@blamejs/exceptd-skills 0.13.100 → 0.13.101

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +771 -1
  6. package/data/atlas-ttps.json +5 -2
  7. package/data/attack-techniques.json +3 -0
  8. package/data/cve-catalog.json +212 -1
  9. package/data/cwe-catalog.json +2 -0
  10. package/data/framework-control-gaps.json +20 -2
  11. package/data/zeroday-lessons.json +100 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -37897,6 +37897,730 @@
37897
37897
  ]
37898
37898
  }
37899
37899
  },
37900
+ "CVE-2026-45829": {
37901
+ "name": "ChromaDB FastAPI Pre-Auth Remote Code Execution (ChromaToast)",
37902
+ "rwep": 44,
37903
+ "cvss": 10,
37904
+ "cisa_kev": false,
37905
+ "epss_score": null,
37906
+ "referencing_skills": [
37907
+ "kernel-lpe-triage",
37908
+ "ai-attack-surface",
37909
+ "compliance-theater",
37910
+ "attack-surface-pentest",
37911
+ "ot-ics-security",
37912
+ "coordinated-vuln-disclosure",
37913
+ "sector-energy"
37914
+ ],
37915
+ "chain": {
37916
+ "cwes": [
37917
+ {
37918
+ "id": "CWE-1037",
37919
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
37920
+ "category": "Hardware / Side Channel"
37921
+ },
37922
+ {
37923
+ "id": "CWE-1039",
37924
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
37925
+ "category": "AI/ML"
37926
+ },
37927
+ {
37928
+ "id": "CWE-125",
37929
+ "name": "Out-of-bounds Read",
37930
+ "category": "Memory Safety"
37931
+ },
37932
+ {
37933
+ "id": "CWE-1357",
37934
+ "name": "Reliance on Insufficiently Trustworthy Component",
37935
+ "category": "Supply Chain"
37936
+ },
37937
+ {
37938
+ "id": "CWE-1395",
37939
+ "name": "Dependency on Vulnerable Third-Party Component",
37940
+ "category": "Supply Chain"
37941
+ },
37942
+ {
37943
+ "id": "CWE-1426",
37944
+ "name": "Improper Validation of Generative AI Output",
37945
+ "category": "AI/ML"
37946
+ },
37947
+ {
37948
+ "id": "CWE-22",
37949
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
37950
+ "category": "Path/Resource"
37951
+ },
37952
+ {
37953
+ "id": "CWE-269",
37954
+ "name": "Improper Privilege Management",
37955
+ "category": "Authorization"
37956
+ },
37957
+ {
37958
+ "id": "CWE-287",
37959
+ "name": "Improper Authentication",
37960
+ "category": "Authentication"
37961
+ },
37962
+ {
37963
+ "id": "CWE-306",
37964
+ "name": "Missing Authentication for Critical Function",
37965
+ "category": "Authentication"
37966
+ },
37967
+ {
37968
+ "id": "CWE-352",
37969
+ "name": "Cross-Site Request Forgery (CSRF)",
37970
+ "category": "Session"
37971
+ },
37972
+ {
37973
+ "id": "CWE-362",
37974
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
37975
+ "category": "Concurrency"
37976
+ },
37977
+ {
37978
+ "id": "CWE-416",
37979
+ "name": "Use After Free",
37980
+ "category": "Memory Safety"
37981
+ },
37982
+ {
37983
+ "id": "CWE-434",
37984
+ "name": "Unrestricted Upload of File with Dangerous Type",
37985
+ "category": "File Handling"
37986
+ },
37987
+ {
37988
+ "id": "CWE-672",
37989
+ "name": "Operation on a Resource after Expiration or Release",
37990
+ "category": "Memory Safety"
37991
+ },
37992
+ {
37993
+ "id": "CWE-732",
37994
+ "name": "Incorrect Permission Assignment for Critical Resource",
37995
+ "category": "Authorization"
37996
+ },
37997
+ {
37998
+ "id": "CWE-78",
37999
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
38000
+ "category": "Injection"
38001
+ },
38002
+ {
38003
+ "id": "CWE-787",
38004
+ "name": "Out-of-bounds Write",
38005
+ "category": "Memory Safety"
38006
+ },
38007
+ {
38008
+ "id": "CWE-79",
38009
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
38010
+ "category": "Injection"
38011
+ },
38012
+ {
38013
+ "id": "CWE-798",
38014
+ "name": "Use of Hard-coded Credentials",
38015
+ "category": "Credentials"
38016
+ },
38017
+ {
38018
+ "id": "CWE-89",
38019
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
38020
+ "category": "Injection"
38021
+ },
38022
+ {
38023
+ "id": "CWE-918",
38024
+ "name": "Server-Side Request Forgery (SSRF)",
38025
+ "category": "Network"
38026
+ },
38027
+ {
38028
+ "id": "CWE-94",
38029
+ "name": "Improper Control of Generation of Code (Code Injection)",
38030
+ "category": "Injection"
38031
+ }
38032
+ ],
38033
+ "atlas": [
38034
+ {
38035
+ "id": "AML.T0010",
38036
+ "name": "ML Supply Chain Compromise",
38037
+ "tactic": "Initial Access"
38038
+ },
38039
+ {
38040
+ "id": "AML.T0016",
38041
+ "name": "Obtain Capabilities: Develop Capabilities",
38042
+ "tactic": "Resource Development"
38043
+ },
38044
+ {
38045
+ "id": "AML.T0017",
38046
+ "name": "Discover ML Model Ontology",
38047
+ "tactic": "Discovery"
38048
+ },
38049
+ {
38050
+ "id": "AML.T0018",
38051
+ "name": "Backdoor ML Model",
38052
+ "tactic": "Persistence"
38053
+ },
38054
+ {
38055
+ "id": "AML.T0020",
38056
+ "name": "Poison Training Data",
38057
+ "tactic": "ML Attack Staging"
38058
+ },
38059
+ {
38060
+ "id": "AML.T0043",
38061
+ "name": "Craft Adversarial Data",
38062
+ "tactic": "ML Attack Staging"
38063
+ },
38064
+ {
38065
+ "id": "AML.T0051",
38066
+ "name": "LLM Prompt Injection",
38067
+ "tactic": "Execution"
38068
+ },
38069
+ {
38070
+ "id": "AML.T0054",
38071
+ "name": "LLM Jailbreak",
38072
+ "tactic": "Defense Evasion"
38073
+ },
38074
+ {
38075
+ "id": "AML.T0096",
38076
+ "name": "AI API as Covert C2 Channel",
38077
+ "tactic": "Command and Control"
38078
+ }
38079
+ ],
38080
+ "d3fend": [
38081
+ {
38082
+ "id": "D3-ASLR",
38083
+ "name": "Address Space Layout Randomization",
38084
+ "tactic": "Harden"
38085
+ },
38086
+ {
38087
+ "id": "D3-CSPP",
38088
+ "name": "Client-server Payload Profiling",
38089
+ "tactic": "Detect"
38090
+ },
38091
+ {
38092
+ "id": "D3-EAL",
38093
+ "name": "Executable Allowlisting",
38094
+ "tactic": "Harden"
38095
+ },
38096
+ {
38097
+ "id": "D3-IOPR",
38098
+ "name": "Input/Output Profiling Resource",
38099
+ "tactic": "Detect"
38100
+ },
38101
+ {
38102
+ "id": "D3-NTA",
38103
+ "name": "Network Traffic Analysis",
38104
+ "tactic": "Detect"
38105
+ },
38106
+ {
38107
+ "id": "D3-PHRA",
38108
+ "name": "Process Hardware Resource Access",
38109
+ "tactic": "Isolate"
38110
+ },
38111
+ {
38112
+ "id": "D3-PSEP",
38113
+ "name": "Process Segment Execution Prevention",
38114
+ "tactic": "Harden"
38115
+ }
38116
+ ],
38117
+ "framework_gaps": [
38118
+ {
38119
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
38120
+ "framework": "ALL",
38121
+ "control_name": "AI Pipeline Integrity"
38122
+ },
38123
+ {
38124
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
38125
+ "framework": "ALL",
38126
+ "control_name": "Prompt Injection as Access Control Failure"
38127
+ },
38128
+ {
38129
+ "id": "CIS-Controls-v8-Control7",
38130
+ "framework": "CIS Controls v8",
38131
+ "control_name": "Continuous Vulnerability Management"
38132
+ },
38133
+ {
38134
+ "id": "CMMC-2.0-Level-2",
38135
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
38136
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
38137
+ },
38138
+ {
38139
+ "id": "FedRAMP-Rev5-Moderate",
38140
+ "framework": "FedRAMP Rev 5 Moderate",
38141
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
38142
+ },
38143
+ {
38144
+ "id": "IEC-62443-3-3",
38145
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
38146
+ "control_name": "System security requirements and security levels"
38147
+ },
38148
+ {
38149
+ "id": "ISO-27001-2022-A.8.28",
38150
+ "framework": "ISO/IEC 27001:2022",
38151
+ "control_name": "Secure coding"
38152
+ },
38153
+ {
38154
+ "id": "ISO-27001-2022-A.8.8",
38155
+ "framework": "ISO/IEC 27001:2022",
38156
+ "control_name": "Management of technical vulnerabilities"
38157
+ },
38158
+ {
38159
+ "id": "ISO-IEC-23894-2023-clause-7",
38160
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
38161
+ "control_name": "AI risk management process"
38162
+ },
38163
+ {
38164
+ "id": "NERC-CIP-007-6-R4",
38165
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
38166
+ "control_name": "Security event monitoring"
38167
+ },
38168
+ {
38169
+ "id": "NIS2-Art21-patch-management",
38170
+ "framework": "EU NIS2 Directive",
38171
+ "control_name": "Vulnerability handling and disclosure"
38172
+ },
38173
+ {
38174
+ "id": "NIST-800-115",
38175
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
38176
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
38177
+ },
38178
+ {
38179
+ "id": "NIST-800-218-SSDF",
38180
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
38181
+ "control_name": "Secure Software Development Framework"
38182
+ },
38183
+ {
38184
+ "id": "NIST-800-53-AC-2",
38185
+ "framework": "NIST SP 800-53 Rev 5",
38186
+ "control_name": "Account Management"
38187
+ },
38188
+ {
38189
+ "id": "NIST-800-53-SC-8",
38190
+ "framework": "NIST SP 800-53 Rev 5",
38191
+ "control_name": "Transmission Confidentiality and Integrity"
38192
+ },
38193
+ {
38194
+ "id": "NIST-800-53-SI-2",
38195
+ "framework": "NIST SP 800-53 Rev 5",
38196
+ "control_name": "Flaw Remediation"
38197
+ },
38198
+ {
38199
+ "id": "NIST-800-53-SI-3",
38200
+ "framework": "NIST SP 800-53 Rev 5",
38201
+ "control_name": "Malicious Code Protection"
38202
+ },
38203
+ {
38204
+ "id": "NIST-800-82r3",
38205
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
38206
+ "control_name": "Guide to Operational Technology (OT) Security"
38207
+ },
38208
+ {
38209
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
38210
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38211
+ "control_name": "Prompt Injection"
38212
+ },
38213
+ {
38214
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
38215
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38216
+ "control_name": "Sensitive Information Disclosure"
38217
+ },
38218
+ {
38219
+ "id": "OWASP-Pen-Testing-Guide-v5",
38220
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
38221
+ "control_name": "Web application penetration testing methodology"
38222
+ },
38223
+ {
38224
+ "id": "PCI-DSS-4.0-6.3.3",
38225
+ "framework": "PCI DSS 4.0",
38226
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
38227
+ },
38228
+ {
38229
+ "id": "PTES-Pre-engagement",
38230
+ "framework": "Penetration Testing Execution Standard (PTES)",
38231
+ "control_name": "Pre-engagement Interactions"
38232
+ },
38233
+ {
38234
+ "id": "SOC2-CC6-logical-access",
38235
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
38236
+ "control_name": "Logical and Physical Access Controls"
38237
+ },
38238
+ {
38239
+ "id": "SOC2-CC9-vendor-management",
38240
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
38241
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
38242
+ }
38243
+ ],
38244
+ "attack_refs": [
38245
+ "T0855",
38246
+ "T0883",
38247
+ "T1059",
38248
+ "T1068",
38249
+ "T1078",
38250
+ "T1133",
38251
+ "T1190",
38252
+ "T1548.001",
38253
+ "T1566"
38254
+ ],
38255
+ "rfc_refs": [
38256
+ "RFC-4301",
38257
+ "RFC-4303",
38258
+ "RFC-7296"
38259
+ ]
38260
+ }
38261
+ },
38262
+ "CVE-2025-67818": {
38263
+ "name": "Weaviate Backup Restore ZipSlip Path Traversal",
38264
+ "rwep": 25,
38265
+ "cvss": 7.2,
38266
+ "cisa_kev": false,
38267
+ "epss_score": null,
38268
+ "referencing_skills": [
38269
+ "kernel-lpe-triage",
38270
+ "ai-attack-surface",
38271
+ "compliance-theater",
38272
+ "attack-surface-pentest",
38273
+ "ot-ics-security",
38274
+ "coordinated-vuln-disclosure",
38275
+ "sector-energy"
38276
+ ],
38277
+ "chain": {
38278
+ "cwes": [
38279
+ {
38280
+ "id": "CWE-1037",
38281
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
38282
+ "category": "Hardware / Side Channel"
38283
+ },
38284
+ {
38285
+ "id": "CWE-1039",
38286
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
38287
+ "category": "AI/ML"
38288
+ },
38289
+ {
38290
+ "id": "CWE-125",
38291
+ "name": "Out-of-bounds Read",
38292
+ "category": "Memory Safety"
38293
+ },
38294
+ {
38295
+ "id": "CWE-1357",
38296
+ "name": "Reliance on Insufficiently Trustworthy Component",
38297
+ "category": "Supply Chain"
38298
+ },
38299
+ {
38300
+ "id": "CWE-1395",
38301
+ "name": "Dependency on Vulnerable Third-Party Component",
38302
+ "category": "Supply Chain"
38303
+ },
38304
+ {
38305
+ "id": "CWE-1426",
38306
+ "name": "Improper Validation of Generative AI Output",
38307
+ "category": "AI/ML"
38308
+ },
38309
+ {
38310
+ "id": "CWE-22",
38311
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
38312
+ "category": "Path/Resource"
38313
+ },
38314
+ {
38315
+ "id": "CWE-269",
38316
+ "name": "Improper Privilege Management",
38317
+ "category": "Authorization"
38318
+ },
38319
+ {
38320
+ "id": "CWE-287",
38321
+ "name": "Improper Authentication",
38322
+ "category": "Authentication"
38323
+ },
38324
+ {
38325
+ "id": "CWE-306",
38326
+ "name": "Missing Authentication for Critical Function",
38327
+ "category": "Authentication"
38328
+ },
38329
+ {
38330
+ "id": "CWE-352",
38331
+ "name": "Cross-Site Request Forgery (CSRF)",
38332
+ "category": "Session"
38333
+ },
38334
+ {
38335
+ "id": "CWE-362",
38336
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
38337
+ "category": "Concurrency"
38338
+ },
38339
+ {
38340
+ "id": "CWE-416",
38341
+ "name": "Use After Free",
38342
+ "category": "Memory Safety"
38343
+ },
38344
+ {
38345
+ "id": "CWE-434",
38346
+ "name": "Unrestricted Upload of File with Dangerous Type",
38347
+ "category": "File Handling"
38348
+ },
38349
+ {
38350
+ "id": "CWE-672",
38351
+ "name": "Operation on a Resource after Expiration or Release",
38352
+ "category": "Memory Safety"
38353
+ },
38354
+ {
38355
+ "id": "CWE-732",
38356
+ "name": "Incorrect Permission Assignment for Critical Resource",
38357
+ "category": "Authorization"
38358
+ },
38359
+ {
38360
+ "id": "CWE-78",
38361
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
38362
+ "category": "Injection"
38363
+ },
38364
+ {
38365
+ "id": "CWE-787",
38366
+ "name": "Out-of-bounds Write",
38367
+ "category": "Memory Safety"
38368
+ },
38369
+ {
38370
+ "id": "CWE-79",
38371
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
38372
+ "category": "Injection"
38373
+ },
38374
+ {
38375
+ "id": "CWE-798",
38376
+ "name": "Use of Hard-coded Credentials",
38377
+ "category": "Credentials"
38378
+ },
38379
+ {
38380
+ "id": "CWE-89",
38381
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
38382
+ "category": "Injection"
38383
+ },
38384
+ {
38385
+ "id": "CWE-918",
38386
+ "name": "Server-Side Request Forgery (SSRF)",
38387
+ "category": "Network"
38388
+ },
38389
+ {
38390
+ "id": "CWE-94",
38391
+ "name": "Improper Control of Generation of Code (Code Injection)",
38392
+ "category": "Injection"
38393
+ }
38394
+ ],
38395
+ "atlas": [
38396
+ {
38397
+ "id": "AML.T0010",
38398
+ "name": "ML Supply Chain Compromise",
38399
+ "tactic": "Initial Access"
38400
+ },
38401
+ {
38402
+ "id": "AML.T0016",
38403
+ "name": "Obtain Capabilities: Develop Capabilities",
38404
+ "tactic": "Resource Development"
38405
+ },
38406
+ {
38407
+ "id": "AML.T0017",
38408
+ "name": "Discover ML Model Ontology",
38409
+ "tactic": "Discovery"
38410
+ },
38411
+ {
38412
+ "id": "AML.T0018",
38413
+ "name": "Backdoor ML Model",
38414
+ "tactic": "Persistence"
38415
+ },
38416
+ {
38417
+ "id": "AML.T0020",
38418
+ "name": "Poison Training Data",
38419
+ "tactic": "ML Attack Staging"
38420
+ },
38421
+ {
38422
+ "id": "AML.T0043",
38423
+ "name": "Craft Adversarial Data",
38424
+ "tactic": "ML Attack Staging"
38425
+ },
38426
+ {
38427
+ "id": "AML.T0051",
38428
+ "name": "LLM Prompt Injection",
38429
+ "tactic": "Execution"
38430
+ },
38431
+ {
38432
+ "id": "AML.T0054",
38433
+ "name": "LLM Jailbreak",
38434
+ "tactic": "Defense Evasion"
38435
+ },
38436
+ {
38437
+ "id": "AML.T0096",
38438
+ "name": "AI API as Covert C2 Channel",
38439
+ "tactic": "Command and Control"
38440
+ }
38441
+ ],
38442
+ "d3fend": [
38443
+ {
38444
+ "id": "D3-ASLR",
38445
+ "name": "Address Space Layout Randomization",
38446
+ "tactic": "Harden"
38447
+ },
38448
+ {
38449
+ "id": "D3-CSPP",
38450
+ "name": "Client-server Payload Profiling",
38451
+ "tactic": "Detect"
38452
+ },
38453
+ {
38454
+ "id": "D3-EAL",
38455
+ "name": "Executable Allowlisting",
38456
+ "tactic": "Harden"
38457
+ },
38458
+ {
38459
+ "id": "D3-IOPR",
38460
+ "name": "Input/Output Profiling Resource",
38461
+ "tactic": "Detect"
38462
+ },
38463
+ {
38464
+ "id": "D3-NTA",
38465
+ "name": "Network Traffic Analysis",
38466
+ "tactic": "Detect"
38467
+ },
38468
+ {
38469
+ "id": "D3-PHRA",
38470
+ "name": "Process Hardware Resource Access",
38471
+ "tactic": "Isolate"
38472
+ },
38473
+ {
38474
+ "id": "D3-PSEP",
38475
+ "name": "Process Segment Execution Prevention",
38476
+ "tactic": "Harden"
38477
+ }
38478
+ ],
38479
+ "framework_gaps": [
38480
+ {
38481
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
38482
+ "framework": "ALL",
38483
+ "control_name": "AI Pipeline Integrity"
38484
+ },
38485
+ {
38486
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
38487
+ "framework": "ALL",
38488
+ "control_name": "Prompt Injection as Access Control Failure"
38489
+ },
38490
+ {
38491
+ "id": "CIS-Controls-v8-Control7",
38492
+ "framework": "CIS Controls v8",
38493
+ "control_name": "Continuous Vulnerability Management"
38494
+ },
38495
+ {
38496
+ "id": "CMMC-2.0-Level-2",
38497
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
38498
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
38499
+ },
38500
+ {
38501
+ "id": "FedRAMP-Rev5-Moderate",
38502
+ "framework": "FedRAMP Rev 5 Moderate",
38503
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
38504
+ },
38505
+ {
38506
+ "id": "IEC-62443-3-3",
38507
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
38508
+ "control_name": "System security requirements and security levels"
38509
+ },
38510
+ {
38511
+ "id": "ISO-27001-2022-A.8.28",
38512
+ "framework": "ISO/IEC 27001:2022",
38513
+ "control_name": "Secure coding"
38514
+ },
38515
+ {
38516
+ "id": "ISO-27001-2022-A.8.8",
38517
+ "framework": "ISO/IEC 27001:2022",
38518
+ "control_name": "Management of technical vulnerabilities"
38519
+ },
38520
+ {
38521
+ "id": "ISO-IEC-23894-2023-clause-7",
38522
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
38523
+ "control_name": "AI risk management process"
38524
+ },
38525
+ {
38526
+ "id": "NERC-CIP-007-6-R4",
38527
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
38528
+ "control_name": "Security event monitoring"
38529
+ },
38530
+ {
38531
+ "id": "NIS2-Art21-patch-management",
38532
+ "framework": "EU NIS2 Directive",
38533
+ "control_name": "Vulnerability handling and disclosure"
38534
+ },
38535
+ {
38536
+ "id": "NIST-800-115",
38537
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
38538
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
38539
+ },
38540
+ {
38541
+ "id": "NIST-800-218-SSDF",
38542
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
38543
+ "control_name": "Secure Software Development Framework"
38544
+ },
38545
+ {
38546
+ "id": "NIST-800-53-AC-2",
38547
+ "framework": "NIST SP 800-53 Rev 5",
38548
+ "control_name": "Account Management"
38549
+ },
38550
+ {
38551
+ "id": "NIST-800-53-SC-8",
38552
+ "framework": "NIST SP 800-53 Rev 5",
38553
+ "control_name": "Transmission Confidentiality and Integrity"
38554
+ },
38555
+ {
38556
+ "id": "NIST-800-53-SI-2",
38557
+ "framework": "NIST SP 800-53 Rev 5",
38558
+ "control_name": "Flaw Remediation"
38559
+ },
38560
+ {
38561
+ "id": "NIST-800-53-SI-3",
38562
+ "framework": "NIST SP 800-53 Rev 5",
38563
+ "control_name": "Malicious Code Protection"
38564
+ },
38565
+ {
38566
+ "id": "NIST-800-82r3",
38567
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
38568
+ "control_name": "Guide to Operational Technology (OT) Security"
38569
+ },
38570
+ {
38571
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
38572
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38573
+ "control_name": "Prompt Injection"
38574
+ },
38575
+ {
38576
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
38577
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38578
+ "control_name": "Sensitive Information Disclosure"
38579
+ },
38580
+ {
38581
+ "id": "OWASP-Pen-Testing-Guide-v5",
38582
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
38583
+ "control_name": "Web application penetration testing methodology"
38584
+ },
38585
+ {
38586
+ "id": "PCI-DSS-4.0-6.3.3",
38587
+ "framework": "PCI DSS 4.0",
38588
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
38589
+ },
38590
+ {
38591
+ "id": "PTES-Pre-engagement",
38592
+ "framework": "Penetration Testing Execution Standard (PTES)",
38593
+ "control_name": "Pre-engagement Interactions"
38594
+ },
38595
+ {
38596
+ "id": "SOC2-CC6-logical-access",
38597
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
38598
+ "control_name": "Logical and Physical Access Controls"
38599
+ },
38600
+ {
38601
+ "id": "SOC2-CC9-vendor-management",
38602
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
38603
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
38604
+ }
38605
+ ],
38606
+ "attack_refs": [
38607
+ "T0855",
38608
+ "T0883",
38609
+ "T1059",
38610
+ "T1068",
38611
+ "T1078",
38612
+ "T1133",
38613
+ "T1190",
38614
+ "T1548.001",
38615
+ "T1566"
38616
+ ],
38617
+ "rfc_refs": [
38618
+ "RFC-4301",
38619
+ "RFC-4303",
38620
+ "RFC-7296"
38621
+ ]
38622
+ }
38623
+ },
37900
38624
  "CVE-2026-41091": {
37901
38625
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
37902
38626
  "rwep": 45,
@@ -64323,6 +65047,7 @@
64323
65047
  "CVE-2025-60455",
64324
65048
  "CVE-2025-64496",
64325
65049
  "CVE-2025-64513",
65050
+ "CVE-2025-67818",
64326
65051
  "CVE-2025-6965",
64327
65052
  "CVE-2025-8747",
64328
65053
  "CVE-2026-0766",
@@ -64351,6 +65076,7 @@
64351
65076
  "CVE-2026-42208",
64352
65077
  "CVE-2026-45321",
64353
65078
  "CVE-2026-45498",
65079
+ "CVE-2026-45829",
64354
65080
  "CVE-2026-46300",
64355
65081
  "CVE-2026-46333",
64356
65082
  "CVE-2026-9082",
@@ -64725,6 +65451,7 @@
64725
65451
  "CVE-2025-60455",
64726
65452
  "CVE-2025-64496",
64727
65453
  "CVE-2025-64513",
65454
+ "CVE-2025-67818",
64728
65455
  "CVE-2025-6965",
64729
65456
  "CVE-2025-8747",
64730
65457
  "CVE-2026-0766",
@@ -64752,6 +65479,7 @@
64752
65479
  "CVE-2026-42208",
64753
65480
  "CVE-2026-45321",
64754
65481
  "CVE-2026-45498",
65482
+ "CVE-2026-45829",
64755
65483
  "CVE-2026-46300",
64756
65484
  "CVE-2026-46333",
64757
65485
  "CVE-2026-9082",
@@ -64922,6 +65650,7 @@
64922
65650
  "CVE-2025-60455",
64923
65651
  "CVE-2025-64496",
64924
65652
  "CVE-2025-64513",
65653
+ "CVE-2025-67818",
64925
65654
  "CVE-2025-6965",
64926
65655
  "CVE-2025-8747",
64927
65656
  "CVE-2026-0766",
@@ -64949,6 +65678,7 @@
64949
65678
  "CVE-2026-42208",
64950
65679
  "CVE-2026-45321",
64951
65680
  "CVE-2026-45498",
65681
+ "CVE-2026-45829",
64952
65682
  "CVE-2026-46300",
64953
65683
  "CVE-2026-46333",
64954
65684
  "CVE-2026-9082",
@@ -65133,6 +65863,7 @@
65133
65863
  "CVE-2025-60455",
65134
65864
  "CVE-2025-64496",
65135
65865
  "CVE-2025-64513",
65866
+ "CVE-2025-67818",
65136
65867
  "CVE-2025-6965",
65137
65868
  "CVE-2025-8747",
65138
65869
  "CVE-2026-0766",
@@ -65160,6 +65891,7 @@
65160
65891
  "CVE-2026-42208",
65161
65892
  "CVE-2026-45321",
65162
65893
  "CVE-2026-45498",
65894
+ "CVE-2026-45829",
65163
65895
  "CVE-2026-46300",
65164
65896
  "CVE-2026-46333",
65165
65897
  "CVE-2026-9082",
@@ -65449,6 +66181,7 @@
65449
66181
  "CVE-2025-60455",
65450
66182
  "CVE-2025-64496",
65451
66183
  "CVE-2025-64513",
66184
+ "CVE-2025-67818",
65452
66185
  "CVE-2025-6965",
65453
66186
  "CVE-2025-8747",
65454
66187
  "CVE-2026-0766",
@@ -65476,6 +66209,7 @@
65476
66209
  "CVE-2026-40933",
65477
66210
  "CVE-2026-42208",
65478
66211
  "CVE-2026-45321",
66212
+ "CVE-2026-45829",
65479
66213
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
65480
66214
  "MAL-2026-3083",
65481
66215
  "MAL-2026-NODE-IPC-STEALER"
@@ -65860,6 +66594,7 @@
65860
66594
  "CVE-2025-6558",
65861
66595
  "CVE-2025-66376",
65862
66596
  "CVE-2025-66644",
66597
+ "CVE-2025-67818",
65863
66598
  "CVE-2025-68461",
65864
66599
  "CVE-2025-68613",
65865
66600
  "CVE-2025-68645",
@@ -65943,6 +66678,7 @@
65943
66678
  "CVE-2026-43500",
65944
66679
  "CVE-2026-45321",
65945
66680
  "CVE-2026-45498",
66681
+ "CVE-2026-45829",
65946
66682
  "CVE-2026-46300",
65947
66683
  "CVE-2026-46333",
65948
66684
  "CVE-2026-5281",
@@ -66582,6 +67318,7 @@
66582
67318
  "CVE-2025-60455",
66583
67319
  "CVE-2025-64496",
66584
67320
  "CVE-2025-64513",
67321
+ "CVE-2025-67818",
66585
67322
  "CVE-2025-6965",
66586
67323
  "CVE-2025-8747",
66587
67324
  "CVE-2026-0766",
@@ -66610,6 +67347,7 @@
66610
67347
  "CVE-2026-42208",
66611
67348
  "CVE-2026-45321",
66612
67349
  "CVE-2026-45498",
67350
+ "CVE-2026-45829",
66613
67351
  "CVE-2026-46300",
66614
67352
  "CVE-2026-46333",
66615
67353
  "CVE-2026-9082",
@@ -67218,6 +67956,7 @@
67218
67956
  "CVE-2025-60455",
67219
67957
  "CVE-2025-64496",
67220
67958
  "CVE-2025-64513",
67959
+ "CVE-2025-67818",
67221
67960
  "CVE-2025-6965",
67222
67961
  "CVE-2025-8747",
67223
67962
  "CVE-2026-0766",
@@ -67246,6 +67985,7 @@
67246
67985
  "CVE-2026-42208",
67247
67986
  "CVE-2026-45321",
67248
67987
  "CVE-2026-45498",
67988
+ "CVE-2026-45829",
67249
67989
  "CVE-2026-46300",
67250
67990
  "CVE-2026-46333",
67251
67991
  "CVE-2026-9082",
@@ -67489,6 +68229,7 @@
67489
68229
  "CVE-2025-60455",
67490
68230
  "CVE-2025-64496",
67491
68231
  "CVE-2025-64513",
68232
+ "CVE-2025-67818",
67492
68233
  "CVE-2025-8747",
67493
68234
  "CVE-2026-0766",
67494
68235
  "CVE-2026-22252",
@@ -67514,6 +68255,7 @@
67514
68255
  "CVE-2026-41091",
67515
68256
  "CVE-2026-45321",
67516
68257
  "CVE-2026-45498",
68258
+ "CVE-2026-45829",
67517
68259
  "CVE-2026-46300",
67518
68260
  "CVE-2026-46333",
67519
68261
  "CVE-2026-9082",
@@ -68192,6 +68934,7 @@
68192
68934
  "CVE-2025-60455",
68193
68935
  "CVE-2025-64496",
68194
68936
  "CVE-2025-64513",
68937
+ "CVE-2025-67818",
68195
68938
  "CVE-2025-6965",
68196
68939
  "CVE-2025-8747",
68197
68940
  "CVE-2026-0766",
@@ -68220,6 +68963,7 @@
68220
68963
  "CVE-2026-42208",
68221
68964
  "CVE-2026-45321",
68222
68965
  "CVE-2026-45498",
68966
+ "CVE-2026-45829",
68223
68967
  "CVE-2026-46300",
68224
68968
  "CVE-2026-46333",
68225
68969
  "CVE-2026-9082",
@@ -68607,6 +69351,7 @@
68607
69351
  "CVE-2025-6558",
68608
69352
  "CVE-2025-66376",
68609
69353
  "CVE-2025-66644",
69354
+ "CVE-2025-67818",
68610
69355
  "CVE-2025-68461",
68611
69356
  "CVE-2025-68613",
68612
69357
  "CVE-2025-68645",
@@ -68690,6 +69435,7 @@
68690
69435
  "CVE-2026-43500",
68691
69436
  "CVE-2026-45321",
68692
69437
  "CVE-2026-45498",
69438
+ "CVE-2026-45829",
68693
69439
  "CVE-2026-46300",
68694
69440
  "CVE-2026-46333",
68695
69441
  "CVE-2026-5281",
@@ -69064,6 +69810,7 @@
69064
69810
  "CVE-2025-6558",
69065
69811
  "CVE-2025-66376",
69066
69812
  "CVE-2025-66644",
69813
+ "CVE-2025-67818",
69067
69814
  "CVE-2025-68461",
69068
69815
  "CVE-2025-68613",
69069
69816
  "CVE-2025-68645",
@@ -69147,6 +69894,7 @@
69147
69894
  "CVE-2026-43500",
69148
69895
  "CVE-2026-45321",
69149
69896
  "CVE-2026-45498",
69897
+ "CVE-2026-45829",
69150
69898
  "CVE-2026-46300",
69151
69899
  "CVE-2026-46333",
69152
69900
  "CVE-2026-5281",
@@ -69415,6 +70163,7 @@
69415
70163
  "CVE-2025-60455",
69416
70164
  "CVE-2025-64496",
69417
70165
  "CVE-2025-64513",
70166
+ "CVE-2025-67818",
69418
70167
  "CVE-2025-6965",
69419
70168
  "CVE-2025-8747",
69420
70169
  "CVE-2026-0766",
@@ -69443,6 +70192,7 @@
69443
70192
  "CVE-2026-42208",
69444
70193
  "CVE-2026-45321",
69445
70194
  "CVE-2026-45498",
70195
+ "CVE-2026-45829",
69446
70196
  "CVE-2026-46300",
69447
70197
  "CVE-2026-46333",
69448
70198
  "CVE-2026-9082",
@@ -70382,6 +71132,7 @@
70382
71132
  "CVE-2025-6558",
70383
71133
  "CVE-2025-66376",
70384
71134
  "CVE-2025-66644",
71135
+ "CVE-2025-67818",
70385
71136
  "CVE-2025-68461",
70386
71137
  "CVE-2025-68613",
70387
71138
  "CVE-2025-68645",
@@ -70465,6 +71216,7 @@
70465
71216
  "CVE-2026-43500",
70466
71217
  "CVE-2026-45321",
70467
71218
  "CVE-2026-45498",
71219
+ "CVE-2026-45829",
70468
71220
  "CVE-2026-46300",
70469
71221
  "CVE-2026-46333",
70470
71222
  "CVE-2026-5281",
@@ -70797,6 +71549,7 @@
70797
71549
  "CVE-2025-60455",
70798
71550
  "CVE-2025-64496",
70799
71551
  "CVE-2025-64513",
71552
+ "CVE-2025-67818",
70800
71553
  "CVE-2025-6965",
70801
71554
  "CVE-2025-8747",
70802
71555
  "CVE-2026-0766",
@@ -70825,6 +71578,7 @@
70825
71578
  "CVE-2026-42208",
70826
71579
  "CVE-2026-45321",
70827
71580
  "CVE-2026-45498",
71581
+ "CVE-2026-45829",
70828
71582
  "CVE-2026-46300",
70829
71583
  "CVE-2026-46333",
70830
71584
  "CVE-2026-9082",
@@ -71294,6 +72048,7 @@
71294
72048
  "CVE-2025-6558",
71295
72049
  "CVE-2025-66376",
71296
72050
  "CVE-2025-66644",
72051
+ "CVE-2025-67818",
71297
72052
  "CVE-2025-68461",
71298
72053
  "CVE-2025-68613",
71299
72054
  "CVE-2025-68645",
@@ -71380,6 +72135,7 @@
71380
72135
  "CVE-2026-43500",
71381
72136
  "CVE-2026-45321",
71382
72137
  "CVE-2026-45498",
72138
+ "CVE-2026-45829",
71383
72139
  "CVE-2026-46300",
71384
72140
  "CVE-2026-46333",
71385
72141
  "CVE-2026-5281",
@@ -71723,6 +72479,7 @@
71723
72479
  "CVE-2025-60455",
71724
72480
  "CVE-2025-64496",
71725
72481
  "CVE-2025-64513",
72482
+ "CVE-2025-67818",
71726
72483
  "CVE-2025-8747",
71727
72484
  "CVE-2026-0766",
71728
72485
  "CVE-2026-22252",
@@ -71748,6 +72505,7 @@
71748
72505
  "CVE-2026-41091",
71749
72506
  "CVE-2026-45321",
71750
72507
  "CVE-2026-45498",
72508
+ "CVE-2026-45829",
71751
72509
  "CVE-2026-46300",
71752
72510
  "CVE-2026-46333",
71753
72511
  "CVE-2026-9082",
@@ -72695,6 +73453,7 @@
72695
73453
  "CVE-2025-60455",
72696
73454
  "CVE-2025-64496",
72697
73455
  "CVE-2025-64513",
73456
+ "CVE-2025-67818",
72698
73457
  "CVE-2025-6965",
72699
73458
  "CVE-2025-8747",
72700
73459
  "CVE-2026-0766",
@@ -72723,6 +73482,7 @@
72723
73482
  "CVE-2026-42208",
72724
73483
  "CVE-2026-45321",
72725
73484
  "CVE-2026-45498",
73485
+ "CVE-2026-45829",
72726
73486
  "CVE-2026-46300",
72727
73487
  "CVE-2026-46333",
72728
73488
  "CVE-2026-9082",
@@ -72825,6 +73585,7 @@
72825
73585
  "CVE-2025-60455",
72826
73586
  "CVE-2025-64496",
72827
73587
  "CVE-2025-64513",
73588
+ "CVE-2025-67818",
72828
73589
  "CVE-2025-8747",
72829
73590
  "CVE-2026-0766",
72830
73591
  "CVE-2026-22252",
@@ -72849,6 +73610,7 @@
72849
73610
  "CVE-2026-41091",
72850
73611
  "CVE-2026-45321",
72851
73612
  "CVE-2026-45498",
73613
+ "CVE-2026-45829",
72852
73614
  "CVE-2026-46300",
72853
73615
  "CVE-2026-46333",
72854
73616
  "CVE-2026-9082",
@@ -73029,6 +73791,7 @@
73029
73791
  "CVE-2025-60455",
73030
73792
  "CVE-2025-64496",
73031
73793
  "CVE-2025-64513",
73794
+ "CVE-2025-67818",
73032
73795
  "CVE-2025-6965",
73033
73796
  "CVE-2025-8747",
73034
73797
  "CVE-2026-0766",
@@ -73053,7 +73816,8 @@
73053
73816
  "CVE-2026-34159",
73054
73817
  "CVE-2026-39884",
73055
73818
  "CVE-2026-40933",
73056
- "CVE-2026-42208"
73819
+ "CVE-2026-42208",
73820
+ "CVE-2026-45829"
73057
73821
  ]
73058
73822
  },
73059
73823
  "CWE-1188": {
@@ -73619,6 +74383,7 @@
73619
74383
  "CVE-2025-6558",
73620
74384
  "CVE-2025-66376",
73621
74385
  "CVE-2025-66644",
74386
+ "CVE-2025-67818",
73622
74387
  "CVE-2025-68461",
73623
74388
  "CVE-2025-68613",
73624
74389
  "CVE-2025-68645",
@@ -73695,6 +74460,7 @@
73695
74460
  "CVE-2026-42945",
73696
74461
  "CVE-2026-45321",
73697
74462
  "CVE-2026-45498",
74463
+ "CVE-2026-45829",
73698
74464
  "CVE-2026-46300",
73699
74465
  "CVE-2026-46333",
73700
74466
  "CVE-2026-5281",
@@ -73967,6 +74733,7 @@
73967
74733
  "CVE-2025-60455",
73968
74734
  "CVE-2025-64496",
73969
74735
  "CVE-2025-64513",
74736
+ "CVE-2025-67818",
73970
74737
  "CVE-2025-6965",
73971
74738
  "CVE-2025-8747",
73972
74739
  "CVE-2026-0766",
@@ -73994,6 +74761,7 @@
73994
74761
  "CVE-2026-41091",
73995
74762
  "CVE-2026-45321",
73996
74763
  "CVE-2026-45498",
74764
+ "CVE-2026-45829",
73997
74765
  "CVE-2026-46300",
73998
74766
  "CVE-2026-46333",
73999
74767
  "CVE-2026-9082",
@@ -74294,6 +75062,7 @@
74294
75062
  "CVE-2025-60455",
74295
75063
  "CVE-2025-64496",
74296
75064
  "CVE-2025-64513",
75065
+ "CVE-2025-67818",
74297
75066
  "CVE-2025-6965",
74298
75067
  "CVE-2025-8747",
74299
75068
  "CVE-2026-0766",
@@ -74323,6 +75092,7 @@
74323
75092
  "CVE-2026-42897",
74324
75093
  "CVE-2026-43284",
74325
75094
  "CVE-2026-45321",
75095
+ "CVE-2026-45829",
74326
75096
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
74327
75097
  "MAL-2026-3083",
74328
75098
  "MAL-2026-NODE-IPC-STEALER",