@blamejs/exceptd-skills 0.13.100 → 0.13.102

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +1667 -1
  6. package/data/atlas-ttps.json +12 -3
  7. package/data/attack-techniques.json +7 -0
  8. package/data/cve-catalog.json +427 -1
  9. package/data/cwe-catalog.json +5 -0
  10. package/data/framework-control-gaps.json +40 -2
  11. package/data/zeroday-lessons.json +200 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -37897,6 +37897,1578 @@
37897
37897
  ]
37898
37898
  }
37899
37899
  },
37900
+ "CVE-2026-45829": {
37901
+ "name": "ChromaDB FastAPI Pre-Auth Remote Code Execution (ChromaToast)",
37902
+ "rwep": 44,
37903
+ "cvss": 10,
37904
+ "cisa_kev": false,
37905
+ "epss_score": null,
37906
+ "referencing_skills": [
37907
+ "kernel-lpe-triage",
37908
+ "ai-attack-surface",
37909
+ "compliance-theater",
37910
+ "attack-surface-pentest",
37911
+ "ot-ics-security",
37912
+ "coordinated-vuln-disclosure",
37913
+ "sector-energy"
37914
+ ],
37915
+ "chain": {
37916
+ "cwes": [
37917
+ {
37918
+ "id": "CWE-1037",
37919
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
37920
+ "category": "Hardware / Side Channel"
37921
+ },
37922
+ {
37923
+ "id": "CWE-1039",
37924
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
37925
+ "category": "AI/ML"
37926
+ },
37927
+ {
37928
+ "id": "CWE-125",
37929
+ "name": "Out-of-bounds Read",
37930
+ "category": "Memory Safety"
37931
+ },
37932
+ {
37933
+ "id": "CWE-1357",
37934
+ "name": "Reliance on Insufficiently Trustworthy Component",
37935
+ "category": "Supply Chain"
37936
+ },
37937
+ {
37938
+ "id": "CWE-1395",
37939
+ "name": "Dependency on Vulnerable Third-Party Component",
37940
+ "category": "Supply Chain"
37941
+ },
37942
+ {
37943
+ "id": "CWE-1426",
37944
+ "name": "Improper Validation of Generative AI Output",
37945
+ "category": "AI/ML"
37946
+ },
37947
+ {
37948
+ "id": "CWE-22",
37949
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
37950
+ "category": "Path/Resource"
37951
+ },
37952
+ {
37953
+ "id": "CWE-269",
37954
+ "name": "Improper Privilege Management",
37955
+ "category": "Authorization"
37956
+ },
37957
+ {
37958
+ "id": "CWE-287",
37959
+ "name": "Improper Authentication",
37960
+ "category": "Authentication"
37961
+ },
37962
+ {
37963
+ "id": "CWE-306",
37964
+ "name": "Missing Authentication for Critical Function",
37965
+ "category": "Authentication"
37966
+ },
37967
+ {
37968
+ "id": "CWE-352",
37969
+ "name": "Cross-Site Request Forgery (CSRF)",
37970
+ "category": "Session"
37971
+ },
37972
+ {
37973
+ "id": "CWE-362",
37974
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
37975
+ "category": "Concurrency"
37976
+ },
37977
+ {
37978
+ "id": "CWE-416",
37979
+ "name": "Use After Free",
37980
+ "category": "Memory Safety"
37981
+ },
37982
+ {
37983
+ "id": "CWE-434",
37984
+ "name": "Unrestricted Upload of File with Dangerous Type",
37985
+ "category": "File Handling"
37986
+ },
37987
+ {
37988
+ "id": "CWE-672",
37989
+ "name": "Operation on a Resource after Expiration or Release",
37990
+ "category": "Memory Safety"
37991
+ },
37992
+ {
37993
+ "id": "CWE-732",
37994
+ "name": "Incorrect Permission Assignment for Critical Resource",
37995
+ "category": "Authorization"
37996
+ },
37997
+ {
37998
+ "id": "CWE-78",
37999
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
38000
+ "category": "Injection"
38001
+ },
38002
+ {
38003
+ "id": "CWE-787",
38004
+ "name": "Out-of-bounds Write",
38005
+ "category": "Memory Safety"
38006
+ },
38007
+ {
38008
+ "id": "CWE-79",
38009
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
38010
+ "category": "Injection"
38011
+ },
38012
+ {
38013
+ "id": "CWE-798",
38014
+ "name": "Use of Hard-coded Credentials",
38015
+ "category": "Credentials"
38016
+ },
38017
+ {
38018
+ "id": "CWE-89",
38019
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
38020
+ "category": "Injection"
38021
+ },
38022
+ {
38023
+ "id": "CWE-918",
38024
+ "name": "Server-Side Request Forgery (SSRF)",
38025
+ "category": "Network"
38026
+ },
38027
+ {
38028
+ "id": "CWE-94",
38029
+ "name": "Improper Control of Generation of Code (Code Injection)",
38030
+ "category": "Injection"
38031
+ }
38032
+ ],
38033
+ "atlas": [
38034
+ {
38035
+ "id": "AML.T0010",
38036
+ "name": "ML Supply Chain Compromise",
38037
+ "tactic": "Initial Access"
38038
+ },
38039
+ {
38040
+ "id": "AML.T0016",
38041
+ "name": "Obtain Capabilities: Develop Capabilities",
38042
+ "tactic": "Resource Development"
38043
+ },
38044
+ {
38045
+ "id": "AML.T0017",
38046
+ "name": "Discover ML Model Ontology",
38047
+ "tactic": "Discovery"
38048
+ },
38049
+ {
38050
+ "id": "AML.T0018",
38051
+ "name": "Backdoor ML Model",
38052
+ "tactic": "Persistence"
38053
+ },
38054
+ {
38055
+ "id": "AML.T0020",
38056
+ "name": "Poison Training Data",
38057
+ "tactic": "ML Attack Staging"
38058
+ },
38059
+ {
38060
+ "id": "AML.T0043",
38061
+ "name": "Craft Adversarial Data",
38062
+ "tactic": "ML Attack Staging"
38063
+ },
38064
+ {
38065
+ "id": "AML.T0051",
38066
+ "name": "LLM Prompt Injection",
38067
+ "tactic": "Execution"
38068
+ },
38069
+ {
38070
+ "id": "AML.T0054",
38071
+ "name": "LLM Jailbreak",
38072
+ "tactic": "Defense Evasion"
38073
+ },
38074
+ {
38075
+ "id": "AML.T0096",
38076
+ "name": "AI API as Covert C2 Channel",
38077
+ "tactic": "Command and Control"
38078
+ }
38079
+ ],
38080
+ "d3fend": [
38081
+ {
38082
+ "id": "D3-ASLR",
38083
+ "name": "Address Space Layout Randomization",
38084
+ "tactic": "Harden"
38085
+ },
38086
+ {
38087
+ "id": "D3-CSPP",
38088
+ "name": "Client-server Payload Profiling",
38089
+ "tactic": "Detect"
38090
+ },
38091
+ {
38092
+ "id": "D3-EAL",
38093
+ "name": "Executable Allowlisting",
38094
+ "tactic": "Harden"
38095
+ },
38096
+ {
38097
+ "id": "D3-IOPR",
38098
+ "name": "Input/Output Profiling Resource",
38099
+ "tactic": "Detect"
38100
+ },
38101
+ {
38102
+ "id": "D3-NTA",
38103
+ "name": "Network Traffic Analysis",
38104
+ "tactic": "Detect"
38105
+ },
38106
+ {
38107
+ "id": "D3-PHRA",
38108
+ "name": "Process Hardware Resource Access",
38109
+ "tactic": "Isolate"
38110
+ },
38111
+ {
38112
+ "id": "D3-PSEP",
38113
+ "name": "Process Segment Execution Prevention",
38114
+ "tactic": "Harden"
38115
+ }
38116
+ ],
38117
+ "framework_gaps": [
38118
+ {
38119
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
38120
+ "framework": "ALL",
38121
+ "control_name": "AI Pipeline Integrity"
38122
+ },
38123
+ {
38124
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
38125
+ "framework": "ALL",
38126
+ "control_name": "Prompt Injection as Access Control Failure"
38127
+ },
38128
+ {
38129
+ "id": "CIS-Controls-v8-Control7",
38130
+ "framework": "CIS Controls v8",
38131
+ "control_name": "Continuous Vulnerability Management"
38132
+ },
38133
+ {
38134
+ "id": "CMMC-2.0-Level-2",
38135
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
38136
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
38137
+ },
38138
+ {
38139
+ "id": "FedRAMP-Rev5-Moderate",
38140
+ "framework": "FedRAMP Rev 5 Moderate",
38141
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
38142
+ },
38143
+ {
38144
+ "id": "IEC-62443-3-3",
38145
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
38146
+ "control_name": "System security requirements and security levels"
38147
+ },
38148
+ {
38149
+ "id": "ISO-27001-2022-A.8.28",
38150
+ "framework": "ISO/IEC 27001:2022",
38151
+ "control_name": "Secure coding"
38152
+ },
38153
+ {
38154
+ "id": "ISO-27001-2022-A.8.8",
38155
+ "framework": "ISO/IEC 27001:2022",
38156
+ "control_name": "Management of technical vulnerabilities"
38157
+ },
38158
+ {
38159
+ "id": "ISO-IEC-23894-2023-clause-7",
38160
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
38161
+ "control_name": "AI risk management process"
38162
+ },
38163
+ {
38164
+ "id": "NERC-CIP-007-6-R4",
38165
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
38166
+ "control_name": "Security event monitoring"
38167
+ },
38168
+ {
38169
+ "id": "NIS2-Art21-patch-management",
38170
+ "framework": "EU NIS2 Directive",
38171
+ "control_name": "Vulnerability handling and disclosure"
38172
+ },
38173
+ {
38174
+ "id": "NIST-800-115",
38175
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
38176
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
38177
+ },
38178
+ {
38179
+ "id": "NIST-800-218-SSDF",
38180
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
38181
+ "control_name": "Secure Software Development Framework"
38182
+ },
38183
+ {
38184
+ "id": "NIST-800-53-AC-2",
38185
+ "framework": "NIST SP 800-53 Rev 5",
38186
+ "control_name": "Account Management"
38187
+ },
38188
+ {
38189
+ "id": "NIST-800-53-SC-8",
38190
+ "framework": "NIST SP 800-53 Rev 5",
38191
+ "control_name": "Transmission Confidentiality and Integrity"
38192
+ },
38193
+ {
38194
+ "id": "NIST-800-53-SI-2",
38195
+ "framework": "NIST SP 800-53 Rev 5",
38196
+ "control_name": "Flaw Remediation"
38197
+ },
38198
+ {
38199
+ "id": "NIST-800-53-SI-3",
38200
+ "framework": "NIST SP 800-53 Rev 5",
38201
+ "control_name": "Malicious Code Protection"
38202
+ },
38203
+ {
38204
+ "id": "NIST-800-82r3",
38205
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
38206
+ "control_name": "Guide to Operational Technology (OT) Security"
38207
+ },
38208
+ {
38209
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
38210
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38211
+ "control_name": "Prompt Injection"
38212
+ },
38213
+ {
38214
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
38215
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38216
+ "control_name": "Sensitive Information Disclosure"
38217
+ },
38218
+ {
38219
+ "id": "OWASP-Pen-Testing-Guide-v5",
38220
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
38221
+ "control_name": "Web application penetration testing methodology"
38222
+ },
38223
+ {
38224
+ "id": "PCI-DSS-4.0-6.3.3",
38225
+ "framework": "PCI DSS 4.0",
38226
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
38227
+ },
38228
+ {
38229
+ "id": "PTES-Pre-engagement",
38230
+ "framework": "Penetration Testing Execution Standard (PTES)",
38231
+ "control_name": "Pre-engagement Interactions"
38232
+ },
38233
+ {
38234
+ "id": "SOC2-CC6-logical-access",
38235
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
38236
+ "control_name": "Logical and Physical Access Controls"
38237
+ },
38238
+ {
38239
+ "id": "SOC2-CC9-vendor-management",
38240
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
38241
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
38242
+ }
38243
+ ],
38244
+ "attack_refs": [
38245
+ "T0855",
38246
+ "T0883",
38247
+ "T1059",
38248
+ "T1068",
38249
+ "T1078",
38250
+ "T1133",
38251
+ "T1190",
38252
+ "T1548.001",
38253
+ "T1566"
38254
+ ],
38255
+ "rfc_refs": [
38256
+ "RFC-4301",
38257
+ "RFC-4303",
38258
+ "RFC-7296"
38259
+ ]
38260
+ }
38261
+ },
38262
+ "CVE-2025-67818": {
38263
+ "name": "Weaviate Backup Restore ZipSlip Path Traversal",
38264
+ "rwep": 25,
38265
+ "cvss": 7.2,
38266
+ "cisa_kev": false,
38267
+ "epss_score": null,
38268
+ "referencing_skills": [
38269
+ "kernel-lpe-triage",
38270
+ "ai-attack-surface",
38271
+ "compliance-theater",
38272
+ "attack-surface-pentest",
38273
+ "ot-ics-security",
38274
+ "coordinated-vuln-disclosure",
38275
+ "sector-energy"
38276
+ ],
38277
+ "chain": {
38278
+ "cwes": [
38279
+ {
38280
+ "id": "CWE-1037",
38281
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
38282
+ "category": "Hardware / Side Channel"
38283
+ },
38284
+ {
38285
+ "id": "CWE-1039",
38286
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
38287
+ "category": "AI/ML"
38288
+ },
38289
+ {
38290
+ "id": "CWE-125",
38291
+ "name": "Out-of-bounds Read",
38292
+ "category": "Memory Safety"
38293
+ },
38294
+ {
38295
+ "id": "CWE-1357",
38296
+ "name": "Reliance on Insufficiently Trustworthy Component",
38297
+ "category": "Supply Chain"
38298
+ },
38299
+ {
38300
+ "id": "CWE-1395",
38301
+ "name": "Dependency on Vulnerable Third-Party Component",
38302
+ "category": "Supply Chain"
38303
+ },
38304
+ {
38305
+ "id": "CWE-1426",
38306
+ "name": "Improper Validation of Generative AI Output",
38307
+ "category": "AI/ML"
38308
+ },
38309
+ {
38310
+ "id": "CWE-22",
38311
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
38312
+ "category": "Path/Resource"
38313
+ },
38314
+ {
38315
+ "id": "CWE-269",
38316
+ "name": "Improper Privilege Management",
38317
+ "category": "Authorization"
38318
+ },
38319
+ {
38320
+ "id": "CWE-287",
38321
+ "name": "Improper Authentication",
38322
+ "category": "Authentication"
38323
+ },
38324
+ {
38325
+ "id": "CWE-306",
38326
+ "name": "Missing Authentication for Critical Function",
38327
+ "category": "Authentication"
38328
+ },
38329
+ {
38330
+ "id": "CWE-352",
38331
+ "name": "Cross-Site Request Forgery (CSRF)",
38332
+ "category": "Session"
38333
+ },
38334
+ {
38335
+ "id": "CWE-362",
38336
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
38337
+ "category": "Concurrency"
38338
+ },
38339
+ {
38340
+ "id": "CWE-416",
38341
+ "name": "Use After Free",
38342
+ "category": "Memory Safety"
38343
+ },
38344
+ {
38345
+ "id": "CWE-434",
38346
+ "name": "Unrestricted Upload of File with Dangerous Type",
38347
+ "category": "File Handling"
38348
+ },
38349
+ {
38350
+ "id": "CWE-672",
38351
+ "name": "Operation on a Resource after Expiration or Release",
38352
+ "category": "Memory Safety"
38353
+ },
38354
+ {
38355
+ "id": "CWE-732",
38356
+ "name": "Incorrect Permission Assignment for Critical Resource",
38357
+ "category": "Authorization"
38358
+ },
38359
+ {
38360
+ "id": "CWE-78",
38361
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
38362
+ "category": "Injection"
38363
+ },
38364
+ {
38365
+ "id": "CWE-787",
38366
+ "name": "Out-of-bounds Write",
38367
+ "category": "Memory Safety"
38368
+ },
38369
+ {
38370
+ "id": "CWE-79",
38371
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
38372
+ "category": "Injection"
38373
+ },
38374
+ {
38375
+ "id": "CWE-798",
38376
+ "name": "Use of Hard-coded Credentials",
38377
+ "category": "Credentials"
38378
+ },
38379
+ {
38380
+ "id": "CWE-89",
38381
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
38382
+ "category": "Injection"
38383
+ },
38384
+ {
38385
+ "id": "CWE-918",
38386
+ "name": "Server-Side Request Forgery (SSRF)",
38387
+ "category": "Network"
38388
+ },
38389
+ {
38390
+ "id": "CWE-94",
38391
+ "name": "Improper Control of Generation of Code (Code Injection)",
38392
+ "category": "Injection"
38393
+ }
38394
+ ],
38395
+ "atlas": [
38396
+ {
38397
+ "id": "AML.T0010",
38398
+ "name": "ML Supply Chain Compromise",
38399
+ "tactic": "Initial Access"
38400
+ },
38401
+ {
38402
+ "id": "AML.T0016",
38403
+ "name": "Obtain Capabilities: Develop Capabilities",
38404
+ "tactic": "Resource Development"
38405
+ },
38406
+ {
38407
+ "id": "AML.T0017",
38408
+ "name": "Discover ML Model Ontology",
38409
+ "tactic": "Discovery"
38410
+ },
38411
+ {
38412
+ "id": "AML.T0018",
38413
+ "name": "Backdoor ML Model",
38414
+ "tactic": "Persistence"
38415
+ },
38416
+ {
38417
+ "id": "AML.T0020",
38418
+ "name": "Poison Training Data",
38419
+ "tactic": "ML Attack Staging"
38420
+ },
38421
+ {
38422
+ "id": "AML.T0043",
38423
+ "name": "Craft Adversarial Data",
38424
+ "tactic": "ML Attack Staging"
38425
+ },
38426
+ {
38427
+ "id": "AML.T0051",
38428
+ "name": "LLM Prompt Injection",
38429
+ "tactic": "Execution"
38430
+ },
38431
+ {
38432
+ "id": "AML.T0054",
38433
+ "name": "LLM Jailbreak",
38434
+ "tactic": "Defense Evasion"
38435
+ },
38436
+ {
38437
+ "id": "AML.T0096",
38438
+ "name": "AI API as Covert C2 Channel",
38439
+ "tactic": "Command and Control"
38440
+ }
38441
+ ],
38442
+ "d3fend": [
38443
+ {
38444
+ "id": "D3-ASLR",
38445
+ "name": "Address Space Layout Randomization",
38446
+ "tactic": "Harden"
38447
+ },
38448
+ {
38449
+ "id": "D3-CSPP",
38450
+ "name": "Client-server Payload Profiling",
38451
+ "tactic": "Detect"
38452
+ },
38453
+ {
38454
+ "id": "D3-EAL",
38455
+ "name": "Executable Allowlisting",
38456
+ "tactic": "Harden"
38457
+ },
38458
+ {
38459
+ "id": "D3-IOPR",
38460
+ "name": "Input/Output Profiling Resource",
38461
+ "tactic": "Detect"
38462
+ },
38463
+ {
38464
+ "id": "D3-NTA",
38465
+ "name": "Network Traffic Analysis",
38466
+ "tactic": "Detect"
38467
+ },
38468
+ {
38469
+ "id": "D3-PHRA",
38470
+ "name": "Process Hardware Resource Access",
38471
+ "tactic": "Isolate"
38472
+ },
38473
+ {
38474
+ "id": "D3-PSEP",
38475
+ "name": "Process Segment Execution Prevention",
38476
+ "tactic": "Harden"
38477
+ }
38478
+ ],
38479
+ "framework_gaps": [
38480
+ {
38481
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
38482
+ "framework": "ALL",
38483
+ "control_name": "AI Pipeline Integrity"
38484
+ },
38485
+ {
38486
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
38487
+ "framework": "ALL",
38488
+ "control_name": "Prompt Injection as Access Control Failure"
38489
+ },
38490
+ {
38491
+ "id": "CIS-Controls-v8-Control7",
38492
+ "framework": "CIS Controls v8",
38493
+ "control_name": "Continuous Vulnerability Management"
38494
+ },
38495
+ {
38496
+ "id": "CMMC-2.0-Level-2",
38497
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
38498
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
38499
+ },
38500
+ {
38501
+ "id": "FedRAMP-Rev5-Moderate",
38502
+ "framework": "FedRAMP Rev 5 Moderate",
38503
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
38504
+ },
38505
+ {
38506
+ "id": "IEC-62443-3-3",
38507
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
38508
+ "control_name": "System security requirements and security levels"
38509
+ },
38510
+ {
38511
+ "id": "ISO-27001-2022-A.8.28",
38512
+ "framework": "ISO/IEC 27001:2022",
38513
+ "control_name": "Secure coding"
38514
+ },
38515
+ {
38516
+ "id": "ISO-27001-2022-A.8.8",
38517
+ "framework": "ISO/IEC 27001:2022",
38518
+ "control_name": "Management of technical vulnerabilities"
38519
+ },
38520
+ {
38521
+ "id": "ISO-IEC-23894-2023-clause-7",
38522
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
38523
+ "control_name": "AI risk management process"
38524
+ },
38525
+ {
38526
+ "id": "NERC-CIP-007-6-R4",
38527
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
38528
+ "control_name": "Security event monitoring"
38529
+ },
38530
+ {
38531
+ "id": "NIS2-Art21-patch-management",
38532
+ "framework": "EU NIS2 Directive",
38533
+ "control_name": "Vulnerability handling and disclosure"
38534
+ },
38535
+ {
38536
+ "id": "NIST-800-115",
38537
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
38538
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
38539
+ },
38540
+ {
38541
+ "id": "NIST-800-218-SSDF",
38542
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
38543
+ "control_name": "Secure Software Development Framework"
38544
+ },
38545
+ {
38546
+ "id": "NIST-800-53-AC-2",
38547
+ "framework": "NIST SP 800-53 Rev 5",
38548
+ "control_name": "Account Management"
38549
+ },
38550
+ {
38551
+ "id": "NIST-800-53-SC-8",
38552
+ "framework": "NIST SP 800-53 Rev 5",
38553
+ "control_name": "Transmission Confidentiality and Integrity"
38554
+ },
38555
+ {
38556
+ "id": "NIST-800-53-SI-2",
38557
+ "framework": "NIST SP 800-53 Rev 5",
38558
+ "control_name": "Flaw Remediation"
38559
+ },
38560
+ {
38561
+ "id": "NIST-800-53-SI-3",
38562
+ "framework": "NIST SP 800-53 Rev 5",
38563
+ "control_name": "Malicious Code Protection"
38564
+ },
38565
+ {
38566
+ "id": "NIST-800-82r3",
38567
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
38568
+ "control_name": "Guide to Operational Technology (OT) Security"
38569
+ },
38570
+ {
38571
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
38572
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38573
+ "control_name": "Prompt Injection"
38574
+ },
38575
+ {
38576
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
38577
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38578
+ "control_name": "Sensitive Information Disclosure"
38579
+ },
38580
+ {
38581
+ "id": "OWASP-Pen-Testing-Guide-v5",
38582
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
38583
+ "control_name": "Web application penetration testing methodology"
38584
+ },
38585
+ {
38586
+ "id": "PCI-DSS-4.0-6.3.3",
38587
+ "framework": "PCI DSS 4.0",
38588
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
38589
+ },
38590
+ {
38591
+ "id": "PTES-Pre-engagement",
38592
+ "framework": "Penetration Testing Execution Standard (PTES)",
38593
+ "control_name": "Pre-engagement Interactions"
38594
+ },
38595
+ {
38596
+ "id": "SOC2-CC6-logical-access",
38597
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
38598
+ "control_name": "Logical and Physical Access Controls"
38599
+ },
38600
+ {
38601
+ "id": "SOC2-CC9-vendor-management",
38602
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
38603
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
38604
+ }
38605
+ ],
38606
+ "attack_refs": [
38607
+ "T0855",
38608
+ "T0883",
38609
+ "T1059",
38610
+ "T1068",
38611
+ "T1078",
38612
+ "T1133",
38613
+ "T1190",
38614
+ "T1548.001",
38615
+ "T1566"
38616
+ ],
38617
+ "rfc_refs": [
38618
+ "RFC-4301",
38619
+ "RFC-4303",
38620
+ "RFC-7296"
38621
+ ]
38622
+ }
38623
+ },
38624
+ "CVE-2024-5565": {
38625
+ "name": "Vanna.AI Prompt Injection to Remote Code Execution",
38626
+ "rwep": 40,
38627
+ "cvss": 8.1,
38628
+ "cisa_kev": false,
38629
+ "epss_score": null,
38630
+ "referencing_skills": [
38631
+ "ai-attack-surface",
38632
+ "mcp-agent-trust",
38633
+ "compliance-theater",
38634
+ "rag-pipeline-security",
38635
+ "ai-c2-detection",
38636
+ "threat-modeling-methodology",
38637
+ "webapp-security",
38638
+ "api-security",
38639
+ "cloud-security",
38640
+ "container-runtime-security",
38641
+ "email-security-anti-phishing"
38642
+ ],
38643
+ "chain": {
38644
+ "cwes": [
38645
+ {
38646
+ "id": "CWE-1039",
38647
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
38648
+ "category": "AI/ML"
38649
+ },
38650
+ {
38651
+ "id": "CWE-1188",
38652
+ "name": "Initialization of a Resource with an Insecure Default",
38653
+ "category": "Configuration"
38654
+ },
38655
+ {
38656
+ "id": "CWE-1395",
38657
+ "name": "Dependency on Vulnerable Third-Party Component",
38658
+ "category": "Supply Chain"
38659
+ },
38660
+ {
38661
+ "id": "CWE-1426",
38662
+ "name": "Improper Validation of Generative AI Output",
38663
+ "category": "AI/ML"
38664
+ },
38665
+ {
38666
+ "id": "CWE-200",
38667
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
38668
+ "category": "Information Exposure"
38669
+ },
38670
+ {
38671
+ "id": "CWE-22",
38672
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
38673
+ "category": "Path/Resource"
38674
+ },
38675
+ {
38676
+ "id": "CWE-269",
38677
+ "name": "Improper Privilege Management",
38678
+ "category": "Authorization"
38679
+ },
38680
+ {
38681
+ "id": "CWE-287",
38682
+ "name": "Improper Authentication",
38683
+ "category": "Authentication"
38684
+ },
38685
+ {
38686
+ "id": "CWE-345",
38687
+ "name": "Insufficient Verification of Data Authenticity",
38688
+ "category": "Authenticity / Supply Chain"
38689
+ },
38690
+ {
38691
+ "id": "CWE-352",
38692
+ "name": "Cross-Site Request Forgery (CSRF)",
38693
+ "category": "Session"
38694
+ },
38695
+ {
38696
+ "id": "CWE-434",
38697
+ "name": "Unrestricted Upload of File with Dangerous Type",
38698
+ "category": "File Handling"
38699
+ },
38700
+ {
38701
+ "id": "CWE-494",
38702
+ "name": "Download of Code Without Integrity Check",
38703
+ "category": "Supply Chain"
38704
+ },
38705
+ {
38706
+ "id": "CWE-502",
38707
+ "name": "Deserialization of Untrusted Data",
38708
+ "category": "Serialization"
38709
+ },
38710
+ {
38711
+ "id": "CWE-732",
38712
+ "name": "Incorrect Permission Assignment for Critical Resource",
38713
+ "category": "Authorization"
38714
+ },
38715
+ {
38716
+ "id": "CWE-77",
38717
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
38718
+ "category": "Injection"
38719
+ },
38720
+ {
38721
+ "id": "CWE-78",
38722
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
38723
+ "category": "Injection"
38724
+ },
38725
+ {
38726
+ "id": "CWE-787",
38727
+ "name": "Out-of-bounds Write",
38728
+ "category": "Memory Safety"
38729
+ },
38730
+ {
38731
+ "id": "CWE-79",
38732
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
38733
+ "category": "Injection"
38734
+ },
38735
+ {
38736
+ "id": "CWE-798",
38737
+ "name": "Use of Hard-coded Credentials",
38738
+ "category": "Credentials"
38739
+ },
38740
+ {
38741
+ "id": "CWE-862",
38742
+ "name": "Missing Authorization",
38743
+ "category": "Authorization"
38744
+ },
38745
+ {
38746
+ "id": "CWE-863",
38747
+ "name": "Incorrect Authorization",
38748
+ "category": "Authorization"
38749
+ },
38750
+ {
38751
+ "id": "CWE-89",
38752
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
38753
+ "category": "Injection"
38754
+ },
38755
+ {
38756
+ "id": "CWE-918",
38757
+ "name": "Server-Side Request Forgery (SSRF)",
38758
+ "category": "Network"
38759
+ },
38760
+ {
38761
+ "id": "CWE-94",
38762
+ "name": "Improper Control of Generation of Code (Code Injection)",
38763
+ "category": "Injection"
38764
+ }
38765
+ ],
38766
+ "atlas": [
38767
+ {
38768
+ "id": "AML.T0010",
38769
+ "name": "ML Supply Chain Compromise",
38770
+ "tactic": "Initial Access"
38771
+ },
38772
+ {
38773
+ "id": "AML.T0016",
38774
+ "name": "Obtain Capabilities: Develop Capabilities",
38775
+ "tactic": "Resource Development"
38776
+ },
38777
+ {
38778
+ "id": "AML.T0017",
38779
+ "name": "Discover ML Model Ontology",
38780
+ "tactic": "Discovery"
38781
+ },
38782
+ {
38783
+ "id": "AML.T0018",
38784
+ "name": "Backdoor ML Model",
38785
+ "tactic": "Persistence"
38786
+ },
38787
+ {
38788
+ "id": "AML.T0020",
38789
+ "name": "Poison Training Data",
38790
+ "tactic": "ML Attack Staging"
38791
+ },
38792
+ {
38793
+ "id": "AML.T0043",
38794
+ "name": "Craft Adversarial Data",
38795
+ "tactic": "ML Attack Staging"
38796
+ },
38797
+ {
38798
+ "id": "AML.T0051",
38799
+ "name": "LLM Prompt Injection",
38800
+ "tactic": "Execution"
38801
+ },
38802
+ {
38803
+ "id": "AML.T0054",
38804
+ "name": "LLM Jailbreak",
38805
+ "tactic": "Defense Evasion"
38806
+ },
38807
+ {
38808
+ "id": "AML.T0096",
38809
+ "name": "AI API as Covert C2 Channel",
38810
+ "tactic": "Command and Control"
38811
+ }
38812
+ ],
38813
+ "d3fend": [
38814
+ {
38815
+ "id": "D3-CA",
38816
+ "name": "Certificate Analysis",
38817
+ "tactic": "Detect"
38818
+ },
38819
+ {
38820
+ "id": "D3-CBAN",
38821
+ "name": "Certificate-based Authentication",
38822
+ "tactic": "Harden"
38823
+ },
38824
+ {
38825
+ "id": "D3-CSPP",
38826
+ "name": "Client-server Payload Profiling",
38827
+ "tactic": "Detect"
38828
+ },
38829
+ {
38830
+ "id": "D3-DA",
38831
+ "name": "Domain Analysis",
38832
+ "tactic": "Detect"
38833
+ },
38834
+ {
38835
+ "id": "D3-EAL",
38836
+ "name": "Executable Allowlisting",
38837
+ "tactic": "Harden"
38838
+ },
38839
+ {
38840
+ "id": "D3-EHB",
38841
+ "name": "Executable Hashbased Allowlist",
38842
+ "tactic": "Harden"
38843
+ },
38844
+ {
38845
+ "id": "D3-IOPR",
38846
+ "name": "Input/Output Profiling Resource",
38847
+ "tactic": "Detect"
38848
+ },
38849
+ {
38850
+ "id": "D3-MFA",
38851
+ "name": "Multi-factor Authentication",
38852
+ "tactic": "Harden"
38853
+ },
38854
+ {
38855
+ "id": "D3-NI",
38856
+ "name": "Network Isolation",
38857
+ "tactic": "Isolate"
38858
+ },
38859
+ {
38860
+ "id": "D3-NTA",
38861
+ "name": "Network Traffic Analysis",
38862
+ "tactic": "Detect"
38863
+ },
38864
+ {
38865
+ "id": "D3-NTPM",
38866
+ "name": "Network Traffic Policy Mapping",
38867
+ "tactic": "Model"
38868
+ }
38869
+ ],
38870
+ "framework_gaps": [
38871
+ {
38872
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
38873
+ "framework": "ALL",
38874
+ "control_name": "AI Pipeline Integrity"
38875
+ },
38876
+ {
38877
+ "id": "ALL-MCP-TOOL-TRUST",
38878
+ "framework": "ALL",
38879
+ "control_name": "MCP/Agent Tool Trust Boundaries"
38880
+ },
38881
+ {
38882
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
38883
+ "framework": "ALL",
38884
+ "control_name": "Prompt Injection as Access Control Failure"
38885
+ },
38886
+ {
38887
+ "id": "CMMC-2.0-Level-2",
38888
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
38889
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
38890
+ },
38891
+ {
38892
+ "id": "FedRAMP-Rev5-Moderate",
38893
+ "framework": "FedRAMP Rev 5 Moderate",
38894
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
38895
+ },
38896
+ {
38897
+ "id": "ISO-27001-2022-A.8.16",
38898
+ "framework": "ISO/IEC 27001:2022",
38899
+ "control_name": "Monitoring activities"
38900
+ },
38901
+ {
38902
+ "id": "ISO-27001-2022-A.8.28",
38903
+ "framework": "ISO/IEC 27001:2022",
38904
+ "control_name": "Secure coding"
38905
+ },
38906
+ {
38907
+ "id": "ISO-27001-2022-A.8.30",
38908
+ "framework": "ISO/IEC 27001:2022",
38909
+ "control_name": "Outsourced development"
38910
+ },
38911
+ {
38912
+ "id": "ISO-IEC-23894-2023-clause-7",
38913
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
38914
+ "control_name": "AI risk management process"
38915
+ },
38916
+ {
38917
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
38918
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
38919
+ "control_name": "AI risk assessment"
38920
+ },
38921
+ {
38922
+ "id": "NIST-800-218-SSDF",
38923
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
38924
+ "control_name": "Secure Software Development Framework"
38925
+ },
38926
+ {
38927
+ "id": "NIST-800-53-AC-2",
38928
+ "framework": "NIST SP 800-53 Rev 5",
38929
+ "control_name": "Account Management"
38930
+ },
38931
+ {
38932
+ "id": "NIST-800-53-CM-7",
38933
+ "framework": "NIST SP 800-53 Rev 5",
38934
+ "control_name": "Least Functionality"
38935
+ },
38936
+ {
38937
+ "id": "NIST-800-53-SA-12",
38938
+ "framework": "NIST SP 800-53 Rev 5",
38939
+ "control_name": "Supply Chain Protection"
38940
+ },
38941
+ {
38942
+ "id": "NIST-800-53-SC-7",
38943
+ "framework": "NIST SP 800-53 Rev 5",
38944
+ "control_name": "Boundary Protection"
38945
+ },
38946
+ {
38947
+ "id": "NIST-800-53-SI-12",
38948
+ "framework": "NIST SP 800-53 Rev 5",
38949
+ "control_name": "Information Management and Retention"
38950
+ },
38951
+ {
38952
+ "id": "NIST-800-53-SI-3",
38953
+ "framework": "NIST SP 800-53 Rev 5",
38954
+ "control_name": "Malicious Code Protection"
38955
+ },
38956
+ {
38957
+ "id": "NIST-AI-RMF-MEASURE-2.5",
38958
+ "framework": "NIST AI RMF 1.0",
38959
+ "control_name": "AI system to human interaction evaluation"
38960
+ },
38961
+ {
38962
+ "id": "OWASP-ASVS-v5.0-V14",
38963
+ "framework": "OWASP ASVS v5.0",
38964
+ "control_name": "Configuration verification"
38965
+ },
38966
+ {
38967
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
38968
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38969
+ "control_name": "Prompt Injection"
38970
+ },
38971
+ {
38972
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
38973
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38974
+ "control_name": "Sensitive Information Disclosure"
38975
+ },
38976
+ {
38977
+ "id": "OWASP-LLM-Top-10-2025-LLM06",
38978
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38979
+ "control_name": "Excessive Agency"
38980
+ },
38981
+ {
38982
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
38983
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38984
+ "control_name": "Vector and Embedding Weaknesses"
38985
+ },
38986
+ {
38987
+ "id": "SLSA-v1.0-Build-L3",
38988
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
38989
+ "control_name": "Hardened build platform with non-falsifiable provenance"
38990
+ },
38991
+ {
38992
+ "id": "SOC2-CC6-logical-access",
38993
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
38994
+ "control_name": "Logical and Physical Access Controls"
38995
+ },
38996
+ {
38997
+ "id": "SOC2-CC7-anomaly-detection",
38998
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
38999
+ "control_name": "System Operations — Threat and Vulnerability Management"
39000
+ },
39001
+ {
39002
+ "id": "SOC2-CC9-vendor-management",
39003
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
39004
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
39005
+ },
39006
+ {
39007
+ "id": "SWIFT-CSCF-v2026-1.1",
39008
+ "framework": "SWIFT Customer Security Controls Framework v2026",
39009
+ "control_name": "SWIFT Environment Protection"
39010
+ }
39011
+ ],
39012
+ "attack_refs": [
39013
+ "T1059",
39014
+ "T1068",
39015
+ "T1071",
39016
+ "T1078",
39017
+ "T1102",
39018
+ "T1190",
39019
+ "T1195.001",
39020
+ "T1505",
39021
+ "T1530",
39022
+ "T1552",
39023
+ "T1565",
39024
+ "T1566",
39025
+ "T1566.001",
39026
+ "T1566.002",
39027
+ "T1566.003",
39028
+ "T1567",
39029
+ "T1568",
39030
+ "T1610",
39031
+ "T1611"
39032
+ ],
39033
+ "rfc_refs": [
39034
+ "RFC-6749",
39035
+ "RFC-7519",
39036
+ "RFC-8032",
39037
+ "RFC-8446",
39038
+ "RFC-8725",
39039
+ "RFC-9000",
39040
+ "RFC-9114",
39041
+ "RFC-9180",
39042
+ "RFC-9421",
39043
+ "RFC-9458",
39044
+ "RFC-9700"
39045
+ ]
39046
+ }
39047
+ },
39048
+ "CVE-2024-12366": {
39049
+ "name": "PandasAI Prompt Injection to Remote Code Execution",
39050
+ "rwep": 46,
39051
+ "cvss": 9.8,
39052
+ "cisa_kev": false,
39053
+ "epss_score": null,
39054
+ "referencing_skills": [
39055
+ "ai-attack-surface",
39056
+ "mcp-agent-trust",
39057
+ "compliance-theater",
39058
+ "rag-pipeline-security",
39059
+ "ai-c2-detection",
39060
+ "threat-modeling-methodology",
39061
+ "webapp-security",
39062
+ "api-security",
39063
+ "cloud-security",
39064
+ "container-runtime-security",
39065
+ "email-security-anti-phishing"
39066
+ ],
39067
+ "chain": {
39068
+ "cwes": [
39069
+ {
39070
+ "id": "CWE-1039",
39071
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
39072
+ "category": "AI/ML"
39073
+ },
39074
+ {
39075
+ "id": "CWE-1188",
39076
+ "name": "Initialization of a Resource with an Insecure Default",
39077
+ "category": "Configuration"
39078
+ },
39079
+ {
39080
+ "id": "CWE-1395",
39081
+ "name": "Dependency on Vulnerable Third-Party Component",
39082
+ "category": "Supply Chain"
39083
+ },
39084
+ {
39085
+ "id": "CWE-1426",
39086
+ "name": "Improper Validation of Generative AI Output",
39087
+ "category": "AI/ML"
39088
+ },
39089
+ {
39090
+ "id": "CWE-200",
39091
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
39092
+ "category": "Information Exposure"
39093
+ },
39094
+ {
39095
+ "id": "CWE-22",
39096
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
39097
+ "category": "Path/Resource"
39098
+ },
39099
+ {
39100
+ "id": "CWE-269",
39101
+ "name": "Improper Privilege Management",
39102
+ "category": "Authorization"
39103
+ },
39104
+ {
39105
+ "id": "CWE-287",
39106
+ "name": "Improper Authentication",
39107
+ "category": "Authentication"
39108
+ },
39109
+ {
39110
+ "id": "CWE-345",
39111
+ "name": "Insufficient Verification of Data Authenticity",
39112
+ "category": "Authenticity / Supply Chain"
39113
+ },
39114
+ {
39115
+ "id": "CWE-352",
39116
+ "name": "Cross-Site Request Forgery (CSRF)",
39117
+ "category": "Session"
39118
+ },
39119
+ {
39120
+ "id": "CWE-434",
39121
+ "name": "Unrestricted Upload of File with Dangerous Type",
39122
+ "category": "File Handling"
39123
+ },
39124
+ {
39125
+ "id": "CWE-494",
39126
+ "name": "Download of Code Without Integrity Check",
39127
+ "category": "Supply Chain"
39128
+ },
39129
+ {
39130
+ "id": "CWE-502",
39131
+ "name": "Deserialization of Untrusted Data",
39132
+ "category": "Serialization"
39133
+ },
39134
+ {
39135
+ "id": "CWE-732",
39136
+ "name": "Incorrect Permission Assignment for Critical Resource",
39137
+ "category": "Authorization"
39138
+ },
39139
+ {
39140
+ "id": "CWE-77",
39141
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
39142
+ "category": "Injection"
39143
+ },
39144
+ {
39145
+ "id": "CWE-78",
39146
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
39147
+ "category": "Injection"
39148
+ },
39149
+ {
39150
+ "id": "CWE-787",
39151
+ "name": "Out-of-bounds Write",
39152
+ "category": "Memory Safety"
39153
+ },
39154
+ {
39155
+ "id": "CWE-79",
39156
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
39157
+ "category": "Injection"
39158
+ },
39159
+ {
39160
+ "id": "CWE-798",
39161
+ "name": "Use of Hard-coded Credentials",
39162
+ "category": "Credentials"
39163
+ },
39164
+ {
39165
+ "id": "CWE-862",
39166
+ "name": "Missing Authorization",
39167
+ "category": "Authorization"
39168
+ },
39169
+ {
39170
+ "id": "CWE-863",
39171
+ "name": "Incorrect Authorization",
39172
+ "category": "Authorization"
39173
+ },
39174
+ {
39175
+ "id": "CWE-89",
39176
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
39177
+ "category": "Injection"
39178
+ },
39179
+ {
39180
+ "id": "CWE-918",
39181
+ "name": "Server-Side Request Forgery (SSRF)",
39182
+ "category": "Network"
39183
+ },
39184
+ {
39185
+ "id": "CWE-94",
39186
+ "name": "Improper Control of Generation of Code (Code Injection)",
39187
+ "category": "Injection"
39188
+ }
39189
+ ],
39190
+ "atlas": [
39191
+ {
39192
+ "id": "AML.T0010",
39193
+ "name": "ML Supply Chain Compromise",
39194
+ "tactic": "Initial Access"
39195
+ },
39196
+ {
39197
+ "id": "AML.T0016",
39198
+ "name": "Obtain Capabilities: Develop Capabilities",
39199
+ "tactic": "Resource Development"
39200
+ },
39201
+ {
39202
+ "id": "AML.T0017",
39203
+ "name": "Discover ML Model Ontology",
39204
+ "tactic": "Discovery"
39205
+ },
39206
+ {
39207
+ "id": "AML.T0018",
39208
+ "name": "Backdoor ML Model",
39209
+ "tactic": "Persistence"
39210
+ },
39211
+ {
39212
+ "id": "AML.T0020",
39213
+ "name": "Poison Training Data",
39214
+ "tactic": "ML Attack Staging"
39215
+ },
39216
+ {
39217
+ "id": "AML.T0043",
39218
+ "name": "Craft Adversarial Data",
39219
+ "tactic": "ML Attack Staging"
39220
+ },
39221
+ {
39222
+ "id": "AML.T0051",
39223
+ "name": "LLM Prompt Injection",
39224
+ "tactic": "Execution"
39225
+ },
39226
+ {
39227
+ "id": "AML.T0054",
39228
+ "name": "LLM Jailbreak",
39229
+ "tactic": "Defense Evasion"
39230
+ },
39231
+ {
39232
+ "id": "AML.T0096",
39233
+ "name": "AI API as Covert C2 Channel",
39234
+ "tactic": "Command and Control"
39235
+ }
39236
+ ],
39237
+ "d3fend": [
39238
+ {
39239
+ "id": "D3-CA",
39240
+ "name": "Certificate Analysis",
39241
+ "tactic": "Detect"
39242
+ },
39243
+ {
39244
+ "id": "D3-CBAN",
39245
+ "name": "Certificate-based Authentication",
39246
+ "tactic": "Harden"
39247
+ },
39248
+ {
39249
+ "id": "D3-CSPP",
39250
+ "name": "Client-server Payload Profiling",
39251
+ "tactic": "Detect"
39252
+ },
39253
+ {
39254
+ "id": "D3-DA",
39255
+ "name": "Domain Analysis",
39256
+ "tactic": "Detect"
39257
+ },
39258
+ {
39259
+ "id": "D3-EAL",
39260
+ "name": "Executable Allowlisting",
39261
+ "tactic": "Harden"
39262
+ },
39263
+ {
39264
+ "id": "D3-EHB",
39265
+ "name": "Executable Hashbased Allowlist",
39266
+ "tactic": "Harden"
39267
+ },
39268
+ {
39269
+ "id": "D3-IOPR",
39270
+ "name": "Input/Output Profiling Resource",
39271
+ "tactic": "Detect"
39272
+ },
39273
+ {
39274
+ "id": "D3-MFA",
39275
+ "name": "Multi-factor Authentication",
39276
+ "tactic": "Harden"
39277
+ },
39278
+ {
39279
+ "id": "D3-NI",
39280
+ "name": "Network Isolation",
39281
+ "tactic": "Isolate"
39282
+ },
39283
+ {
39284
+ "id": "D3-NTA",
39285
+ "name": "Network Traffic Analysis",
39286
+ "tactic": "Detect"
39287
+ },
39288
+ {
39289
+ "id": "D3-NTPM",
39290
+ "name": "Network Traffic Policy Mapping",
39291
+ "tactic": "Model"
39292
+ }
39293
+ ],
39294
+ "framework_gaps": [
39295
+ {
39296
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
39297
+ "framework": "ALL",
39298
+ "control_name": "AI Pipeline Integrity"
39299
+ },
39300
+ {
39301
+ "id": "ALL-MCP-TOOL-TRUST",
39302
+ "framework": "ALL",
39303
+ "control_name": "MCP/Agent Tool Trust Boundaries"
39304
+ },
39305
+ {
39306
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
39307
+ "framework": "ALL",
39308
+ "control_name": "Prompt Injection as Access Control Failure"
39309
+ },
39310
+ {
39311
+ "id": "CMMC-2.0-Level-2",
39312
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
39313
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
39314
+ },
39315
+ {
39316
+ "id": "FedRAMP-Rev5-Moderate",
39317
+ "framework": "FedRAMP Rev 5 Moderate",
39318
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
39319
+ },
39320
+ {
39321
+ "id": "ISO-27001-2022-A.8.16",
39322
+ "framework": "ISO/IEC 27001:2022",
39323
+ "control_name": "Monitoring activities"
39324
+ },
39325
+ {
39326
+ "id": "ISO-27001-2022-A.8.28",
39327
+ "framework": "ISO/IEC 27001:2022",
39328
+ "control_name": "Secure coding"
39329
+ },
39330
+ {
39331
+ "id": "ISO-27001-2022-A.8.30",
39332
+ "framework": "ISO/IEC 27001:2022",
39333
+ "control_name": "Outsourced development"
39334
+ },
39335
+ {
39336
+ "id": "ISO-IEC-23894-2023-clause-7",
39337
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
39338
+ "control_name": "AI risk management process"
39339
+ },
39340
+ {
39341
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
39342
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
39343
+ "control_name": "AI risk assessment"
39344
+ },
39345
+ {
39346
+ "id": "NIST-800-218-SSDF",
39347
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
39348
+ "control_name": "Secure Software Development Framework"
39349
+ },
39350
+ {
39351
+ "id": "NIST-800-53-AC-2",
39352
+ "framework": "NIST SP 800-53 Rev 5",
39353
+ "control_name": "Account Management"
39354
+ },
39355
+ {
39356
+ "id": "NIST-800-53-CM-7",
39357
+ "framework": "NIST SP 800-53 Rev 5",
39358
+ "control_name": "Least Functionality"
39359
+ },
39360
+ {
39361
+ "id": "NIST-800-53-SA-12",
39362
+ "framework": "NIST SP 800-53 Rev 5",
39363
+ "control_name": "Supply Chain Protection"
39364
+ },
39365
+ {
39366
+ "id": "NIST-800-53-SC-7",
39367
+ "framework": "NIST SP 800-53 Rev 5",
39368
+ "control_name": "Boundary Protection"
39369
+ },
39370
+ {
39371
+ "id": "NIST-800-53-SI-12",
39372
+ "framework": "NIST SP 800-53 Rev 5",
39373
+ "control_name": "Information Management and Retention"
39374
+ },
39375
+ {
39376
+ "id": "NIST-800-53-SI-3",
39377
+ "framework": "NIST SP 800-53 Rev 5",
39378
+ "control_name": "Malicious Code Protection"
39379
+ },
39380
+ {
39381
+ "id": "NIST-AI-RMF-MEASURE-2.5",
39382
+ "framework": "NIST AI RMF 1.0",
39383
+ "control_name": "AI system to human interaction evaluation"
39384
+ },
39385
+ {
39386
+ "id": "OWASP-ASVS-v5.0-V14",
39387
+ "framework": "OWASP ASVS v5.0",
39388
+ "control_name": "Configuration verification"
39389
+ },
39390
+ {
39391
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
39392
+ "framework": "OWASP Top 10 for LLM Applications 2025",
39393
+ "control_name": "Prompt Injection"
39394
+ },
39395
+ {
39396
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
39397
+ "framework": "OWASP Top 10 for LLM Applications 2025",
39398
+ "control_name": "Sensitive Information Disclosure"
39399
+ },
39400
+ {
39401
+ "id": "OWASP-LLM-Top-10-2025-LLM06",
39402
+ "framework": "OWASP Top 10 for LLM Applications 2025",
39403
+ "control_name": "Excessive Agency"
39404
+ },
39405
+ {
39406
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
39407
+ "framework": "OWASP Top 10 for LLM Applications 2025",
39408
+ "control_name": "Vector and Embedding Weaknesses"
39409
+ },
39410
+ {
39411
+ "id": "SLSA-v1.0-Build-L3",
39412
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
39413
+ "control_name": "Hardened build platform with non-falsifiable provenance"
39414
+ },
39415
+ {
39416
+ "id": "SOC2-CC6-logical-access",
39417
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
39418
+ "control_name": "Logical and Physical Access Controls"
39419
+ },
39420
+ {
39421
+ "id": "SOC2-CC7-anomaly-detection",
39422
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
39423
+ "control_name": "System Operations — Threat and Vulnerability Management"
39424
+ },
39425
+ {
39426
+ "id": "SOC2-CC9-vendor-management",
39427
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
39428
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
39429
+ },
39430
+ {
39431
+ "id": "SWIFT-CSCF-v2026-1.1",
39432
+ "framework": "SWIFT Customer Security Controls Framework v2026",
39433
+ "control_name": "SWIFT Environment Protection"
39434
+ }
39435
+ ],
39436
+ "attack_refs": [
39437
+ "T1059",
39438
+ "T1068",
39439
+ "T1071",
39440
+ "T1078",
39441
+ "T1102",
39442
+ "T1190",
39443
+ "T1195.001",
39444
+ "T1505",
39445
+ "T1530",
39446
+ "T1552",
39447
+ "T1565",
39448
+ "T1566",
39449
+ "T1566.001",
39450
+ "T1566.002",
39451
+ "T1566.003",
39452
+ "T1567",
39453
+ "T1568",
39454
+ "T1610",
39455
+ "T1611"
39456
+ ],
39457
+ "rfc_refs": [
39458
+ "RFC-6749",
39459
+ "RFC-7519",
39460
+ "RFC-8032",
39461
+ "RFC-8446",
39462
+ "RFC-8725",
39463
+ "RFC-9000",
39464
+ "RFC-9114",
39465
+ "RFC-9180",
39466
+ "RFC-9421",
39467
+ "RFC-9458",
39468
+ "RFC-9700"
39469
+ ]
39470
+ }
39471
+ },
37900
39472
  "CVE-2026-41091": {
37901
39473
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
37902
39474
  "rwep": 45,
@@ -64285,6 +65857,7 @@
64285
65857
  "CVE-2024-11392",
64286
65858
  "CVE-2024-11393",
64287
65859
  "CVE-2024-11394",
65860
+ "CVE-2024-12366",
64288
65861
  "CVE-2024-13059",
64289
65862
  "CVE-2024-1561",
64290
65863
  "CVE-2024-21513",
@@ -64299,6 +65872,7 @@
64299
65872
  "CVE-2024-42479",
64300
65873
  "CVE-2024-4889",
64301
65874
  "CVE-2024-50050",
65875
+ "CVE-2024-5565",
64302
65876
  "CVE-2024-6587",
64303
65877
  "CVE-2025-0133",
64304
65878
  "CVE-2025-10585",
@@ -64323,6 +65897,7 @@
64323
65897
  "CVE-2025-60455",
64324
65898
  "CVE-2025-64496",
64325
65899
  "CVE-2025-64513",
65900
+ "CVE-2025-67818",
64326
65901
  "CVE-2025-6965",
64327
65902
  "CVE-2025-8747",
64328
65903
  "CVE-2026-0766",
@@ -64351,6 +65926,7 @@
64351
65926
  "CVE-2026-42208",
64352
65927
  "CVE-2026-45321",
64353
65928
  "CVE-2026-45498",
65929
+ "CVE-2026-45829",
64354
65930
  "CVE-2026-46300",
64355
65931
  "CVE-2026-46333",
64356
65932
  "CVE-2026-9082",
@@ -64534,8 +66110,10 @@
64534
66110
  "related_cves": [
64535
66111
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
64536
66112
  "CVE-2023-43472",
66113
+ "CVE-2024-12366",
64537
66114
  "CVE-2024-3094",
64538
66115
  "CVE-2024-3154",
66116
+ "CVE-2024-5565",
64539
66117
  "CVE-2025-0133",
64540
66118
  "CVE-2025-1094",
64541
66119
  "CVE-2025-49844",
@@ -64691,6 +66269,7 @@
64691
66269
  "CVE-2024-11392",
64692
66270
  "CVE-2024-11393",
64693
66271
  "CVE-2024-11394",
66272
+ "CVE-2024-12366",
64694
66273
  "CVE-2024-13059",
64695
66274
  "CVE-2024-1561",
64696
66275
  "CVE-2024-21513",
@@ -64703,6 +66282,7 @@
64703
66282
  "CVE-2024-42479",
64704
66283
  "CVE-2024-4889",
64705
66284
  "CVE-2024-50050",
66285
+ "CVE-2024-5565",
64706
66286
  "CVE-2024-6587",
64707
66287
  "CVE-2025-0133",
64708
66288
  "CVE-2025-10585",
@@ -64725,6 +66305,7 @@
64725
66305
  "CVE-2025-60455",
64726
66306
  "CVE-2025-64496",
64727
66307
  "CVE-2025-64513",
66308
+ "CVE-2025-67818",
64728
66309
  "CVE-2025-6965",
64729
66310
  "CVE-2025-8747",
64730
66311
  "CVE-2026-0766",
@@ -64752,6 +66333,7 @@
64752
66333
  "CVE-2026-42208",
64753
66334
  "CVE-2026-45321",
64754
66335
  "CVE-2026-45498",
66336
+ "CVE-2026-45829",
64755
66337
  "CVE-2026-46300",
64756
66338
  "CVE-2026-46333",
64757
66339
  "CVE-2026-9082",
@@ -64888,6 +66470,7 @@
64888
66470
  "CVE-2024-11392",
64889
66471
  "CVE-2024-11393",
64890
66472
  "CVE-2024-11394",
66473
+ "CVE-2024-12366",
64891
66474
  "CVE-2024-13059",
64892
66475
  "CVE-2024-1561",
64893
66476
  "CVE-2024-21513",
@@ -64900,6 +66483,7 @@
64900
66483
  "CVE-2024-42479",
64901
66484
  "CVE-2024-4889",
64902
66485
  "CVE-2024-50050",
66486
+ "CVE-2024-5565",
64903
66487
  "CVE-2024-6587",
64904
66488
  "CVE-2025-0133",
64905
66489
  "CVE-2025-10585",
@@ -64922,6 +66506,7 @@
64922
66506
  "CVE-2025-60455",
64923
66507
  "CVE-2025-64496",
64924
66508
  "CVE-2025-64513",
66509
+ "CVE-2025-67818",
64925
66510
  "CVE-2025-6965",
64926
66511
  "CVE-2025-8747",
64927
66512
  "CVE-2026-0766",
@@ -64949,6 +66534,7 @@
64949
66534
  "CVE-2026-42208",
64950
66535
  "CVE-2026-45321",
64951
66536
  "CVE-2026-45498",
66537
+ "CVE-2026-45829",
64952
66538
  "CVE-2026-46300",
64953
66539
  "CVE-2026-46333",
64954
66540
  "CVE-2026-9082",
@@ -65099,6 +66685,7 @@
65099
66685
  "CVE-2024-11392",
65100
66686
  "CVE-2024-11393",
65101
66687
  "CVE-2024-11394",
66688
+ "CVE-2024-12366",
65102
66689
  "CVE-2024-13059",
65103
66690
  "CVE-2024-1561",
65104
66691
  "CVE-2024-21513",
@@ -65111,6 +66698,7 @@
65111
66698
  "CVE-2024-42479",
65112
66699
  "CVE-2024-4889",
65113
66700
  "CVE-2024-50050",
66701
+ "CVE-2024-5565",
65114
66702
  "CVE-2024-6587",
65115
66703
  "CVE-2025-0133",
65116
66704
  "CVE-2025-10585",
@@ -65133,6 +66721,7 @@
65133
66721
  "CVE-2025-60455",
65134
66722
  "CVE-2025-64496",
65135
66723
  "CVE-2025-64513",
66724
+ "CVE-2025-67818",
65136
66725
  "CVE-2025-6965",
65137
66726
  "CVE-2025-8747",
65138
66727
  "CVE-2026-0766",
@@ -65160,6 +66749,7 @@
65160
66749
  "CVE-2026-42208",
65161
66750
  "CVE-2026-45321",
65162
66751
  "CVE-2026-45498",
66752
+ "CVE-2026-45829",
65163
66753
  "CVE-2026-46300",
65164
66754
  "CVE-2026-46333",
65165
66755
  "CVE-2026-9082",
@@ -65414,6 +67004,7 @@
65414
67004
  "CVE-2024-11392",
65415
67005
  "CVE-2024-11393",
65416
67006
  "CVE-2024-11394",
67007
+ "CVE-2024-12366",
65417
67008
  "CVE-2024-13059",
65418
67009
  "CVE-2024-1561",
65419
67010
  "CVE-2024-21513",
@@ -65428,6 +67019,7 @@
65428
67019
  "CVE-2024-42479",
65429
67020
  "CVE-2024-4889",
65430
67021
  "CVE-2024-50050",
67022
+ "CVE-2024-5565",
65431
67023
  "CVE-2024-6587",
65432
67024
  "CVE-2025-0133",
65433
67025
  "CVE-2025-1094",
@@ -65449,6 +67041,7 @@
65449
67041
  "CVE-2025-60455",
65450
67042
  "CVE-2025-64496",
65451
67043
  "CVE-2025-64513",
67044
+ "CVE-2025-67818",
65452
67045
  "CVE-2025-6965",
65453
67046
  "CVE-2025-8747",
65454
67047
  "CVE-2026-0766",
@@ -65476,6 +67069,7 @@
65476
67069
  "CVE-2026-40933",
65477
67070
  "CVE-2026-42208",
65478
67071
  "CVE-2026-45321",
67072
+ "CVE-2026-45829",
65479
67073
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
65480
67074
  "MAL-2026-3083",
65481
67075
  "MAL-2026-NODE-IPC-STEALER"
@@ -65860,6 +67454,7 @@
65860
67454
  "CVE-2025-6558",
65861
67455
  "CVE-2025-66376",
65862
67456
  "CVE-2025-66644",
67457
+ "CVE-2025-67818",
65863
67458
  "CVE-2025-68461",
65864
67459
  "CVE-2025-68613",
65865
67460
  "CVE-2025-68645",
@@ -65943,6 +67538,7 @@
65943
67538
  "CVE-2026-43500",
65944
67539
  "CVE-2026-45321",
65945
67540
  "CVE-2026-45498",
67541
+ "CVE-2026-45829",
65946
67542
  "CVE-2026-46300",
65947
67543
  "CVE-2026-46333",
65948
67544
  "CVE-2026-5281",
@@ -66167,6 +67763,7 @@
66167
67763
  "CVE-2023-48022",
66168
67764
  "CVE-2023-51449",
66169
67765
  "CVE-2024-0132",
67766
+ "CVE-2024-12366",
66170
67767
  "CVE-2024-1561",
66171
67768
  "CVE-2024-21575",
66172
67769
  "CVE-2024-21576",
@@ -66175,6 +67772,7 @@
66175
67772
  "CVE-2024-40635",
66176
67773
  "CVE-2024-42478",
66177
67774
  "CVE-2024-42479",
67775
+ "CVE-2024-5565",
66178
67776
  "CVE-2025-0133",
66179
67777
  "CVE-2025-1094",
66180
67778
  "CVE-2025-14847",
@@ -66544,6 +68142,7 @@
66544
68142
  "CVE-2024-11392",
66545
68143
  "CVE-2024-11393",
66546
68144
  "CVE-2024-11394",
68145
+ "CVE-2024-12366",
66547
68146
  "CVE-2024-13059",
66548
68147
  "CVE-2024-1561",
66549
68148
  "CVE-2024-21513",
@@ -66558,6 +68157,7 @@
66558
68157
  "CVE-2024-42479",
66559
68158
  "CVE-2024-4889",
66560
68159
  "CVE-2024-50050",
68160
+ "CVE-2024-5565",
66561
68161
  "CVE-2024-6587",
66562
68162
  "CVE-2025-0133",
66563
68163
  "CVE-2025-10585",
@@ -66582,6 +68182,7 @@
66582
68182
  "CVE-2025-60455",
66583
68183
  "CVE-2025-64496",
66584
68184
  "CVE-2025-64513",
68185
+ "CVE-2025-67818",
66585
68186
  "CVE-2025-6965",
66586
68187
  "CVE-2025-8747",
66587
68188
  "CVE-2026-0766",
@@ -66610,6 +68211,7 @@
66610
68211
  "CVE-2026-42208",
66611
68212
  "CVE-2026-45321",
66612
68213
  "CVE-2026-45498",
68214
+ "CVE-2026-45829",
66613
68215
  "CVE-2026-46300",
66614
68216
  "CVE-2026-46333",
66615
68217
  "CVE-2026-9082",
@@ -67180,6 +68782,7 @@
67180
68782
  "CVE-2024-11392",
67181
68783
  "CVE-2024-11393",
67182
68784
  "CVE-2024-11394",
68785
+ "CVE-2024-12366",
67183
68786
  "CVE-2024-13059",
67184
68787
  "CVE-2024-1561",
67185
68788
  "CVE-2024-21513",
@@ -67194,6 +68797,7 @@
67194
68797
  "CVE-2024-42479",
67195
68798
  "CVE-2024-4889",
67196
68799
  "CVE-2024-50050",
68800
+ "CVE-2024-5565",
67197
68801
  "CVE-2024-6587",
67198
68802
  "CVE-2025-0133",
67199
68803
  "CVE-2025-10585",
@@ -67218,6 +68822,7 @@
67218
68822
  "CVE-2025-60455",
67219
68823
  "CVE-2025-64496",
67220
68824
  "CVE-2025-64513",
68825
+ "CVE-2025-67818",
67221
68826
  "CVE-2025-6965",
67222
68827
  "CVE-2025-8747",
67223
68828
  "CVE-2026-0766",
@@ -67246,6 +68851,7 @@
67246
68851
  "CVE-2026-42208",
67247
68852
  "CVE-2026-45321",
67248
68853
  "CVE-2026-45498",
68854
+ "CVE-2026-45829",
67249
68855
  "CVE-2026-46300",
67250
68856
  "CVE-2026-46333",
67251
68857
  "CVE-2026-9082",
@@ -67489,6 +69095,7 @@
67489
69095
  "CVE-2025-60455",
67490
69096
  "CVE-2025-64496",
67491
69097
  "CVE-2025-64513",
69098
+ "CVE-2025-67818",
67492
69099
  "CVE-2025-8747",
67493
69100
  "CVE-2026-0766",
67494
69101
  "CVE-2026-22252",
@@ -67514,6 +69121,7 @@
67514
69121
  "CVE-2026-41091",
67515
69122
  "CVE-2026-45321",
67516
69123
  "CVE-2026-45498",
69124
+ "CVE-2026-45829",
67517
69125
  "CVE-2026-46300",
67518
69126
  "CVE-2026-46333",
67519
69127
  "CVE-2026-9082",
@@ -67912,8 +69520,10 @@
67912
69520
  },
67913
69521
  "related_cves": [
67914
69522
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
69523
+ "CVE-2024-12366",
67915
69524
  "CVE-2024-3094",
67916
69525
  "CVE-2024-3154",
69526
+ "CVE-2024-5565",
67917
69527
  "CVE-2025-49844",
67918
69528
  "CVE-2025-53773",
67919
69529
  "CVE-2026-30615",
@@ -68154,6 +69764,7 @@
68154
69764
  "CVE-2024-11392",
68155
69765
  "CVE-2024-11393",
68156
69766
  "CVE-2024-11394",
69767
+ "CVE-2024-12366",
68157
69768
  "CVE-2024-13059",
68158
69769
  "CVE-2024-1561",
68159
69770
  "CVE-2024-21513",
@@ -68168,6 +69779,7 @@
68168
69779
  "CVE-2024-42479",
68169
69780
  "CVE-2024-4889",
68170
69781
  "CVE-2024-50050",
69782
+ "CVE-2024-5565",
68171
69783
  "CVE-2024-6587",
68172
69784
  "CVE-2025-0133",
68173
69785
  "CVE-2025-10585",
@@ -68192,6 +69804,7 @@
68192
69804
  "CVE-2025-60455",
68193
69805
  "CVE-2025-64496",
68194
69806
  "CVE-2025-64513",
69807
+ "CVE-2025-67818",
68195
69808
  "CVE-2025-6965",
68196
69809
  "CVE-2025-8747",
68197
69810
  "CVE-2026-0766",
@@ -68220,6 +69833,7 @@
68220
69833
  "CVE-2026-42208",
68221
69834
  "CVE-2026-45321",
68222
69835
  "CVE-2026-45498",
69836
+ "CVE-2026-45829",
68223
69837
  "CVE-2026-46300",
68224
69838
  "CVE-2026-46333",
68225
69839
  "CVE-2026-9082",
@@ -68607,6 +70221,7 @@
68607
70221
  "CVE-2025-6558",
68608
70222
  "CVE-2025-66376",
68609
70223
  "CVE-2025-66644",
70224
+ "CVE-2025-67818",
68610
70225
  "CVE-2025-68461",
68611
70226
  "CVE-2025-68613",
68612
70227
  "CVE-2025-68645",
@@ -68690,6 +70305,7 @@
68690
70305
  "CVE-2026-43500",
68691
70306
  "CVE-2026-45321",
68692
70307
  "CVE-2026-45498",
70308
+ "CVE-2026-45829",
68693
70309
  "CVE-2026-46300",
68694
70310
  "CVE-2026-46333",
68695
70311
  "CVE-2026-5281",
@@ -69064,6 +70680,7 @@
69064
70680
  "CVE-2025-6558",
69065
70681
  "CVE-2025-66376",
69066
70682
  "CVE-2025-66644",
70683
+ "CVE-2025-67818",
69067
70684
  "CVE-2025-68461",
69068
70685
  "CVE-2025-68613",
69069
70686
  "CVE-2025-68645",
@@ -69147,6 +70764,7 @@
69147
70764
  "CVE-2026-43500",
69148
70765
  "CVE-2026-45321",
69149
70766
  "CVE-2026-45498",
70767
+ "CVE-2026-45829",
69150
70768
  "CVE-2026-46300",
69151
70769
  "CVE-2026-46333",
69152
70770
  "CVE-2026-5281",
@@ -69377,6 +70995,7 @@
69377
70995
  "CVE-2024-11392",
69378
70996
  "CVE-2024-11393",
69379
70997
  "CVE-2024-11394",
70998
+ "CVE-2024-12366",
69380
70999
  "CVE-2024-13059",
69381
71000
  "CVE-2024-1561",
69382
71001
  "CVE-2024-21513",
@@ -69391,6 +71010,7 @@
69391
71010
  "CVE-2024-42479",
69392
71011
  "CVE-2024-4889",
69393
71012
  "CVE-2024-50050",
71013
+ "CVE-2024-5565",
69394
71014
  "CVE-2024-6587",
69395
71015
  "CVE-2025-0133",
69396
71016
  "CVE-2025-10585",
@@ -69415,6 +71035,7 @@
69415
71035
  "CVE-2025-60455",
69416
71036
  "CVE-2025-64496",
69417
71037
  "CVE-2025-64513",
71038
+ "CVE-2025-67818",
69418
71039
  "CVE-2025-6965",
69419
71040
  "CVE-2025-8747",
69420
71041
  "CVE-2026-0766",
@@ -69443,6 +71064,7 @@
69443
71064
  "CVE-2026-42208",
69444
71065
  "CVE-2026-45321",
69445
71066
  "CVE-2026-45498",
71067
+ "CVE-2026-45829",
69446
71068
  "CVE-2026-46300",
69447
71069
  "CVE-2026-46333",
69448
71070
  "CVE-2026-9082",
@@ -69638,8 +71260,10 @@
69638
71260
  },
69639
71261
  "related_cves": [
69640
71262
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
71263
+ "CVE-2024-12366",
69641
71264
  "CVE-2024-3094",
69642
71265
  "CVE-2024-3154",
71266
+ "CVE-2024-5565",
69643
71267
  "CVE-2025-49844",
69644
71268
  "CVE-2025-53773",
69645
71269
  "CVE-2026-30615",
@@ -69830,7 +71454,9 @@
69830
71454
  },
69831
71455
  "related_cves": [
69832
71456
  "CVE-2023-43472",
71457
+ "CVE-2024-12366",
69833
71458
  "CVE-2024-3094",
71459
+ "CVE-2024-5565",
69834
71460
  "CVE-2025-0133",
69835
71461
  "CVE-2025-1094",
69836
71462
  "CVE-2025-6965",
@@ -70382,6 +72008,7 @@
70382
72008
  "CVE-2025-6558",
70383
72009
  "CVE-2025-66376",
70384
72010
  "CVE-2025-66644",
72011
+ "CVE-2025-67818",
70385
72012
  "CVE-2025-68461",
70386
72013
  "CVE-2025-68613",
70387
72014
  "CVE-2025-68645",
@@ -70465,6 +72092,7 @@
70465
72092
  "CVE-2026-43500",
70466
72093
  "CVE-2026-45321",
70467
72094
  "CVE-2026-45498",
72095
+ "CVE-2026-45829",
70468
72096
  "CVE-2026-46300",
70469
72097
  "CVE-2026-46333",
70470
72098
  "CVE-2026-5281",
@@ -70759,6 +72387,7 @@
70759
72387
  "CVE-2024-11392",
70760
72388
  "CVE-2024-11393",
70761
72389
  "CVE-2024-11394",
72390
+ "CVE-2024-12366",
70762
72391
  "CVE-2024-13059",
70763
72392
  "CVE-2024-1561",
70764
72393
  "CVE-2024-21513",
@@ -70773,6 +72402,7 @@
70773
72402
  "CVE-2024-42479",
70774
72403
  "CVE-2024-4889",
70775
72404
  "CVE-2024-50050",
72405
+ "CVE-2024-5565",
70776
72406
  "CVE-2024-6587",
70777
72407
  "CVE-2025-0133",
70778
72408
  "CVE-2025-10585",
@@ -70797,6 +72427,7 @@
70797
72427
  "CVE-2025-60455",
70798
72428
  "CVE-2025-64496",
70799
72429
  "CVE-2025-64513",
72430
+ "CVE-2025-67818",
70800
72431
  "CVE-2025-6965",
70801
72432
  "CVE-2025-8747",
70802
72433
  "CVE-2026-0766",
@@ -70825,6 +72456,7 @@
70825
72456
  "CVE-2026-42208",
70826
72457
  "CVE-2026-45321",
70827
72458
  "CVE-2026-45498",
72459
+ "CVE-2026-45829",
70828
72460
  "CVE-2026-46300",
70829
72461
  "CVE-2026-46333",
70830
72462
  "CVE-2026-9082",
@@ -71117,6 +72749,7 @@
71117
72749
  "CVE-2024-11392",
71118
72750
  "CVE-2024-11393",
71119
72751
  "CVE-2024-11394",
72752
+ "CVE-2024-12366",
71120
72753
  "CVE-2024-12987",
71121
72754
  "CVE-2024-13059",
71122
72755
  "CVE-2024-1561",
@@ -71140,6 +72773,7 @@
71140
72773
  "CVE-2024-4889",
71141
72774
  "CVE-2024-50050",
71142
72775
  "CVE-2024-54085",
72776
+ "CVE-2024-5565",
71143
72777
  "CVE-2024-56145",
71144
72778
  "CVE-2024-57726",
71145
72779
  "CVE-2024-57728",
@@ -71294,6 +72928,7 @@
71294
72928
  "CVE-2025-6558",
71295
72929
  "CVE-2025-66376",
71296
72930
  "CVE-2025-66644",
72931
+ "CVE-2025-67818",
71297
72932
  "CVE-2025-68461",
71298
72933
  "CVE-2025-68613",
71299
72934
  "CVE-2025-68645",
@@ -71380,6 +73015,7 @@
71380
73015
  "CVE-2026-43500",
71381
73016
  "CVE-2026-45321",
71382
73017
  "CVE-2026-45498",
73018
+ "CVE-2026-45829",
71383
73019
  "CVE-2026-46300",
71384
73020
  "CVE-2026-46333",
71385
73021
  "CVE-2026-5281",
@@ -71686,6 +73322,7 @@
71686
73322
  "CVE-2024-11392",
71687
73323
  "CVE-2024-11393",
71688
73324
  "CVE-2024-11394",
73325
+ "CVE-2024-12366",
71689
73326
  "CVE-2024-13059",
71690
73327
  "CVE-2024-1561",
71691
73328
  "CVE-2024-21513",
@@ -71700,6 +73337,7 @@
71700
73337
  "CVE-2024-42479",
71701
73338
  "CVE-2024-4889",
71702
73339
  "CVE-2024-50050",
73340
+ "CVE-2024-5565",
71703
73341
  "CVE-2024-6587",
71704
73342
  "CVE-2025-10585",
71705
73343
  "CVE-2025-1094",
@@ -71723,6 +73361,7 @@
71723
73361
  "CVE-2025-60455",
71724
73362
  "CVE-2025-64496",
71725
73363
  "CVE-2025-64513",
73364
+ "CVE-2025-67818",
71726
73365
  "CVE-2025-8747",
71727
73366
  "CVE-2026-0766",
71728
73367
  "CVE-2026-22252",
@@ -71748,6 +73387,7 @@
71748
73387
  "CVE-2026-41091",
71749
73388
  "CVE-2026-45321",
71750
73389
  "CVE-2026-45498",
73390
+ "CVE-2026-45829",
71751
73391
  "CVE-2026-46300",
71752
73392
  "CVE-2026-46333",
71753
73393
  "CVE-2026-9082",
@@ -72050,8 +73690,10 @@
72050
73690
  "related_cves": [
72051
73691
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
72052
73692
  "CVE-2023-43472",
73693
+ "CVE-2024-12366",
72053
73694
  "CVE-2024-3094",
72054
73695
  "CVE-2024-3154",
73696
+ "CVE-2024-5565",
72055
73697
  "CVE-2025-0133",
72056
73698
  "CVE-2025-1094",
72057
73699
  "CVE-2025-49844",
@@ -72334,7 +73976,9 @@
72334
73976
  },
72335
73977
  "related_cves": [
72336
73978
  "CVE-2023-43472",
73979
+ "CVE-2024-12366",
72337
73980
  "CVE-2024-3094",
73981
+ "CVE-2024-5565",
72338
73982
  "CVE-2025-0133",
72339
73983
  "CVE-2025-1094",
72340
73984
  "CVE-2025-53773",
@@ -72657,6 +74301,7 @@
72657
74301
  "CVE-2024-11392",
72658
74302
  "CVE-2024-11393",
72659
74303
  "CVE-2024-11394",
74304
+ "CVE-2024-12366",
72660
74305
  "CVE-2024-13059",
72661
74306
  "CVE-2024-1561",
72662
74307
  "CVE-2024-21513",
@@ -72671,6 +74316,7 @@
72671
74316
  "CVE-2024-42479",
72672
74317
  "CVE-2024-4889",
72673
74318
  "CVE-2024-50050",
74319
+ "CVE-2024-5565",
72674
74320
  "CVE-2024-6587",
72675
74321
  "CVE-2025-0133",
72676
74322
  "CVE-2025-10585",
@@ -72695,6 +74341,7 @@
72695
74341
  "CVE-2025-60455",
72696
74342
  "CVE-2025-64496",
72697
74343
  "CVE-2025-64513",
74344
+ "CVE-2025-67818",
72698
74345
  "CVE-2025-6965",
72699
74346
  "CVE-2025-8747",
72700
74347
  "CVE-2026-0766",
@@ -72723,6 +74370,7 @@
72723
74370
  "CVE-2026-42208",
72724
74371
  "CVE-2026-45321",
72725
74372
  "CVE-2026-45498",
74373
+ "CVE-2026-45829",
72726
74374
  "CVE-2026-46300",
72727
74375
  "CVE-2026-46333",
72728
74376
  "CVE-2026-9082",
@@ -72825,6 +74473,7 @@
72825
74473
  "CVE-2025-60455",
72826
74474
  "CVE-2025-64496",
72827
74475
  "CVE-2025-64513",
74476
+ "CVE-2025-67818",
72828
74477
  "CVE-2025-8747",
72829
74478
  "CVE-2026-0766",
72830
74479
  "CVE-2026-22252",
@@ -72849,6 +74498,7 @@
72849
74498
  "CVE-2026-41091",
72850
74499
  "CVE-2026-45321",
72851
74500
  "CVE-2026-45498",
74501
+ "CVE-2026-45829",
72852
74502
  "CVE-2026-46300",
72853
74503
  "CVE-2026-46333",
72854
74504
  "CVE-2026-9082",
@@ -72997,6 +74647,7 @@
72997
74647
  "CVE-2024-11392",
72998
74648
  "CVE-2024-11393",
72999
74649
  "CVE-2024-11394",
74650
+ "CVE-2024-12366",
73000
74651
  "CVE-2024-13059",
73001
74652
  "CVE-2024-1561",
73002
74653
  "CVE-2024-21513",
@@ -73009,6 +74660,7 @@
73009
74660
  "CVE-2024-42479",
73010
74661
  "CVE-2024-4889",
73011
74662
  "CVE-2024-50050",
74663
+ "CVE-2024-5565",
73012
74664
  "CVE-2024-6587",
73013
74665
  "CVE-2025-0133",
73014
74666
  "CVE-2025-1094",
@@ -73029,6 +74681,7 @@
73029
74681
  "CVE-2025-60455",
73030
74682
  "CVE-2025-64496",
73031
74683
  "CVE-2025-64513",
74684
+ "CVE-2025-67818",
73032
74685
  "CVE-2025-6965",
73033
74686
  "CVE-2025-8747",
73034
74687
  "CVE-2026-0766",
@@ -73053,7 +74706,8 @@
73053
74706
  "CVE-2026-34159",
73054
74707
  "CVE-2026-39884",
73055
74708
  "CVE-2026-40933",
73056
- "CVE-2026-42208"
74709
+ "CVE-2026-42208",
74710
+ "CVE-2026-45829"
73057
74711
  ]
73058
74712
  },
73059
74713
  "CWE-1188": {
@@ -73207,8 +74861,10 @@
73207
74861
  "related_cves": [
73208
74862
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
73209
74863
  "CVE-2023-43472",
74864
+ "CVE-2024-12366",
73210
74865
  "CVE-2024-3094",
73211
74866
  "CVE-2024-3154",
74867
+ "CVE-2024-5565",
73212
74868
  "CVE-2025-0133",
73213
74869
  "CVE-2025-1094",
73214
74870
  "CVE-2025-49844",
@@ -73619,6 +75275,7 @@
73619
75275
  "CVE-2025-6558",
73620
75276
  "CVE-2025-66376",
73621
75277
  "CVE-2025-66644",
75278
+ "CVE-2025-67818",
73622
75279
  "CVE-2025-68461",
73623
75280
  "CVE-2025-68613",
73624
75281
  "CVE-2025-68645",
@@ -73695,6 +75352,7 @@
73695
75352
  "CVE-2026-42945",
73696
75353
  "CVE-2026-45321",
73697
75354
  "CVE-2026-45498",
75355
+ "CVE-2026-45829",
73698
75356
  "CVE-2026-46300",
73699
75357
  "CVE-2026-46333",
73700
75358
  "CVE-2026-5281",
@@ -73929,6 +75587,7 @@
73929
75587
  "CVE-2024-11392",
73930
75588
  "CVE-2024-11393",
73931
75589
  "CVE-2024-11394",
75590
+ "CVE-2024-12366",
73932
75591
  "CVE-2024-13059",
73933
75592
  "CVE-2024-1561",
73934
75593
  "CVE-2024-21513",
@@ -73943,6 +75602,7 @@
73943
75602
  "CVE-2024-42479",
73944
75603
  "CVE-2024-4889",
73945
75604
  "CVE-2024-50050",
75605
+ "CVE-2024-5565",
73946
75606
  "CVE-2024-6587",
73947
75607
  "CVE-2025-0133",
73948
75608
  "CVE-2025-10585",
@@ -73967,6 +75627,7 @@
73967
75627
  "CVE-2025-60455",
73968
75628
  "CVE-2025-64496",
73969
75629
  "CVE-2025-64513",
75630
+ "CVE-2025-67818",
73970
75631
  "CVE-2025-6965",
73971
75632
  "CVE-2025-8747",
73972
75633
  "CVE-2026-0766",
@@ -73994,6 +75655,7 @@
73994
75655
  "CVE-2026-41091",
73995
75656
  "CVE-2026-45321",
73996
75657
  "CVE-2026-45498",
75658
+ "CVE-2026-45829",
73997
75659
  "CVE-2026-46300",
73998
75660
  "CVE-2026-46333",
73999
75661
  "CVE-2026-9082",
@@ -74257,6 +75919,7 @@
74257
75919
  "CVE-2024-11392",
74258
75920
  "CVE-2024-11393",
74259
75921
  "CVE-2024-11394",
75922
+ "CVE-2024-12366",
74260
75923
  "CVE-2024-13059",
74261
75924
  "CVE-2024-1561",
74262
75925
  "CVE-2024-21513",
@@ -74271,6 +75934,7 @@
74271
75934
  "CVE-2024-42479",
74272
75935
  "CVE-2024-4889",
74273
75936
  "CVE-2024-50050",
75937
+ "CVE-2024-5565",
74274
75938
  "CVE-2024-6587",
74275
75939
  "CVE-2025-0133",
74276
75940
  "CVE-2025-1094",
@@ -74294,6 +75958,7 @@
74294
75958
  "CVE-2025-60455",
74295
75959
  "CVE-2025-64496",
74296
75960
  "CVE-2025-64513",
75961
+ "CVE-2025-67818",
74297
75962
  "CVE-2025-6965",
74298
75963
  "CVE-2025-8747",
74299
75964
  "CVE-2026-0766",
@@ -74323,6 +75988,7 @@
74323
75988
  "CVE-2026-42897",
74324
75989
  "CVE-2026-43284",
74325
75990
  "CVE-2026-45321",
75991
+ "CVE-2026-45829",
74326
75992
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
74327
75993
  "MAL-2026-3083",
74328
75994
  "MAL-2026-NODE-IPC-STEALER",