@blamejs/exceptd-skills 0.13.1 → 0.13.2

package/data/_indexes/token-budget.json

@@ -3,8 +3,8 @@
     "schema_version": "1.0.0",
     "tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
     "approx_chars_per_token": 4,
-    "total_chars": 1610543,
-    "total_approx_tokens": 402643,
+    "total_chars": 1613380,
+    "total_approx_tokens": 403351,
     "skill_count": 42
   },
   "skills": {
@@ -555,10 +555,10 @@
     },
     "threat-model-currency": {
       "path": "skills/threat-model-currency/skill.md",
-      "bytes": 27330,
-      "chars": 27218,
-      "lines": 411,
-      "approx_tokens": 6805,
+      "bytes": 27509,
+      "chars": 27397,
+      "lines": 412,
+      "approx_tokens": 6849,
       "approx_chars_per_token": 4,
       "sections": {
         "frontmatter-scope": {
@@ -680,10 +680,10 @@
     },
     "zeroday-gap-learn": {
       "path": "skills/zeroday-gap-learn/skill.md",
-      "bytes": 37609,
-      "chars": 37453,
-      "lines": 444,
-      "approx_tokens": 9363,
+      "bytes": 37784,
+      "chars": 37628,
+      "lines": 445,
+      "approx_tokens": 9407,
       "approx_chars_per_token": 4,
       "sections": {
         "frontmatter-scope": {
@@ -820,10 +820,10 @@
     },
     "skill-update-loop": {
       "path": "skills/skill-update-loop/skill.md",
-      "bytes": 47134,
-      "chars": 47002,
-      "lines": 519,
-      "approx_tokens": 11751,
+      "bytes": 47309,
+      "chars": 47177,
+      "lines": 520,
+      "approx_tokens": 11794,
       "approx_chars_per_token": 4,
       "sections": {
         "frontmatter-scope": {
@@ -980,10 +980,10 @@
     },
     "researcher": {
       "path": "skills/researcher/skill.md",
-      "bytes": 32058,
-      "chars": 31886,
-      "lines": 335,
-      "approx_tokens": 7972,
+      "bytes": 32226,
+      "chars": 32054,
+      "lines": 336,
+      "approx_tokens": 8014,
       "approx_chars_per_token": 4,
       "sections": {
         "frontmatter-scope": {
@@ -1085,10 +1085,10 @@
     },
     "fuzz-testing-strategy": {
       "path": "skills/fuzz-testing-strategy/skill.md",
-      "bytes": 30523,
-      "chars": 30382,
-      "lines": 313,
-      "approx_tokens": 7596,
+      "bytes": 30702,
+      "chars": 30561,
+      "lines": 314,
+      "approx_tokens": 7640,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -1235,10 +1235,10 @@
     },
     "defensive-countermeasure-mapping": {
       "path": "skills/defensive-countermeasure-mapping/skill.md",
-      "bytes": 32601,
-      "chars": 32465,
-      "lines": 301,
-      "approx_tokens": 8116,
+      "bytes": 32791,
+      "chars": 32655,
+      "lines": 302,
+      "approx_tokens": 8164,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -1340,10 +1340,10 @@
     },
     "ot-ics-security": {
       "path": "skills/ot-ics-security/skill.md",
-      "bytes": 36266,
-      "chars": 36070,
-      "lines": 341,
-      "approx_tokens": 9018,
+      "bytes": 36439,
+      "chars": 36243,
+      "lines": 342,
+      "approx_tokens": 9061,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -1450,10 +1450,10 @@
     },
     "threat-modeling-methodology": {
       "path": "skills/threat-modeling-methodology/skill.md",
-      "bytes": 30617,
-      "chars": 30440,
-      "lines": 317,
-      "approx_tokens": 7610,
+      "bytes": 30802,
+      "chars": 30625,
+      "lines": 318,
+      "approx_tokens": 7656,
       "approx_chars_per_token": 4,
       "sections": {
         "purpose": {
@@ -1510,10 +1510,10 @@
     },
     "webapp-security": {
       "path": "skills/webapp-security/skill.md",
-      "bytes": 28963,
-      "chars": 28789,
-      "lines": 282,
-      "approx_tokens": 7197,
+      "bytes": 29136,
+      "chars": 28962,
+      "lines": 283,
+      "approx_tokens": 7241,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -1565,10 +1565,10 @@
     },
     "ai-risk-management": {
       "path": "skills/ai-risk-management/skill.md",
-      "bytes": 34753,
-      "chars": 34571,
-      "lines": 320,
-      "approx_tokens": 8643,
+      "bytes": 34929,
+      "chars": 34747,
+      "lines": 321,
+      "approx_tokens": 8687,
       "approx_chars_per_token": 4,
       "sections": {
         "purpose": {
@@ -1735,10 +1735,10 @@
     },
     "sector-federal-government": {
       "path": "skills/sector-federal-government/skill.md",
-      "bytes": 44140,
-      "chars": 43967,
-      "lines": 305,
-      "approx_tokens": 10992,
+      "bytes": 44323,
+      "chars": 44150,
+      "lines": 306,
+      "approx_tokens": 11038,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -1790,10 +1790,10 @@
     },
     "sector-energy": {
       "path": "skills/sector-energy/skill.md",
-      "bytes": 53906,
-      "chars": 53698,
-      "lines": 409,
-      "approx_tokens": 13425,
+      "bytes": 54077,
+      "chars": 53869,
+      "lines": 410,
+      "approx_tokens": 13467,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -1845,10 +1845,10 @@
     },
     "sector-telecom": {
       "path": "skills/sector-telecom/skill.md",
-      "bytes": 20690,
-      "chars": 20590,
-      "lines": 256,
-      "approx_tokens": 5148,
+      "bytes": 20862,
+      "chars": 20762,
+      "lines": 257,
+      "approx_tokens": 5191,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -2065,10 +2065,10 @@
     },
     "mlops-security": {
       "path": "skills/mlops-security/skill.md",
-      "bytes": 45439,
-      "chars": 45147,
-      "lines": 329,
-      "approx_tokens": 11287,
+      "bytes": 45611,
+      "chars": 45319,
+      "lines": 330,
+      "approx_tokens": 11330,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -2230,10 +2230,10 @@
     },
     "email-security-anti-phishing": {
       "path": "skills/email-security-anti-phishing/skill.md",
-      "bytes": 26370,
-      "chars": 26272,
-      "lines": 208,
-      "approx_tokens": 6568,
+      "bytes": 26556,
+      "chars": 26458,
+      "lines": 209,
+      "approx_tokens": 6615,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -2285,10 +2285,10 @@
     },
     "age-gates-child-safety": {
       "path": "skills/age-gates-child-safety/skill.md",
-      "bytes": 69560,
-      "chars": 69272,
-      "lines": 456,
-      "approx_tokens": 17318,
+      "bytes": 69740,
+      "chars": 69452,
+      "lines": 457,
+      "approx_tokens": 17363,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {

package/data/atlas-ttps.json

@@ -85,6 +85,7 @@
     "maturity": "high",
     "last_verified": "2026-05-15",
     "cve_refs": [
+      "CVE-2026-30623",
       "CVE-2026-42945"
     ]
   },
@@ -163,6 +164,7 @@
     "maturity": "moderate",
     "last_verified": "2026-05-15",
     "cve_refs": [
+      "CVE-2023-43472",
       "CVE-2026-30615"
     ]
   },

package/data/attack-techniques.json

@@ -99,8 +99,10 @@
       "DS0017"
     ],
     "cve_refs": [
+      "CVE-2025-11837",
       "CVE-2025-53773",
       "CVE-2026-30615",
+      "CVE-2026-30623",
       "CVE-2026-32202",
       "CVE-2026-39884",
       "CVE-2026-39987",
@@ -133,6 +135,7 @@
     "name": "Exploitation for Privilege Escalation",
     "version": "v19",
     "cve_refs": [
+      "CVE-2025-62849",
       "CVE-2026-0300",
       "CVE-2026-31431",
       "CVE-2026-33825",
@@ -151,6 +154,9 @@
     "name": "Valid Accounts",
     "version": "v19",
     "cve_refs": [
+      "CVE-2020-10148",
+      "CVE-2024-1709",
+      "CVE-2026-20182",
       "CVE-2026-33825",
       "CVE-2026-39884",
       "CVE-2026-42897",
@@ -223,8 +229,16 @@
     "name": "Exploit Public-Facing Application",
     "version": "v19",
     "cve_refs": [
+      "CVE-2020-10148",
+      "CVE-2023-3519",
+      "CVE-2024-1709",
+      "CVE-2025-12686",
       "CVE-2025-53773",
+      "CVE-2025-59389",
+      "CVE-2025-62847",
+      "CVE-2025-62848",
       "CVE-2026-0300",
+      "CVE-2026-20182",
       "CVE-2026-32202",
       "CVE-2026-39987",
       "CVE-2026-42208",
@@ -300,7 +314,10 @@
   },
   "T1525": {
     "name": "Implant Internal Image",
-    "version": "v19"
+    "version": "v19",
+    "cve_refs": [
+      "CVE-2024-40635"
+    ]
   },
   "T1528": {
     "name": "Steal Application Access Token",
@@ -364,7 +381,8 @@
     "name": "Compromise Host Software Binary",
     "version": "v19",
     "cve_refs": [
-      "CVE-2024-3094"
+      "CVE-2024-3094",
+      "CVE-2025-11837"
     ]
   },
   "T1555": {
@@ -493,7 +511,8 @@
       "DS0029"
     ],
     "cve_refs": [
-      "CVE-2024-21626"
+      "CVE-2024-21626",
+      "CVE-2024-3154"
     ]
   },
   "T1613": {

package/data/cve-catalog.json

@@ -1596,8 +1596,6 @@
     "rwep_correction_note": "v0.12.30: canonicalized rwep_factors to satisfy Shape B invariant (Σ factors === rwep_score). Prior values used non-canonical weights and/or blast_radius > 30 (over-cap). Stored rwep_score unchanged; factor block now reproducible from canonical RWEP_WEIGHTS + operational fields."
   },
   "CVE-2024-3154": {
-    "_draft": true,
-    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + Red Hat Bugzilla; CWE-20 and ATT&CK T1611 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "CRI-O arbitrary kernel-module load",
     "type": "container-escape",
@@ -1663,8 +1661,6 @@
     "discovery_attribution_note": "Reported by the OpenShift / CRI-O upstream security team via Red Hat Bugzilla 2272532; no individual researcher byline in the public advisory and no AI-tool credit. Bug class (systemd property injection through pod annotations) is conventional argument-injection. Source: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-3154."
   },
   "CVE-2023-43472": {
-    "_draft": true,
-    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + Protect AI Huntr advisory; ATLAS AML.T0016 and CWE-22 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "MLflow path-traversal arbitrary file read",
     "type": "path-traversal",
@@ -1724,8 +1720,6 @@
     "discovery_attribution_note": "Discovered by Joseph Beeton, senior security researcher at Contrast Security, via the Protect AI Huntr bug bounty program. Named human researcher; no AI-tool credited. Source: https://securityonline.info/cve-2023-43472-critical-vulnerability-uncovered-in-mlflow/ and https://github.com/advisories/GHSA-wqxf-447m-6f5f."
   },
   "CVE-2020-10148": {
-    "_draft": true,
-    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + CISA AA20-352A; CWE-287 and ATT&CK T1190/T1078 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "SolarWinds Orion API authentication bypass (SUNBURST chain)",
     "type": "auth-bypass",
@@ -1787,8 +1781,6 @@
     "discovery_attribution_note": "Discovered during the SUNBURST incident-response investigation by FireEye / Mandiant analysts (publicly attributed to the Mandiant team rather than a single researcher) and corroborated by SolarWinds engineering. Documented in CISA AA20-352A and the CERT/CC VU#843464. Named human teams; pre-AI-tooling era for vendor-side attribution. Source: https://kb.cert.org/vuls/id/843464."
   },
   "CVE-2023-3519": {
-    "_draft": true,
-    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + Citrix CTX561482 + CISA AA23-201A; CWE-787 and ATT&CK T1190 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "Citrix NetScaler ADC/Gateway unauth RCE (CitrixBleed precursor)",
     "type": "RCE",
@@ -1852,8 +1844,6 @@
     "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: +5 (75 -> 80)."
   },
   "CVE-2024-1709": {
-    "_draft": true,
-    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + ConnectWise advisory; ATT&CK T1190/T1078 refs resolve (cwe_refs empty but ATT&CK satisfies the resolve-at-least-one requirement). Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "ConnectWise ScreenConnect auth-bypass",
     "type": "auth-bypass",
@@ -1911,8 +1901,6 @@
     "discovery_attribution_note": "Discovered by ConnectWise security engineering and externally reported by Huntress + GreyNoise via in-wild exploitation telemetry within 24 hours of the 2024-02 Patch Tuesday. No individual researcher byline; vendor-internal discovery. No AI-tool credited. Source: https://www.upguard.com/blog/screenconnect-cve-2024."
   },
   "CVE-2026-20182": {
-    "_draft": true,
-    "_draft_reason": "Hard Rule #1 fields all present and verified against CISA KEV + Rapid7 disclosure; CWE-287 and ATT&CK T1190/T1078 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "Cisco SD-WAN authentication bypass to admin",
     "type": "auth-bypass",
@@ -1975,8 +1963,6 @@
     "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: 0."
   },
   "CVE-2024-40635": {
-    "_draft": true,
-    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + Snyk SNYK-GOLANG-GITHUBCOMCONTAINERDCONTAINERDV2PKGOCI-9479987; ATT&CK T1525 ref resolves (cwe_refs empty but ATT&CK satisfies). Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "containerd integer overflow IP mask leak",
     "type": "information-disclosure",
@@ -2252,8 +2238,6 @@
     "rwep_correction_note": "v0.12.30: canonicalized rwep_factors to satisfy Shape B invariant (Σ factors === rwep_score). Prior values used non-canonical weights and/or blast_radius > 30 (over-cap). Stored rwep_score unchanged; factor block now reproducible from canonical RWEP_WEIGHTS + operational fields."
   },
   "CVE-2026-30623": {
-    "_draft": true,
-    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + OX Security advisory (Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok); CWE-78/88, ATLAS AML.T0040 and ATT&CK T1059 refs resolve. This entry is the published successor of the quarantined MAL-2026-ANTHROPIC-MCP-STDIO placeholder. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "Anthropic MCP SDK stdio command-injection",
     "type": "command-injection",
@@ -2319,8 +2303,6 @@
     "discovery_attribution_note": "OX Security advisory 2026-04-15; researchers Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok. Same disclosure cluster as CVE-2026-30615. Named-human research; no AI-tool credit. Source: https://www.ox.security/blog/the-mother-of-all-ai-supply-chains-critical-systemic-vulnerability-at-the-core-of-the-mcp/."
   },
   "CVE-2025-12686": {
-    "_draft": true,
-    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + Synacktiv Pwn2Own writeup; CWE-78 and ATT&CK T1190 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "Synology BeeStation unauth RCE (Pwn2Own Ireland 2025)",
     "type": "RCE",
@@ -2379,8 +2361,6 @@
     "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: -5 (50 -> 45)."
   },
   "CVE-2025-62847": {
-    "_draft": true,
-    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + ZDI Pwn2Own Ireland 2025 day-one results + DEVCORE Research Team attribution; CWE-78 and ATT&CK T1190 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "QNAP QTS/QuTS hero RCE (Pwn2Own Ireland 2025, chain 1/3)",
     "type": "RCE",
@@ -2441,8 +2421,6 @@
     "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: -5 (45 -> 40)."
   },
   "CVE-2025-62848": {
-    "_draft": true,
-    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + ZDI Pwn2Own Ireland 2025 day-one results + DEVCORE Research Team attribution; CWE-94 and ATT&CK T1190 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "QNAP QTS/QuTS hero RCE (Pwn2Own Ireland 2025, chain 2/3)",
     "type": "RCE",
@@ -2503,8 +2481,6 @@
     "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: -5 (45 -> 40)."
   },
   "CVE-2025-62849": {
-    "_draft": true,
-    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + ZDI Pwn2Own Ireland 2025 day-one results + DEVCORE Research Team attribution; CWE-269 and ATT&CK T1068 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "QNAP QTS/QuTS hero RCE (Pwn2Own Ireland 2025, chain 3/3)",
     "type": "RCE",
@@ -2565,8 +2541,6 @@
     "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: -5 (40 -> 35)."
   },
   "CVE-2025-59389": {
-    "_draft": true,
-    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + QNAP QSA-25-48 + ZDI Pwn2Own attribution (Sina Kheirkhah, Summoning Team); CWE-78 and ATT&CK T1190 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "QNAP Hyper Data Protector critical RCE (Pwn2Own Ireland 2025)",
     "type": "RCE",
@@ -2626,8 +2600,6 @@
     "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: 0."
   },
   "CVE-2025-11837": {
-    "_draft": true,
-    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + QNAP QSA-25-47 + Pwn2Own attribution (Chumy Tsai, CyCraft Technology); CWE-94 and ATT&CK T1059/T1554 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "QNAP Malware Remover code-injection",
     "type": "code-injection",

package/data/cwe-catalog.json

@@ -47,6 +47,7 @@
       "fuzz-testing-strategy"
     ],
     "evidence_cves": [
+      "CVE-2024-3154",
       "CVE-2026-6973"
     ],
     "framework_controls_partially_addressing": [
@@ -81,7 +82,9 @@
       "mcp-agent-trust",
       "webapp-security"
     ],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "CVE-2023-43472"
+    ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-AC-3",
       "NIST-800-53-SI-10",
@@ -148,6 +151,10 @@
       "webapp-security"
     ],
     "evidence_cves": [
+      "CVE-2025-12686",
+      "CVE-2025-59389",
+      "CVE-2025-62847",
+      "CVE-2026-30623",
       "CVE-2026-39987"
     ],
     "framework_controls_partially_addressing": [
@@ -211,6 +218,7 @@
     ],
     "skills_referencing": [],
     "evidence_cves": [
+      "CVE-2026-30623",
       "CVE-2026-39884"
     ],
     "framework_controls_partially_addressing": [
@@ -277,6 +285,8 @@
       "webapp-security"
     ],
     "evidence_cves": [
+      "CVE-2025-11837",
+      "CVE-2025-62848",
       "CVE-2026-6973",
       "MAL-2026-3083"
     ],
@@ -463,7 +473,9 @@
       "idp-incident-response",
       "webapp-security"
     ],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "CVE-2025-62849"
+    ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-AC-6",
       "ISO-27001-2022-A.8.2"
@@ -532,7 +544,10 @@
       "sector-telecom",
       "webapp-security"
     ],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "CVE-2020-10148",
+      "CVE-2026-20182"
+    ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-IA-2",
       "NIST-800-53-IA-8",
@@ -1353,6 +1368,7 @@
       "kernel-lpe-triage"
     ],
     "evidence_cves": [
+      "CVE-2023-3519",
       "CVE-2026-0300",
       "CVE-2026-42945",
       "CVE-2026-43500",