
|
3640
|
-
"cwes": [
|
|
3641
|
-
|
|
3642
|
-
|
|
3643
|
-
|
|
3644
|
-
|
|
3645
|
-
|
|
4219
|
+
"cwes": [
|
|
4220
|
+
{
|
|
4221
|
+
"id": "CWE-1426",
|
|
4222
|
+
"name": "Improper Validation of Generative AI Output",
|
|
4223
|
+
"category": "AI/ML"
|
|
4224
|
+
},
|
|
4225
|
+
{
|
|
4226
|
+
"id": "CWE-200",
|
|
4227
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
4228
|
+
"category": "Information Exposure"
|
|
4229
|
+
}
|
|
4230
|
+
],
|
|
4231
|
+
"atlas": [
|
|
4232
|
+
{
|
|
4233
|
+
"id": "AML.T0017",
|
|
4234
|
+
"name": "Discover ML Model Ontology",
|
|
4235
|
+
"tactic": "Discovery"
|
|
4236
|
+
},
|
|
4237
|
+
{
|
|
4238
|
+
"id": "AML.T0051",
|
|
4239
|
+
"name": "LLM Prompt Injection",
|
|
4240
|
+
"tactic": "Execution"
|
|
4241
|
+
},
|
|
4242
|
+
{
|
|
4243
|
+
"id": "AML.T0096",
|
|
4244
|
+
"name": "AI API as Covert C2 Channel",
|
|
4245
|
+
"tactic": "Command and Control"
|
|
4246
|
+
}
|
|
4247
|
+
],
|
|
4248
|
+
"d3fend": [
|
|
4249
|
+
{
|
|
4250
|
+
"id": "D3-CA",
|
|
4251
|
+
"name": "Certificate Analysis",
|
|
4252
|
+
"tactic": "Detect"
|
|
4253
|
+
},
|
|
4254
|
+
{
|
|
4255
|
+
"id": "D3-CSPP",
|
|
4256
|
+
"name": "Client-server Payload Profiling",
|
|
4257
|
+
"tactic": "Detect"
|
|
4258
|
+
},
|
|
4259
|
+
{
|
|
4260
|
+
"id": "D3-DA",
|
|
4261
|
+
"name": "Domain Analysis",
|
|
4262
|
+
"tactic": "Detect"
|
|
4263
|
+
},
|
|
4264
|
+
{
|
|
4265
|
+
"id": "D3-EAL",
|
|
4266
|
+
"name": "Executable Allowlisting",
|
|
4267
|
+
"tactic": "Harden"
|
|
4268
|
+
},
|
|
4269
|
+
{
|
|
4270
|
+
"id": "D3-IOPR",
|
|
4271
|
+
"name": "Input/Output Profiling Resource",
|
|
4272
|
+
"tactic": "Detect"
|
|
4273
|
+
},
|
|
4274
|
+
{
|
|
4275
|
+
"id": "D3-NI",
|
|
4276
|
+
"name": "Network Isolation",
|
|
4277
|
+
"tactic": "Isolate"
|
|
4278
|
+
},
|
|
4279
|
+
{
|
|
4280
|
+
"id": "D3-NTA",
|
|
4281
|
+
"name": "Network Traffic Analysis",
|
|
4282
|
+
"tactic": "Detect"
|
|
4283
|
+
},
|
|
4284
|
+
{
|
|
4285
|
+
"id": "D3-NTPM",
|
|
4286
|
+
"name": "Network Traffic Policy Mapping",
|
|
4287
|
+
"tactic": "Model"
|
|
4288
|
+
}
|
|
4289
|
+
],
|
|
4290
|
+
"framework_gaps": [
|
|
4291
|
+
{
|
|
4292
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
4293
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
4294
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
4295
|
+
},
|
|
4296
|
+
{
|
|
4297
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
4298
|
+
"framework": "ISO/IEC 27001:2022",
|
|
4299
|
+
"control_name": "Monitoring activities"
|
|
4300
|
+
},
|
|
4301
|
+
{
|
|
4302
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
4303
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
4304
|
+
"control_name": "AI risk assessment"
|
|
4305
|
+
},
|
|
4306
|
+
{
|
|
4307
|
+
"id": "NIST-800-53-SC-28",
|
|
4308
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4309
|
+
"control_name": "Protection of Information at Rest"
|
|
4310
|
+
},
|
|
4311
|
+
{
|
|
4312
|
+
"id": "NIST-800-53-SC-7",
|
|
4313
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4314
|
+
"control_name": "Boundary Protection"
|
|
4315
|
+
},
|
|
4316
|
+
{
|
|
4317
|
+
"id": "NIST-800-53-SI-3",
|
|
4318
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4319
|
+
"control_name": "Malicious Code Protection"
|
|
4320
|
+
},
|
|
4321
|
+
{
|
|
4322
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
4323
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
4324
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
4325
|
+
}
|
|
4326
|
+
],
|
|
4327
|
+
"attack_refs": [
|
|
4328
|
+
"T1041",
|
|
4329
|
+
"T1071",
|
|
4330
|
+
"T1102",
|
|
4331
|
+
"T1213",
|
|
4332
|
+
"T1530",
|
|
4333
|
+
"T1567",
|
|
4334
|
+
"T1568"
|
|
4335
|
+
],
|
|
4336
|
+
"rfc_refs": [
|
|
4337
|
+
"RFC-8446",
|
|
4338
|
+
"RFC-9000",
|
|
4339
|
+
"RFC-9114",
|
|
4340
|
+
"RFC-9180",
|
|
4341
|
+
"RFC-9421",
|
|
4342
|
+
"RFC-9458"
|
|
4343
|
+
]
|
|
3646
4344
|
}
|
|
3647
4345
|
},
|
|
3648
4346
|
"MAL-2026-TANSTACK-MINI": {
|
|
@@ -3699,14 +4397,295 @@
|
|
|
3699
4397
|
"cvss": 8.8,
|
|
3700
4398
|
"cisa_kev": false,
|
|
3701
4399
|
"epss_score": 0.02,
|
|
3702
|
-
"referencing_skills": [
|
|
4400
|
+
"referencing_skills": [
|
|
4401
|
+
"ai-attack-surface",
|
|
4402
|
+
"rag-pipeline-security",
|
|
4403
|
+
"threat-modeling-methodology",
|
|
4404
|
+
"webapp-security",
|
|
4405
|
+
"api-security",
|
|
4406
|
+
"container-runtime-security"
|
|
4407
|
+
],
|
|
3703
4408
|
"chain": {
|
|
3704
|
-
"cwes": [
|
|
3705
|
-
|
|
3706
|
-
|
|
3707
|
-
|
|
3708
|
-
|
|
3709
|
-
|
|
4409
|
+
"cwes": [
|
|
4410
|
+
{
|
|
4411
|
+
"id": "CWE-1039",
|
|
4412
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
4413
|
+
"category": "AI/ML"
|
|
4414
|
+
},
|
|
4415
|
+
{
|
|
4416
|
+
"id": "CWE-1188",
|
|
4417
|
+
"name": "Initialization of a Resource with an Insecure Default",
|
|
4418
|
+
"category": "Configuration"
|
|
4419
|
+
},
|
|
4420
|
+
{
|
|
4421
|
+
"id": "CWE-1395",
|
|
4422
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
4423
|
+
"category": "Supply Chain"
|
|
4424
|
+
},
|
|
4425
|
+
{
|
|
4426
|
+
"id": "CWE-1426",
|
|
4427
|
+
"name": "Improper Validation of Generative AI Output",
|
|
4428
|
+
"category": "AI/ML"
|
|
4429
|
+
},
|
|
4430
|
+
{
|
|
4431
|
+
"id": "CWE-200",
|
|
4432
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
4433
|
+
"category": "Information Exposure"
|
|
4434
|
+
},
|
|
4435
|
+
{
|
|
4436
|
+
"id": "CWE-22",
|
|
4437
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
4438
|
+
"category": "Path/Resource"
|
|
4439
|
+
},
|
|
4440
|
+
{
|
|
4441
|
+
"id": "CWE-269",
|
|
4442
|
+
"name": "Improper Privilege Management",
|
|
4443
|
+
"category": "Authorization"
|
|
4444
|
+
},
|
|
4445
|
+
{
|
|
4446
|
+
"id": "CWE-287",
|
|
4447
|
+
"name": "Improper Authentication",
|
|
4448
|
+
"category": "Authentication"
|
|
4449
|
+
},
|
|
4450
|
+
{
|
|
4451
|
+
"id": "CWE-352",
|
|
4452
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
4453
|
+
"category": "Session"
|
|
4454
|
+
},
|
|
4455
|
+
{
|
|
4456
|
+
"id": "CWE-434",
|
|
4457
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
4458
|
+
"category": "File Handling"
|
|
4459
|
+
},
|
|
4460
|
+
{
|
|
4461
|
+
"id": "CWE-502",
|
|
4462
|
+
"name": "Deserialization of Untrusted Data",
|
|
4463
|
+
"category": "Serialization"
|
|
4464
|
+
},
|
|
4465
|
+
{
|
|
4466
|
+
"id": "CWE-732",
|
|
4467
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
4468
|
+
"category": "Authorization"
|
|
4469
|
+
},
|
|
4470
|
+
{
|
|
4471
|
+
"id": "CWE-77",
|
|
4472
|
+
"name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
|
|
4473
|
+
"category": "Injection"
|
|
4474
|
+
},
|
|
4475
|
+
{
|
|
4476
|
+
"id": "CWE-78",
|
|
4477
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
4478
|
+
"category": "Injection"
|
|
4479
|
+
},
|
|
4480
|
+
{
|
|
4481
|
+
"id": "CWE-787",
|
|
4482
|
+
"name": "Out-of-bounds Write",
|
|
4483
|
+
"category": "Memory Safety"
|
|
4484
|
+
},
|
|
4485
|
+
{
|
|
4486
|
+
"id": "CWE-79",
|
|
4487
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
4488
|
+
"category": "Injection"
|
|
4489
|
+
},
|
|
4490
|
+
{
|
|
4491
|
+
"id": "CWE-862",
|
|
4492
|
+
"name": "Missing Authorization",
|
|
4493
|
+
"category": "Authorization"
|
|
4494
|
+
},
|
|
4495
|
+
{
|
|
4496
|
+
"id": "CWE-863",
|
|
4497
|
+
"name": "Incorrect Authorization",
|
|
4498
|
+
"category": "Authorization"
|
|
4499
|
+
},
|
|
4500
|
+
{
|
|
4501
|
+
"id": "CWE-89",
|
|
4502
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
4503
|
+
"category": "Injection"
|
|
4504
|
+
},
|
|
4505
|
+
{
|
|
4506
|
+
"id": "CWE-918",
|
|
4507
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
4508
|
+
"category": "Network"
|
|
4509
|
+
},
|
|
4510
|
+
{
|
|
4511
|
+
"id": "CWE-94",
|
|
4512
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
4513
|
+
"category": "Injection"
|
|
4514
|
+
}
|
|
4515
|
+
],
|
|
4516
|
+
"atlas": [
|
|
4517
|
+
{
|
|
4518
|
+
"id": "AML.T0010",
|
|
4519
|
+
"name": "ML Supply Chain Compromise",
|
|
4520
|
+
"tactic": "Initial Access"
|
|
4521
|
+
},
|
|
4522
|
+
{
|
|
4523
|
+
"id": "AML.T0016",
|
|
4524
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
4525
|
+
"tactic": "Resource Development"
|
|
4526
|
+
},
|
|
4527
|
+
{
|
|
4528
|
+
"id": "AML.T0017",
|
|
4529
|
+
"name": "Discover ML Model Ontology",
|
|
4530
|
+
"tactic": "Discovery"
|
|
4531
|
+
},
|
|
4532
|
+
{
|
|
4533
|
+
"id": "AML.T0018",
|
|
4534
|
+
"name": "Backdoor ML Model",
|
|
4535
|
+
"tactic": "Persistence"
|
|
4536
|
+
},
|
|
4537
|
+
{
|
|
4538
|
+
"id": "AML.T0020",
|
|
4539
|
+
"name": "Poison Training Data",
|
|
4540
|
+
"tactic": "ML Attack Staging"
|
|
4541
|
+
},
|
|
4542
|
+
{
|
|
4543
|
+
"id": "AML.T0043",
|
|
4544
|
+
"name": "Craft Adversarial Data",
|
|
4545
|
+
"tactic": "ML Attack Staging"
|
|
4546
|
+
},
|
|
4547
|
+
{
|
|
4548
|
+
"id": "AML.T0051",
|
|
4549
|
+
"name": "LLM Prompt Injection",
|
|
4550
|
+
"tactic": "Execution"
|
|
4551
|
+
},
|
|
4552
|
+
{
|
|
4553
|
+
"id": "AML.T0054",
|
|
4554
|
+
"name": "LLM Jailbreak",
|
|
4555
|
+
"tactic": "Defense Evasion"
|
|
4556
|
+
},
|
|
4557
|
+
{
|
|
4558
|
+
"id": "AML.T0096",
|
|
4559
|
+
"name": "AI API as Covert C2 Channel",
|
|
4560
|
+
"tactic": "Command and Control"
|
|
4561
|
+
}
|
|
4562
|
+
],
|
|
4563
|
+
"d3fend": [
|
|
4564
|
+
{
|
|
4565
|
+
"id": "D3-CSPP",
|
|
4566
|
+
"name": "Client-server Payload Profiling",
|
|
4567
|
+
"tactic": "Detect"
|
|
4568
|
+
},
|
|
4569
|
+
{
|
|
4570
|
+
"id": "D3-IOPR",
|
|
4571
|
+
"name": "Input/Output Profiling Resource",
|
|
4572
|
+
"tactic": "Detect"
|
|
4573
|
+
},
|
|
4574
|
+
{
|
|
4575
|
+
"id": "D3-NTA",
|
|
4576
|
+
"name": "Network Traffic Analysis",
|
|
4577
|
+
"tactic": "Detect"
|
|
4578
|
+
}
|
|
4579
|
+
],
|
|
4580
|
+
"framework_gaps": [
|
|
4581
|
+
{
|
|
4582
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
4583
|
+
"framework": "ALL",
|
|
4584
|
+
"control_name": "AI Pipeline Integrity"
|
|
4585
|
+
},
|
|
4586
|
+
{
|
|
4587
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
4588
|
+
"framework": "ALL",
|
|
4589
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
4590
|
+
},
|
|
4591
|
+
{
|
|
4592
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
4593
|
+
"framework": "ISO/IEC 27001:2022",
|
|
4594
|
+
"control_name": "Secure coding"
|
|
4595
|
+
},
|
|
4596
|
+
{
|
|
4597
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
4598
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
4599
|
+
"control_name": "AI risk management process"
|
|
4600
|
+
},
|
|
4601
|
+
{
|
|
4602
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
4603
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
4604
|
+
"control_name": "AI risk assessment"
|
|
4605
|
+
},
|
|
4606
|
+
{
|
|
4607
|
+
"id": "NIST-800-218-SSDF",
|
|
4608
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
4609
|
+
"control_name": "Secure Software Development Framework"
|
|
4610
|
+
},
|
|
4611
|
+
{
|
|
4612
|
+
"id": "NIST-800-53-AC-2",
|
|
4613
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4614
|
+
"control_name": "Account Management"
|
|
4615
|
+
},
|
|
4616
|
+
{
|
|
4617
|
+
"id": "NIST-800-53-CM-7",
|
|
4618
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4619
|
+
"control_name": "Least Functionality"
|
|
4620
|
+
},
|
|
4621
|
+
{
|
|
4622
|
+
"id": "NIST-800-53-SI-12",
|
|
4623
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4624
|
+
"control_name": "Information Management and Retention"
|
|
4625
|
+
},
|
|
4626
|
+
{
|
|
4627
|
+
"id": "NIST-800-53-SI-3",
|
|
4628
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4629
|
+
"control_name": "Malicious Code Protection"
|
|
4630
|
+
},
|
|
4631
|
+
{
|
|
4632
|
+
"id": "NIST-AI-RMF-MEASURE-2.5",
|
|
4633
|
+
"framework": "NIST AI RMF 1.0",
|
|
4634
|
+
"control_name": "AI system to human interaction evaluation"
|
|
4635
|
+
},
|
|
4636
|
+
{
|
|
4637
|
+
"id": "OWASP-ASVS-v5.0-V14",
|
|
4638
|
+
"framework": "OWASP ASVS v5.0",
|
|
4639
|
+
"control_name": "Configuration verification"
|
|
4640
|
+
},
|
|
4641
|
+
{
|
|
4642
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
4643
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
4644
|
+
"control_name": "Prompt Injection"
|
|
4645
|
+
},
|
|
4646
|
+
{
|
|
4647
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
4648
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
4649
|
+
"control_name": "Sensitive Information Disclosure"
|
|
4650
|
+
},
|
|
4651
|
+
{
|
|
4652
|
+
"id": "OWASP-LLM-Top-10-2025-LLM08",
|
|
4653
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
4654
|
+
"control_name": "Vector and Embedding Weaknesses"
|
|
4655
|
+
},
|
|
4656
|
+
{
|
|
4657
|
+
"id": "SLSA-v1.0-Build-L3",
|
|
4658
|
+
"framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
|
|
4659
|
+
"control_name": "Hardened build platform with non-falsifiable provenance"
|
|
4660
|
+
},
|
|
4661
|
+
{
|
|
4662
|
+
"id": "SOC2-CC6-logical-access",
|
|
4663
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
4664
|
+
"control_name": "Logical and Physical Access Controls"
|
|
4665
|
+
}
|
|
4666
|
+
],
|
|
4667
|
+
"attack_refs": [
|
|
4668
|
+
"T1059",
|
|
4669
|
+
"T1068",
|
|
4670
|
+
"T1078",
|
|
4671
|
+
"T1190",
|
|
4672
|
+
"T1505",
|
|
4673
|
+
"T1565",
|
|
4674
|
+
"T1566",
|
|
4675
|
+
"T1567",
|
|
4676
|
+
"T1610",
|
|
4677
|
+
"T1611"
|
|
4678
|
+
],
|
|
4679
|
+
"rfc_refs": [
|
|
4680
|
+
"RFC-6749",
|
|
4681
|
+
"RFC-7519",
|
|
4682
|
+
"RFC-8032",
|
|
4683
|
+
"RFC-8446",
|
|
4684
|
+
"RFC-8725",
|
|
4685
|
+
"RFC-9114",
|
|
4686
|
+
"RFC-9421",
|
|
4687
|
+
"RFC-9700"
|
|
4688
|
+
]
|
|
3710
4689
|
}
|
|
3711
4690
|
},
|
|
3712
4691
|
"CVE-2025-12686": {
|
|
@@ -3715,14 +4694,101 @@
|
|
|
3715
4694
|
"cvss": 9.8,
|
|
3716
4695
|
"cisa_kev": false,
|
|
3717
4696
|
"epss_score": 0.04,
|
|
3718
|
-
"referencing_skills": [
|
|
4697
|
+
"referencing_skills": [
|
|
4698
|
+
"kernel-lpe-triage"
|
|
4699
|
+
],
|
|
3719
4700
|
"chain": {
|
|
3720
|
-
"cwes": [
|
|
4701
|
+
"cwes": [
|
|
4702
|
+
{
|
|
4703
|
+
"id": "CWE-125",
|
|
4704
|
+
"name": "Out-of-bounds Read",
|
|
4705
|
+
"category": "Memory Safety"
|
|
4706
|
+
},
|
|
4707
|
+
{
|
|
4708
|
+
"id": "CWE-362",
|
|
4709
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
4710
|
+
"category": "Concurrency"
|
|
4711
|
+
},
|
|
4712
|
+
{
|
|
4713
|
+
"id": "CWE-416",
|
|
4714
|
+
"name": "Use After Free",
|
|
4715
|
+
"category": "Memory Safety"
|
|
4716
|
+
},
|
|
4717
|
+
{
|
|
4718
|
+
"id": "CWE-672",
|
|
4719
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
4720
|
+
"category": "Memory Safety"
|
|
4721
|
+
},
|
|
4722
|
+
{
|
|
4723
|
+
"id": "CWE-787",
|
|
4724
|
+
"name": "Out-of-bounds Write",
|
|
4725
|
+
"category": "Memory Safety"
|
|
4726
|
+
}
|
|
4727
|
+
],
|
|
3721
4728
|
"atlas": [],
|
|
3722
|
-
"d3fend": [
|
|
3723
|
-
|
|
3724
|
-
|
|
3725
|
-
|
|
4729
|
+
"d3fend": [
|
|
4730
|
+
{
|
|
4731
|
+
"id": "D3-ASLR",
|
|
4732
|
+
"name": "Address Space Layout Randomization",
|
|
4733
|
+
"tactic": "Harden"
|
|
4734
|
+
},
|
|
4735
|
+
{
|
|
4736
|
+
"id": "D3-EAL",
|
|
4737
|
+
"name": "Executable Allowlisting",
|
|
4738
|
+
"tactic": "Harden"
|
|
4739
|
+
},
|
|
4740
|
+
{
|
|
4741
|
+
"id": "D3-PHRA",
|
|
4742
|
+
"name": "Process Hardware Resource Access",
|
|
4743
|
+
"tactic": "Isolate"
|
|
4744
|
+
},
|
|
4745
|
+
{
|
|
4746
|
+
"id": "D3-PSEP",
|
|
4747
|
+
"name": "Process Segment Execution Prevention",
|
|
4748
|
+
"tactic": "Harden"
|
|
4749
|
+
}
|
|
4750
|
+
],
|
|
4751
|
+
"framework_gaps": [
|
|
4752
|
+
{
|
|
4753
|
+
"id": "CIS-Controls-v8-Control7",
|
|
4754
|
+
"framework": "CIS Controls v8",
|
|
4755
|
+
"control_name": "Continuous Vulnerability Management"
|
|
4756
|
+
},
|
|
4757
|
+
{
|
|
4758
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
4759
|
+
"framework": "ISO/IEC 27001:2022",
|
|
4760
|
+
"control_name": "Management of technical vulnerabilities"
|
|
4761
|
+
},
|
|
4762
|
+
{
|
|
4763
|
+
"id": "NIS2-Art21-patch-management",
|
|
4764
|
+
"framework": "EU NIS2 Directive",
|
|
4765
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
4766
|
+
},
|
|
4767
|
+
{
|
|
4768
|
+
"id": "NIST-800-53-SC-8",
|
|
4769
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4770
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
4771
|
+
},
|
|
4772
|
+
{
|
|
4773
|
+
"id": "NIST-800-53-SI-2",
|
|
4774
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4775
|
+
"control_name": "Flaw Remediation"
|
|
4776
|
+
},
|
|
4777
|
+
{
|
|
4778
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
4779
|
+
"framework": "PCI DSS 4.0",
|
|
4780
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
4781
|
+
}
|
|
4782
|
+
],
|
|
4783
|
+
"attack_refs": [
|
|
4784
|
+
"T1068",
|
|
4785
|
+
"T1548.001"
|
|
4786
|
+
],
|
|
4787
|
+
"rfc_refs": [
|
|
4788
|
+
"RFC-4301",
|
|
4789
|
+
"RFC-4303",
|
|
4790
|
+
"RFC-7296"
|
|
4791
|
+
]
|
|
3726
4792
|
}
|
|
3727
4793
|
},
|
|
3728
4794
|
"CVE-2025-62847": {
|
|
@@ -3731,14 +4797,101 @@
|
|
|
3731
4797
|
"cvss": 9.8,
|
|
3732
4798
|
"cisa_kev": false,
|
|
3733
4799
|
"epss_score": 0.03,
|
|
3734
|
-
"referencing_skills": [
|
|
4800
|
+
"referencing_skills": [
|
|
4801
|
+
"kernel-lpe-triage"
|
|
4802
|
+
],
|
|
3735
4803
|
"chain": {
|
|
3736
|
-
"cwes": [
|
|
4804
|
+
"cwes": [
|
|
4805
|
+
{
|
|
4806
|
+
"id": "CWE-125",
|
|
4807
|
+
"name": "Out-of-bounds Read",
|
|
4808
|
+
"category": "Memory Safety"
|
|
4809
|
+
},
|
|
4810
|
+
{
|
|
4811
|
+
"id": "CWE-362",
|
|
4812
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
4813
|
+
"category": "Concurrency"
|
|
4814
|
+
},
|
|
4815
|
+
{
|
|
4816
|
+
"id": "CWE-416",
|
|
4817
|
+
"name": "Use After Free",
|
|
4818
|
+
"category": "Memory Safety"
|
|
4819
|
+
},
|
|
4820
|
+
{
|
|
4821
|
+
"id": "CWE-672",
|
|
4822
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
4823
|
+
"category": "Memory Safety"
|
|
4824
|
+
},
|
|
4825
|
+
{
|
|
4826
|
+
"id": "CWE-787",
|
|
4827
|
+
"name": "Out-of-bounds Write",
|
|
4828
|
+
"category": "Memory Safety"
|
|
4829
|
+
}
|
|
4830
|
+
],
|
|
3737
4831
|
"atlas": [],
|
|
3738
|
-
"d3fend": [
|
|
3739
|
-
|
|
3740
|
-
|
|
3741
|
-
|
|
4832
|
+
"d3fend": [
|
|
4833
|
+
{
|
|
4834
|
+
"id": "D3-ASLR",
|
|
4835
|
+
"name": "Address Space Layout Randomization",
|
|
4836
|
+
"tactic": "Harden"
|
|
4837
|
+
},
|
|
4838
|
+
{
|
|
4839
|
+
"id": "D3-EAL",
|
|
4840
|
+
"name": "Executable Allowlisting",
|
|
4841
|
+
"tactic": "Harden"
|
|
4842
|
+
},
|
|
4843
|
+
{
|
|
4844
|
+
"id": "D3-PHRA",
|
|
4845
|
+
"name": "Process Hardware Resource Access",
|
|
4846
|
+
"tactic": "Isolate"
|
|
4847
|
+
},
|
|
4848
|
+
{
|
|
4849
|
+
"id": "D3-PSEP",
|
|
4850
|
+
"name": "Process Segment Execution Prevention",
|
|
4851
|
+
"tactic": "Harden"
|
|
4852
|
+
}
|
|
4853
|
+
],
|
|
4854
|
+
"framework_gaps": [
|
|
4855
|
+
{
|
|
4856
|
+
"id": "CIS-Controls-v8-Control7",
|
|
4857
|
+
"framework": "CIS Controls v8",
|
|
4858
|
+
"control_name": "Continuous Vulnerability Management"
|
|
4859
|
+
},
|
|
4860
|
+
{
|
|
4861
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
4862
|
+
"framework": "ISO/IEC 27001:2022",
|
|
4863
|
+
"control_name": "Management of technical vulnerabilities"
|
|
4864
|
+
},
|
|
4865
|
+
{
|
|
4866
|
+
"id": "NIS2-Art21-patch-management",
|
|
4867
|
+
"framework": "EU NIS2 Directive",
|
|
4868
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
4869
|
+
},
|
|
4870
|
+
{
|
|
4871
|
+
"id": "NIST-800-53-SC-8",
|
|
4872
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4873
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
4874
|
+
},
|
|
4875
|
+
{
|
|
4876
|
+
"id": "NIST-800-53-SI-2",
|
|
4877
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4878
|
+
"control_name": "Flaw Remediation"
|
|
4879
|
+
},
|
|
4880
|
+
{
|
|
4881
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
4882
|
+
"framework": "PCI DSS 4.0",
|
|
4883
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
4884
|
+
}
|
|
4885
|
+
],
|
|
4886
|
+
"attack_refs": [
|
|
4887
|
+
"T1068",
|
|
4888
|
+
"T1548.001"
|
|
4889
|
+
],
|
|
4890
|
+
"rfc_refs": [
|
|
4891
|
+
"RFC-4301",
|
|
4892
|
+
"RFC-4303",
|
|
4893
|
+
"RFC-7296"
|
|
4894
|
+
]
|
|
3742
4895
|
}
|
|
3743
4896
|
},
|
|
3744
4897
|
"CVE-2025-62848": {
|
|
@@ -3747,14 +4900,101 @@
|
|
|
3747
4900
|
"cvss": 9.8,
|
|
3748
4901
|
"cisa_kev": false,
|
|
3749
4902
|
"epss_score": 0.03,
|
|
3750
|
-
"referencing_skills": [
|
|
4903
|
+
"referencing_skills": [
|
|
4904
|
+
"kernel-lpe-triage"
|
|
4905
|
+
],
|
|
3751
4906
|
"chain": {
|
|
3752
|
-
"cwes": [
|
|
4907
|
+
"cwes": [
|
|
4908
|
+
{
|
|
4909
|
+
"id": "CWE-125",
|
|
4910
|
+
"name": "Out-of-bounds Read",
|
|
4911
|
+
"category": "Memory Safety"
|
|
4912
|
+
},
|
|
4913
|
+
{
|
|
4914
|
+
"id": "CWE-362",
|
|
4915
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
4916
|
+
"category": "Concurrency"
|
|
4917
|
+
},
|
|
4918
|
+
{
|
|
4919
|
+
"id": "CWE-416",
|
|
4920
|
+
"name": "Use After Free",
|
|
4921
|
+
"category": "Memory Safety"
|
|
4922
|
+
},
|
|
4923
|
+
{
|
|
4924
|
+
"id": "CWE-672",
|
|
4925
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
4926
|
+
"category": "Memory Safety"
|
|
4927
|
+
},
|
|
4928
|
+
{
|
|
4929
|
+
"id": "CWE-787",
|
|
4930
|
+
"name": "Out-of-bounds Write",
|
|
4931
|
+
"category": "Memory Safety"
|
|
4932
|
+
}
|
|
4933
|
+
],
|
|
3753
4934
|
"atlas": [],
|
|
3754
|
-
"d3fend": [
|
|
3755
|
-
|
|
3756
|
-
|
|
3757
|
-
|
|
4935
|
+
"d3fend": [
|
|
4936
|
+
{
|
|
4937
|
+
"id": "D3-ASLR",
|
|
4938
|
+
"name": "Address Space Layout Randomization",
|
|
4939
|
+
"tactic": "Harden"
|
|
4940
|
+
},
|
|
4941
|
+
{
|
|
4942
|
+
"id": "D3-EAL",
|
|
4943
|
+
"name": "Executable Allowlisting",
|
|
4944
|
+
"tactic": "Harden"
|
|
4945
|
+
},
|
|
4946
|
+
{
|
|
4947
|
+
"id": "D3-PHRA",
|
|
4948
|
+
"name": "Process Hardware Resource Access",
|
|
4949
|
+
"tactic": "Isolate"
|
|
4950
|
+
},
|
|
4951
|
+
{
|
|
4952
|
+
"id": "D3-PSEP",
|
|
4953
|
+
"name": "Process Segment Execution Prevention",
|
|
4954
|
+
"tactic": "Harden"
|
|
4955
|
+
}
|
|
4956
|
+
],
|
|
4957
|
+
"framework_gaps": [
|
|
4958
|
+
{
|
|
4959
|
+
"id": "CIS-Controls-v8-Control7",
|
|
4960
|
+
"framework": "CIS Controls v8",
|
|
4961
|
+
"control_name": "Continuous Vulnerability Management"
|
|
4962
|
+
},
|
|
4963
|
+
{
|
|
4964
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
4965
|
+
"framework": "ISO/IEC 27001:2022",
|
|
4966
|
+
"control_name": "Management of technical vulnerabilities"
|
|
4967
|
+
},
|
|
4968
|
+
{
|
|
4969
|
+
"id": "NIS2-Art21-patch-management",
|
|
4970
|
+
"framework": "EU NIS2 Directive",
|
|
4971
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
4972
|
+
},
|
|
4973
|
+
{
|
|
4974
|
+
"id": "NIST-800-53-SC-8",
|
|
4975
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4976
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
4977
|
+
},
|
|
4978
|
+
{
|
|
4979
|
+
"id": "NIST-800-53-SI-2",
|
|
4980
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4981
|
+
"control_name": "Flaw Remediation"
|
|
4982
|
+
},
|
|
4983
|
+
{
|
|
4984
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
4985
|
+
"framework": "PCI DSS 4.0",
|
|
4986
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
4987
|
+
}
|
|
4988
|
+
],
|
|
4989
|
+
"attack_refs": [
|
|
4990
|
+
"T1068",
|
|
4991
|
+
"T1548.001"
|
|
4992
|
+
],
|
|
4993
|
+
"rfc_refs": [
|
|
4994
|
+
"RFC-4301",
|
|
4995
|
+
"RFC-4303",
|
|
4996
|
+
"RFC-7296"
|
|
4997
|
+
]
|
|
3758
4998
|
}
|
|
3759
4999
|
},
|
|
3760
5000
|
"CVE-2025-62849": {
|
|
@@ -3763,14 +5003,101 @@
|
|
|
3763
5003
|
"cvss": 8.8,
|
|
3764
5004
|
"cisa_kev": false,
|
|
3765
5005
|
"epss_score": 0.02,
|
|
3766
|
-
"referencing_skills": [
|
|
5006
|
+
"referencing_skills": [
|
|
5007
|
+
"kernel-lpe-triage"
|
|
5008
|
+
],
|
|
3767
5009
|
"chain": {
|
|
3768
|
-
"cwes": [
|
|
5010
|
+
"cwes": [
|
|
5011
|
+
{
|
|
5012
|
+
"id": "CWE-125",
|
|
5013
|
+
"name": "Out-of-bounds Read",
|
|
5014
|
+
"category": "Memory Safety"
|
|
5015
|
+
},
|
|
5016
|
+
{
|
|
5017
|
+
"id": "CWE-362",
|
|
5018
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
5019
|
+
"category": "Concurrency"
|
|
5020
|
+
},
|
|
5021
|
+
{
|
|
5022
|
+
"id": "CWE-416",
|
|
5023
|
+
"name": "Use After Free",
|
|
5024
|
+
"category": "Memory Safety"
|
|
5025
|
+
},
|
|
5026
|
+
{
|
|
5027
|
+
"id": "CWE-672",
|
|
5028
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
5029
|
+
"category": "Memory Safety"
|
|
5030
|
+
},
|
|
5031
|
+
{
|
|
5032
|
+
"id": "CWE-787",
|
|
5033
|
+
"name": "Out-of-bounds Write",
|
|
5034
|
+
"category": "Memory Safety"
|
|
5035
|
+
}
|
|
5036
|
+
],
|
|
3769
5037
|
"atlas": [],
|
|
3770
|
-
"d3fend": [
|
|
3771
|
-
|
|
3772
|
-
|
|
3773
|
-
|
|
5038
|
+
"d3fend": [
|
|
5039
|
+
{
|
|
5040
|
+
"id": "D3-ASLR",
|
|
5041
|
+
"name": "Address Space Layout Randomization",
|
|
5042
|
+
"tactic": "Harden"
|
|
5043
|
+
},
|
|
5044
|
+
{
|
|
5045
|
+
"id": "D3-EAL",
|
|
5046
|
+
"name": "Executable Allowlisting",
|
|
5047
|
+
"tactic": "Harden"
|
|
5048
|
+
},
|
|
5049
|
+
{
|
|
5050
|
+
"id": "D3-PHRA",
|
|
5051
|
+
"name": "Process Hardware Resource Access",
|
|
5052
|
+
"tactic": "Isolate"
|
|
5053
|
+
},
|
|
5054
|
+
{
|
|
5055
|
+
"id": "D3-PSEP",
|
|
5056
|
+
"name": "Process Segment Execution Prevention",
|
|
5057
|
+
"tactic": "Harden"
|
|
5058
|
+
}
|
|
5059
|
+
],
|
|
5060
|
+
"framework_gaps": [
|
|
5061
|
+
{
|
|
5062
|
+
"id": "CIS-Controls-v8-Control7",
|
|
5063
|
+
"framework": "CIS Controls v8",
|
|
5064
|
+
"control_name": "Continuous Vulnerability Management"
|
|
5065
|
+
},
|
|
5066
|
+
{
|
|
5067
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
5068
|
+
"framework": "ISO/IEC 27001:2022",
|
|
5069
|
+
"control_name": "Management of technical vulnerabilities"
|
|
5070
|
+
},
|
|
5071
|
+
{
|
|
5072
|
+
"id": "NIS2-Art21-patch-management",
|
|
5073
|
+
"framework": "EU NIS2 Directive",
|
|
5074
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
5075
|
+
},
|
|
5076
|
+
{
|
|
5077
|
+
"id": "NIST-800-53-SC-8",
|
|
5078
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
5079
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
5080
|
+
},
|
|
5081
|
+
{
|
|
5082
|
+
"id": "NIST-800-53-SI-2",
|
|
5083
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
5084
|
+
"control_name": "Flaw Remediation"
|
|
5085
|
+
},
|
|
5086
|
+
{
|
|
5087
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
5088
|
+
"framework": "PCI DSS 4.0",
|
|
5089
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
5090
|
+
}
|
|
5091
|
+
],
|
|
5092
|
+
"attack_refs": [
|
|
5093
|
+
"T1068",
|
|
5094
|
+
"T1548.001"
|
|
5095
|
+
],
|
|
5096
|
+
"rfc_refs": [
|
|
5097
|
+
"RFC-4301",
|
|
5098
|
+
"RFC-4303",
|
|
5099
|
+
"RFC-7296"
|
|
5100
|
+
]
|
|
3774
5101
|
}
|
|
3775
5102
|
},
|
|
3776
5103
|
"CVE-2025-59389": {
|
|
@@ -3779,14 +5106,101 @@
|
|
|
3779
5106
|
"cvss": 9.8,
|
|
3780
5107
|
"cisa_kev": false,
|
|
3781
5108
|
"epss_score": 0.05,
|
|
3782
|
-
"referencing_skills": [
|
|
5109
|
+
"referencing_skills": [
|
|
5110
|
+
"kernel-lpe-triage"
|
|
5111
|
+
],
|
|
3783
5112
|
"chain": {
|
|
3784
|
-
"cwes": [
|
|
3785
|
-
|
|
3786
|
-
|
|
3787
|
-
|
|
3788
|
-
|
|
3789
|
-
|
|
5113
|
+
"cwes": [
|
|
5114
|
+
{
|
|
5115
|
+
"id": "CWE-125",
|
|
5116
|
+
"name": "Out-of-bounds Read",
|
|
5117
|
+
"category": "Memory Safety"
|
|
5118
|
+
},
|
|
5119
|
+
{
|
|
5120
|
+
"id": "CWE-362",
|
|
5121
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
5122
|
+
"category": "Concurrency"
|
|
5123
|
+
},
|
|
5124
|
+
{
|
|
5125
|
+
"id": "CWE-416",
|
|
5126
|
+
"name": "Use After Free",
|
|
5127
|
+
"category": "Memory Safety"
|
|
5128
|
+
},
|
|
5129
|
+
{
|
|
5130
|
+
"id": "CWE-672",
|
|
5131
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
5132
|
+
"category": "Memory Safety"
|
|
5133
|
+
},
|
|
5134
|
+
{
|
|
5135
|
+
"id": "CWE-787",
|
|
5136
|
+
"name": "Out-of-bounds Write",
|
|
5137
|
+
"category": "Memory Safety"
|
|
5138
|
+
}
|
|
5139
|
+
],
|
|
5140
|
+
"atlas": [],
|
|
5141
|
+
"d3fend": [
|
|
5142
|
+
{
|
|
5143
|
+
"id": "D3-ASLR",
|
|
5144
|
+
"name": "Address Space Layout Randomization",
|
|
5145
|
+
"tactic": "Harden"
|
|
5146
|
+
},
|
|
5147
|
+
{
|
|
5148
|
+
"id": "D3-EAL",
|
|
5149
|
+
"name": "Executable Allowlisting",
|
|
5150
|
+
"tactic": "Harden"
|
|
5151
|
+
},
|
|
5152
|
+
{
|
|
5153
|
+
"id": "D3-PHRA",
|
|
5154
|
+
"name": "Process Hardware Resource Access",
|
|
5155
|
+
"tactic": "Isolate"
|
|
5156
|
+
},
|
|
5157
|
+
{
|
|
5158
|
+
"id": "D3-PSEP",
|
|
5159
|
+
"name": "Process Segment Execution Prevention",
|
|
5160
|
+
"tactic": "Harden"
|
|
5161
|
+
}
|
|
5162
|
+
],
|
|
5163
|
+
"framework_gaps": [
|
|
5164
|
+
{
|
|
5165
|
+
"id": "CIS-Controls-v8-Control7",
|
|
5166
|
+
"framework": "CIS Controls v8",
|
|
5167
|
+
"control_name": "Continuous Vulnerability Management"
|
|
5168
|
+
},
|
|
5169
|
+
{
|
|
5170
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
5171
|
+
"framework": "ISO/IEC 27001:2022",
|
|
5172
|
+
"control_name": "Management of technical vulnerabilities"
|
|
5173
|
+
},
|
|
5174
|
+
{
|
|
5175
|
+
"id": "NIS2-Art21-patch-management",
|
|
5176
|
+
"framework": "EU NIS2 Directive",
|
|
5177
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
5178
|
+
},
|
|
5179
|
+
{
|
|
5180
|
+
"id": "NIST-800-53-SC-8",
|
|
5181
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
5182
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
5183
|
+
},
|
|
5184
|
+
{
|
|
5185
|
+
"id": "NIST-800-53-SI-2",
|
|
5186
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
5187
|
+
"control_name": "Flaw Remediation"
|
|
5188
|
+
},
|
|
5189
|
+
{
|
|
5190
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
5191
|
+
"framework": "PCI DSS 4.0",
|
|
5192
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
5193
|
+
}
|
|
5194
|
+
],
|
|
5195
|
+
"attack_refs": [
|
|
5196
|
+
"T1068",
|
|
5197
|
+
"T1548.001"
|
|
5198
|
+
],
|
|
5199
|
+
"rfc_refs": [
|
|
5200
|
+
"RFC-4301",
|
|
5201
|
+
"RFC-4303",
|
|
5202
|
+
"RFC-7296"
|
|
5203
|
+
]
|
|
3790
5204
|
}
|
|
3791
5205
|
},
|
|
3792
5206
|
"CVE-2025-11837": {
|
|
@@ -3795,14 +5209,190 @@
|
|
|
3795
5209
|
"cvss": 8,
|
|
3796
5210
|
"cisa_kev": false,
|
|
3797
5211
|
"epss_score": 0.025,
|
|
3798
|
-
"referencing_skills": [
|
|
5212
|
+
"referencing_skills": [
|
|
5213
|
+
"ai-attack-surface",
|
|
5214
|
+
"ai-c2-detection",
|
|
5215
|
+
"email-security-anti-phishing"
|
|
5216
|
+
],
|
|
3799
5217
|
"chain": {
|
|
3800
|
-
"cwes": [
|
|
3801
|
-
|
|
3802
|
-
|
|
3803
|
-
|
|
3804
|
-
|
|
3805
|
-
|
|
5218
|
+
"cwes": [
|
|
5219
|
+
{
|
|
5220
|
+
"id": "CWE-1039",
|
|
5221
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
5222
|
+
"category": "AI/ML"
|
|
5223
|
+
},
|
|
5224
|
+
{
|
|
5225
|
+
"id": "CWE-1426",
|
|
5226
|
+
"name": "Improper Validation of Generative AI Output",
|
|
5227
|
+
"category": "AI/ML"
|
|
5228
|
+
},
|
|
5229
|
+
{
|
|
5230
|
+
"id": "CWE-94",
|
|
5231
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
5232
|
+
"category": "Injection"
|
|
5233
|
+
}
|
|
5234
|
+
],
|
|
5235
|
+
"atlas": [
|
|
5236
|
+
{
|
|
5237
|
+
"id": "AML.T0016",
|
|
5238
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
5239
|
+
"tactic": "Resource Development"
|
|
5240
|
+
},
|
|
5241
|
+
{
|
|
5242
|
+
"id": "AML.T0017",
|
|
5243
|
+
"name": "Discover ML Model Ontology",
|
|
5244
|
+
"tactic": "Discovery"
|
|
5245
|
+
},
|
|
5246
|
+
{
|
|
5247
|
+
"id": "AML.T0018",
|
|
5248
|
+
"name": "Backdoor ML Model",
|
|
5249
|
+
"tactic": "Persistence"
|
|
5250
|
+
},
|
|
5251
|
+
{
|
|
5252
|
+
"id": "AML.T0020",
|
|
5253
|
+
"name": "Poison Training Data",
|
|
5254
|
+
"tactic": "ML Attack Staging"
|
|
5255
|
+
},
|
|
5256
|
+
{
|
|
5257
|
+
"id": "AML.T0043",
|
|
5258
|
+
"name": "Craft Adversarial Data",
|
|
5259
|
+
"tactic": "ML Attack Staging"
|
|
5260
|
+
},
|
|
5261
|
+
{
|
|
5262
|
+
"id": "AML.T0051",
|
|
5263
|
+
"name": "LLM Prompt Injection",
|
|
5264
|
+
"tactic": "Execution"
|
|
5265
|
+
},
|
|
5266
|
+
{
|
|
5267
|
+
"id": "AML.T0054",
|
|
5268
|
+
"name": "LLM Jailbreak",
|
|
5269
|
+
"tactic": "Defense Evasion"
|
|
5270
|
+
},
|
|
5271
|
+
{
|
|
5272
|
+
"id": "AML.T0096",
|
|
5273
|
+
"name": "AI API as Covert C2 Channel",
|
|
5274
|
+
"tactic": "Command and Control"
|
|
5275
|
+
}
|
|
5276
|
+
],
|
|
5277
|
+
"d3fend": [
|
|
5278
|
+
{
|
|
5279
|
+
"id": "D3-CA",
|
|
5280
|
+
"name": "Certificate Analysis",
|
|
5281
|
+
"tactic": "Detect"
|
|
5282
|
+
},
|
|
5283
|
+
{
|
|
5284
|
+
"id": "D3-CSPP",
|
|
5285
|
+
"name": "Client-server Payload Profiling",
|
|
5286
|
+
"tactic": "Detect"
|
|
5287
|
+
},
|
|
5288
|
+
{
|
|
5289
|
+
"id": "D3-DA",
|
|
5290
|
+
"name": "Domain Analysis",
|
|
5291
|
+
"tactic": "Detect"
|
|
5292
|
+
},
|
|
5293
|
+
{
|
|
5294
|
+
"id": "D3-IOPR",
|
|
5295
|
+
"name": "Input/Output Profiling Resource",
|
|
5296
|
+
"tactic": "Detect"
|
|
5297
|
+
},
|
|
5298
|
+
{
|
|
5299
|
+
"id": "D3-NI",
|
|
5300
|
+
"name": "Network Isolation",
|
|
5301
|
+
"tactic": "Isolate"
|
|
5302
|
+
},
|
|
5303
|
+
{
|
|
5304
|
+
"id": "D3-NTA",
|
|
5305
|
+
"name": "Network Traffic Analysis",
|
|
5306
|
+
"tactic": "Detect"
|
|
5307
|
+
},
|
|
5308
|
+
{
|
|
5309
|
+
"id": "D3-NTPM",
|
|
5310
|
+
"name": "Network Traffic Policy Mapping",
|
|
5311
|
+
"tactic": "Model"
|
|
5312
|
+
}
|
|
5313
|
+
],
|
|
5314
|
+
"framework_gaps": [
|
|
5315
|
+
{
|
|
5316
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
5317
|
+
"framework": "ALL",
|
|
5318
|
+
"control_name": "AI Pipeline Integrity"
|
|
5319
|
+
},
|
|
5320
|
+
{
|
|
5321
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
5322
|
+
"framework": "ALL",
|
|
5323
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
5324
|
+
},
|
|
5325
|
+
{
|
|
5326
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
5327
|
+
"framework": "ISO/IEC 27001:2022",
|
|
5328
|
+
"control_name": "Monitoring activities"
|
|
5329
|
+
},
|
|
5330
|
+
{
|
|
5331
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
5332
|
+
"framework": "ISO/IEC 27001:2022",
|
|
5333
|
+
"control_name": "Secure coding"
|
|
5334
|
+
},
|
|
5335
|
+
{
|
|
5336
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
5337
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
5338
|
+
"control_name": "AI risk management process"
|
|
5339
|
+
},
|
|
5340
|
+
{
|
|
5341
|
+
"id": "NIST-800-53-AC-2",
|
|
5342
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
5343
|
+
"control_name": "Account Management"
|
|
5344
|
+
},
|
|
5345
|
+
{
|
|
5346
|
+
"id": "NIST-800-53-SC-7",
|
|
5347
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
5348
|
+
"control_name": "Boundary Protection"
|
|
5349
|
+
},
|
|
5350
|
+
{
|
|
5351
|
+
"id": "NIST-800-53-SI-3",
|
|
5352
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
5353
|
+
"control_name": "Malicious Code Protection"
|
|
5354
|
+
},
|
|
5355
|
+
{
|
|
5356
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
5357
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
5358
|
+
"control_name": "Prompt Injection"
|
|
5359
|
+
},
|
|
5360
|
+
{
|
|
5361
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
5362
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
5363
|
+
"control_name": "Sensitive Information Disclosure"
|
|
5364
|
+
},
|
|
5365
|
+
{
|
|
5366
|
+
"id": "SOC2-CC6-logical-access",
|
|
5367
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
5368
|
+
"control_name": "Logical and Physical Access Controls"
|
|
5369
|
+
},
|
|
5370
|
+
{
|
|
5371
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
5372
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
5373
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
5374
|
+
}
|
|
5375
|
+
],
|
|
5376
|
+
"attack_refs": [
|
|
5377
|
+
"T1059",
|
|
5378
|
+
"T1071",
|
|
5379
|
+
"T1078",
|
|
5380
|
+
"T1102",
|
|
5381
|
+
"T1190",
|
|
5382
|
+
"T1566",
|
|
5383
|
+
"T1566.001",
|
|
5384
|
+
"T1566.002",
|
|
5385
|
+
"T1566.003",
|
|
5386
|
+
"T1568"
|
|
5387
|
+
],
|
|
5388
|
+
"rfc_refs": [
|
|
5389
|
+
"RFC-8446",
|
|
5390
|
+
"RFC-9000",
|
|
5391
|
+
"RFC-9114",
|
|
5392
|
+
"RFC-9180",
|
|
5393
|
+
"RFC-9421",
|
|
5394
|
+
"RFC-9458"
|
|
5395
|
+
]
|
|
3806
5396
|
}
|
|
3807
5397
|
},
|
|
3808
5398
|
"CVE-2026-42945": {
|
|
@@ -6070,9 +7660,12 @@
|
|
|
6070
7660
|
]
|
|
6071
7661
|
},
|
|
6072
7662
|
"related_cves": [
|
|
7663
|
+
"CVE-2023-43472",
|
|
6073
7664
|
"CVE-2024-3094",
|
|
7665
|
+
"CVE-2024-3154",
|
|
6074
7666
|
"CVE-2025-53773",
|
|
6075
7667
|
"CVE-2026-30615",
|
|
7668
|
+
"CVE-2026-30623",
|
|
6076
7669
|
"CVE-2026-31431",
|
|
6077
7670
|
"CVE-2026-39884",
|
|
6078
7671
|
"CVE-2026-42208",
|
|
@@ -6256,9 +7849,12 @@
|
|
|
6256
7849
|
]
|
|
6257
7850
|
},
|
|
6258
7851
|
"related_cves": [
|
|
7852
|
+
"CVE-2023-43472",
|
|
6259
7853
|
"CVE-2024-3094",
|
|
7854
|
+
"CVE-2024-3154",
|
|
6260
7855
|
"CVE-2025-53773",
|
|
6261
7856
|
"CVE-2026-30615",
|
|
7857
|
+
"CVE-2026-30623",
|
|
6262
7858
|
"CVE-2026-39884",
|
|
6263
7859
|
"CVE-2026-42208",
|
|
6264
7860
|
"CVE-2026-45321",
|
|
@@ -6393,6 +7989,8 @@
|
|
|
6393
7989
|
]
|
|
6394
7990
|
},
|
|
6395
7991
|
"related_cves": [
|
|
7992
|
+
"CVE-2023-43472",
|
|
7993
|
+
"CVE-2026-30623",
|
|
6396
7994
|
"CVE-2026-31431",
|
|
6397
7995
|
"CVE-2026-39884",
|
|
6398
7996
|
"CVE-2026-42208",
|
|
@@ -6519,6 +8117,8 @@
|
|
|
6519
8117
|
]
|
|
6520
8118
|
},
|
|
6521
8119
|
"related_cves": [
|
|
8120
|
+
"CVE-2023-43472",
|
|
8121
|
+
"CVE-2026-30623",
|
|
6522
8122
|
"CVE-2026-31431",
|
|
6523
8123
|
"CVE-2026-39884",
|
|
6524
8124
|
"CVE-2026-42208",
|
|
@@ -6659,6 +8259,8 @@
|
|
|
6659
8259
|
]
|
|
6660
8260
|
},
|
|
6661
8261
|
"related_cves": [
|
|
8262
|
+
"CVE-2023-43472",
|
|
8263
|
+
"CVE-2026-30623",
|
|
6662
8264
|
"CVE-2026-31431",
|
|
6663
8265
|
"CVE-2026-39884",
|
|
6664
8266
|
"CVE-2026-42208",
|
|
@@ -6901,9 +8503,13 @@
|
|
|
6901
8503
|
]
|
|
6902
8504
|
},
|
|
6903
8505
|
"related_cves": [
|
|
8506
|
+
"CVE-2023-43472",
|
|
6904
8507
|
"CVE-2024-3094",
|
|
8508
|
+
"CVE-2024-3154",
|
|
8509
|
+
"CVE-2025-11837",
|
|
6905
8510
|
"CVE-2025-53773",
|
|
6906
8511
|
"CVE-2026-30615",
|
|
8512
|
+
"CVE-2026-30623",
|
|
6907
8513
|
"CVE-2026-32202",
|
|
6908
8514
|
"CVE-2026-33825",
|
|
6909
8515
|
"CVE-2026-39884",
|
|
@@ -7041,6 +8647,12 @@
|
|
|
7041
8647
|
]
|
|
7042
8648
|
},
|
|
7043
8649
|
"related_cves": [
|
|
8650
|
+
"CVE-2023-3519",
|
|
8651
|
+
"CVE-2025-12686",
|
|
8652
|
+
"CVE-2025-59389",
|
|
8653
|
+
"CVE-2025-62847",
|
|
8654
|
+
"CVE-2025-62848",
|
|
8655
|
+
"CVE-2025-62849",
|
|
7044
8656
|
"CVE-2026-0300",
|
|
7045
8657
|
"CVE-2026-31431",
|
|
7046
8658
|
"CVE-2026-32202",
|
|
@@ -7267,9 +8879,13 @@
|
|
|
7267
8879
|
]
|
|
7268
8880
|
},
|
|
7269
8881
|
"related_cves": [
|
|
8882
|
+
"CVE-2023-43472",
|
|
7270
8883
|
"CVE-2024-3094",
|
|
8884
|
+
"CVE-2024-3154",
|
|
8885
|
+
"CVE-2024-40635",
|
|
7271
8886
|
"CVE-2025-53773",
|
|
7272
8887
|
"CVE-2026-30615",
|
|
8888
|
+
"CVE-2026-30623",
|
|
7273
8889
|
"CVE-2026-39884",
|
|
7274
8890
|
"CVE-2026-42208",
|
|
7275
8891
|
"CVE-2026-42897",
|
|
@@ -7610,9 +9226,12 @@
|
|
|
7610
9226
|
]
|
|
7611
9227
|
},
|
|
7612
9228
|
"related_cves": [
|
|
9229
|
+
"CVE-2023-43472",
|
|
7613
9230
|
"CVE-2024-3094",
|
|
9231
|
+
"CVE-2024-3154",
|
|
7614
9232
|
"CVE-2025-53773",
|
|
7615
9233
|
"CVE-2026-30615",
|
|
9234
|
+
"CVE-2026-30623",
|
|
7616
9235
|
"CVE-2026-31431",
|
|
7617
9236
|
"CVE-2026-39884",
|
|
7618
9237
|
"CVE-2026-42208",
|
|
@@ -8171,9 +9790,12 @@
|
|
|
8171
9790
|
]
|
|
8172
9791
|
},
|
|
8173
9792
|
"related_cves": [
|
|
9793
|
+
"CVE-2023-43472",
|
|
8174
9794
|
"CVE-2024-3094",
|
|
9795
|
+
"CVE-2024-3154",
|
|
8175
9796
|
"CVE-2025-53773",
|
|
8176
9797
|
"CVE-2026-30615",
|
|
9798
|
+
"CVE-2026-30623",
|
|
8177
9799
|
"CVE-2026-31431",
|
|
8178
9800
|
"CVE-2026-39884",
|
|
8179
9801
|
"CVE-2026-42208",
|
|
@@ -8771,6 +10393,7 @@
|
|
|
8771
10393
|
},
|
|
8772
10394
|
"related_cves": [
|
|
8773
10395
|
"CVE-2024-3094",
|
|
10396
|
+
"CVE-2024-3154",
|
|
8774
10397
|
"CVE-2025-53773",
|
|
8775
10398
|
"CVE-2026-30615",
|
|
8776
10399
|
"CVE-2026-45321",
|
|
@@ -8995,9 +10618,12 @@
|
|
|
8995
10618
|
]
|
|
8996
10619
|
},
|
|
8997
10620
|
"related_cves": [
|
|
10621
|
+
"CVE-2023-43472",
|
|
8998
10622
|
"CVE-2024-3094",
|
|
10623
|
+
"CVE-2024-3154",
|
|
8999
10624
|
"CVE-2025-53773",
|
|
9000
10625
|
"CVE-2026-30615",
|
|
10626
|
+
"CVE-2026-30623",
|
|
9001
10627
|
"CVE-2026-31431",
|
|
9002
10628
|
"CVE-2026-39884",
|
|
9003
10629
|
"CVE-2026-42208",
|
|
@@ -9136,6 +10762,12 @@
|
|
|
9136
10762
|
]
|
|
9137
10763
|
},
|
|
9138
10764
|
"related_cves": [
|
|
10765
|
+
"CVE-2023-3519",
|
|
10766
|
+
"CVE-2025-12686",
|
|
10767
|
+
"CVE-2025-59389",
|
|
10768
|
+
"CVE-2025-62847",
|
|
10769
|
+
"CVE-2025-62848",
|
|
10770
|
+
"CVE-2025-62849",
|
|
9139
10771
|
"CVE-2026-0300",
|
|
9140
10772
|
"CVE-2026-31431",
|
|
9141
10773
|
"CVE-2026-32202",
|
|
@@ -9267,6 +10899,12 @@
|
|
|
9267
10899
|
]
|
|
9268
10900
|
},
|
|
9269
10901
|
"related_cves": [
|
|
10902
|
+
"CVE-2023-3519",
|
|
10903
|
+
"CVE-2025-12686",
|
|
10904
|
+
"CVE-2025-59389",
|
|
10905
|
+
"CVE-2025-62847",
|
|
10906
|
+
"CVE-2025-62848",
|
|
10907
|
+
"CVE-2025-62849",
|
|
9270
10908
|
"CVE-2026-0300",
|
|
9271
10909
|
"CVE-2026-31431",
|
|
9272
10910
|
"CVE-2026-32202",
|
|
@@ -9491,9 +11129,12 @@
|
|
|
9491
11129
|
]
|
|
9492
11130
|
},
|
|
9493
11131
|
"related_cves": [
|
|
11132
|
+
"CVE-2023-43472",
|
|
9494
11133
|
"CVE-2024-3094",
|
|
11134
|
+
"CVE-2024-3154",
|
|
9495
11135
|
"CVE-2025-53773",
|
|
9496
11136
|
"CVE-2026-30615",
|
|
11137
|
+
"CVE-2026-30623",
|
|
9497
11138
|
"CVE-2026-31431",
|
|
9498
11139
|
"CVE-2026-39884",
|
|
9499
11140
|
"CVE-2026-42208",
|
|
@@ -9691,6 +11332,7 @@
|
|
|
9691
11332
|
},
|
|
9692
11333
|
"related_cves": [
|
|
9693
11334
|
"CVE-2024-3094",
|
|
11335
|
+
"CVE-2024-3154",
|
|
9694
11336
|
"CVE-2025-53773",
|
|
9695
11337
|
"CVE-2026-30615",
|
|
9696
11338
|
"CVE-2026-45321",
|
|
@@ -9878,8 +11520,10 @@
|
|
|
9878
11520
|
]
|
|
9879
11521
|
},
|
|
9880
11522
|
"related_cves": [
|
|
11523
|
+
"CVE-2023-43472",
|
|
9881
11524
|
"CVE-2024-3094",
|
|
9882
11525
|
"CVE-2026-30615",
|
|
11526
|
+
"CVE-2026-30623",
|
|
9883
11527
|
"CVE-2026-39884",
|
|
9884
11528
|
"CVE-2026-42208",
|
|
9885
11529
|
"CVE-2026-45321",
|
|
@@ -10175,6 +11819,12 @@
|
|
|
10175
11819
|
]
|
|
10176
11820
|
},
|
|
10177
11821
|
"related_cves": [
|
|
11822
|
+
"CVE-2023-3519",
|
|
11823
|
+
"CVE-2025-12686",
|
|
11824
|
+
"CVE-2025-59389",
|
|
11825
|
+
"CVE-2025-62847",
|
|
11826
|
+
"CVE-2025-62848",
|
|
11827
|
+
"CVE-2025-62849",
|
|
10178
11828
|
"CVE-2026-0300",
|
|
10179
11829
|
"CVE-2026-31431",
|
|
10180
11830
|
"CVE-2026-32202",
|
|
@@ -10463,9 +12113,12 @@
|
|
|
10463
12113
|
]
|
|
10464
12114
|
},
|
|
10465
12115
|
"related_cves": [
|
|
12116
|
+
"CVE-2023-43472",
|
|
10466
12117
|
"CVE-2024-3094",
|
|
12118
|
+
"CVE-2024-3154",
|
|
10467
12119
|
"CVE-2025-53773",
|
|
10468
12120
|
"CVE-2026-30615",
|
|
12121
|
+
"CVE-2026-30623",
|
|
10469
12122
|
"CVE-2026-31431",
|
|
10470
12123
|
"CVE-2026-39884",
|
|
10471
12124
|
"CVE-2026-42208",
|
|
@@ -10681,10 +12334,19 @@
|
|
|
10681
12334
|
]
|
|
10682
12335
|
},
|
|
10683
12336
|
"related_cves": [
|
|
12337
|
+
"CVE-2023-3519",
|
|
12338
|
+
"CVE-2023-43472",
|
|
10684
12339
|
"CVE-2024-3094",
|
|
12340
|
+
"CVE-2024-3154",
|
|
12341
|
+
"CVE-2025-12686",
|
|
10685
12342
|
"CVE-2025-53773",
|
|
12343
|
+
"CVE-2025-59389",
|
|
12344
|
+
"CVE-2025-62847",
|
|
12345
|
+
"CVE-2025-62848",
|
|
12346
|
+
"CVE-2025-62849",
|
|
10686
12347
|
"CVE-2026-0300",
|
|
10687
12348
|
"CVE-2026-30615",
|
|
12349
|
+
"CVE-2026-30623",
|
|
10688
12350
|
"CVE-2026-31431",
|
|
10689
12351
|
"CVE-2026-32202",
|
|
10690
12352
|
"CVE-2026-33825",
|
|
@@ -10986,6 +12648,7 @@
|
|
|
10986
12648
|
},
|
|
10987
12649
|
"related_cves": [
|
|
10988
12650
|
"CVE-2024-3094",
|
|
12651
|
+
"CVE-2024-3154",
|
|
10989
12652
|
"CVE-2025-53773",
|
|
10990
12653
|
"CVE-2026-30615",
|
|
10991
12654
|
"CVE-2026-31431",
|
|
@@ -11289,9 +12952,12 @@
|
|
|
11289
12952
|
]
|
|
11290
12953
|
},
|
|
11291
12954
|
"related_cves": [
|
|
12955
|
+
"CVE-2023-43472",
|
|
11292
12956
|
"CVE-2024-3094",
|
|
12957
|
+
"CVE-2024-3154",
|
|
11293
12958
|
"CVE-2025-53773",
|
|
11294
12959
|
"CVE-2026-30615",
|
|
12960
|
+
"CVE-2026-30623",
|
|
11295
12961
|
"CVE-2026-39884",
|
|
11296
12962
|
"CVE-2026-42208",
|
|
11297
12963
|
"CVE-2026-45321",
|
|
@@ -11565,9 +13231,11 @@
|
|
|
11565
13231
|
]
|
|
11566
13232
|
},
|
|
11567
13233
|
"related_cves": [
|
|
13234
|
+
"CVE-2023-43472",
|
|
11568
13235
|
"CVE-2024-3094",
|
|
11569
13236
|
"CVE-2025-53773",
|
|
11570
13237
|
"CVE-2026-30615",
|
|
13238
|
+
"CVE-2026-30623",
|
|
11571
13239
|
"CVE-2026-39884",
|
|
11572
13240
|
"CVE-2026-42208",
|
|
11573
13241
|
"CVE-2026-45321",
|
|
@@ -11869,9 +13537,12 @@
|
|
|
11869
13537
|
]
|
|
11870
13538
|
},
|
|
11871
13539
|
"related_cves": [
|
|
13540
|
+
"CVE-2023-43472",
|
|
11872
13541
|
"CVE-2024-3094",
|
|
13542
|
+
"CVE-2024-3154",
|
|
11873
13543
|
"CVE-2025-53773",
|
|
11874
13544
|
"CVE-2026-30615",
|
|
13545
|
+
"CVE-2026-30623",
|
|
11875
13546
|
"CVE-2026-31431",
|
|
11876
13547
|
"CVE-2026-39884",
|
|
11877
13548
|
"CVE-2026-42208",
|
|
@@ -12067,7 +13738,10 @@
|
|
|
12067
13738
|
"rfc_refs": []
|
|
12068
13739
|
},
|
|
12069
13740
|
"related_cves": [
|
|
13741
|
+
"CVE-2023-43472",
|
|
13742
|
+
"CVE-2025-11837",
|
|
12070
13743
|
"CVE-2025-53773",
|
|
13744
|
+
"CVE-2026-30623",
|
|
12071
13745
|
"CVE-2026-32202",
|
|
12072
13746
|
"CVE-2026-33825",
|
|
12073
13747
|
"CVE-2026-39884",
|
|
@@ -12223,9 +13897,12 @@
|
|
|
12223
13897
|
]
|
|
12224
13898
|
},
|
|
12225
13899
|
"related_cves": [
|
|
13900
|
+
"CVE-2023-43472",
|
|
12226
13901
|
"CVE-2024-3094",
|
|
13902
|
+
"CVE-2024-3154",
|
|
12227
13903
|
"CVE-2025-53773",
|
|
12228
13904
|
"CVE-2026-30615",
|
|
13905
|
+
"CVE-2026-30623",
|
|
12229
13906
|
"CVE-2026-39884",
|
|
12230
13907
|
"CVE-2026-42208",
|
|
12231
13908
|
"CVE-2026-45321",
|
|
@@ -12611,9 +14288,12 @@
|
|
|
12611
14288
|
]
|
|
12612
14289
|
},
|
|
12613
14290
|
"related_cves": [
|
|
14291
|
+
"CVE-2023-43472",
|
|
12614
14292
|
"CVE-2024-3094",
|
|
14293
|
+
"CVE-2024-3154",
|
|
12615
14294
|
"CVE-2025-53773",
|
|
12616
14295
|
"CVE-2026-30615",
|
|
14296
|
+
"CVE-2026-30623",
|
|
12617
14297
|
"CVE-2026-31431",
|
|
12618
14298
|
"CVE-2026-39884",
|
|
12619
14299
|
"CVE-2026-45321",
|
|
@@ -12864,9 +14544,13 @@
|
|
|
12864
14544
|
]
|
|
12865
14545
|
},
|
|
12866
14546
|
"related_cves": [
|
|
14547
|
+
"CVE-2023-43472",
|
|
12867
14548
|
"CVE-2024-3094",
|
|
14549
|
+
"CVE-2024-40635",
|
|
14550
|
+
"CVE-2025-11837",
|
|
12868
14551
|
"CVE-2025-53773",
|
|
12869
14552
|
"CVE-2026-30615",
|
|
14553
|
+
"CVE-2026-30623",
|
|
12870
14554
|
"CVE-2026-32202",
|
|
12871
14555
|
"CVE-2026-33825",
|
|
12872
14556
|
"CVE-2026-39884",
|