@blamejs/exceptd-skills 0.13.102 → 0.13.103

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +1667 -896
  6. package/data/atlas-ttps.json +2 -0
  7. package/data/attack-techniques.json +5 -0
  8. package/data/cve-catalog.json +223 -98
  9. package/data/cwe-catalog.json +2 -0
  10. package/data/framework-control-gaps.json +25 -6
  11. package/data/zeroday-lessons.json +100 -32
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -15768,18 +15768,33 @@
15768
15768
  ]
15769
15769
  }
15770
15770
  },
15771
- "CVE-2026-33017": {
15772
- "name": "Langflow Code Injection Vulnerability",
15773
- "rwep": 77,
15774
- "cvss": 9.8,
15771
+ "CVE-2025-34291": {
15772
+ "name": "Langflow Account Takeover + RCE (CORS / refresh-token chain)",
15773
+ "rwep": 80,
15774
+ "cvss": 8.8,
15775
15775
  "cisa_kev": true,
15776
15776
  "epss_score": null,
15777
15777
  "referencing_skills": [
15778
15778
  "kernel-lpe-triage",
15779
- "coordinated-vuln-disclosure"
15779
+ "ai-attack-surface",
15780
+ "compliance-theater",
15781
+ "attack-surface-pentest",
15782
+ "ot-ics-security",
15783
+ "coordinated-vuln-disclosure",
15784
+ "sector-energy"
15780
15785
  ],
15781
15786
  "chain": {
15782
15787
  "cwes": [
15788
+ {
15789
+ "id": "CWE-1037",
15790
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
15791
+ "category": "Hardware / Side Channel"
15792
+ },
15793
+ {
15794
+ "id": "CWE-1039",
15795
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
15796
+ "category": "AI/ML"
15797
+ },
15783
15798
  {
15784
15799
  "id": "CWE-125",
15785
15800
  "name": "Out-of-bounds Read",
@@ -15790,6 +15805,41 @@
15790
15805
  "name": "Reliance on Insufficiently Trustworthy Component",
15791
15806
  "category": "Supply Chain"
15792
15807
  },
15808
+ {
15809
+ "id": "CWE-1395",
15810
+ "name": "Dependency on Vulnerable Third-Party Component",
15811
+ "category": "Supply Chain"
15812
+ },
15813
+ {
15814
+ "id": "CWE-1426",
15815
+ "name": "Improper Validation of Generative AI Output",
15816
+ "category": "AI/ML"
15817
+ },
15818
+ {
15819
+ "id": "CWE-22",
15820
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
15821
+ "category": "Path/Resource"
15822
+ },
15823
+ {
15824
+ "id": "CWE-269",
15825
+ "name": "Improper Privilege Management",
15826
+ "category": "Authorization"
15827
+ },
15828
+ {
15829
+ "id": "CWE-287",
15830
+ "name": "Improper Authentication",
15831
+ "category": "Authentication"
15832
+ },
15833
+ {
15834
+ "id": "CWE-306",
15835
+ "name": "Missing Authentication for Critical Function",
15836
+ "category": "Authentication"
15837
+ },
15838
+ {
15839
+ "id": "CWE-352",
15840
+ "name": "Cross-Site Request Forgery (CSRF)",
15841
+ "category": "Session"
15842
+ },
15793
15843
  {
15794
15844
  "id": "CWE-362",
15795
15845
  "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
@@ -15800,29 +15850,130 @@
15800
15850
  "name": "Use After Free",
15801
15851
  "category": "Memory Safety"
15802
15852
  },
15853
+ {
15854
+ "id": "CWE-434",
15855
+ "name": "Unrestricted Upload of File with Dangerous Type",
15856
+ "category": "File Handling"
15857
+ },
15803
15858
  {
15804
15859
  "id": "CWE-672",
15805
15860
  "name": "Operation on a Resource after Expiration or Release",
15806
15861
  "category": "Memory Safety"
15807
15862
  },
15863
+ {
15864
+ "id": "CWE-732",
15865
+ "name": "Incorrect Permission Assignment for Critical Resource",
15866
+ "category": "Authorization"
15867
+ },
15868
+ {
15869
+ "id": "CWE-78",
15870
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
15871
+ "category": "Injection"
15872
+ },
15808
15873
  {
15809
15874
  "id": "CWE-787",
15810
15875
  "name": "Out-of-bounds Write",
15811
15876
  "category": "Memory Safety"
15877
+ },
15878
+ {
15879
+ "id": "CWE-79",
15880
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
15881
+ "category": "Injection"
15882
+ },
15883
+ {
15884
+ "id": "CWE-798",
15885
+ "name": "Use of Hard-coded Credentials",
15886
+ "category": "Credentials"
15887
+ },
15888
+ {
15889
+ "id": "CWE-89",
15890
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
15891
+ "category": "Injection"
15892
+ },
15893
+ {
15894
+ "id": "CWE-918",
15895
+ "name": "Server-Side Request Forgery (SSRF)",
15896
+ "category": "Network"
15897
+ },
15898
+ {
15899
+ "id": "CWE-94",
15900
+ "name": "Improper Control of Generation of Code (Code Injection)",
15901
+ "category": "Injection"
15902
+ }
15903
+ ],
15904
+ "atlas": [
15905
+ {
15906
+ "id": "AML.T0010",
15907
+ "name": "ML Supply Chain Compromise",
15908
+ "tactic": "Initial Access"
15909
+ },
15910
+ {
15911
+ "id": "AML.T0016",
15912
+ "name": "Obtain Capabilities: Develop Capabilities",
15913
+ "tactic": "Resource Development"
15914
+ },
15915
+ {
15916
+ "id": "AML.T0017",
15917
+ "name": "Discover ML Model Ontology",
15918
+ "tactic": "Discovery"
15919
+ },
15920
+ {
15921
+ "id": "AML.T0018",
15922
+ "name": "Backdoor ML Model",
15923
+ "tactic": "Persistence"
15924
+ },
15925
+ {
15926
+ "id": "AML.T0020",
15927
+ "name": "Poison Training Data",
15928
+ "tactic": "ML Attack Staging"
15929
+ },
15930
+ {
15931
+ "id": "AML.T0043",
15932
+ "name": "Craft Adversarial Data",
15933
+ "tactic": "ML Attack Staging"
15934
+ },
15935
+ {
15936
+ "id": "AML.T0051",
15937
+ "name": "LLM Prompt Injection",
15938
+ "tactic": "Execution"
15939
+ },
15940
+ {
15941
+ "id": "AML.T0054",
15942
+ "name": "LLM Jailbreak",
15943
+ "tactic": "Defense Evasion"
15944
+ },
15945
+ {
15946
+ "id": "AML.T0096",
15947
+ "name": "AI API as Covert C2 Channel",
15948
+ "tactic": "Command and Control"
15812
15949
  }
15813
15950
  ],
15814
- "atlas": [],
15815
15951
  "d3fend": [
15816
15952
  {
15817
15953
  "id": "D3-ASLR",
15818
15954
  "name": "Address Space Layout Randomization",
15819
15955
  "tactic": "Harden"
15820
15956
  },
15957
+ {
15958
+ "id": "D3-CSPP",
15959
+ "name": "Client-server Payload Profiling",
15960
+ "tactic": "Detect"
15961
+ },
15821
15962
  {
15822
15963
  "id": "D3-EAL",
15823
15964
  "name": "Executable Allowlisting",
15824
15965
  "tactic": "Harden"
15825
15966
  },
15967
+ {
15968
+ "id": "D3-IOPR",
15969
+ "name": "Input/Output Profiling Resource",
15970
+ "tactic": "Detect"
15971
+ },
15972
+ {
15973
+ "id": "D3-NTA",
15974
+ "name": "Network Traffic Analysis",
15975
+ "tactic": "Detect"
15976
+ },
15826
15977
  {
15827
15978
  "id": "D3-PHRA",
15828
15979
  "name": "Process Hardware Resource Access",
@@ -15835,26 +15986,76 @@
15835
15986
  }
15836
15987
  ],
15837
15988
  "framework_gaps": [
15989
+ {
15990
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
15991
+ "framework": "ALL",
15992
+ "control_name": "AI Pipeline Integrity"
15993
+ },
15994
+ {
15995
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
15996
+ "framework": "ALL",
15997
+ "control_name": "Prompt Injection as Access Control Failure"
15998
+ },
15838
15999
  {
15839
16000
  "id": "CIS-Controls-v8-Control7",
15840
16001
  "framework": "CIS Controls v8",
15841
16002
  "control_name": "Continuous Vulnerability Management"
15842
16003
  },
16004
+ {
16005
+ "id": "CMMC-2.0-Level-2",
16006
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
16007
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
16008
+ },
16009
+ {
16010
+ "id": "FedRAMP-Rev5-Moderate",
16011
+ "framework": "FedRAMP Rev 5 Moderate",
16012
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
16013
+ },
16014
+ {
16015
+ "id": "IEC-62443-3-3",
16016
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
16017
+ "control_name": "System security requirements and security levels"
16018
+ },
16019
+ {
16020
+ "id": "ISO-27001-2022-A.8.28",
16021
+ "framework": "ISO/IEC 27001:2022",
16022
+ "control_name": "Secure coding"
16023
+ },
15843
16024
  {
15844
16025
  "id": "ISO-27001-2022-A.8.8",
15845
16026
  "framework": "ISO/IEC 27001:2022",
15846
16027
  "control_name": "Management of technical vulnerabilities"
15847
16028
  },
16029
+ {
16030
+ "id": "ISO-IEC-23894-2023-clause-7",
16031
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
16032
+ "control_name": "AI risk management process"
16033
+ },
16034
+ {
16035
+ "id": "NERC-CIP-007-6-R4",
16036
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
16037
+ "control_name": "Security event monitoring"
16038
+ },
15848
16039
  {
15849
16040
  "id": "NIS2-Art21-patch-management",
15850
16041
  "framework": "EU NIS2 Directive",
15851
16042
  "control_name": "Vulnerability handling and disclosure"
15852
16043
  },
16044
+ {
16045
+ "id": "NIST-800-115",
16046
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
16047
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
16048
+ },
15853
16049
  {
15854
16050
  "id": "NIST-800-218-SSDF",
15855
16051
  "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
15856
16052
  "control_name": "Secure Software Development Framework"
15857
16053
  },
16054
+ {
16055
+ "id": "NIST-800-53-AC-2",
16056
+ "framework": "NIST SP 800-53 Rev 5",
16057
+ "control_name": "Account Management"
16058
+ },
15858
16059
  {
15859
16060
  "id": "NIST-800-53-SC-8",
15860
16061
  "framework": "NIST SP 800-53 Rev 5",
@@ -15865,11 +16066,46 @@
15865
16066
  "framework": "NIST SP 800-53 Rev 5",
15866
16067
  "control_name": "Flaw Remediation"
15867
16068
  },
16069
+ {
16070
+ "id": "NIST-800-53-SI-3",
16071
+ "framework": "NIST SP 800-53 Rev 5",
16072
+ "control_name": "Malicious Code Protection"
16073
+ },
16074
+ {
16075
+ "id": "NIST-800-82r3",
16076
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
16077
+ "control_name": "Guide to Operational Technology (OT) Security"
16078
+ },
16079
+ {
16080
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
16081
+ "framework": "OWASP Top 10 for LLM Applications 2025",
16082
+ "control_name": "Prompt Injection"
16083
+ },
16084
+ {
16085
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
16086
+ "framework": "OWASP Top 10 for LLM Applications 2025",
16087
+ "control_name": "Sensitive Information Disclosure"
16088
+ },
16089
+ {
16090
+ "id": "OWASP-Pen-Testing-Guide-v5",
16091
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
16092
+ "control_name": "Web application penetration testing methodology"
16093
+ },
15868
16094
  {
15869
16095
  "id": "PCI-DSS-4.0-6.3.3",
15870
16096
  "framework": "PCI DSS 4.0",
15871
16097
  "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
15872
16098
  },
16099
+ {
16100
+ "id": "PTES-Pre-engagement",
16101
+ "framework": "Penetration Testing Execution Standard (PTES)",
16102
+ "control_name": "Pre-engagement Interactions"
16103
+ },
16104
+ {
16105
+ "id": "SOC2-CC6-logical-access",
16106
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
16107
+ "control_name": "Logical and Physical Access Controls"
16108
+ },
15873
16109
  {
15874
16110
  "id": "SOC2-CC9-vendor-management",
15875
16111
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
@@ -15877,8 +16113,15 @@
15877
16113
  }
15878
16114
  ],
15879
16115
  "attack_refs": [
16116
+ "T0855",
16117
+ "T0883",
16118
+ "T1059",
15880
16119
  "T1068",
15881
- "T1548.001"
16120
+ "T1078",
16121
+ "T1133",
16122
+ "T1190",
16123
+ "T1548.001",
16124
+ "T1566"
15882
16125
  ],
15883
16126
  "rfc_refs": [
15884
16127
  "RFC-4301",
@@ -15887,11 +16130,11 @@
15887
16130
  ]
15888
16131
  }
15889
16132
  },
15890
- "CVE-2025-34291": {
15891
- "name": "Langflow Account Takeover + RCE (CORS / refresh-token chain)",
15892
- "rwep": 80,
15893
- "cvss": 8.8,
15894
- "cisa_kev": true,
16133
+ "CVE-2026-25592": {
16134
+ "name": "Microsoft Semantic Kernel SessionsPythonPlugin Path Traversal Prompt-Injection to Host RCE",
16135
+ "rwep": 30,
16136
+ "cvss": 9.9,
16137
+ "cisa_kev": false,
15895
16138
  "epss_score": null,
15896
16139
  "referencing_skills": [
15897
16140
  "kernel-lpe-triage",
@@ -16249,10 +16492,10 @@
16249
16492
  ]
16250
16493
  }
16251
16494
  },
16252
- "CVE-2026-25592": {
16253
- "name": "Microsoft Semantic Kernel SessionsPythonPlugin Path Traversal Prompt-Injection to Host RCE",
16495
+ "CVE-2025-49596": {
16496
+ "name": "MCP Inspector Missing Authentication Unauthenticated RCE via the Inspector Proxy",
16254
16497
  "rwep": 30,
16255
- "cvss": 9.9,
16498
+ "cvss": 8.3,
16256
16499
  "cisa_kev": false,
16257
16500
  "epss_score": null,
16258
16501
  "referencing_skills": [
@@ -16611,10 +16854,10 @@
16611
16854
  ]
16612
16855
  }
16613
16856
  },
16614
- "CVE-2025-49596": {
16615
- "name": "MCP Inspector Missing Authentication Unauthenticated RCE via the Inspector Proxy",
16857
+ "CVE-2025-54136": {
16858
+ "name": "Cursor MCPoisonPersistent RCE via Modified Already-Trusted MCP Config",
16616
16859
  "rwep": 30,
16617
- "cvss": 8.3,
16860
+ "cvss": 8.8,
16618
16861
  "cisa_kev": false,
16619
16862
  "epss_score": null,
16620
16863
  "referencing_skills": [
@@ -16973,10 +17216,10 @@
16973
17216
  ]
16974
17217
  }
16975
17218
  },
16976
- "CVE-2025-54136": {
16977
- "name": "Cursor MCPoisonPersistent RCE via Modified Already-Trusted MCP Config",
17219
+ "CVE-2026-22252": {
17220
+ "name": "LibreChat MCP stdio Transport Authenticated Arbitrary Command Execution as Root",
16978
17221
  "rwep": 30,
16979
- "cvss": 8.8,
17222
+ "cvss": 9.9,
16980
17223
  "cisa_kev": false,
16981
17224
  "epss_score": null,
16982
17225
  "referencing_skills": [
@@ -17335,10 +17578,10 @@
17335
17578
  ]
17336
17579
  }
17337
17580
  },
17338
- "CVE-2026-22252": {
17339
- "name": "LibreChat MCP stdio Transport — Authenticated Arbitrary Command Execution as Root",
17581
+ "CVE-2026-22688": {
17582
+ "name": "Tencent WeKnora MCP stdio Command Injection",
17340
17583
  "rwep": 30,
17341
- "cvss": 9.9,
17584
+ "cvss": 8.8,
17342
17585
  "cisa_kev": false,
17343
17586
  "epss_score": null,
17344
17587
  "referencing_skills": [
@@ -17697,10 +17940,10 @@
17697
17940
  ]
17698
17941
  }
17699
17942
  },
17700
- "CVE-2026-22688": {
17701
- "name": "Tencent WeKnora MCP stdio Command Injection",
17943
+ "CVE-2026-40933": {
17944
+ "name": "FlowiseAI Flowise MCP Custom Config Command Injection",
17702
17945
  "rwep": 30,
17703
- "cvss": 8.8,
17946
+ "cvss": 9.9,
17704
17947
  "cisa_kev": false,
17705
17948
  "epss_score": null,
17706
17949
  "referencing_skills": [
@@ -18059,10 +18302,10 @@
18059
18302
  ]
18060
18303
  }
18061
18304
  },
18062
- "CVE-2026-40933": {
18063
- "name": "FlowiseAI Flowise MCP Custom Config Command Injection",
18064
- "rwep": 30,
18065
- "cvss": 9.9,
18305
+ "CVE-2026-30624": {
18306
+ "name": "Agent Zero MCP Server Config Command Injection",
18307
+ "rwep": 40,
18308
+ "cvss": 8.6,
18066
18309
  "cisa_kev": false,
18067
18310
  "epss_score": null,
18068
18311
  "referencing_skills": [
@@ -18421,10 +18664,10 @@
18421
18664
  ]
18422
18665
  }
18423
18666
  },
18424
- "CVE-2026-30624": {
18425
- "name": "Agent Zero MCP Server Config Command Injection",
18426
- "rwep": 40,
18427
- "cvss": 8.6,
18667
+ "CVE-2026-30616": {
18668
+ "name": "Jaaz MCP stdio Command Execution RCE",
18669
+ "rwep": 35,
18670
+ "cvss": 7.3,
18428
18671
  "cisa_kev": false,
18429
18672
  "epss_score": null,
18430
18673
  "referencing_skills": [
@@ -18783,10 +19026,10 @@
18783
19026
  ]
18784
19027
  }
18785
19028
  },
18786
- "CVE-2026-30616": {
18787
- "name": "Jaaz MCP stdio Command Execution RCE",
18788
- "rwep": 35,
18789
- "cvss": 7.3,
19029
+ "CVE-2026-30617": {
19030
+ "name": "Langchain-Chatchat MCP Management Interface stdio RCE",
19031
+ "rwep": 42,
19032
+ "cvss": 8.6,
18790
19033
  "cisa_kev": false,
18791
19034
  "epss_score": null,
18792
19035
  "referencing_skills": [
@@ -19145,10 +19388,10 @@
19145
19388
  ]
19146
19389
  }
19147
19390
  },
19148
- "CVE-2026-30617": {
19149
- "name": "Langchain-Chatchat MCP Management Interface stdio RCE",
19150
- "rwep": 42,
19151
- "cvss": 8.6,
19391
+ "CVE-2026-30625": {
19392
+ "name": "Upsonic MCP Task Allowed-Command Argument Injection RCE",
19393
+ "rwep": 38,
19394
+ "cvss": 9.8,
19152
19395
  "cisa_kev": false,
19153
19396
  "epss_score": null,
19154
19397
  "referencing_skills": [
@@ -19507,9 +19750,9 @@
19507
19750
  ]
19508
19751
  }
19509
19752
  },
19510
- "CVE-2026-30625": {
19511
- "name": "Upsonic MCP Task Allowed-Command Argument Injection RCE",
19512
- "rwep": 38,
19753
+ "CVE-2026-26015": {
19754
+ "name": "DocsGPT MCP stdio Unauthenticated Remote Code Execution",
19755
+ "rwep": 27,
19513
19756
  "cvss": 9.8,
19514
19757
  "cisa_kev": false,
19515
19758
  "epss_score": null,
@@ -19869,16 +20112,14 @@
19869
20112
  ]
19870
20113
  }
19871
20114
  },
19872
- "CVE-2026-26015": {
19873
- "name": "DocsGPT MCP stdio Unauthenticated Remote Code Execution",
19874
- "rwep": 27,
20115
+ "CVE-2026-9082": {
20116
+ "name": "Drupal Core Database API Unauthenticated SQL Injection (SA-CORE-2026-004)",
20117
+ "rwep": 78,
19875
20118
  "cvss": 9.8,
19876
- "cisa_kev": false,
20119
+ "cisa_kev": true,
19877
20120
  "epss_score": null,
19878
20121
  "referencing_skills": [
19879
20122
  "kernel-lpe-triage",
19880
- "ai-attack-surface",
19881
- "compliance-theater",
19882
20123
  "attack-surface-pentest",
19883
20124
  "ot-ics-security",
19884
20125
  "coordinated-vuln-disclosure",
@@ -19891,11 +20132,6 @@
19891
20132
  "name": "Processor Optimization Removal or Modification of Security-critical Code",
19892
20133
  "category": "Hardware / Side Channel"
19893
20134
  },
19894
- {
19895
- "id": "CWE-1039",
19896
- "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
19897
- "category": "AI/ML"
19898
- },
19899
20135
  {
19900
20136
  "id": "CWE-125",
19901
20137
  "name": "Out-of-bounds Read",
@@ -19911,11 +20147,6 @@
19911
20147
  "name": "Dependency on Vulnerable Third-Party Component",
19912
20148
  "category": "Supply Chain"
19913
20149
  },
19914
- {
19915
- "id": "CWE-1426",
19916
- "name": "Improper Validation of Generative AI Output",
19917
- "category": "AI/ML"
19918
- },
19919
20150
  {
19920
20151
  "id": "CWE-22",
19921
20152
  "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
@@ -19995,11 +20226,6 @@
19995
20226
  "id": "CWE-918",
19996
20227
  "name": "Server-Side Request Forgery (SSRF)",
19997
20228
  "category": "Network"
19998
- },
19999
- {
20000
- "id": "CWE-94",
20001
- "name": "Improper Control of Generation of Code (Code Injection)",
20002
- "category": "Injection"
20003
20229
  }
20004
20230
  ],
20005
20231
  "atlas": [
@@ -20008,26 +20234,6 @@
20008
20234
  "name": "ML Supply Chain Compromise",
20009
20235
  "tactic": "Initial Access"
20010
20236
  },
20011
- {
20012
- "id": "AML.T0016",
20013
- "name": "Obtain Capabilities: Develop Capabilities",
20014
- "tactic": "Resource Development"
20015
- },
20016
- {
20017
- "id": "AML.T0017",
20018
- "name": "Discover ML Model Ontology",
20019
- "tactic": "Discovery"
20020
- },
20021
- {
20022
- "id": "AML.T0018",
20023
- "name": "Backdoor ML Model",
20024
- "tactic": "Persistence"
20025
- },
20026
- {
20027
- "id": "AML.T0020",
20028
- "name": "Poison Training Data",
20029
- "tactic": "ML Attack Staging"
20030
- },
20031
20237
  {
20032
20238
  "id": "AML.T0043",
20033
20239
  "name": "Craft Adversarial Data",
@@ -20037,16 +20243,6 @@
20037
20243
  "id": "AML.T0051",
20038
20244
  "name": "LLM Prompt Injection",
20039
20245
  "tactic": "Execution"
20040
- },
20041
- {
20042
- "id": "AML.T0054",
20043
- "name": "LLM Jailbreak",
20044
- "tactic": "Defense Evasion"
20045
- },
20046
- {
20047
- "id": "AML.T0096",
20048
- "name": "AI API as Covert C2 Channel",
20049
- "tactic": "Command and Control"
20050
20246
  }
20051
20247
  ],
20052
20248
  "d3fend": [
@@ -20065,11 +20261,6 @@
20065
20261
  "name": "Executable Allowlisting",
20066
20262
  "tactic": "Harden"
20067
20263
  },
20068
- {
20069
- "id": "D3-IOPR",
20070
- "name": "Input/Output Profiling Resource",
20071
- "tactic": "Detect"
20072
- },
20073
20264
  {
20074
20265
  "id": "D3-NTA",
20075
20266
  "name": "Network Traffic Analysis",
@@ -20087,51 +20278,21 @@
20087
20278
  }
20088
20279
  ],
20089
20280
  "framework_gaps": [
20090
- {
20091
- "id": "ALL-AI-PIPELINE-INTEGRITY",
20092
- "framework": "ALL",
20093
- "control_name": "AI Pipeline Integrity"
20094
- },
20095
- {
20096
- "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
20097
- "framework": "ALL",
20098
- "control_name": "Prompt Injection as Access Control Failure"
20099
- },
20100
20281
  {
20101
20282
  "id": "CIS-Controls-v8-Control7",
20102
20283
  "framework": "CIS Controls v8",
20103
20284
  "control_name": "Continuous Vulnerability Management"
20104
20285
  },
20105
- {
20106
- "id": "CMMC-2.0-Level-2",
20107
- "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
20108
- "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
20109
- },
20110
- {
20111
- "id": "FedRAMP-Rev5-Moderate",
20112
- "framework": "FedRAMP Rev 5 Moderate",
20113
- "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
20114
- },
20115
20286
  {
20116
20287
  "id": "IEC-62443-3-3",
20117
20288
  "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
20118
20289
  "control_name": "System security requirements and security levels"
20119
20290
  },
20120
- {
20121
- "id": "ISO-27001-2022-A.8.28",
20122
- "framework": "ISO/IEC 27001:2022",
20123
- "control_name": "Secure coding"
20124
- },
20125
20291
  {
20126
20292
  "id": "ISO-27001-2022-A.8.8",
20127
20293
  "framework": "ISO/IEC 27001:2022",
20128
20294
  "control_name": "Management of technical vulnerabilities"
20129
20295
  },
20130
- {
20131
- "id": "ISO-IEC-23894-2023-clause-7",
20132
- "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
20133
- "control_name": "AI risk management process"
20134
- },
20135
20296
  {
20136
20297
  "id": "NERC-CIP-007-6-R4",
20137
20298
  "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
@@ -20152,11 +20313,6 @@
20152
20313
  "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
20153
20314
  "control_name": "Secure Software Development Framework"
20154
20315
  },
20155
- {
20156
- "id": "NIST-800-53-AC-2",
20157
- "framework": "NIST SP 800-53 Rev 5",
20158
- "control_name": "Account Management"
20159
- },
20160
20316
  {
20161
20317
  "id": "NIST-800-53-SC-8",
20162
20318
  "framework": "NIST SP 800-53 Rev 5",
@@ -20167,26 +20323,11 @@
20167
20323
  "framework": "NIST SP 800-53 Rev 5",
20168
20324
  "control_name": "Flaw Remediation"
20169
20325
  },
20170
- {
20171
- "id": "NIST-800-53-SI-3",
20172
- "framework": "NIST SP 800-53 Rev 5",
20173
- "control_name": "Malicious Code Protection"
20174
- },
20175
20326
  {
20176
20327
  "id": "NIST-800-82r3",
20177
20328
  "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
20178
20329
  "control_name": "Guide to Operational Technology (OT) Security"
20179
20330
  },
20180
- {
20181
- "id": "OWASP-LLM-Top-10-2025-LLM01",
20182
- "framework": "OWASP Top 10 for LLM Applications 2025",
20183
- "control_name": "Prompt Injection"
20184
- },
20185
- {
20186
- "id": "OWASP-LLM-Top-10-2025-LLM02",
20187
- "framework": "OWASP Top 10 for LLM Applications 2025",
20188
- "control_name": "Sensitive Information Disclosure"
20189
- },
20190
20331
  {
20191
20332
  "id": "OWASP-Pen-Testing-Guide-v5",
20192
20333
  "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
@@ -20202,11 +20343,6 @@
20202
20343
  "framework": "Penetration Testing Execution Standard (PTES)",
20203
20344
  "control_name": "Pre-engagement Interactions"
20204
20345
  },
20205
- {
20206
- "id": "SOC2-CC6-logical-access",
20207
- "framework": "SOC 2 (AICPA Trust Services Criteria)",
20208
- "control_name": "Logical and Physical Access Controls"
20209
- },
20210
20346
  {
20211
20347
  "id": "SOC2-CC9-vendor-management",
20212
20348
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
@@ -20221,8 +20357,7 @@
20221
20357
  "T1078",
20222
20358
  "T1133",
20223
20359
  "T1190",
20224
- "T1548.001",
20225
- "T1566"
20360
+ "T1548.001"
20226
20361
  ],
20227
20362
  "rfc_refs": [
20228
20363
  "RFC-4301",
@@ -20231,14 +20366,16 @@
20231
20366
  ]
20232
20367
  }
20233
20368
  },
20234
- "CVE-2026-9082": {
20235
- "name": "Drupal Core Database API Unauthenticated SQL Injection (SA-CORE-2026-004)",
20236
- "rwep": 78,
20237
- "cvss": 9.8,
20238
- "cisa_kev": true,
20369
+ "CVE-2025-23254": {
20370
+ "name": "NVIDIA TensorRT-LLM Python Executor Deserialization RCE (ShadowMQ)",
20371
+ "rwep": 29,
20372
+ "cvss": 8.8,
20373
+ "cisa_kev": false,
20239
20374
  "epss_score": null,
20240
20375
  "referencing_skills": [
20241
20376
  "kernel-lpe-triage",
20377
+ "ai-attack-surface",
20378
+ "compliance-theater",
20242
20379
  "attack-surface-pentest",
20243
20380
  "ot-ics-security",
20244
20381
  "coordinated-vuln-disclosure",
@@ -20251,6 +20388,11 @@
20251
20388
  "name": "Processor Optimization Removal or Modification of Security-critical Code",
20252
20389
  "category": "Hardware / Side Channel"
20253
20390
  },
20391
+ {
20392
+ "id": "CWE-1039",
20393
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
20394
+ "category": "AI/ML"
20395
+ },
20254
20396
  {
20255
20397
  "id": "CWE-125",
20256
20398
  "name": "Out-of-bounds Read",
@@ -20266,6 +20408,11 @@
20266
20408
  "name": "Dependency on Vulnerable Third-Party Component",
20267
20409
  "category": "Supply Chain"
20268
20410
  },
20411
+ {
20412
+ "id": "CWE-1426",
20413
+ "name": "Improper Validation of Generative AI Output",
20414
+ "category": "AI/ML"
20415
+ },
20269
20416
  {
20270
20417
  "id": "CWE-22",
20271
20418
  "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
@@ -20345,6 +20492,11 @@
20345
20492
  "id": "CWE-918",
20346
20493
  "name": "Server-Side Request Forgery (SSRF)",
20347
20494
  "category": "Network"
20495
+ },
20496
+ {
20497
+ "id": "CWE-94",
20498
+ "name": "Improper Control of Generation of Code (Code Injection)",
20499
+ "category": "Injection"
20348
20500
  }
20349
20501
  ],
20350
20502
  "atlas": [
@@ -20353,6 +20505,26 @@
20353
20505
  "name": "ML Supply Chain Compromise",
20354
20506
  "tactic": "Initial Access"
20355
20507
  },
20508
+ {
20509
+ "id": "AML.T0016",
20510
+ "name": "Obtain Capabilities: Develop Capabilities",
20511
+ "tactic": "Resource Development"
20512
+ },
20513
+ {
20514
+ "id": "AML.T0017",
20515
+ "name": "Discover ML Model Ontology",
20516
+ "tactic": "Discovery"
20517
+ },
20518
+ {
20519
+ "id": "AML.T0018",
20520
+ "name": "Backdoor ML Model",
20521
+ "tactic": "Persistence"
20522
+ },
20523
+ {
20524
+ "id": "AML.T0020",
20525
+ "name": "Poison Training Data",
20526
+ "tactic": "ML Attack Staging"
20527
+ },
20356
20528
  {
20357
20529
  "id": "AML.T0043",
20358
20530
  "name": "Craft Adversarial Data",
@@ -20362,6 +20534,16 @@
20362
20534
  "id": "AML.T0051",
20363
20535
  "name": "LLM Prompt Injection",
20364
20536
  "tactic": "Execution"
20537
+ },
20538
+ {
20539
+ "id": "AML.T0054",
20540
+ "name": "LLM Jailbreak",
20541
+ "tactic": "Defense Evasion"
20542
+ },
20543
+ {
20544
+ "id": "AML.T0096",
20545
+ "name": "AI API as Covert C2 Channel",
20546
+ "tactic": "Command and Control"
20365
20547
  }
20366
20548
  ],
20367
20549
  "d3fend": [
@@ -20380,6 +20562,11 @@
20380
20562
  "name": "Executable Allowlisting",
20381
20563
  "tactic": "Harden"
20382
20564
  },
20565
+ {
20566
+ "id": "D3-IOPR",
20567
+ "name": "Input/Output Profiling Resource",
20568
+ "tactic": "Detect"
20569
+ },
20383
20570
  {
20384
20571
  "id": "D3-NTA",
20385
20572
  "name": "Network Traffic Analysis",
@@ -20397,21 +20584,51 @@
20397
20584
  }
20398
20585
  ],
20399
20586
  "framework_gaps": [
20587
+ {
20588
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
20589
+ "framework": "ALL",
20590
+ "control_name": "AI Pipeline Integrity"
20591
+ },
20592
+ {
20593
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
20594
+ "framework": "ALL",
20595
+ "control_name": "Prompt Injection as Access Control Failure"
20596
+ },
20400
20597
  {
20401
20598
  "id": "CIS-Controls-v8-Control7",
20402
20599
  "framework": "CIS Controls v8",
20403
20600
  "control_name": "Continuous Vulnerability Management"
20404
20601
  },
20602
+ {
20603
+ "id": "CMMC-2.0-Level-2",
20604
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
20605
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
20606
+ },
20607
+ {
20608
+ "id": "FedRAMP-Rev5-Moderate",
20609
+ "framework": "FedRAMP Rev 5 Moderate",
20610
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
20611
+ },
20405
20612
  {
20406
20613
  "id": "IEC-62443-3-3",
20407
20614
  "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
20408
20615
  "control_name": "System security requirements and security levels"
20409
20616
  },
20617
+ {
20618
+ "id": "ISO-27001-2022-A.8.28",
20619
+ "framework": "ISO/IEC 27001:2022",
20620
+ "control_name": "Secure coding"
20621
+ },
20410
20622
  {
20411
20623
  "id": "ISO-27001-2022-A.8.8",
20412
20624
  "framework": "ISO/IEC 27001:2022",
20413
20625
  "control_name": "Management of technical vulnerabilities"
20414
20626
  },
20627
+ {
20628
+ "id": "ISO-IEC-23894-2023-clause-7",
20629
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
20630
+ "control_name": "AI risk management process"
20631
+ },
20415
20632
  {
20416
20633
  "id": "NERC-CIP-007-6-R4",
20417
20634
  "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
@@ -20432,6 +20649,11 @@
20432
20649
  "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
20433
20650
  "control_name": "Secure Software Development Framework"
20434
20651
  },
20652
+ {
20653
+ "id": "NIST-800-53-AC-2",
20654
+ "framework": "NIST SP 800-53 Rev 5",
20655
+ "control_name": "Account Management"
20656
+ },
20435
20657
  {
20436
20658
  "id": "NIST-800-53-SC-8",
20437
20659
  "framework": "NIST SP 800-53 Rev 5",
@@ -20442,11 +20664,26 @@
20442
20664
  "framework": "NIST SP 800-53 Rev 5",
20443
20665
  "control_name": "Flaw Remediation"
20444
20666
  },
20667
+ {
20668
+ "id": "NIST-800-53-SI-3",
20669
+ "framework": "NIST SP 800-53 Rev 5",
20670
+ "control_name": "Malicious Code Protection"
20671
+ },
20445
20672
  {
20446
20673
  "id": "NIST-800-82r3",
20447
20674
  "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
20448
20675
  "control_name": "Guide to Operational Technology (OT) Security"
20449
20676
  },
20677
+ {
20678
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
20679
+ "framework": "OWASP Top 10 for LLM Applications 2025",
20680
+ "control_name": "Prompt Injection"
20681
+ },
20682
+ {
20683
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
20684
+ "framework": "OWASP Top 10 for LLM Applications 2025",
20685
+ "control_name": "Sensitive Information Disclosure"
20686
+ },
20450
20687
  {
20451
20688
  "id": "OWASP-Pen-Testing-Guide-v5",
20452
20689
  "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
@@ -20462,6 +20699,11 @@
20462
20699
  "framework": "Penetration Testing Execution Standard (PTES)",
20463
20700
  "control_name": "Pre-engagement Interactions"
20464
20701
  },
20702
+ {
20703
+ "id": "SOC2-CC6-logical-access",
20704
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
20705
+ "control_name": "Logical and Physical Access Controls"
20706
+ },
20465
20707
  {
20466
20708
  "id": "SOC2-CC9-vendor-management",
20467
20709
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
@@ -20476,7 +20718,8 @@
20476
20718
  "T1078",
20477
20719
  "T1133",
20478
20720
  "T1190",
20479
- "T1548.001"
20721
+ "T1548.001",
20722
+ "T1566"
20480
20723
  ],
20481
20724
  "rfc_refs": [
20482
20725
  "RFC-4301",
@@ -20485,10 +20728,10 @@
20485
20728
  ]
20486
20729
  }
20487
20730
  },
20488
- "CVE-2025-23254": {
20489
- "name": "NVIDIA TensorRT-LLM Python Executor Deserialization RCE (ShadowMQ)",
20490
- "rwep": 29,
20491
- "cvss": 8.8,
20731
+ "CVE-2025-30165": {
20732
+ "name": "vLLM V0 Engine ZeroMQ Deserialization RCE (ShadowMQ)",
20733
+ "rwep": 46,
20734
+ "cvss": 8,
20492
20735
  "cisa_kev": false,
20493
20736
  "epss_score": null,
20494
20737
  "referencing_skills": [
@@ -20847,10 +21090,10 @@
20847
21090
  ]
20848
21091
  }
20849
21092
  },
20850
- "CVE-2025-30165": {
20851
- "name": "vLLM V0 Engine ZeroMQ Deserialization RCE (ShadowMQ)",
20852
- "rwep": 46,
20853
- "cvss": 8,
21093
+ "CVE-2024-50050": {
21094
+ "name": "Meta Llama Stack Socket Deserialization RCE (ShadowMQ)",
21095
+ "rwep": 27,
21096
+ "cvss": 6.3,
20854
21097
  "cisa_kev": false,
20855
21098
  "epss_score": null,
20856
21099
  "referencing_skills": [
@@ -21209,10 +21452,10 @@
21209
21452
  ]
21210
21453
  }
21211
21454
  },
21212
- "CVE-2024-50050": {
21213
- "name": "Meta Llama Stack Socket Deserialization RCE (ShadowMQ)",
21214
- "rwep": 27,
21215
- "cvss": 6.3,
21455
+ "CVE-2025-60455": {
21456
+ "name": "Modular Max Server KVCache-Agent Deserialization RCE (ShadowMQ)",
21457
+ "rwep": 23,
21458
+ "cvss": 8.4,
21216
21459
  "cisa_kev": false,
21217
21460
  "epss_score": null,
21218
21461
  "referencing_skills": [
@@ -21571,10 +21814,10 @@
21571
21814
  ]
21572
21815
  }
21573
21816
  },
21574
- "CVE-2025-60455": {
21575
- "name": "Modular Max Server KVCache-Agent Deserialization RCE (ShadowMQ)",
21576
- "rwep": 23,
21577
- "cvss": 8.4,
21817
+ "CVE-2026-24207": {
21818
+ "name": "NVIDIA Triton Inference Server Authentication Bypass (Alternate Path) RCE",
21819
+ "rwep": 31,
21820
+ "cvss": 9.8,
21578
21821
  "cisa_kev": false,
21579
21822
  "epss_score": null,
21580
21823
  "referencing_skills": [
@@ -21583,7 +21826,6 @@
21583
21826
  "compliance-theater",
21584
21827
  "attack-surface-pentest",
21585
21828
  "ot-ics-security",
21586
- "coordinated-vuln-disclosure",
21587
21829
  "sector-energy"
21588
21830
  ],
21589
21831
  "chain": {
@@ -21603,11 +21845,6 @@
21603
21845
  "name": "Out-of-bounds Read",
21604
21846
  "category": "Memory Safety"
21605
21847
  },
21606
- {
21607
- "id": "CWE-1357",
21608
- "name": "Reliance on Insufficiently Trustworthy Component",
21609
- "category": "Supply Chain"
21610
- },
21611
21848
  {
21612
21849
  "id": "CWE-1395",
21613
21850
  "name": "Dependency on Vulnerable Third-Party Component",
@@ -21849,11 +22086,6 @@
21849
22086
  "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
21850
22087
  "control_name": "Technical Guide to Information Security Testing and Assessment"
21851
22088
  },
21852
- {
21853
- "id": "NIST-800-218-SSDF",
21854
- "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
21855
- "control_name": "Secure Software Development Framework"
21856
- },
21857
22089
  {
21858
22090
  "id": "NIST-800-53-AC-2",
21859
22091
  "framework": "NIST SP 800-53 Rev 5",
@@ -21908,11 +22140,6 @@
21908
22140
  "id": "SOC2-CC6-logical-access",
21909
22141
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
21910
22142
  "control_name": "Logical and Physical Access Controls"
21911
- },
21912
- {
21913
- "id": "SOC2-CC9-vendor-management",
21914
- "framework": "SOC 2 (AICPA Trust Services Criteria)",
21915
- "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
21916
22143
  }
21917
22144
  ],
21918
22145
  "attack_refs": [
@@ -21933,8 +22160,8 @@
21933
22160
  ]
21934
22161
  }
21935
22162
  },
21936
- "CVE-2026-24207": {
21937
- "name": "NVIDIA Triton Inference Server Authentication Bypass (Alternate Path) RCE",
22163
+ "CVE-2026-24206": {
22164
+ "name": "NVIDIA Triton Inference Server Authentication Bypass (Alternate Channel)",
21938
22165
  "rwep": 31,
21939
22166
  "cvss": 9.8,
21940
22167
  "cisa_kev": false,
@@ -22279,9 +22506,9 @@
22279
22506
  ]
22280
22507
  }
22281
22508
  },
22282
- "CVE-2026-24206": {
22283
- "name": "NVIDIA Triton Inference Server Authentication Bypass (Alternate Channel)",
22284
- "rwep": 31,
22509
+ "CVE-2023-48022": {
22510
+ "name": "Anyscale Ray Job Submission API Unauthenticated RCE (ShadowRay)",
22511
+ "rwep": 68,
22285
22512
  "cvss": 9.8,
22286
22513
  "cisa_kev": false,
22287
22514
  "epss_score": null,
@@ -22289,7 +22516,9 @@
22289
22516
  "kernel-lpe-triage",
22290
22517
  "ai-attack-surface",
22291
22518
  "compliance-theater",
22519
+ "ai-c2-detection",
22292
22520
  "attack-surface-pentest",
22521
+ "dlp-gap-analysis",
22293
22522
  "ot-ics-security",
22294
22523
  "sector-energy"
22295
22524
  ],
@@ -22320,6 +22549,11 @@
22320
22549
  "name": "Improper Validation of Generative AI Output",
22321
22550
  "category": "AI/ML"
22322
22551
  },
22552
+ {
22553
+ "id": "CWE-200",
22554
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
22555
+ "category": "Information Exposure"
22556
+ },
22323
22557
  {
22324
22558
  "id": "CWE-22",
22325
22559
  "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
@@ -22459,11 +22693,21 @@
22459
22693
  "name": "Address Space Layout Randomization",
22460
22694
  "tactic": "Harden"
22461
22695
  },
22696
+ {
22697
+ "id": "D3-CA",
22698
+ "name": "Certificate Analysis",
22699
+ "tactic": "Detect"
22700
+ },
22462
22701
  {
22463
22702
  "id": "D3-CSPP",
22464
22703
  "name": "Client-server Payload Profiling",
22465
22704
  "tactic": "Detect"
22466
22705
  },
22706
+ {
22707
+ "id": "D3-DA",
22708
+ "name": "Domain Analysis",
22709
+ "tactic": "Detect"
22710
+ },
22467
22711
  {
22468
22712
  "id": "D3-EAL",
22469
22713
  "name": "Executable Allowlisting",
@@ -22474,11 +22718,21 @@
22474
22718
  "name": "Input/Output Profiling Resource",
22475
22719
  "tactic": "Detect"
22476
22720
  },
22721
+ {
22722
+ "id": "D3-NI",
22723
+ "name": "Network Isolation",
22724
+ "tactic": "Isolate"
22725
+ },
22477
22726
  {
22478
22727
  "id": "D3-NTA",
22479
22728
  "name": "Network Traffic Analysis",
22480
22729
  "tactic": "Detect"
22481
22730
  },
22731
+ {
22732
+ "id": "D3-NTPM",
22733
+ "name": "Network Traffic Policy Mapping",
22734
+ "tactic": "Model"
22735
+ },
22482
22736
  {
22483
22737
  "id": "D3-PHRA",
22484
22738
  "name": "Process Hardware Resource Access",
@@ -22516,11 +22770,21 @@
22516
22770
  "framework": "FedRAMP Rev 5 Moderate",
22517
22771
  "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
22518
22772
  },
22773
+ {
22774
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
22775
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
22776
+ "control_name": "Access control standard (technical safeguards)"
22777
+ },
22519
22778
  {
22520
22779
  "id": "IEC-62443-3-3",
22521
22780
  "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
22522
22781
  "control_name": "System security requirements and security levels"
22523
22782
  },
22783
+ {
22784
+ "id": "ISO-27001-2022-A.8.16",
22785
+ "framework": "ISO/IEC 27001:2022",
22786
+ "control_name": "Monitoring activities"
22787
+ },
22524
22788
  {
22525
22789
  "id": "ISO-27001-2022-A.8.28",
22526
22790
  "framework": "ISO/IEC 27001:2022",
@@ -22536,6 +22800,11 @@
22536
22800
  "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
22537
22801
  "control_name": "AI risk management process"
22538
22802
  },
22803
+ {
22804
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
22805
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
22806
+ "control_name": "AI risk assessment"
22807
+ },
22539
22808
  {
22540
22809
  "id": "NERC-CIP-007-6-R4",
22541
22810
  "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
@@ -22556,6 +22825,16 @@
22556
22825
  "framework": "NIST SP 800-53 Rev 5",
22557
22826
  "control_name": "Account Management"
22558
22827
  },
22828
+ {
22829
+ "id": "NIST-800-53-SC-28",
22830
+ "framework": "NIST SP 800-53 Rev 5",
22831
+ "control_name": "Protection of Information at Rest"
22832
+ },
22833
+ {
22834
+ "id": "NIST-800-53-SC-7",
22835
+ "framework": "NIST SP 800-53 Rev 5",
22836
+ "control_name": "Boundary Protection"
22837
+ },
22559
22838
  {
22560
22839
  "id": "NIST-800-53-SC-8",
22561
22840
  "framework": "NIST SP 800-53 Rev 5",
@@ -22605,40 +22884,57 @@
22605
22884
  "id": "SOC2-CC6-logical-access",
22606
22885
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
22607
22886
  "control_name": "Logical and Physical Access Controls"
22887
+ },
22888
+ {
22889
+ "id": "SOC2-CC7-anomaly-detection",
22890
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
22891
+ "control_name": "System Operations — Threat and Vulnerability Management"
22608
22892
  }
22609
22893
  ],
22610
22894
  "attack_refs": [
22611
22895
  "T0855",
22612
22896
  "T0883",
22897
+ "T1041",
22613
22898
  "T1059",
22614
22899
  "T1068",
22900
+ "T1071",
22615
22901
  "T1078",
22902
+ "T1102",
22616
22903
  "T1133",
22617
22904
  "T1190",
22905
+ "T1213",
22906
+ "T1530",
22618
22907
  "T1548.001",
22619
- "T1566"
22908
+ "T1566",
22909
+ "T1567",
22910
+ "T1568"
22620
22911
  ],
22621
22912
  "rfc_refs": [
22622
22913
  "RFC-4301",
22623
22914
  "RFC-4303",
22624
- "RFC-7296"
22915
+ "RFC-7296",
22916
+ "RFC-8446",
22917
+ "RFC-9000",
22918
+ "RFC-9114",
22919
+ "RFC-9180",
22920
+ "RFC-9421",
22921
+ "RFC-9458"
22625
22922
  ]
22626
22923
  }
22627
22924
  },
22628
- "CVE-2023-48022": {
22629
- "name": "Anyscale Ray Job Submission API Unauthenticated RCE (ShadowRay)",
22630
- "rwep": 68,
22631
- "cvss": 9.8,
22925
+ "CVE-2026-0766": {
22926
+ "name": "Open WebUI Tool Module Code Injection RCE",
22927
+ "rwep": 29,
22928
+ "cvss": 8.8,
22632
22929
  "cisa_kev": false,
22633
22930
  "epss_score": null,
22634
22931
  "referencing_skills": [
22635
22932
  "kernel-lpe-triage",
22636
22933
  "ai-attack-surface",
22637
22934
  "compliance-theater",
22638
- "ai-c2-detection",
22639
22935
  "attack-surface-pentest",
22640
- "dlp-gap-analysis",
22641
22936
  "ot-ics-security",
22937
+ "coordinated-vuln-disclosure",
22642
22938
  "sector-energy"
22643
22939
  ],
22644
22940
  "chain": {
@@ -22658,6 +22954,11 @@
22658
22954
  "name": "Out-of-bounds Read",
22659
22955
  "category": "Memory Safety"
22660
22956
  },
22957
+ {
22958
+ "id": "CWE-1357",
22959
+ "name": "Reliance on Insufficiently Trustworthy Component",
22960
+ "category": "Supply Chain"
22961
+ },
22661
22962
  {
22662
22963
  "id": "CWE-1395",
22663
22964
  "name": "Dependency on Vulnerable Third-Party Component",
@@ -22668,11 +22969,6 @@
22668
22969
  "name": "Improper Validation of Generative AI Output",
22669
22970
  "category": "AI/ML"
22670
22971
  },
22671
- {
22672
- "id": "CWE-200",
22673
- "name": "Exposure of Sensitive Information to an Unauthorized Actor",
22674
- "category": "Information Exposure"
22675
- },
22676
22972
  {
22677
22973
  "id": "CWE-22",
22678
22974
  "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
@@ -22812,21 +23108,11 @@
22812
23108
  "name": "Address Space Layout Randomization",
22813
23109
  "tactic": "Harden"
22814
23110
  },
22815
- {
22816
- "id": "D3-CA",
22817
- "name": "Certificate Analysis",
22818
- "tactic": "Detect"
22819
- },
22820
23111
  {
22821
23112
  "id": "D3-CSPP",
22822
23113
  "name": "Client-server Payload Profiling",
22823
23114
  "tactic": "Detect"
22824
23115
  },
22825
- {
22826
- "id": "D3-DA",
22827
- "name": "Domain Analysis",
22828
- "tactic": "Detect"
22829
- },
22830
23116
  {
22831
23117
  "id": "D3-EAL",
22832
23118
  "name": "Executable Allowlisting",
@@ -22837,21 +23123,11 @@
22837
23123
  "name": "Input/Output Profiling Resource",
22838
23124
  "tactic": "Detect"
22839
23125
  },
22840
- {
22841
- "id": "D3-NI",
22842
- "name": "Network Isolation",
22843
- "tactic": "Isolate"
22844
- },
22845
23126
  {
22846
23127
  "id": "D3-NTA",
22847
23128
  "name": "Network Traffic Analysis",
22848
23129
  "tactic": "Detect"
22849
23130
  },
22850
- {
22851
- "id": "D3-NTPM",
22852
- "name": "Network Traffic Policy Mapping",
22853
- "tactic": "Model"
22854
- },
22855
23131
  {
22856
23132
  "id": "D3-PHRA",
22857
23133
  "name": "Process Hardware Resource Access",
@@ -22889,21 +23165,11 @@
22889
23165
  "framework": "FedRAMP Rev 5 Moderate",
22890
23166
  "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
22891
23167
  },
22892
- {
22893
- "id": "HIPAA-Security-Rule-164.312(a)(1)",
22894
- "framework": "HIPAA Security Rule (45 CFR § 164.312)",
22895
- "control_name": "Access control standard (technical safeguards)"
22896
- },
22897
23168
  {
22898
23169
  "id": "IEC-62443-3-3",
22899
23170
  "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
22900
23171
  "control_name": "System security requirements and security levels"
22901
23172
  },
22902
- {
22903
- "id": "ISO-27001-2022-A.8.16",
22904
- "framework": "ISO/IEC 27001:2022",
22905
- "control_name": "Monitoring activities"
22906
- },
22907
23173
  {
22908
23174
  "id": "ISO-27001-2022-A.8.28",
22909
23175
  "framework": "ISO/IEC 27001:2022",
@@ -22919,11 +23185,6 @@
22919
23185
  "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
22920
23186
  "control_name": "AI risk management process"
22921
23187
  },
22922
- {
22923
- "id": "ISO-IEC-42001-2023-clause-6.1.2",
22924
- "framework": "ISO/IEC 42001:2023 (AI Management System)",
22925
- "control_name": "AI risk assessment"
22926
- },
22927
23188
  {
22928
23189
  "id": "NERC-CIP-007-6-R4",
22929
23190
  "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
@@ -22940,19 +23201,14 @@
22940
23201
  "control_name": "Technical Guide to Information Security Testing and Assessment"
22941
23202
  },
22942
23203
  {
22943
- "id": "NIST-800-53-AC-2",
22944
- "framework": "NIST SP 800-53 Rev 5",
22945
- "control_name": "Account Management"
22946
- },
22947
- {
22948
- "id": "NIST-800-53-SC-28",
22949
- "framework": "NIST SP 800-53 Rev 5",
22950
- "control_name": "Protection of Information at Rest"
23204
+ "id": "NIST-800-218-SSDF",
23205
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
23206
+ "control_name": "Secure Software Development Framework"
22951
23207
  },
22952
23208
  {
22953
- "id": "NIST-800-53-SC-7",
23209
+ "id": "NIST-800-53-AC-2",
22954
23210
  "framework": "NIST SP 800-53 Rev 5",
22955
- "control_name": "Boundary Protection"
23211
+ "control_name": "Account Management"
22956
23212
  },
22957
23213
  {
22958
23214
  "id": "NIST-800-53-SC-8",
@@ -23005,46 +23261,33 @@
23005
23261
  "control_name": "Logical and Physical Access Controls"
23006
23262
  },
23007
23263
  {
23008
- "id": "SOC2-CC7-anomaly-detection",
23264
+ "id": "SOC2-CC9-vendor-management",
23009
23265
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
23010
- "control_name": "System OperationsThreat and Vulnerability Management"
23266
+ "control_name": "Risk MitigationVendor and Business Partner Risk"
23011
23267
  }
23012
23268
  ],
23013
23269
  "attack_refs": [
23014
23270
  "T0855",
23015
23271
  "T0883",
23016
- "T1041",
23017
23272
  "T1059",
23018
23273
  "T1068",
23019
- "T1071",
23020
23274
  "T1078",
23021
- "T1102",
23022
23275
  "T1133",
23023
23276
  "T1190",
23024
- "T1213",
23025
- "T1530",
23026
23277
  "T1548.001",
23027
- "T1566",
23028
- "T1567",
23029
- "T1568"
23278
+ "T1566"
23030
23279
  ],
23031
23280
  "rfc_refs": [
23032
23281
  "RFC-4301",
23033
23282
  "RFC-4303",
23034
- "RFC-7296",
23035
- "RFC-8446",
23036
- "RFC-9000",
23037
- "RFC-9114",
23038
- "RFC-9180",
23039
- "RFC-9421",
23040
- "RFC-9458"
23283
+ "RFC-7296"
23041
23284
  ]
23042
23285
  }
23043
23286
  },
23044
- "CVE-2026-0766": {
23045
- "name": "Open WebUI Tool Module Code Injection RCE",
23287
+ "CVE-2025-64496": {
23288
+ "name": "Open WebUI Malicious Model Server Code Injection (Account Takeover to RCE)",
23046
23289
  "rwep": 29,
23047
- "cvss": 8.8,
23290
+ "cvss": 8,
23048
23291
  "cisa_kev": false,
23049
23292
  "epss_score": null,
23050
23293
  "referencing_skills": [
@@ -23403,19 +23646,20 @@
23403
23646
  ]
23404
23647
  }
23405
23648
  },
23406
- "CVE-2025-64496": {
23407
- "name": "Open WebUI Malicious Model Server Code Injection (Account Takeover to RCE)",
23408
- "rwep": 29,
23409
- "cvss": 8,
23649
+ "CVE-2024-0132": {
23650
+ "name": "NVIDIA Container Toolkit TOCTOU Container Escape",
23651
+ "rwep": 35,
23652
+ "cvss": 8.3,
23410
23653
  "cisa_kev": false,
23411
23654
  "epss_score": null,
23412
23655
  "referencing_skills": [
23413
23656
  "kernel-lpe-triage",
23414
23657
  "ai-attack-surface",
23415
23658
  "compliance-theater",
23659
+ "ai-c2-detection",
23416
23660
  "attack-surface-pentest",
23661
+ "dlp-gap-analysis",
23417
23662
  "ot-ics-security",
23418
- "coordinated-vuln-disclosure",
23419
23663
  "sector-energy"
23420
23664
  ],
23421
23665
  "chain": {
@@ -23435,11 +23679,6 @@
23435
23679
  "name": "Out-of-bounds Read",
23436
23680
  "category": "Memory Safety"
23437
23681
  },
23438
- {
23439
- "id": "CWE-1357",
23440
- "name": "Reliance on Insufficiently Trustworthy Component",
23441
- "category": "Supply Chain"
23442
- },
23443
23682
  {
23444
23683
  "id": "CWE-1395",
23445
23684
  "name": "Dependency on Vulnerable Third-Party Component",
@@ -23450,6 +23689,11 @@
23450
23689
  "name": "Improper Validation of Generative AI Output",
23451
23690
  "category": "AI/ML"
23452
23691
  },
23692
+ {
23693
+ "id": "CWE-200",
23694
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
23695
+ "category": "Information Exposure"
23696
+ },
23453
23697
  {
23454
23698
  "id": "CWE-22",
23455
23699
  "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
@@ -23589,11 +23833,21 @@
23589
23833
  "name": "Address Space Layout Randomization",
23590
23834
  "tactic": "Harden"
23591
23835
  },
23836
+ {
23837
+ "id": "D3-CA",
23838
+ "name": "Certificate Analysis",
23839
+ "tactic": "Detect"
23840
+ },
23592
23841
  {
23593
23842
  "id": "D3-CSPP",
23594
23843
  "name": "Client-server Payload Profiling",
23595
23844
  "tactic": "Detect"
23596
23845
  },
23846
+ {
23847
+ "id": "D3-DA",
23848
+ "name": "Domain Analysis",
23849
+ "tactic": "Detect"
23850
+ },
23597
23851
  {
23598
23852
  "id": "D3-EAL",
23599
23853
  "name": "Executable Allowlisting",
@@ -23604,11 +23858,21 @@
23604
23858
  "name": "Input/Output Profiling Resource",
23605
23859
  "tactic": "Detect"
23606
23860
  },
23861
+ {
23862
+ "id": "D3-NI",
23863
+ "name": "Network Isolation",
23864
+ "tactic": "Isolate"
23865
+ },
23607
23866
  {
23608
23867
  "id": "D3-NTA",
23609
23868
  "name": "Network Traffic Analysis",
23610
23869
  "tactic": "Detect"
23611
23870
  },
23871
+ {
23872
+ "id": "D3-NTPM",
23873
+ "name": "Network Traffic Policy Mapping",
23874
+ "tactic": "Model"
23875
+ },
23612
23876
  {
23613
23877
  "id": "D3-PHRA",
23614
23878
  "name": "Process Hardware Resource Access",
@@ -23646,11 +23910,21 @@
23646
23910
  "framework": "FedRAMP Rev 5 Moderate",
23647
23911
  "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
23648
23912
  },
23913
+ {
23914
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
23915
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
23916
+ "control_name": "Access control standard (technical safeguards)"
23917
+ },
23649
23918
  {
23650
23919
  "id": "IEC-62443-3-3",
23651
23920
  "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
23652
23921
  "control_name": "System security requirements and security levels"
23653
23922
  },
23923
+ {
23924
+ "id": "ISO-27001-2022-A.8.16",
23925
+ "framework": "ISO/IEC 27001:2022",
23926
+ "control_name": "Monitoring activities"
23927
+ },
23654
23928
  {
23655
23929
  "id": "ISO-27001-2022-A.8.28",
23656
23930
  "framework": "ISO/IEC 27001:2022",
@@ -23666,6 +23940,11 @@
23666
23940
  "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
23667
23941
  "control_name": "AI risk management process"
23668
23942
  },
23943
+ {
23944
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
23945
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
23946
+ "control_name": "AI risk assessment"
23947
+ },
23669
23948
  {
23670
23949
  "id": "NERC-CIP-007-6-R4",
23671
23950
  "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
@@ -23681,16 +23960,21 @@
23681
23960
  "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
23682
23961
  "control_name": "Technical Guide to Information Security Testing and Assessment"
23683
23962
  },
23684
- {
23685
- "id": "NIST-800-218-SSDF",
23686
- "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
23687
- "control_name": "Secure Software Development Framework"
23688
- },
23689
23963
  {
23690
23964
  "id": "NIST-800-53-AC-2",
23691
23965
  "framework": "NIST SP 800-53 Rev 5",
23692
23966
  "control_name": "Account Management"
23693
23967
  },
23968
+ {
23969
+ "id": "NIST-800-53-SC-28",
23970
+ "framework": "NIST SP 800-53 Rev 5",
23971
+ "control_name": "Protection of Information at Rest"
23972
+ },
23973
+ {
23974
+ "id": "NIST-800-53-SC-7",
23975
+ "framework": "NIST SP 800-53 Rev 5",
23976
+ "control_name": "Boundary Protection"
23977
+ },
23694
23978
  {
23695
23979
  "id": "NIST-800-53-SC-8",
23696
23980
  "framework": "NIST SP 800-53 Rev 5",
@@ -23742,33 +24026,46 @@
23742
24026
  "control_name": "Logical and Physical Access Controls"
23743
24027
  },
23744
24028
  {
23745
- "id": "SOC2-CC9-vendor-management",
24029
+ "id": "SOC2-CC7-anomaly-detection",
23746
24030
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
23747
- "control_name": "Risk MitigationVendor and Business Partner Risk"
24031
+ "control_name": "System OperationsThreat and Vulnerability Management"
23748
24032
  }
23749
24033
  ],
23750
24034
  "attack_refs": [
23751
24035
  "T0855",
23752
24036
  "T0883",
24037
+ "T1041",
23753
24038
  "T1059",
23754
24039
  "T1068",
24040
+ "T1071",
23755
24041
  "T1078",
24042
+ "T1102",
23756
24043
  "T1133",
23757
24044
  "T1190",
24045
+ "T1213",
24046
+ "T1530",
23758
24047
  "T1548.001",
23759
- "T1566"
24048
+ "T1566",
24049
+ "T1567",
24050
+ "T1568"
23760
24051
  ],
23761
24052
  "rfc_refs": [
23762
24053
  "RFC-4301",
23763
24054
  "RFC-4303",
23764
- "RFC-7296"
24055
+ "RFC-7296",
24056
+ "RFC-8446",
24057
+ "RFC-9000",
24058
+ "RFC-9114",
24059
+ "RFC-9180",
24060
+ "RFC-9421",
24061
+ "RFC-9458"
23765
24062
  ]
23766
24063
  }
23767
24064
  },
23768
- "CVE-2024-0132": {
23769
- "name": "NVIDIA Container Toolkit TOCTOU Container Escape",
24065
+ "CVE-2025-23266": {
24066
+ "name": "NVIDIA Container Toolkit Init-Hook Untrusted Search Path Container Escape (NVIDIAScape)",
23770
24067
  "rwep": 35,
23771
- "cvss": 8.3,
24068
+ "cvss": 9,
23772
24069
  "cisa_kev": false,
23773
24070
  "epss_score": null,
23774
24071
  "referencing_skills": [
@@ -24181,20 +24478,19 @@
24181
24478
  ]
24182
24479
  }
24183
24480
  },
24184
- "CVE-2025-23266": {
24185
- "name": "NVIDIA Container Toolkit Init-Hook Untrusted Search Path Container Escape (NVIDIAScape)",
24186
- "rwep": 35,
24187
- "cvss": 9,
24481
+ "CVE-2025-1550": {
24482
+ "name": "Keras .keras Model Deserialization Arbitrary Code Execution",
24483
+ "rwep": 31,
24484
+ "cvss": 9.8,
24188
24485
  "cisa_kev": false,
24189
24486
  "epss_score": null,
24190
24487
  "referencing_skills": [
24191
24488
  "kernel-lpe-triage",
24192
24489
  "ai-attack-surface",
24193
24490
  "compliance-theater",
24194
- "ai-c2-detection",
24195
24491
  "attack-surface-pentest",
24196
- "dlp-gap-analysis",
24197
24492
  "ot-ics-security",
24493
+ "coordinated-vuln-disclosure",
24198
24494
  "sector-energy"
24199
24495
  ],
24200
24496
  "chain": {
@@ -24214,6 +24510,11 @@
24214
24510
  "name": "Out-of-bounds Read",
24215
24511
  "category": "Memory Safety"
24216
24512
  },
24513
+ {
24514
+ "id": "CWE-1357",
24515
+ "name": "Reliance on Insufficiently Trustworthy Component",
24516
+ "category": "Supply Chain"
24517
+ },
24217
24518
  {
24218
24519
  "id": "CWE-1395",
24219
24520
  "name": "Dependency on Vulnerable Third-Party Component",
@@ -24224,11 +24525,6 @@
24224
24525
  "name": "Improper Validation of Generative AI Output",
24225
24526
  "category": "AI/ML"
24226
24527
  },
24227
- {
24228
- "id": "CWE-200",
24229
- "name": "Exposure of Sensitive Information to an Unauthorized Actor",
24230
- "category": "Information Exposure"
24231
- },
24232
24528
  {
24233
24529
  "id": "CWE-22",
24234
24530
  "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
@@ -24368,21 +24664,11 @@
24368
24664
  "name": "Address Space Layout Randomization",
24369
24665
  "tactic": "Harden"
24370
24666
  },
24371
- {
24372
- "id": "D3-CA",
24373
- "name": "Certificate Analysis",
24374
- "tactic": "Detect"
24375
- },
24376
24667
  {
24377
24668
  "id": "D3-CSPP",
24378
24669
  "name": "Client-server Payload Profiling",
24379
24670
  "tactic": "Detect"
24380
24671
  },
24381
- {
24382
- "id": "D3-DA",
24383
- "name": "Domain Analysis",
24384
- "tactic": "Detect"
24385
- },
24386
24672
  {
24387
24673
  "id": "D3-EAL",
24388
24674
  "name": "Executable Allowlisting",
@@ -24393,21 +24679,11 @@
24393
24679
  "name": "Input/Output Profiling Resource",
24394
24680
  "tactic": "Detect"
24395
24681
  },
24396
- {
24397
- "id": "D3-NI",
24398
- "name": "Network Isolation",
24399
- "tactic": "Isolate"
24400
- },
24401
24682
  {
24402
24683
  "id": "D3-NTA",
24403
24684
  "name": "Network Traffic Analysis",
24404
24685
  "tactic": "Detect"
24405
24686
  },
24406
- {
24407
- "id": "D3-NTPM",
24408
- "name": "Network Traffic Policy Mapping",
24409
- "tactic": "Model"
24410
- },
24411
24687
  {
24412
24688
  "id": "D3-PHRA",
24413
24689
  "name": "Process Hardware Resource Access",
@@ -24445,21 +24721,11 @@
24445
24721
  "framework": "FedRAMP Rev 5 Moderate",
24446
24722
  "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
24447
24723
  },
24448
- {
24449
- "id": "HIPAA-Security-Rule-164.312(a)(1)",
24450
- "framework": "HIPAA Security Rule (45 CFR § 164.312)",
24451
- "control_name": "Access control standard (technical safeguards)"
24452
- },
24453
24724
  {
24454
24725
  "id": "IEC-62443-3-3",
24455
24726
  "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
24456
24727
  "control_name": "System security requirements and security levels"
24457
24728
  },
24458
- {
24459
- "id": "ISO-27001-2022-A.8.16",
24460
- "framework": "ISO/IEC 27001:2022",
24461
- "control_name": "Monitoring activities"
24462
- },
24463
24729
  {
24464
24730
  "id": "ISO-27001-2022-A.8.28",
24465
24731
  "framework": "ISO/IEC 27001:2022",
@@ -24475,11 +24741,6 @@
24475
24741
  "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
24476
24742
  "control_name": "AI risk management process"
24477
24743
  },
24478
- {
24479
- "id": "ISO-IEC-42001-2023-clause-6.1.2",
24480
- "framework": "ISO/IEC 42001:2023 (AI Management System)",
24481
- "control_name": "AI risk assessment"
24482
- },
24483
24744
  {
24484
24745
  "id": "NERC-CIP-007-6-R4",
24485
24746
  "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
@@ -24496,19 +24757,14 @@
24496
24757
  "control_name": "Technical Guide to Information Security Testing and Assessment"
24497
24758
  },
24498
24759
  {
24499
- "id": "NIST-800-53-AC-2",
24500
- "framework": "NIST SP 800-53 Rev 5",
24501
- "control_name": "Account Management"
24502
- },
24503
- {
24504
- "id": "NIST-800-53-SC-28",
24505
- "framework": "NIST SP 800-53 Rev 5",
24506
- "control_name": "Protection of Information at Rest"
24760
+ "id": "NIST-800-218-SSDF",
24761
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
24762
+ "control_name": "Secure Software Development Framework"
24507
24763
  },
24508
24764
  {
24509
- "id": "NIST-800-53-SC-7",
24765
+ "id": "NIST-800-53-AC-2",
24510
24766
  "framework": "NIST SP 800-53 Rev 5",
24511
- "control_name": "Boundary Protection"
24767
+ "control_name": "Account Management"
24512
24768
  },
24513
24769
  {
24514
24770
  "id": "NIST-800-53-SC-8",
@@ -24561,46 +24817,33 @@
24561
24817
  "control_name": "Logical and Physical Access Controls"
24562
24818
  },
24563
24819
  {
24564
- "id": "SOC2-CC7-anomaly-detection",
24820
+ "id": "SOC2-CC9-vendor-management",
24565
24821
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
24566
- "control_name": "System OperationsThreat and Vulnerability Management"
24822
+ "control_name": "Risk MitigationVendor and Business Partner Risk"
24567
24823
  }
24568
24824
  ],
24569
24825
  "attack_refs": [
24570
24826
  "T0855",
24571
24827
  "T0883",
24572
- "T1041",
24573
24828
  "T1059",
24574
24829
  "T1068",
24575
- "T1071",
24576
24830
  "T1078",
24577
- "T1102",
24578
24831
  "T1133",
24579
24832
  "T1190",
24580
- "T1213",
24581
- "T1530",
24582
24833
  "T1548.001",
24583
- "T1566",
24584
- "T1567",
24585
- "T1568"
24834
+ "T1566"
24586
24835
  ],
24587
24836
  "rfc_refs": [
24588
24837
  "RFC-4301",
24589
24838
  "RFC-4303",
24590
- "RFC-7296",
24591
- "RFC-8446",
24592
- "RFC-9000",
24593
- "RFC-9114",
24594
- "RFC-9180",
24595
- "RFC-9421",
24596
- "RFC-9458"
24839
+ "RFC-7296"
24597
24840
  ]
24598
24841
  }
24599
24842
  },
24600
- "CVE-2025-1550": {
24601
- "name": "Keras .keras Model Deserialization Arbitrary Code Execution",
24843
+ "CVE-2025-8747": {
24844
+ "name": "Keras safe_mode Bypass Model Deserialization Code Execution",
24602
24845
  "rwep": 31,
24603
- "cvss": 9.8,
24846
+ "cvss": 7.8,
24604
24847
  "cisa_kev": false,
24605
24848
  "epss_score": null,
24606
24849
  "referencing_skills": [
@@ -24959,17 +25202,19 @@
24959
25202
  ]
24960
25203
  }
24961
25204
  },
24962
- "CVE-2025-8747": {
24963
- "name": "Keras safe_mode Bypass Model Deserialization Code Execution",
24964
- "rwep": 31,
24965
- "cvss": 7.8,
25205
+ "CVE-2024-42479": {
25206
+ "name": "llama.cpp RPC Backend SET_TENSOR Out-of-Bounds Write RCE",
25207
+ "rwep": 29,
25208
+ "cvss": 9.8,
24966
25209
  "cisa_kev": false,
24967
25210
  "epss_score": null,
24968
25211
  "referencing_skills": [
24969
25212
  "kernel-lpe-triage",
24970
25213
  "ai-attack-surface",
24971
25214
  "compliance-theater",
25215
+ "ai-c2-detection",
24972
25216
  "attack-surface-pentest",
25217
+ "dlp-gap-analysis",
24973
25218
  "ot-ics-security",
24974
25219
  "coordinated-vuln-disclosure",
24975
25220
  "sector-energy"
@@ -25006,6 +25251,11 @@
25006
25251
  "name": "Improper Validation of Generative AI Output",
25007
25252
  "category": "AI/ML"
25008
25253
  },
25254
+ {
25255
+ "id": "CWE-200",
25256
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
25257
+ "category": "Information Exposure"
25258
+ },
25009
25259
  {
25010
25260
  "id": "CWE-22",
25011
25261
  "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
@@ -25145,11 +25395,21 @@
25145
25395
  "name": "Address Space Layout Randomization",
25146
25396
  "tactic": "Harden"
25147
25397
  },
25398
+ {
25399
+ "id": "D3-CA",
25400
+ "name": "Certificate Analysis",
25401
+ "tactic": "Detect"
25402
+ },
25148
25403
  {
25149
25404
  "id": "D3-CSPP",
25150
25405
  "name": "Client-server Payload Profiling",
25151
25406
  "tactic": "Detect"
25152
25407
  },
25408
+ {
25409
+ "id": "D3-DA",
25410
+ "name": "Domain Analysis",
25411
+ "tactic": "Detect"
25412
+ },
25153
25413
  {
25154
25414
  "id": "D3-EAL",
25155
25415
  "name": "Executable Allowlisting",
@@ -25160,11 +25420,21 @@
25160
25420
  "name": "Input/Output Profiling Resource",
25161
25421
  "tactic": "Detect"
25162
25422
  },
25423
+ {
25424
+ "id": "D3-NI",
25425
+ "name": "Network Isolation",
25426
+ "tactic": "Isolate"
25427
+ },
25163
25428
  {
25164
25429
  "id": "D3-NTA",
25165
25430
  "name": "Network Traffic Analysis",
25166
25431
  "tactic": "Detect"
25167
25432
  },
25433
+ {
25434
+ "id": "D3-NTPM",
25435
+ "name": "Network Traffic Policy Mapping",
25436
+ "tactic": "Model"
25437
+ },
25168
25438
  {
25169
25439
  "id": "D3-PHRA",
25170
25440
  "name": "Process Hardware Resource Access",
@@ -25202,11 +25472,21 @@
25202
25472
  "framework": "FedRAMP Rev 5 Moderate",
25203
25473
  "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
25204
25474
  },
25475
+ {
25476
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
25477
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
25478
+ "control_name": "Access control standard (technical safeguards)"
25479
+ },
25205
25480
  {
25206
25481
  "id": "IEC-62443-3-3",
25207
25482
  "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
25208
25483
  "control_name": "System security requirements and security levels"
25209
25484
  },
25485
+ {
25486
+ "id": "ISO-27001-2022-A.8.16",
25487
+ "framework": "ISO/IEC 27001:2022",
25488
+ "control_name": "Monitoring activities"
25489
+ },
25210
25490
  {
25211
25491
  "id": "ISO-27001-2022-A.8.28",
25212
25492
  "framework": "ISO/IEC 27001:2022",
@@ -25222,6 +25502,11 @@
25222
25502
  "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
25223
25503
  "control_name": "AI risk management process"
25224
25504
  },
25505
+ {
25506
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
25507
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
25508
+ "control_name": "AI risk assessment"
25509
+ },
25225
25510
  {
25226
25511
  "id": "NERC-CIP-007-6-R4",
25227
25512
  "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
@@ -25247,6 +25532,16 @@
25247
25532
  "framework": "NIST SP 800-53 Rev 5",
25248
25533
  "control_name": "Account Management"
25249
25534
  },
25535
+ {
25536
+ "id": "NIST-800-53-SC-28",
25537
+ "framework": "NIST SP 800-53 Rev 5",
25538
+ "control_name": "Protection of Information at Rest"
25539
+ },
25540
+ {
25541
+ "id": "NIST-800-53-SC-7",
25542
+ "framework": "NIST SP 800-53 Rev 5",
25543
+ "control_name": "Boundary Protection"
25544
+ },
25250
25545
  {
25251
25546
  "id": "NIST-800-53-SC-8",
25252
25547
  "framework": "NIST SP 800-53 Rev 5",
@@ -25297,6 +25592,11 @@
25297
25592
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
25298
25593
  "control_name": "Logical and Physical Access Controls"
25299
25594
  },
25595
+ {
25596
+ "id": "SOC2-CC7-anomaly-detection",
25597
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
25598
+ "control_name": "System Operations — Threat and Vulnerability Management"
25599
+ },
25300
25600
  {
25301
25601
  "id": "SOC2-CC9-vendor-management",
25302
25602
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
@@ -25306,23 +25606,36 @@
25306
25606
  "attack_refs": [
25307
25607
  "T0855",
25308
25608
  "T0883",
25609
+ "T1041",
25309
25610
  "T1059",
25310
25611
  "T1068",
25612
+ "T1071",
25311
25613
  "T1078",
25614
+ "T1102",
25312
25615
  "T1133",
25313
25616
  "T1190",
25617
+ "T1213",
25618
+ "T1530",
25314
25619
  "T1548.001",
25315
- "T1566"
25620
+ "T1566",
25621
+ "T1567",
25622
+ "T1568"
25316
25623
  ],
25317
25624
  "rfc_refs": [
25318
25625
  "RFC-4301",
25319
25626
  "RFC-4303",
25320
- "RFC-7296"
25627
+ "RFC-7296",
25628
+ "RFC-8446",
25629
+ "RFC-9000",
25630
+ "RFC-9114",
25631
+ "RFC-9180",
25632
+ "RFC-9421",
25633
+ "RFC-9458"
25321
25634
  ]
25322
25635
  }
25323
25636
  },
25324
- "CVE-2024-42479": {
25325
- "name": "llama.cpp RPC Backend SET_TENSOR Out-of-Bounds Write RCE",
25637
+ "CVE-2024-42478": {
25638
+ "name": "llama.cpp RPC Backend GET_TENSOR Out-of-Bounds Read",
25326
25639
  "rwep": 29,
25327
25640
  "cvss": 9.8,
25328
25641
  "cisa_kev": false,
@@ -25753,8 +26066,8 @@
25753
26066
  ]
25754
26067
  }
25755
26068
  },
25756
- "CVE-2024-42478": {
25757
- "name": "llama.cpp RPC Backend GET_TENSOR Out-of-Bounds Read",
26069
+ "CVE-2026-34159": {
26070
+ "name": "llama.cpp RPC Backend GRAPH_COMPUTE deserialize_tensor Bounds Bypass RCE",
25758
26071
  "rwep": 29,
25759
26072
  "cvss": 9.8,
25760
26073
  "cisa_kev": false,
@@ -26185,9 +26498,9 @@
26185
26498
  ]
26186
26499
  }
26187
26500
  },
26188
- "CVE-2026-34159": {
26189
- "name": "llama.cpp RPC Backend GRAPH_COMPUTE deserialize_tensor Bounds Bypass RCE",
26190
- "rwep": 29,
26501
+ "CVE-2023-43654": {
26502
+ "name": "PyTorch TorchServe Management API SSRF to Remote Code Execution (ShellTorch)",
26503
+ "rwep": 31,
26191
26504
  "cvss": 9.8,
26192
26505
  "cisa_kev": false,
26193
26506
  "epss_score": null,
@@ -26195,9 +26508,7 @@
26195
26508
  "kernel-lpe-triage",
26196
26509
  "ai-attack-surface",
26197
26510
  "compliance-theater",
26198
- "ai-c2-detection",
26199
26511
  "attack-surface-pentest",
26200
- "dlp-gap-analysis",
26201
26512
  "ot-ics-security",
26202
26513
  "coordinated-vuln-disclosure",
26203
26514
  "sector-energy"
@@ -26234,11 +26545,6 @@
26234
26545
  "name": "Improper Validation of Generative AI Output",
26235
26546
  "category": "AI/ML"
26236
26547
  },
26237
- {
26238
- "id": "CWE-200",
26239
- "name": "Exposure of Sensitive Information to an Unauthorized Actor",
26240
- "category": "Information Exposure"
26241
- },
26242
26548
  {
26243
26549
  "id": "CWE-22",
26244
26550
  "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
@@ -26378,21 +26684,11 @@
26378
26684
  "name": "Address Space Layout Randomization",
26379
26685
  "tactic": "Harden"
26380
26686
  },
26381
- {
26382
- "id": "D3-CA",
26383
- "name": "Certificate Analysis",
26384
- "tactic": "Detect"
26385
- },
26386
26687
  {
26387
26688
  "id": "D3-CSPP",
26388
26689
  "name": "Client-server Payload Profiling",
26389
26690
  "tactic": "Detect"
26390
26691
  },
26391
- {
26392
- "id": "D3-DA",
26393
- "name": "Domain Analysis",
26394
- "tactic": "Detect"
26395
- },
26396
26692
  {
26397
26693
  "id": "D3-EAL",
26398
26694
  "name": "Executable Allowlisting",
@@ -26403,21 +26699,11 @@
26403
26699
  "name": "Input/Output Profiling Resource",
26404
26700
  "tactic": "Detect"
26405
26701
  },
26406
- {
26407
- "id": "D3-NI",
26408
- "name": "Network Isolation",
26409
- "tactic": "Isolate"
26410
- },
26411
26702
  {
26412
26703
  "id": "D3-NTA",
26413
26704
  "name": "Network Traffic Analysis",
26414
26705
  "tactic": "Detect"
26415
26706
  },
26416
- {
26417
- "id": "D3-NTPM",
26418
- "name": "Network Traffic Policy Mapping",
26419
- "tactic": "Model"
26420
- },
26421
26707
  {
26422
26708
  "id": "D3-PHRA",
26423
26709
  "name": "Process Hardware Resource Access",
@@ -26455,21 +26741,11 @@
26455
26741
  "framework": "FedRAMP Rev 5 Moderate",
26456
26742
  "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
26457
26743
  },
26458
- {
26459
- "id": "HIPAA-Security-Rule-164.312(a)(1)",
26460
- "framework": "HIPAA Security Rule (45 CFR § 164.312)",
26461
- "control_name": "Access control standard (technical safeguards)"
26462
- },
26463
26744
  {
26464
26745
  "id": "IEC-62443-3-3",
26465
26746
  "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
26466
26747
  "control_name": "System security requirements and security levels"
26467
26748
  },
26468
- {
26469
- "id": "ISO-27001-2022-A.8.16",
26470
- "framework": "ISO/IEC 27001:2022",
26471
- "control_name": "Monitoring activities"
26472
- },
26473
26749
  {
26474
26750
  "id": "ISO-27001-2022-A.8.28",
26475
26751
  "framework": "ISO/IEC 27001:2022",
@@ -26485,11 +26761,6 @@
26485
26761
  "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
26486
26762
  "control_name": "AI risk management process"
26487
26763
  },
26488
- {
26489
- "id": "ISO-IEC-42001-2023-clause-6.1.2",
26490
- "framework": "ISO/IEC 42001:2023 (AI Management System)",
26491
- "control_name": "AI risk assessment"
26492
- },
26493
26764
  {
26494
26765
  "id": "NERC-CIP-007-6-R4",
26495
26766
  "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
@@ -26515,16 +26786,6 @@
26515
26786
  "framework": "NIST SP 800-53 Rev 5",
26516
26787
  "control_name": "Account Management"
26517
26788
  },
26518
- {
26519
- "id": "NIST-800-53-SC-28",
26520
- "framework": "NIST SP 800-53 Rev 5",
26521
- "control_name": "Protection of Information at Rest"
26522
- },
26523
- {
26524
- "id": "NIST-800-53-SC-7",
26525
- "framework": "NIST SP 800-53 Rev 5",
26526
- "control_name": "Boundary Protection"
26527
- },
26528
26789
  {
26529
26790
  "id": "NIST-800-53-SC-8",
26530
26791
  "framework": "NIST SP 800-53 Rev 5",
@@ -26575,11 +26836,6 @@
26575
26836
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
26576
26837
  "control_name": "Logical and Physical Access Controls"
26577
26838
  },
26578
- {
26579
- "id": "SOC2-CC7-anomaly-detection",
26580
- "framework": "SOC 2 (AICPA Trust Services Criteria)",
26581
- "control_name": "System Operations — Threat and Vulnerability Management"
26582
- },
26583
26839
  {
26584
26840
  "id": "SOC2-CC9-vendor-management",
26585
26841
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
@@ -26589,37 +26845,24 @@
26589
26845
  "attack_refs": [
26590
26846
  "T0855",
26591
26847
  "T0883",
26592
- "T1041",
26593
26848
  "T1059",
26594
26849
  "T1068",
26595
- "T1071",
26596
26850
  "T1078",
26597
- "T1102",
26598
26851
  "T1133",
26599
26852
  "T1190",
26600
- "T1213",
26601
- "T1530",
26602
26853
  "T1548.001",
26603
- "T1566",
26604
- "T1567",
26605
- "T1568"
26854
+ "T1566"
26606
26855
  ],
26607
26856
  "rfc_refs": [
26608
26857
  "RFC-4301",
26609
26858
  "RFC-4303",
26610
- "RFC-7296",
26611
- "RFC-8446",
26612
- "RFC-9000",
26613
- "RFC-9114",
26614
- "RFC-9180",
26615
- "RFC-9421",
26616
- "RFC-9458"
26859
+ "RFC-7296"
26617
26860
  ]
26618
26861
  }
26619
26862
  },
26620
- "CVE-2023-43654": {
26621
- "name": "PyTorch TorchServe Management API SSRF to Remote Code Execution (ShellTorch)",
26622
- "rwep": 31,
26863
+ "CVE-2022-1471": {
26864
+ "name": "SnakeYAML Constructor Unsafe Deserialization RCE (ShellTorch chain)",
26865
+ "rwep": 29,
26623
26866
  "cvss": 9.8,
26624
26867
  "cisa_kev": false,
26625
26868
  "epss_score": null,
@@ -26979,10 +27222,10 @@
26979
27222
  ]
26980
27223
  }
26981
27224
  },
26982
- "CVE-2022-1471": {
26983
- "name": "SnakeYAML Constructor Unsafe Deserialization RCE (ShellTorch chain)",
26984
- "rwep": 29,
26985
- "cvss": 9.8,
27225
+ "CVE-2024-37032": {
27226
+ "name": "Ollama Model Registry Path Traversal Arbitrary File Write RCE (Probllama)",
27227
+ "rwep": 31,
27228
+ "cvss": 8.8,
26986
27229
  "cisa_kev": false,
26987
27230
  "epss_score": null,
26988
27231
  "referencing_skills": [
@@ -27341,10 +27584,10 @@
27341
27584
  ]
27342
27585
  }
27343
27586
  },
27344
- "CVE-2024-37032": {
27345
- "name": "Ollama Model Registry Path Traversal Arbitrary File Write RCE (Probllama)",
27346
- "rwep": 31,
27347
- "cvss": 8.8,
27587
+ "CVE-2024-39722": {
27588
+ "name": "Ollama api/push Path Traversal File-Existence Disclosure",
27589
+ "rwep": 27,
27590
+ "cvss": 7.5,
27348
27591
  "cisa_kev": false,
27349
27592
  "epss_score": null,
27350
27593
  "referencing_skills": [
@@ -27703,9 +27946,9 @@
27703
27946
  ]
27704
27947
  }
27705
27948
  },
27706
- "CVE-2024-39722": {
27707
- "name": "Ollama api/push Path Traversal File-Existence Disclosure",
27708
- "rwep": 27,
27949
+ "CVE-2024-1561": {
27950
+ "name": "Gradio /component_server Local File Read (Hugging Face Spaces Secret Theft)",
27951
+ "rwep": 31,
27709
27952
  "cvss": 7.5,
27710
27953
  "cisa_kev": false,
27711
27954
  "epss_score": null,
@@ -27713,7 +27956,9 @@
27713
27956
  "kernel-lpe-triage",
27714
27957
  "ai-attack-surface",
27715
27958
  "compliance-theater",
27959
+ "ai-c2-detection",
27716
27960
  "attack-surface-pentest",
27961
+ "dlp-gap-analysis",
27717
27962
  "ot-ics-security",
27718
27963
  "coordinated-vuln-disclosure",
27719
27964
  "sector-energy"
@@ -27750,6 +27995,11 @@
27750
27995
  "name": "Improper Validation of Generative AI Output",
27751
27996
  "category": "AI/ML"
27752
27997
  },
27998
+ {
27999
+ "id": "CWE-200",
28000
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
28001
+ "category": "Information Exposure"
28002
+ },
27753
28003
  {
27754
28004
  "id": "CWE-22",
27755
28005
  "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
@@ -27889,11 +28139,21 @@
27889
28139
  "name": "Address Space Layout Randomization",
27890
28140
  "tactic": "Harden"
27891
28141
  },
28142
+ {
28143
+ "id": "D3-CA",
28144
+ "name": "Certificate Analysis",
28145
+ "tactic": "Detect"
28146
+ },
27892
28147
  {
27893
28148
  "id": "D3-CSPP",
27894
28149
  "name": "Client-server Payload Profiling",
27895
28150
  "tactic": "Detect"
27896
28151
  },
28152
+ {
28153
+ "id": "D3-DA",
28154
+ "name": "Domain Analysis",
28155
+ "tactic": "Detect"
28156
+ },
27897
28157
  {
27898
28158
  "id": "D3-EAL",
27899
28159
  "name": "Executable Allowlisting",
@@ -27904,11 +28164,21 @@
27904
28164
  "name": "Input/Output Profiling Resource",
27905
28165
  "tactic": "Detect"
27906
28166
  },
28167
+ {
28168
+ "id": "D3-NI",
28169
+ "name": "Network Isolation",
28170
+ "tactic": "Isolate"
28171
+ },
27907
28172
  {
27908
28173
  "id": "D3-NTA",
27909
28174
  "name": "Network Traffic Analysis",
27910
28175
  "tactic": "Detect"
27911
28176
  },
28177
+ {
28178
+ "id": "D3-NTPM",
28179
+ "name": "Network Traffic Policy Mapping",
28180
+ "tactic": "Model"
28181
+ },
27912
28182
  {
27913
28183
  "id": "D3-PHRA",
27914
28184
  "name": "Process Hardware Resource Access",
@@ -27946,11 +28216,21 @@
27946
28216
  "framework": "FedRAMP Rev 5 Moderate",
27947
28217
  "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
27948
28218
  },
28219
+ {
28220
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
28221
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
28222
+ "control_name": "Access control standard (technical safeguards)"
28223
+ },
27949
28224
  {
27950
28225
  "id": "IEC-62443-3-3",
27951
28226
  "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
27952
28227
  "control_name": "System security requirements and security levels"
27953
28228
  },
28229
+ {
28230
+ "id": "ISO-27001-2022-A.8.16",
28231
+ "framework": "ISO/IEC 27001:2022",
28232
+ "control_name": "Monitoring activities"
28233
+ },
27954
28234
  {
27955
28235
  "id": "ISO-27001-2022-A.8.28",
27956
28236
  "framework": "ISO/IEC 27001:2022",
@@ -27966,6 +28246,11 @@
27966
28246
  "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
27967
28247
  "control_name": "AI risk management process"
27968
28248
  },
28249
+ {
28250
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
28251
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
28252
+ "control_name": "AI risk assessment"
28253
+ },
27969
28254
  {
27970
28255
  "id": "NERC-CIP-007-6-R4",
27971
28256
  "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
@@ -27991,6 +28276,16 @@
27991
28276
  "framework": "NIST SP 800-53 Rev 5",
27992
28277
  "control_name": "Account Management"
27993
28278
  },
28279
+ {
28280
+ "id": "NIST-800-53-SC-28",
28281
+ "framework": "NIST SP 800-53 Rev 5",
28282
+ "control_name": "Protection of Information at Rest"
28283
+ },
28284
+ {
28285
+ "id": "NIST-800-53-SC-7",
28286
+ "framework": "NIST SP 800-53 Rev 5",
28287
+ "control_name": "Boundary Protection"
28288
+ },
27994
28289
  {
27995
28290
  "id": "NIST-800-53-SC-8",
27996
28291
  "framework": "NIST SP 800-53 Rev 5",
@@ -28041,6 +28336,11 @@
28041
28336
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
28042
28337
  "control_name": "Logical and Physical Access Controls"
28043
28338
  },
28339
+ {
28340
+ "id": "SOC2-CC7-anomaly-detection",
28341
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
28342
+ "control_name": "System Operations — Threat and Vulnerability Management"
28343
+ },
28044
28344
  {
28045
28345
  "id": "SOC2-CC9-vendor-management",
28046
28346
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
@@ -28050,23 +28350,36 @@
28050
28350
  "attack_refs": [
28051
28351
  "T0855",
28052
28352
  "T0883",
28353
+ "T1041",
28053
28354
  "T1059",
28054
28355
  "T1068",
28356
+ "T1071",
28055
28357
  "T1078",
28358
+ "T1102",
28056
28359
  "T1133",
28057
28360
  "T1190",
28361
+ "T1213",
28362
+ "T1530",
28058
28363
  "T1548.001",
28059
- "T1566"
28364
+ "T1566",
28365
+ "T1567",
28366
+ "T1568"
28060
28367
  ],
28061
28368
  "rfc_refs": [
28062
28369
  "RFC-4301",
28063
28370
  "RFC-4303",
28064
- "RFC-7296"
28371
+ "RFC-7296",
28372
+ "RFC-8446",
28373
+ "RFC-9000",
28374
+ "RFC-9114",
28375
+ "RFC-9180",
28376
+ "RFC-9421",
28377
+ "RFC-9458"
28065
28378
  ]
28066
28379
  }
28067
28380
  },
28068
- "CVE-2024-1561": {
28069
- "name": "Gradio /component_server Local File Read (Hugging Face Spaces Secret Theft)",
28381
+ "CVE-2023-51449": {
28382
+ "name": "Gradio /file Route Path Traversal and SSRF Arbitrary File Read",
28070
28383
  "rwep": 31,
28071
28384
  "cvss": 7.5,
28072
28385
  "cisa_kev": false,
@@ -28497,19 +28810,17 @@
28497
28810
  ]
28498
28811
  }
28499
28812
  },
28500
- "CVE-2023-51449": {
28501
- "name": "Gradio /file Route Path Traversal and SSRF Arbitrary File Read",
28502
- "rwep": 31,
28503
- "cvss": 7.5,
28813
+ "CVE-2024-11392": {
28814
+ "name": "Hugging Face Transformers MobileViTV2 Deserialization Remote Code Execution",
28815
+ "rwep": 33,
28816
+ "cvss": 8.8,
28504
28817
  "cisa_kev": false,
28505
28818
  "epss_score": null,
28506
28819
  "referencing_skills": [
28507
28820
  "kernel-lpe-triage",
28508
28821
  "ai-attack-surface",
28509
28822
  "compliance-theater",
28510
- "ai-c2-detection",
28511
28823
  "attack-surface-pentest",
28512
- "dlp-gap-analysis",
28513
28824
  "ot-ics-security",
28514
28825
  "coordinated-vuln-disclosure",
28515
28826
  "sector-energy"
@@ -28546,11 +28857,6 @@
28546
28857
  "name": "Improper Validation of Generative AI Output",
28547
28858
  "category": "AI/ML"
28548
28859
  },
28549
- {
28550
- "id": "CWE-200",
28551
- "name": "Exposure of Sensitive Information to an Unauthorized Actor",
28552
- "category": "Information Exposure"
28553
- },
28554
28860
  {
28555
28861
  "id": "CWE-22",
28556
28862
  "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
@@ -28690,21 +28996,11 @@
28690
28996
  "name": "Address Space Layout Randomization",
28691
28997
  "tactic": "Harden"
28692
28998
  },
28693
- {
28694
- "id": "D3-CA",
28695
- "name": "Certificate Analysis",
28696
- "tactic": "Detect"
28697
- },
28698
28999
  {
28699
29000
  "id": "D3-CSPP",
28700
29001
  "name": "Client-server Payload Profiling",
28701
29002
  "tactic": "Detect"
28702
29003
  },
28703
- {
28704
- "id": "D3-DA",
28705
- "name": "Domain Analysis",
28706
- "tactic": "Detect"
28707
- },
28708
29004
  {
28709
29005
  "id": "D3-EAL",
28710
29006
  "name": "Executable Allowlisting",
@@ -28715,21 +29011,11 @@
28715
29011
  "name": "Input/Output Profiling Resource",
28716
29012
  "tactic": "Detect"
28717
29013
  },
28718
- {
28719
- "id": "D3-NI",
28720
- "name": "Network Isolation",
28721
- "tactic": "Isolate"
28722
- },
28723
29014
  {
28724
29015
  "id": "D3-NTA",
28725
29016
  "name": "Network Traffic Analysis",
28726
29017
  "tactic": "Detect"
28727
29018
  },
28728
- {
28729
- "id": "D3-NTPM",
28730
- "name": "Network Traffic Policy Mapping",
28731
- "tactic": "Model"
28732
- },
28733
29019
  {
28734
29020
  "id": "D3-PHRA",
28735
29021
  "name": "Process Hardware Resource Access",
@@ -28767,21 +29053,11 @@
28767
29053
  "framework": "FedRAMP Rev 5 Moderate",
28768
29054
  "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
28769
29055
  },
28770
- {
28771
- "id": "HIPAA-Security-Rule-164.312(a)(1)",
28772
- "framework": "HIPAA Security Rule (45 CFR § 164.312)",
28773
- "control_name": "Access control standard (technical safeguards)"
28774
- },
28775
29056
  {
28776
29057
  "id": "IEC-62443-3-3",
28777
29058
  "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
28778
29059
  "control_name": "System security requirements and security levels"
28779
29060
  },
28780
- {
28781
- "id": "ISO-27001-2022-A.8.16",
28782
- "framework": "ISO/IEC 27001:2022",
28783
- "control_name": "Monitoring activities"
28784
- },
28785
29061
  {
28786
29062
  "id": "ISO-27001-2022-A.8.28",
28787
29063
  "framework": "ISO/IEC 27001:2022",
@@ -28797,11 +29073,6 @@
28797
29073
  "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
28798
29074
  "control_name": "AI risk management process"
28799
29075
  },
28800
- {
28801
- "id": "ISO-IEC-42001-2023-clause-6.1.2",
28802
- "framework": "ISO/IEC 42001:2023 (AI Management System)",
28803
- "control_name": "AI risk assessment"
28804
- },
28805
29076
  {
28806
29077
  "id": "NERC-CIP-007-6-R4",
28807
29078
  "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
@@ -28827,16 +29098,6 @@
28827
29098
  "framework": "NIST SP 800-53 Rev 5",
28828
29099
  "control_name": "Account Management"
28829
29100
  },
28830
- {
28831
- "id": "NIST-800-53-SC-28",
28832
- "framework": "NIST SP 800-53 Rev 5",
28833
- "control_name": "Protection of Information at Rest"
28834
- },
28835
- {
28836
- "id": "NIST-800-53-SC-7",
28837
- "framework": "NIST SP 800-53 Rev 5",
28838
- "control_name": "Boundary Protection"
28839
- },
28840
29101
  {
28841
29102
  "id": "NIST-800-53-SC-8",
28842
29103
  "framework": "NIST SP 800-53 Rev 5",
@@ -28887,11 +29148,6 @@
28887
29148
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
28888
29149
  "control_name": "Logical and Physical Access Controls"
28889
29150
  },
28890
- {
28891
- "id": "SOC2-CC7-anomaly-detection",
28892
- "framework": "SOC 2 (AICPA Trust Services Criteria)",
28893
- "control_name": "System Operations — Threat and Vulnerability Management"
28894
- },
28895
29151
  {
28896
29152
  "id": "SOC2-CC9-vendor-management",
28897
29153
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
@@ -28901,36 +29157,23 @@
28901
29157
  "attack_refs": [
28902
29158
  "T0855",
28903
29159
  "T0883",
28904
- "T1041",
28905
29160
  "T1059",
28906
29161
  "T1068",
28907
- "T1071",
28908
29162
  "T1078",
28909
- "T1102",
28910
29163
  "T1133",
28911
29164
  "T1190",
28912
- "T1213",
28913
- "T1530",
28914
29165
  "T1548.001",
28915
- "T1566",
28916
- "T1567",
28917
- "T1568"
29166
+ "T1566"
28918
29167
  ],
28919
29168
  "rfc_refs": [
28920
29169
  "RFC-4301",
28921
29170
  "RFC-4303",
28922
- "RFC-7296",
28923
- "RFC-8446",
28924
- "RFC-9000",
28925
- "RFC-9114",
28926
- "RFC-9180",
28927
- "RFC-9421",
28928
- "RFC-9458"
29171
+ "RFC-7296"
28929
29172
  ]
28930
29173
  }
28931
29174
  },
28932
- "CVE-2024-11392": {
28933
- "name": "Hugging Face Transformers MobileViTV2 Deserialization Remote Code Execution",
29175
+ "CVE-2024-11393": {
29176
+ "name": "Hugging Face Transformers MaskFormer Deserialization Remote Code Execution",
28934
29177
  "rwep": 33,
28935
29178
  "cvss": 8.8,
28936
29179
  "cisa_kev": false,
@@ -29291,8 +29534,8 @@
29291
29534
  ]
29292
29535
  }
29293
29536
  },
29294
- "CVE-2024-11393": {
29295
- "name": "Hugging Face Transformers MaskFormer Deserialization Remote Code Execution",
29537
+ "CVE-2024-11394": {
29538
+ "name": "Hugging Face Transformers Trax Deserialization Remote Code Execution",
29296
29539
  "rwep": 33,
29297
29540
  "cvss": 8.8,
29298
29541
  "cisa_kev": false,
@@ -29653,10 +29896,10 @@
29653
29896
  ]
29654
29897
  }
29655
29898
  },
29656
- "CVE-2024-11394": {
29657
- "name": "Hugging Face Transformers Trax Deserialization Remote Code Execution",
29658
- "rwep": 33,
29659
- "cvss": 8.8,
29899
+ "CVE-2026-24213": {
29900
+ "name": "NVIDIA Triton DALI Backend Out-of-Bounds Read",
29901
+ "rwep": 11,
29902
+ "cvss": 9.8,
29660
29903
  "cisa_kev": false,
29661
29904
  "epss_score": null,
29662
29905
  "referencing_skills": [
@@ -30015,8 +30258,8 @@
30015
30258
  ]
30016
30259
  }
30017
30260
  },
30018
- "CVE-2026-24213": {
30019
- "name": "NVIDIA Triton DALI Backend Out-of-Bounds Read",
30261
+ "CVE-2026-24214": {
30262
+ "name": "NVIDIA Triton DALI Backend Integer Overflow",
30020
30263
  "rwep": 11,
30021
30264
  "cvss": 9.8,
30022
30265
  "cisa_kev": false,
@@ -30377,10 +30620,10 @@
30377
30620
  ]
30378
30621
  }
30379
30622
  },
30380
- "CVE-2026-24214": {
30381
- "name": "NVIDIA Triton DALI Backend Integer Overflow",
30382
- "rwep": 11,
30383
- "cvss": 9.8,
30623
+ "CVE-2026-24215": {
30624
+ "name": "NVIDIA Triton DALI Backend Uncontrolled Resource Consumption (DoS)",
30625
+ "rwep": 5,
30626
+ "cvss": 7.5,
30384
30627
  "cisa_kev": false,
30385
30628
  "epss_score": null,
30386
30629
  "referencing_skills": [
@@ -30739,17 +30982,19 @@
30739
30982
  ]
30740
30983
  }
30741
30984
  },
30742
- "CVE-2026-24215": {
30743
- "name": "NVIDIA Triton DALI Backend Uncontrolled Resource Consumption (DoS)",
30744
- "rwep": 5,
30745
- "cvss": 7.5,
30985
+ "CVE-2025-32444": {
30986
+ "name": "vLLM Mooncake Integration ZeroMQ Deserialization RCE",
30987
+ "rwep": 31,
30988
+ "cvss": 9.8,
30746
30989
  "cisa_kev": false,
30747
30990
  "epss_score": null,
30748
30991
  "referencing_skills": [
30749
30992
  "kernel-lpe-triage",
30750
30993
  "ai-attack-surface",
30751
30994
  "compliance-theater",
30995
+ "ai-c2-detection",
30752
30996
  "attack-surface-pentest",
30997
+ "dlp-gap-analysis",
30753
30998
  "ot-ics-security",
30754
30999
  "coordinated-vuln-disclosure",
30755
31000
  "sector-energy"
@@ -30786,6 +31031,11 @@
30786
31031
  "name": "Improper Validation of Generative AI Output",
30787
31032
  "category": "AI/ML"
30788
31033
  },
31034
+ {
31035
+ "id": "CWE-200",
31036
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
31037
+ "category": "Information Exposure"
31038
+ },
30789
31039
  {
30790
31040
  "id": "CWE-22",
30791
31041
  "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
@@ -30925,11 +31175,21 @@
30925
31175
  "name": "Address Space Layout Randomization",
30926
31176
  "tactic": "Harden"
30927
31177
  },
31178
+ {
31179
+ "id": "D3-CA",
31180
+ "name": "Certificate Analysis",
31181
+ "tactic": "Detect"
31182
+ },
30928
31183
  {
30929
31184
  "id": "D3-CSPP",
30930
31185
  "name": "Client-server Payload Profiling",
30931
31186
  "tactic": "Detect"
30932
31187
  },
31188
+ {
31189
+ "id": "D3-DA",
31190
+ "name": "Domain Analysis",
31191
+ "tactic": "Detect"
31192
+ },
30933
31193
  {
30934
31194
  "id": "D3-EAL",
30935
31195
  "name": "Executable Allowlisting",
@@ -30940,11 +31200,21 @@
30940
31200
  "name": "Input/Output Profiling Resource",
30941
31201
  "tactic": "Detect"
30942
31202
  },
31203
+ {
31204
+ "id": "D3-NI",
31205
+ "name": "Network Isolation",
31206
+ "tactic": "Isolate"
31207
+ },
30943
31208
  {
30944
31209
  "id": "D3-NTA",
30945
31210
  "name": "Network Traffic Analysis",
30946
31211
  "tactic": "Detect"
30947
31212
  },
31213
+ {
31214
+ "id": "D3-NTPM",
31215
+ "name": "Network Traffic Policy Mapping",
31216
+ "tactic": "Model"
31217
+ },
30948
31218
  {
30949
31219
  "id": "D3-PHRA",
30950
31220
  "name": "Process Hardware Resource Access",
@@ -30982,11 +31252,21 @@
30982
31252
  "framework": "FedRAMP Rev 5 Moderate",
30983
31253
  "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
30984
31254
  },
31255
+ {
31256
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
31257
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
31258
+ "control_name": "Access control standard (technical safeguards)"
31259
+ },
30985
31260
  {
30986
31261
  "id": "IEC-62443-3-3",
30987
31262
  "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
30988
31263
  "control_name": "System security requirements and security levels"
30989
31264
  },
31265
+ {
31266
+ "id": "ISO-27001-2022-A.8.16",
31267
+ "framework": "ISO/IEC 27001:2022",
31268
+ "control_name": "Monitoring activities"
31269
+ },
30990
31270
  {
30991
31271
  "id": "ISO-27001-2022-A.8.28",
30992
31272
  "framework": "ISO/IEC 27001:2022",
@@ -31002,6 +31282,11 @@
31002
31282
  "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
31003
31283
  "control_name": "AI risk management process"
31004
31284
  },
31285
+ {
31286
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
31287
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
31288
+ "control_name": "AI risk assessment"
31289
+ },
31005
31290
  {
31006
31291
  "id": "NERC-CIP-007-6-R4",
31007
31292
  "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
@@ -31027,6 +31312,16 @@
31027
31312
  "framework": "NIST SP 800-53 Rev 5",
31028
31313
  "control_name": "Account Management"
31029
31314
  },
31315
+ {
31316
+ "id": "NIST-800-53-SC-28",
31317
+ "framework": "NIST SP 800-53 Rev 5",
31318
+ "control_name": "Protection of Information at Rest"
31319
+ },
31320
+ {
31321
+ "id": "NIST-800-53-SC-7",
31322
+ "framework": "NIST SP 800-53 Rev 5",
31323
+ "control_name": "Boundary Protection"
31324
+ },
31030
31325
  {
31031
31326
  "id": "NIST-800-53-SC-8",
31032
31327
  "framework": "NIST SP 800-53 Rev 5",
@@ -31077,6 +31372,11 @@
31077
31372
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
31078
31373
  "control_name": "Logical and Physical Access Controls"
31079
31374
  },
31375
+ {
31376
+ "id": "SOC2-CC7-anomaly-detection",
31377
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
31378
+ "control_name": "System Operations — Threat and Vulnerability Management"
31379
+ },
31080
31380
  {
31081
31381
  "id": "SOC2-CC9-vendor-management",
31082
31382
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
@@ -31086,25 +31386,38 @@
31086
31386
  "attack_refs": [
31087
31387
  "T0855",
31088
31388
  "T0883",
31389
+ "T1041",
31089
31390
  "T1059",
31090
31391
  "T1068",
31392
+ "T1071",
31091
31393
  "T1078",
31394
+ "T1102",
31092
31395
  "T1133",
31093
31396
  "T1190",
31397
+ "T1213",
31398
+ "T1530",
31094
31399
  "T1548.001",
31095
- "T1566"
31400
+ "T1566",
31401
+ "T1567",
31402
+ "T1568"
31096
31403
  ],
31097
31404
  "rfc_refs": [
31098
31405
  "RFC-4301",
31099
31406
  "RFC-4303",
31100
- "RFC-7296"
31407
+ "RFC-7296",
31408
+ "RFC-8446",
31409
+ "RFC-9000",
31410
+ "RFC-9114",
31411
+ "RFC-9180",
31412
+ "RFC-9421",
31413
+ "RFC-9458"
31101
31414
  ]
31102
31415
  }
31103
31416
  },
31104
- "CVE-2025-32444": {
31105
- "name": "vLLM Mooncake Integration ZeroMQ Deserialization RCE",
31106
- "rwep": 31,
31107
- "cvss": 9.8,
31417
+ "CVE-2025-30202": {
31418
+ "name": "vLLM Distributed XPUB ZeroMQ Socket All-Interface Exposure",
31419
+ "rwep": 27,
31420
+ "cvss": 7.5,
31108
31421
  "cisa_kev": false,
31109
31422
  "epss_score": null,
31110
31423
  "referencing_skills": [
@@ -31533,19 +31846,17 @@
31533
31846
  ]
31534
31847
  }
31535
31848
  },
31536
- "CVE-2025-30202": {
31537
- "name": "vLLM Distributed XPUB ZeroMQ Socket All-Interface Exposure",
31538
- "rwep": 27,
31539
- "cvss": 7.5,
31849
+ "CVE-2024-27132": {
31850
+ "name": "MLflow Recipe Template Injection XSS to Client-Side RCE",
31851
+ "rwep": 29,
31852
+ "cvss": 9.6,
31540
31853
  "cisa_kev": false,
31541
31854
  "epss_score": null,
31542
31855
  "referencing_skills": [
31543
31856
  "kernel-lpe-triage",
31544
31857
  "ai-attack-surface",
31545
31858
  "compliance-theater",
31546
- "ai-c2-detection",
31547
31859
  "attack-surface-pentest",
31548
- "dlp-gap-analysis",
31549
31860
  "ot-ics-security",
31550
31861
  "coordinated-vuln-disclosure",
31551
31862
  "sector-energy"
@@ -31582,11 +31893,6 @@
31582
31893
  "name": "Improper Validation of Generative AI Output",
31583
31894
  "category": "AI/ML"
31584
31895
  },
31585
- {
31586
- "id": "CWE-200",
31587
- "name": "Exposure of Sensitive Information to an Unauthorized Actor",
31588
- "category": "Information Exposure"
31589
- },
31590
31896
  {
31591
31897
  "id": "CWE-22",
31592
31898
  "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
@@ -31726,21 +32032,11 @@
31726
32032
  "name": "Address Space Layout Randomization",
31727
32033
  "tactic": "Harden"
31728
32034
  },
31729
- {
31730
- "id": "D3-CA",
31731
- "name": "Certificate Analysis",
31732
- "tactic": "Detect"
31733
- },
31734
32035
  {
31735
32036
  "id": "D3-CSPP",
31736
32037
  "name": "Client-server Payload Profiling",
31737
32038
  "tactic": "Detect"
31738
32039
  },
31739
- {
31740
- "id": "D3-DA",
31741
- "name": "Domain Analysis",
31742
- "tactic": "Detect"
31743
- },
31744
32040
  {
31745
32041
  "id": "D3-EAL",
31746
32042
  "name": "Executable Allowlisting",
@@ -31751,21 +32047,11 @@
31751
32047
  "name": "Input/Output Profiling Resource",
31752
32048
  "tactic": "Detect"
31753
32049
  },
31754
- {
31755
- "id": "D3-NI",
31756
- "name": "Network Isolation",
31757
- "tactic": "Isolate"
31758
- },
31759
32050
  {
31760
32051
  "id": "D3-NTA",
31761
32052
  "name": "Network Traffic Analysis",
31762
32053
  "tactic": "Detect"
31763
32054
  },
31764
- {
31765
- "id": "D3-NTPM",
31766
- "name": "Network Traffic Policy Mapping",
31767
- "tactic": "Model"
31768
- },
31769
32055
  {
31770
32056
  "id": "D3-PHRA",
31771
32057
  "name": "Process Hardware Resource Access",
@@ -31803,21 +32089,11 @@
31803
32089
  "framework": "FedRAMP Rev 5 Moderate",
31804
32090
  "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
31805
32091
  },
31806
- {
31807
- "id": "HIPAA-Security-Rule-164.312(a)(1)",
31808
- "framework": "HIPAA Security Rule (45 CFR § 164.312)",
31809
- "control_name": "Access control standard (technical safeguards)"
31810
- },
31811
32092
  {
31812
32093
  "id": "IEC-62443-3-3",
31813
32094
  "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
31814
32095
  "control_name": "System security requirements and security levels"
31815
32096
  },
31816
- {
31817
- "id": "ISO-27001-2022-A.8.16",
31818
- "framework": "ISO/IEC 27001:2022",
31819
- "control_name": "Monitoring activities"
31820
- },
31821
32097
  {
31822
32098
  "id": "ISO-27001-2022-A.8.28",
31823
32099
  "framework": "ISO/IEC 27001:2022",
@@ -31833,11 +32109,6 @@
31833
32109
  "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
31834
32110
  "control_name": "AI risk management process"
31835
32111
  },
31836
- {
31837
- "id": "ISO-IEC-42001-2023-clause-6.1.2",
31838
- "framework": "ISO/IEC 42001:2023 (AI Management System)",
31839
- "control_name": "AI risk assessment"
31840
- },
31841
32112
  {
31842
32113
  "id": "NERC-CIP-007-6-R4",
31843
32114
  "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
@@ -31863,16 +32134,6 @@
31863
32134
  "framework": "NIST SP 800-53 Rev 5",
31864
32135
  "control_name": "Account Management"
31865
32136
  },
31866
- {
31867
- "id": "NIST-800-53-SC-28",
31868
- "framework": "NIST SP 800-53 Rev 5",
31869
- "control_name": "Protection of Information at Rest"
31870
- },
31871
- {
31872
- "id": "NIST-800-53-SC-7",
31873
- "framework": "NIST SP 800-53 Rev 5",
31874
- "control_name": "Boundary Protection"
31875
- },
31876
32137
  {
31877
32138
  "id": "NIST-800-53-SC-8",
31878
32139
  "framework": "NIST SP 800-53 Rev 5",
@@ -31923,11 +32184,6 @@
31923
32184
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
31924
32185
  "control_name": "Logical and Physical Access Controls"
31925
32186
  },
31926
- {
31927
- "id": "SOC2-CC7-anomaly-detection",
31928
- "framework": "SOC 2 (AICPA Trust Services Criteria)",
31929
- "control_name": "System Operations — Threat and Vulnerability Management"
31930
- },
31931
32187
  {
31932
32188
  "id": "SOC2-CC9-vendor-management",
31933
32189
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
@@ -31937,45 +32193,34 @@
31937
32193
  "attack_refs": [
31938
32194
  "T0855",
31939
32195
  "T0883",
31940
- "T1041",
31941
32196
  "T1059",
31942
32197
  "T1068",
31943
- "T1071",
31944
32198
  "T1078",
31945
- "T1102",
31946
32199
  "T1133",
31947
32200
  "T1190",
31948
- "T1213",
31949
- "T1530",
31950
32201
  "T1548.001",
31951
- "T1566",
31952
- "T1567",
31953
- "T1568"
32202
+ "T1566"
31954
32203
  ],
31955
32204
  "rfc_refs": [
31956
32205
  "RFC-4301",
31957
32206
  "RFC-4303",
31958
- "RFC-7296",
31959
- "RFC-8446",
31960
- "RFC-9000",
31961
- "RFC-9114",
31962
- "RFC-9180",
31963
- "RFC-9421",
31964
- "RFC-9458"
32207
+ "RFC-7296"
31965
32208
  ]
31966
32209
  }
31967
32210
  },
31968
- "CVE-2024-27132": {
31969
- "name": "MLflow Recipe Template Injection XSS to Client-Side RCE",
32211
+ "CVE-2024-21575": {
32212
+ "name": "ComfyUI-Impact-Pack Path Traversal Arbitrary File Write to RCE",
31970
32213
  "rwep": 29,
31971
- "cvss": 9.6,
32214
+ "cvss": 8.6,
31972
32215
  "cisa_kev": false,
31973
32216
  "epss_score": null,
31974
32217
  "referencing_skills": [
31975
32218
  "kernel-lpe-triage",
31976
32219
  "ai-attack-surface",
31977
32220
  "compliance-theater",
32221
+ "ai-c2-detection",
31978
32222
  "attack-surface-pentest",
32223
+ "dlp-gap-analysis",
31979
32224
  "ot-ics-security",
31980
32225
  "coordinated-vuln-disclosure",
31981
32226
  "sector-energy"
@@ -32012,6 +32257,11 @@
32012
32257
  "name": "Improper Validation of Generative AI Output",
32013
32258
  "category": "AI/ML"
32014
32259
  },
32260
+ {
32261
+ "id": "CWE-200",
32262
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
32263
+ "category": "Information Exposure"
32264
+ },
32015
32265
  {
32016
32266
  "id": "CWE-22",
32017
32267
  "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
@@ -32151,11 +32401,21 @@
32151
32401
  "name": "Address Space Layout Randomization",
32152
32402
  "tactic": "Harden"
32153
32403
  },
32404
+ {
32405
+ "id": "D3-CA",
32406
+ "name": "Certificate Analysis",
32407
+ "tactic": "Detect"
32408
+ },
32154
32409
  {
32155
32410
  "id": "D3-CSPP",
32156
32411
  "name": "Client-server Payload Profiling",
32157
32412
  "tactic": "Detect"
32158
32413
  },
32414
+ {
32415
+ "id": "D3-DA",
32416
+ "name": "Domain Analysis",
32417
+ "tactic": "Detect"
32418
+ },
32159
32419
  {
32160
32420
  "id": "D3-EAL",
32161
32421
  "name": "Executable Allowlisting",
@@ -32166,11 +32426,21 @@
32166
32426
  "name": "Input/Output Profiling Resource",
32167
32427
  "tactic": "Detect"
32168
32428
  },
32429
+ {
32430
+ "id": "D3-NI",
32431
+ "name": "Network Isolation",
32432
+ "tactic": "Isolate"
32433
+ },
32169
32434
  {
32170
32435
  "id": "D3-NTA",
32171
32436
  "name": "Network Traffic Analysis",
32172
32437
  "tactic": "Detect"
32173
32438
  },
32439
+ {
32440
+ "id": "D3-NTPM",
32441
+ "name": "Network Traffic Policy Mapping",
32442
+ "tactic": "Model"
32443
+ },
32174
32444
  {
32175
32445
  "id": "D3-PHRA",
32176
32446
  "name": "Process Hardware Resource Access",
@@ -32208,11 +32478,21 @@
32208
32478
  "framework": "FedRAMP Rev 5 Moderate",
32209
32479
  "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
32210
32480
  },
32481
+ {
32482
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
32483
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
32484
+ "control_name": "Access control standard (technical safeguards)"
32485
+ },
32211
32486
  {
32212
32487
  "id": "IEC-62443-3-3",
32213
32488
  "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
32214
32489
  "control_name": "System security requirements and security levels"
32215
32490
  },
32491
+ {
32492
+ "id": "ISO-27001-2022-A.8.16",
32493
+ "framework": "ISO/IEC 27001:2022",
32494
+ "control_name": "Monitoring activities"
32495
+ },
32216
32496
  {
32217
32497
  "id": "ISO-27001-2022-A.8.28",
32218
32498
  "framework": "ISO/IEC 27001:2022",
@@ -32228,6 +32508,11 @@
32228
32508
  "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
32229
32509
  "control_name": "AI risk management process"
32230
32510
  },
32511
+ {
32512
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
32513
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
32514
+ "control_name": "AI risk assessment"
32515
+ },
32231
32516
  {
32232
32517
  "id": "NERC-CIP-007-6-R4",
32233
32518
  "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
@@ -32253,6 +32538,16 @@
32253
32538
  "framework": "NIST SP 800-53 Rev 5",
32254
32539
  "control_name": "Account Management"
32255
32540
  },
32541
+ {
32542
+ "id": "NIST-800-53-SC-28",
32543
+ "framework": "NIST SP 800-53 Rev 5",
32544
+ "control_name": "Protection of Information at Rest"
32545
+ },
32546
+ {
32547
+ "id": "NIST-800-53-SC-7",
32548
+ "framework": "NIST SP 800-53 Rev 5",
32549
+ "control_name": "Boundary Protection"
32550
+ },
32256
32551
  {
32257
32552
  "id": "NIST-800-53-SC-8",
32258
32553
  "framework": "NIST SP 800-53 Rev 5",
@@ -32303,6 +32598,11 @@
32303
32598
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
32304
32599
  "control_name": "Logical and Physical Access Controls"
32305
32600
  },
32601
+ {
32602
+ "id": "SOC2-CC7-anomaly-detection",
32603
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
32604
+ "control_name": "System Operations — Threat and Vulnerability Management"
32605
+ },
32306
32606
  {
32307
32607
  "id": "SOC2-CC9-vendor-management",
32308
32608
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
@@ -32312,25 +32612,38 @@
32312
32612
  "attack_refs": [
32313
32613
  "T0855",
32314
32614
  "T0883",
32615
+ "T1041",
32315
32616
  "T1059",
32316
32617
  "T1068",
32618
+ "T1071",
32317
32619
  "T1078",
32620
+ "T1102",
32318
32621
  "T1133",
32319
32622
  "T1190",
32623
+ "T1213",
32624
+ "T1530",
32320
32625
  "T1548.001",
32321
- "T1566"
32626
+ "T1566",
32627
+ "T1567",
32628
+ "T1568"
32322
32629
  ],
32323
32630
  "rfc_refs": [
32324
32631
  "RFC-4301",
32325
32632
  "RFC-4303",
32326
- "RFC-7296"
32633
+ "RFC-7296",
32634
+ "RFC-8446",
32635
+ "RFC-9000",
32636
+ "RFC-9114",
32637
+ "RFC-9180",
32638
+ "RFC-9421",
32639
+ "RFC-9458"
32327
32640
  ]
32328
32641
  }
32329
32642
  },
32330
- "CVE-2024-21575": {
32331
- "name": "ComfyUI-Impact-Pack Path Traversal Arbitrary File Write to RCE",
32643
+ "CVE-2024-21576": {
32644
+ "name": "ComfyUI-Bmad-Nodes Workflow Code Injection RCE",
32332
32645
  "rwep": 29,
32333
- "cvss": 8.6,
32646
+ "cvss": 10,
32334
32647
  "cisa_kev": false,
32335
32648
  "epss_score": null,
32336
32649
  "referencing_skills": [
@@ -32759,19 +33072,17 @@
32759
33072
  ]
32760
33073
  }
32761
33074
  },
32762
- "CVE-2024-21576": {
32763
- "name": "ComfyUI-Bmad-Nodes Workflow Code Injection RCE",
32764
- "rwep": 29,
32765
- "cvss": 10,
33075
+ "CVE-2024-21513": {
33076
+ "name": "LangChain-Experimental VectorSQLDatabaseChain Code Execution",
33077
+ "rwep": 27,
33078
+ "cvss": 8.5,
32766
33079
  "cisa_kev": false,
32767
33080
  "epss_score": null,
32768
33081
  "referencing_skills": [
32769
33082
  "kernel-lpe-triage",
32770
33083
  "ai-attack-surface",
32771
33084
  "compliance-theater",
32772
- "ai-c2-detection",
32773
33085
  "attack-surface-pentest",
32774
- "dlp-gap-analysis",
32775
33086
  "ot-ics-security",
32776
33087
  "coordinated-vuln-disclosure",
32777
33088
  "sector-energy"
@@ -32808,11 +33119,6 @@
32808
33119
  "name": "Improper Validation of Generative AI Output",
32809
33120
  "category": "AI/ML"
32810
33121
  },
32811
- {
32812
- "id": "CWE-200",
32813
- "name": "Exposure of Sensitive Information to an Unauthorized Actor",
32814
- "category": "Information Exposure"
32815
- },
32816
33122
  {
32817
33123
  "id": "CWE-22",
32818
33124
  "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
@@ -32952,21 +33258,11 @@
32952
33258
  "name": "Address Space Layout Randomization",
32953
33259
  "tactic": "Harden"
32954
33260
  },
32955
- {
32956
- "id": "D3-CA",
32957
- "name": "Certificate Analysis",
32958
- "tactic": "Detect"
32959
- },
32960
33261
  {
32961
33262
  "id": "D3-CSPP",
32962
33263
  "name": "Client-server Payload Profiling",
32963
33264
  "tactic": "Detect"
32964
33265
  },
32965
- {
32966
- "id": "D3-DA",
32967
- "name": "Domain Analysis",
32968
- "tactic": "Detect"
32969
- },
32970
33266
  {
32971
33267
  "id": "D3-EAL",
32972
33268
  "name": "Executable Allowlisting",
@@ -32977,21 +33273,11 @@
32977
33273
  "name": "Input/Output Profiling Resource",
32978
33274
  "tactic": "Detect"
32979
33275
  },
32980
- {
32981
- "id": "D3-NI",
32982
- "name": "Network Isolation",
32983
- "tactic": "Isolate"
32984
- },
32985
33276
  {
32986
33277
  "id": "D3-NTA",
32987
33278
  "name": "Network Traffic Analysis",
32988
33279
  "tactic": "Detect"
32989
33280
  },
32990
- {
32991
- "id": "D3-NTPM",
32992
- "name": "Network Traffic Policy Mapping",
32993
- "tactic": "Model"
32994
- },
32995
33281
  {
32996
33282
  "id": "D3-PHRA",
32997
33283
  "name": "Process Hardware Resource Access",
@@ -33029,21 +33315,11 @@
33029
33315
  "framework": "FedRAMP Rev 5 Moderate",
33030
33316
  "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
33031
33317
  },
33032
- {
33033
- "id": "HIPAA-Security-Rule-164.312(a)(1)",
33034
- "framework": "HIPAA Security Rule (45 CFR § 164.312)",
33035
- "control_name": "Access control standard (technical safeguards)"
33036
- },
33037
33318
  {
33038
33319
  "id": "IEC-62443-3-3",
33039
33320
  "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
33040
33321
  "control_name": "System security requirements and security levels"
33041
33322
  },
33042
- {
33043
- "id": "ISO-27001-2022-A.8.16",
33044
- "framework": "ISO/IEC 27001:2022",
33045
- "control_name": "Monitoring activities"
33046
- },
33047
33323
  {
33048
33324
  "id": "ISO-27001-2022-A.8.28",
33049
33325
  "framework": "ISO/IEC 27001:2022",
@@ -33059,11 +33335,6 @@
33059
33335
  "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
33060
33336
  "control_name": "AI risk management process"
33061
33337
  },
33062
- {
33063
- "id": "ISO-IEC-42001-2023-clause-6.1.2",
33064
- "framework": "ISO/IEC 42001:2023 (AI Management System)",
33065
- "control_name": "AI risk assessment"
33066
- },
33067
33338
  {
33068
33339
  "id": "NERC-CIP-007-6-R4",
33069
33340
  "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
@@ -33089,16 +33360,6 @@
33089
33360
  "framework": "NIST SP 800-53 Rev 5",
33090
33361
  "control_name": "Account Management"
33091
33362
  },
33092
- {
33093
- "id": "NIST-800-53-SC-28",
33094
- "framework": "NIST SP 800-53 Rev 5",
33095
- "control_name": "Protection of Information at Rest"
33096
- },
33097
- {
33098
- "id": "NIST-800-53-SC-7",
33099
- "framework": "NIST SP 800-53 Rev 5",
33100
- "control_name": "Boundary Protection"
33101
- },
33102
33363
  {
33103
33364
  "id": "NIST-800-53-SC-8",
33104
33365
  "framework": "NIST SP 800-53 Rev 5",
@@ -33149,11 +33410,6 @@
33149
33410
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
33150
33411
  "control_name": "Logical and Physical Access Controls"
33151
33412
  },
33152
- {
33153
- "id": "SOC2-CC7-anomaly-detection",
33154
- "framework": "SOC 2 (AICPA Trust Services Criteria)",
33155
- "control_name": "System Operations — Threat and Vulnerability Management"
33156
- },
33157
33413
  {
33158
33414
  "id": "SOC2-CC9-vendor-management",
33159
33415
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
@@ -33163,38 +33419,25 @@
33163
33419
  "attack_refs": [
33164
33420
  "T0855",
33165
33421
  "T0883",
33166
- "T1041",
33167
33422
  "T1059",
33168
33423
  "T1068",
33169
- "T1071",
33170
33424
  "T1078",
33171
- "T1102",
33172
33425
  "T1133",
33173
33426
  "T1190",
33174
- "T1213",
33175
- "T1530",
33176
33427
  "T1548.001",
33177
- "T1566",
33178
- "T1567",
33179
- "T1568"
33428
+ "T1566"
33180
33429
  ],
33181
33430
  "rfc_refs": [
33182
33431
  "RFC-4301",
33183
33432
  "RFC-4303",
33184
- "RFC-7296",
33185
- "RFC-8446",
33186
- "RFC-9000",
33187
- "RFC-9114",
33188
- "RFC-9180",
33189
- "RFC-9421",
33190
- "RFC-9458"
33433
+ "RFC-7296"
33191
33434
  ]
33192
33435
  }
33193
33436
  },
33194
- "CVE-2024-21513": {
33195
- "name": "LangChain-Experimental VectorSQLDatabaseChain Code Execution",
33437
+ "CVE-2023-44467": {
33438
+ "name": "LangChain-Experimental PALChain dunder-import Code Execution (CVE-2023-36258 bypass)",
33196
33439
  "rwep": 27,
33197
- "cvss": 8.5,
33440
+ "cvss": 9.8,
33198
33441
  "cisa_kev": false,
33199
33442
  "epss_score": null,
33200
33443
  "referencing_skills": [
@@ -33553,10 +33796,10 @@
33553
33796
  ]
33554
33797
  }
33555
33798
  },
33556
- "CVE-2023-44467": {
33557
- "name": "LangChain-Experimental PALChain dunder-import Code Execution (CVE-2023-36258 bypass)",
33558
- "rwep": 27,
33559
- "cvss": 9.8,
33799
+ "CVE-2024-13059": {
33800
+ "name": "AnythingLLM Non-ASCII Filename Path Traversal Arbitrary File Write to RCE",
33801
+ "rwep": 25,
33802
+ "cvss": 7.2,
33560
33803
  "cisa_kev": false,
33561
33804
  "epss_score": null,
33562
33805
  "referencing_skills": [
@@ -33915,10 +34158,10 @@
33915
34158
  ]
33916
34159
  }
33917
34160
  },
33918
- "CVE-2024-13059": {
33919
- "name": "AnythingLLM Non-ASCII Filename Path Traversal Arbitrary File Write to RCE",
33920
- "rwep": 25,
33921
- "cvss": 7.2,
34161
+ "CVE-2025-1753": {
34162
+ "name": "LlamaIndex CLI --files OS Command Injection",
34163
+ "rwep": 23,
34164
+ "cvss": 7.8,
33922
34165
  "cisa_kev": false,
33923
34166
  "epss_score": null,
33924
34167
  "referencing_skills": [
@@ -34277,10 +34520,10 @@
34277
34520
  ]
34278
34521
  }
34279
34522
  },
34280
- "CVE-2025-1753": {
34281
- "name": "LlamaIndex CLI --files OS Command Injection",
34282
- "rwep": 23,
34283
- "cvss": 7.8,
34523
+ "CVE-2024-6587": {
34524
+ "name": "BerriAI LiteLLM api_base SSRF API-Key Interception",
34525
+ "rwep": 29,
34526
+ "cvss": 7.5,
34284
34527
  "cisa_kev": false,
34285
34528
  "epss_score": null,
34286
34529
  "referencing_skills": [
@@ -34639,10 +34882,10 @@
34639
34882
  ]
34640
34883
  }
34641
34884
  },
34642
- "CVE-2024-6587": {
34643
- "name": "BerriAI LiteLLM api_base SSRF API-Key Interception",
34644
- "rwep": 29,
34645
- "cvss": 7.5,
34885
+ "CVE-2024-4889": {
34886
+ "name": "BerriAI LiteLLM Config Code Injection via UI_LOGO_PATH / KMS",
34887
+ "rwep": 27,
34888
+ "cvss": 7.2,
34646
34889
  "cisa_kev": false,
34647
34890
  "epss_score": null,
34648
34891
  "referencing_skills": [
@@ -35001,10 +35244,10 @@
35001
35244
  ]
35002
35245
  }
35003
35246
  },
35004
- "CVE-2024-4889": {
35005
- "name": "BerriAI LiteLLM Config Code Injection via UI_LOGO_PATH / KMS",
35247
+ "CVE-2025-64513": {
35248
+ "name": "Milvus Proxy Authentication Bypass via Forged Headers",
35006
35249
  "rwep": 27,
35007
- "cvss": 7.2,
35250
+ "cvss": 9.3,
35008
35251
  "cisa_kev": false,
35009
35252
  "epss_score": null,
35010
35253
  "referencing_skills": [
@@ -35363,10 +35606,10 @@
35363
35606
  ]
35364
35607
  }
35365
35608
  },
35366
- "CVE-2025-64513": {
35367
- "name": "Milvus Proxy Authentication Bypass via Forged Headers",
35609
+ "CVE-2026-26190": {
35610
+ "name": "Milvus Port 9091 Missing Authentication / Weak Default Token",
35368
35611
  "rwep": 27,
35369
- "cvss": 9.3,
35612
+ "cvss": 9.8,
35370
35613
  "cisa_kev": false,
35371
35614
  "epss_score": null,
35372
35615
  "referencing_skills": [
@@ -35725,9 +35968,9 @@
35725
35968
  ]
35726
35969
  }
35727
35970
  },
35728
- "CVE-2026-26190": {
35729
- "name": "Milvus Port 9091 Missing Authentication / Weak Default Token",
35730
- "rwep": 27,
35971
+ "CVE-2023-6019": {
35972
+ "name": "Anyscale Ray Dashboard cpu_profile Command Injection RCE",
35973
+ "rwep": 31,
35731
35974
  "cvss": 9.8,
35732
35975
  "cisa_kev": false,
35733
35976
  "epss_score": null,
@@ -36087,10 +36330,10 @@
36087
36330
  ]
36088
36331
  }
36089
36332
  },
36090
- "CVE-2023-6019": {
36091
- "name": "Anyscale Ray Dashboard cpu_profile Command Injection RCE",
36092
- "rwep": 31,
36093
- "cvss": 9.8,
36333
+ "CVE-2023-6021": {
36334
+ "name": "Anyscale Ray Dashboard Log API Local File Inclusion",
36335
+ "rwep": 27,
36336
+ "cvss": 7.5,
36094
36337
  "cisa_kev": false,
36095
36338
  "epss_score": null,
36096
36339
  "referencing_skills": [
@@ -36449,10 +36692,10 @@
36449
36692
  ]
36450
36693
  }
36451
36694
  },
36452
- "CVE-2023-6021": {
36453
- "name": "Anyscale Ray Dashboard Log API Local File Inclusion",
36695
+ "CVE-2025-33236": {
36696
+ "name": "NVIDIA NeMo Framework Malicious Model Import Code Injection RCE",
36454
36697
  "rwep": 27,
36455
- "cvss": 7.5,
36698
+ "cvss": 7.8,
36456
36699
  "cisa_kev": false,
36457
36700
  "epss_score": null,
36458
36701
  "referencing_skills": [
@@ -36811,9 +37054,9 @@
36811
37054
  ]
36812
37055
  }
36813
37056
  },
36814
- "CVE-2025-33236": {
36815
- "name": "NVIDIA NeMo Framework Malicious Model Import Code Injection RCE",
36816
- "rwep": 27,
37057
+ "CVE-2024-0129": {
37058
+ "name": "NVIDIA NeMo SaveRestoreConnector .tar Path Traversal to Code Execution",
37059
+ "rwep": 25,
36817
37060
  "cvss": 7.8,
36818
37061
  "cisa_kev": false,
36819
37062
  "epss_score": null,
@@ -37173,10 +37416,10 @@
37173
37416
  ]
37174
37417
  }
37175
37418
  },
37176
- "CVE-2024-0129": {
37177
- "name": "NVIDIA NeMo SaveRestoreConnector .tar Path Traversal to Code Execution",
37178
- "rwep": 25,
37179
- "cvss": 7.8,
37419
+ "CVE-2025-32434": {
37420
+ "name": "PyTorch torch.load Remote Code Execution Despite weights_only=True",
37421
+ "rwep": 33,
37422
+ "cvss": 9.8,
37180
37423
  "cisa_kev": false,
37181
37424
  "epss_score": null,
37182
37425
  "referencing_skills": [
@@ -37535,10 +37778,10 @@
37535
37778
  ]
37536
37779
  }
37537
37780
  },
37538
- "CVE-2025-32434": {
37539
- "name": "PyTorch torch.load Remote Code Execution Despite weights_only=True",
37540
- "rwep": 33,
37541
- "cvss": 9.8,
37781
+ "CVE-2026-45829": {
37782
+ "name": "ChromaDB FastAPI Pre-Auth Remote Code Execution (ChromaToast)",
37783
+ "rwep": 44,
37784
+ "cvss": 10,
37542
37785
  "cisa_kev": false,
37543
37786
  "epss_score": null,
37544
37787
  "referencing_skills": [
@@ -37897,10 +38140,10 @@
37897
38140
  ]
37898
38141
  }
37899
38142
  },
37900
- "CVE-2026-45829": {
37901
- "name": "ChromaDB FastAPI Pre-Auth Remote Code Execution (ChromaToast)",
37902
- "rwep": 44,
37903
- "cvss": 10,
38143
+ "CVE-2025-67818": {
38144
+ "name": "Weaviate Backup Restore ZipSlip Path Traversal",
38145
+ "rwep": 25,
38146
+ "cvss": 7.2,
37904
38147
  "cisa_kev": false,
37905
38148
  "epss_score": null,
37906
38149
  "referencing_skills": [
@@ -38259,42 +38502,36 @@
38259
38502
  ]
38260
38503
  }
38261
38504
  },
38262
- "CVE-2025-67818": {
38263
- "name": "Weaviate Backup Restore ZipSlip Path Traversal",
38264
- "rwep": 25,
38265
- "cvss": 7.2,
38505
+ "CVE-2024-5565": {
38506
+ "name": "Vanna.AI Prompt Injection to Remote Code Execution",
38507
+ "rwep": 40,
38508
+ "cvss": 8.1,
38266
38509
  "cisa_kev": false,
38267
38510
  "epss_score": null,
38268
38511
  "referencing_skills": [
38269
- "kernel-lpe-triage",
38270
38512
  "ai-attack-surface",
38513
+ "mcp-agent-trust",
38271
38514
  "compliance-theater",
38272
- "attack-surface-pentest",
38273
- "ot-ics-security",
38274
- "coordinated-vuln-disclosure",
38275
- "sector-energy"
38515
+ "rag-pipeline-security",
38516
+ "ai-c2-detection",
38517
+ "threat-modeling-methodology",
38518
+ "webapp-security",
38519
+ "api-security",
38520
+ "cloud-security",
38521
+ "container-runtime-security",
38522
+ "email-security-anti-phishing"
38276
38523
  ],
38277
38524
  "chain": {
38278
38525
  "cwes": [
38279
- {
38280
- "id": "CWE-1037",
38281
- "name": "Processor Optimization Removal or Modification of Security-critical Code",
38282
- "category": "Hardware / Side Channel"
38283
- },
38284
38526
  {
38285
38527
  "id": "CWE-1039",
38286
38528
  "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
38287
38529
  "category": "AI/ML"
38288
38530
  },
38289
38531
  {
38290
- "id": "CWE-125",
38291
- "name": "Out-of-bounds Read",
38292
- "category": "Memory Safety"
38293
- },
38294
- {
38295
- "id": "CWE-1357",
38296
- "name": "Reliance on Insufficiently Trustworthy Component",
38297
- "category": "Supply Chain"
38532
+ "id": "CWE-1188",
38533
+ "name": "Initialization of a Resource with an Insecure Default",
38534
+ "category": "Configuration"
38298
38535
  },
38299
38536
  {
38300
38537
  "id": "CWE-1395",
@@ -38306,6 +38543,11 @@
38306
38543
  "name": "Improper Validation of Generative AI Output",
38307
38544
  "category": "AI/ML"
38308
38545
  },
38546
+ {
38547
+ "id": "CWE-200",
38548
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
38549
+ "category": "Information Exposure"
38550
+ },
38309
38551
  {
38310
38552
  "id": "CWE-22",
38311
38553
  "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
@@ -38322,40 +38564,40 @@
38322
38564
  "category": "Authentication"
38323
38565
  },
38324
38566
  {
38325
- "id": "CWE-306",
38326
- "name": "Missing Authentication for Critical Function",
38327
- "category": "Authentication"
38567
+ "id": "CWE-345",
38568
+ "name": "Insufficient Verification of Data Authenticity",
38569
+ "category": "Authenticity / Supply Chain"
38328
38570
  },
38329
38571
  {
38330
38572
  "id": "CWE-352",
38331
38573
  "name": "Cross-Site Request Forgery (CSRF)",
38332
38574
  "category": "Session"
38333
38575
  },
38334
- {
38335
- "id": "CWE-362",
38336
- "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
38337
- "category": "Concurrency"
38338
- },
38339
- {
38340
- "id": "CWE-416",
38341
- "name": "Use After Free",
38342
- "category": "Memory Safety"
38343
- },
38344
38576
  {
38345
38577
  "id": "CWE-434",
38346
38578
  "name": "Unrestricted Upload of File with Dangerous Type",
38347
38579
  "category": "File Handling"
38348
38580
  },
38349
38581
  {
38350
- "id": "CWE-672",
38351
- "name": "Operation on a Resource after Expiration or Release",
38352
- "category": "Memory Safety"
38582
+ "id": "CWE-494",
38583
+ "name": "Download of Code Without Integrity Check",
38584
+ "category": "Supply Chain"
38585
+ },
38586
+ {
38587
+ "id": "CWE-502",
38588
+ "name": "Deserialization of Untrusted Data",
38589
+ "category": "Serialization"
38353
38590
  },
38354
38591
  {
38355
38592
  "id": "CWE-732",
38356
38593
  "name": "Incorrect Permission Assignment for Critical Resource",
38357
38594
  "category": "Authorization"
38358
38595
  },
38596
+ {
38597
+ "id": "CWE-77",
38598
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
38599
+ "category": "Injection"
38600
+ },
38359
38601
  {
38360
38602
  "id": "CWE-78",
38361
38603
  "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
@@ -38376,6 +38618,16 @@
38376
38618
  "name": "Use of Hard-coded Credentials",
38377
38619
  "category": "Credentials"
38378
38620
  },
38621
+ {
38622
+ "id": "CWE-862",
38623
+ "name": "Missing Authorization",
38624
+ "category": "Authorization"
38625
+ },
38626
+ {
38627
+ "id": "CWE-863",
38628
+ "name": "Incorrect Authorization",
38629
+ "category": "Authorization"
38630
+ },
38379
38631
  {
38380
38632
  "id": "CWE-89",
38381
38633
  "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
@@ -38441,8 +38693,13 @@
38441
38693
  ],
38442
38694
  "d3fend": [
38443
38695
  {
38444
- "id": "D3-ASLR",
38445
- "name": "Address Space Layout Randomization",
38696
+ "id": "D3-CA",
38697
+ "name": "Certificate Analysis",
38698
+ "tactic": "Detect"
38699
+ },
38700
+ {
38701
+ "id": "D3-CBAN",
38702
+ "name": "Certificate-based Authentication",
38446
38703
  "tactic": "Harden"
38447
38704
  },
38448
38705
  {
@@ -38450,30 +38707,45 @@
38450
38707
  "name": "Client-server Payload Profiling",
38451
38708
  "tactic": "Detect"
38452
38709
  },
38710
+ {
38711
+ "id": "D3-DA",
38712
+ "name": "Domain Analysis",
38713
+ "tactic": "Detect"
38714
+ },
38453
38715
  {
38454
38716
  "id": "D3-EAL",
38455
38717
  "name": "Executable Allowlisting",
38456
38718
  "tactic": "Harden"
38457
38719
  },
38720
+ {
38721
+ "id": "D3-EHB",
38722
+ "name": "Executable Hashbased Allowlist",
38723
+ "tactic": "Harden"
38724
+ },
38458
38725
  {
38459
38726
  "id": "D3-IOPR",
38460
38727
  "name": "Input/Output Profiling Resource",
38461
38728
  "tactic": "Detect"
38462
38729
  },
38463
38730
  {
38464
- "id": "D3-NTA",
38465
- "name": "Network Traffic Analysis",
38466
- "tactic": "Detect"
38731
+ "id": "D3-MFA",
38732
+ "name": "Multi-factor Authentication",
38733
+ "tactic": "Harden"
38467
38734
  },
38468
38735
  {
38469
- "id": "D3-PHRA",
38470
- "name": "Process Hardware Resource Access",
38736
+ "id": "D3-NI",
38737
+ "name": "Network Isolation",
38471
38738
  "tactic": "Isolate"
38472
38739
  },
38473
38740
  {
38474
- "id": "D3-PSEP",
38475
- "name": "Process Segment Execution Prevention",
38476
- "tactic": "Harden"
38741
+ "id": "D3-NTA",
38742
+ "name": "Network Traffic Analysis",
38743
+ "tactic": "Detect"
38744
+ },
38745
+ {
38746
+ "id": "D3-NTPM",
38747
+ "name": "Network Traffic Policy Mapping",
38748
+ "tactic": "Model"
38477
38749
  }
38478
38750
  ],
38479
38751
  "framework_gaps": [
@@ -38483,14 +38755,14 @@
38483
38755
  "control_name": "AI Pipeline Integrity"
38484
38756
  },
38485
38757
  {
38486
- "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
38758
+ "id": "ALL-MCP-TOOL-TRUST",
38487
38759
  "framework": "ALL",
38488
- "control_name": "Prompt Injection as Access Control Failure"
38760
+ "control_name": "MCP/Agent Tool Trust Boundaries"
38489
38761
  },
38490
38762
  {
38491
- "id": "CIS-Controls-v8-Control7",
38492
- "framework": "CIS Controls v8",
38493
- "control_name": "Continuous Vulnerability Management"
38763
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
38764
+ "framework": "ALL",
38765
+ "control_name": "Prompt Injection as Access Control Failure"
38494
38766
  },
38495
38767
  {
38496
38768
  "id": "CMMC-2.0-Level-2",
@@ -38503,9 +38775,9 @@
38503
38775
  "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
38504
38776
  },
38505
38777
  {
38506
- "id": "IEC-62443-3-3",
38507
- "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
38508
- "control_name": "System security requirements and security levels"
38778
+ "id": "ISO-27001-2022-A.8.16",
38779
+ "framework": "ISO/IEC 27001:2022",
38780
+ "control_name": "Monitoring activities"
38509
38781
  },
38510
38782
  {
38511
38783
  "id": "ISO-27001-2022-A.8.28",
@@ -38513,9 +38785,9 @@
38513
38785
  "control_name": "Secure coding"
38514
38786
  },
38515
38787
  {
38516
- "id": "ISO-27001-2022-A.8.8",
38788
+ "id": "ISO-27001-2022-A.8.30",
38517
38789
  "framework": "ISO/IEC 27001:2022",
38518
- "control_name": "Management of technical vulnerabilities"
38790
+ "control_name": "Outsourced development"
38519
38791
  },
38520
38792
  {
38521
38793
  "id": "ISO-IEC-23894-2023-clause-7",
@@ -38523,19 +38795,433 @@
38523
38795
  "control_name": "AI risk management process"
38524
38796
  },
38525
38797
  {
38526
- "id": "NERC-CIP-007-6-R4",
38527
- "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
38528
- "control_name": "Security event monitoring"
38798
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
38799
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
38800
+ "control_name": "AI risk assessment"
38529
38801
  },
38530
38802
  {
38531
- "id": "NIS2-Art21-patch-management",
38532
- "framework": "EU NIS2 Directive",
38533
- "control_name": "Vulnerability handling and disclosure"
38803
+ "id": "NIST-800-218-SSDF",
38804
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
38805
+ "control_name": "Secure Software Development Framework"
38534
38806
  },
38535
38807
  {
38536
- "id": "NIST-800-115",
38537
- "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
38538
- "control_name": "Technical Guide to Information Security Testing and Assessment"
38808
+ "id": "NIST-800-53-AC-2",
38809
+ "framework": "NIST SP 800-53 Rev 5",
38810
+ "control_name": "Account Management"
38811
+ },
38812
+ {
38813
+ "id": "NIST-800-53-CM-7",
38814
+ "framework": "NIST SP 800-53 Rev 5",
38815
+ "control_name": "Least Functionality"
38816
+ },
38817
+ {
38818
+ "id": "NIST-800-53-SA-12",
38819
+ "framework": "NIST SP 800-53 Rev 5",
38820
+ "control_name": "Supply Chain Protection"
38821
+ },
38822
+ {
38823
+ "id": "NIST-800-53-SC-7",
38824
+ "framework": "NIST SP 800-53 Rev 5",
38825
+ "control_name": "Boundary Protection"
38826
+ },
38827
+ {
38828
+ "id": "NIST-800-53-SI-12",
38829
+ "framework": "NIST SP 800-53 Rev 5",
38830
+ "control_name": "Information Management and Retention"
38831
+ },
38832
+ {
38833
+ "id": "NIST-800-53-SI-3",
38834
+ "framework": "NIST SP 800-53 Rev 5",
38835
+ "control_name": "Malicious Code Protection"
38836
+ },
38837
+ {
38838
+ "id": "NIST-AI-RMF-MEASURE-2.5",
38839
+ "framework": "NIST AI RMF 1.0",
38840
+ "control_name": "AI system to human interaction evaluation"
38841
+ },
38842
+ {
38843
+ "id": "OWASP-ASVS-v5.0-V14",
38844
+ "framework": "OWASP ASVS v5.0",
38845
+ "control_name": "Configuration verification"
38846
+ },
38847
+ {
38848
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
38849
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38850
+ "control_name": "Prompt Injection"
38851
+ },
38852
+ {
38853
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
38854
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38855
+ "control_name": "Sensitive Information Disclosure"
38856
+ },
38857
+ {
38858
+ "id": "OWASP-LLM-Top-10-2025-LLM06",
38859
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38860
+ "control_name": "Excessive Agency"
38861
+ },
38862
+ {
38863
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
38864
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38865
+ "control_name": "Vector and Embedding Weaknesses"
38866
+ },
38867
+ {
38868
+ "id": "SLSA-v1.0-Build-L3",
38869
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
38870
+ "control_name": "Hardened build platform with non-falsifiable provenance"
38871
+ },
38872
+ {
38873
+ "id": "SOC2-CC6-logical-access",
38874
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
38875
+ "control_name": "Logical and Physical Access Controls"
38876
+ },
38877
+ {
38878
+ "id": "SOC2-CC7-anomaly-detection",
38879
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
38880
+ "control_name": "System Operations — Threat and Vulnerability Management"
38881
+ },
38882
+ {
38883
+ "id": "SOC2-CC9-vendor-management",
38884
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
38885
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
38886
+ },
38887
+ {
38888
+ "id": "SWIFT-CSCF-v2026-1.1",
38889
+ "framework": "SWIFT Customer Security Controls Framework v2026",
38890
+ "control_name": "SWIFT Environment Protection"
38891
+ }
38892
+ ],
38893
+ "attack_refs": [
38894
+ "T1059",
38895
+ "T1068",
38896
+ "T1071",
38897
+ "T1078",
38898
+ "T1102",
38899
+ "T1190",
38900
+ "T1195.001",
38901
+ "T1505",
38902
+ "T1530",
38903
+ "T1552",
38904
+ "T1565",
38905
+ "T1566",
38906
+ "T1566.001",
38907
+ "T1566.002",
38908
+ "T1566.003",
38909
+ "T1567",
38910
+ "T1568",
38911
+ "T1610",
38912
+ "T1611"
38913
+ ],
38914
+ "rfc_refs": [
38915
+ "RFC-6749",
38916
+ "RFC-7519",
38917
+ "RFC-8032",
38918
+ "RFC-8446",
38919
+ "RFC-8725",
38920
+ "RFC-9000",
38921
+ "RFC-9114",
38922
+ "RFC-9180",
38923
+ "RFC-9421",
38924
+ "RFC-9458",
38925
+ "RFC-9700"
38926
+ ]
38927
+ }
38928
+ },
38929
+ "CVE-2024-12366": {
38930
+ "name": "PandasAI Prompt Injection to Remote Code Execution",
38931
+ "rwep": 46,
38932
+ "cvss": 9.8,
38933
+ "cisa_kev": false,
38934
+ "epss_score": null,
38935
+ "referencing_skills": [
38936
+ "ai-attack-surface",
38937
+ "mcp-agent-trust",
38938
+ "compliance-theater",
38939
+ "rag-pipeline-security",
38940
+ "ai-c2-detection",
38941
+ "threat-modeling-methodology",
38942
+ "webapp-security",
38943
+ "api-security",
38944
+ "cloud-security",
38945
+ "container-runtime-security",
38946
+ "email-security-anti-phishing"
38947
+ ],
38948
+ "chain": {
38949
+ "cwes": [
38950
+ {
38951
+ "id": "CWE-1039",
38952
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
38953
+ "category": "AI/ML"
38954
+ },
38955
+ {
38956
+ "id": "CWE-1188",
38957
+ "name": "Initialization of a Resource with an Insecure Default",
38958
+ "category": "Configuration"
38959
+ },
38960
+ {
38961
+ "id": "CWE-1395",
38962
+ "name": "Dependency on Vulnerable Third-Party Component",
38963
+ "category": "Supply Chain"
38964
+ },
38965
+ {
38966
+ "id": "CWE-1426",
38967
+ "name": "Improper Validation of Generative AI Output",
38968
+ "category": "AI/ML"
38969
+ },
38970
+ {
38971
+ "id": "CWE-200",
38972
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
38973
+ "category": "Information Exposure"
38974
+ },
38975
+ {
38976
+ "id": "CWE-22",
38977
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
38978
+ "category": "Path/Resource"
38979
+ },
38980
+ {
38981
+ "id": "CWE-269",
38982
+ "name": "Improper Privilege Management",
38983
+ "category": "Authorization"
38984
+ },
38985
+ {
38986
+ "id": "CWE-287",
38987
+ "name": "Improper Authentication",
38988
+ "category": "Authentication"
38989
+ },
38990
+ {
38991
+ "id": "CWE-345",
38992
+ "name": "Insufficient Verification of Data Authenticity",
38993
+ "category": "Authenticity / Supply Chain"
38994
+ },
38995
+ {
38996
+ "id": "CWE-352",
38997
+ "name": "Cross-Site Request Forgery (CSRF)",
38998
+ "category": "Session"
38999
+ },
39000
+ {
39001
+ "id": "CWE-434",
39002
+ "name": "Unrestricted Upload of File with Dangerous Type",
39003
+ "category": "File Handling"
39004
+ },
39005
+ {
39006
+ "id": "CWE-494",
39007
+ "name": "Download of Code Without Integrity Check",
39008
+ "category": "Supply Chain"
39009
+ },
39010
+ {
39011
+ "id": "CWE-502",
39012
+ "name": "Deserialization of Untrusted Data",
39013
+ "category": "Serialization"
39014
+ },
39015
+ {
39016
+ "id": "CWE-732",
39017
+ "name": "Incorrect Permission Assignment for Critical Resource",
39018
+ "category": "Authorization"
39019
+ },
39020
+ {
39021
+ "id": "CWE-77",
39022
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
39023
+ "category": "Injection"
39024
+ },
39025
+ {
39026
+ "id": "CWE-78",
39027
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
39028
+ "category": "Injection"
39029
+ },
39030
+ {
39031
+ "id": "CWE-787",
39032
+ "name": "Out-of-bounds Write",
39033
+ "category": "Memory Safety"
39034
+ },
39035
+ {
39036
+ "id": "CWE-79",
39037
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
39038
+ "category": "Injection"
39039
+ },
39040
+ {
39041
+ "id": "CWE-798",
39042
+ "name": "Use of Hard-coded Credentials",
39043
+ "category": "Credentials"
39044
+ },
39045
+ {
39046
+ "id": "CWE-862",
39047
+ "name": "Missing Authorization",
39048
+ "category": "Authorization"
39049
+ },
39050
+ {
39051
+ "id": "CWE-863",
39052
+ "name": "Incorrect Authorization",
39053
+ "category": "Authorization"
39054
+ },
39055
+ {
39056
+ "id": "CWE-89",
39057
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
39058
+ "category": "Injection"
39059
+ },
39060
+ {
39061
+ "id": "CWE-918",
39062
+ "name": "Server-Side Request Forgery (SSRF)",
39063
+ "category": "Network"
39064
+ },
39065
+ {
39066
+ "id": "CWE-94",
39067
+ "name": "Improper Control of Generation of Code (Code Injection)",
39068
+ "category": "Injection"
39069
+ }
39070
+ ],
39071
+ "atlas": [
39072
+ {
39073
+ "id": "AML.T0010",
39074
+ "name": "ML Supply Chain Compromise",
39075
+ "tactic": "Initial Access"
39076
+ },
39077
+ {
39078
+ "id": "AML.T0016",
39079
+ "name": "Obtain Capabilities: Develop Capabilities",
39080
+ "tactic": "Resource Development"
39081
+ },
39082
+ {
39083
+ "id": "AML.T0017",
39084
+ "name": "Discover ML Model Ontology",
39085
+ "tactic": "Discovery"
39086
+ },
39087
+ {
39088
+ "id": "AML.T0018",
39089
+ "name": "Backdoor ML Model",
39090
+ "tactic": "Persistence"
39091
+ },
39092
+ {
39093
+ "id": "AML.T0020",
39094
+ "name": "Poison Training Data",
39095
+ "tactic": "ML Attack Staging"
39096
+ },
39097
+ {
39098
+ "id": "AML.T0043",
39099
+ "name": "Craft Adversarial Data",
39100
+ "tactic": "ML Attack Staging"
39101
+ },
39102
+ {
39103
+ "id": "AML.T0051",
39104
+ "name": "LLM Prompt Injection",
39105
+ "tactic": "Execution"
39106
+ },
39107
+ {
39108
+ "id": "AML.T0054",
39109
+ "name": "LLM Jailbreak",
39110
+ "tactic": "Defense Evasion"
39111
+ },
39112
+ {
39113
+ "id": "AML.T0096",
39114
+ "name": "AI API as Covert C2 Channel",
39115
+ "tactic": "Command and Control"
39116
+ }
39117
+ ],
39118
+ "d3fend": [
39119
+ {
39120
+ "id": "D3-CA",
39121
+ "name": "Certificate Analysis",
39122
+ "tactic": "Detect"
39123
+ },
39124
+ {
39125
+ "id": "D3-CBAN",
39126
+ "name": "Certificate-based Authentication",
39127
+ "tactic": "Harden"
39128
+ },
39129
+ {
39130
+ "id": "D3-CSPP",
39131
+ "name": "Client-server Payload Profiling",
39132
+ "tactic": "Detect"
39133
+ },
39134
+ {
39135
+ "id": "D3-DA",
39136
+ "name": "Domain Analysis",
39137
+ "tactic": "Detect"
39138
+ },
39139
+ {
39140
+ "id": "D3-EAL",
39141
+ "name": "Executable Allowlisting",
39142
+ "tactic": "Harden"
39143
+ },
39144
+ {
39145
+ "id": "D3-EHB",
39146
+ "name": "Executable Hashbased Allowlist",
39147
+ "tactic": "Harden"
39148
+ },
39149
+ {
39150
+ "id": "D3-IOPR",
39151
+ "name": "Input/Output Profiling Resource",
39152
+ "tactic": "Detect"
39153
+ },
39154
+ {
39155
+ "id": "D3-MFA",
39156
+ "name": "Multi-factor Authentication",
39157
+ "tactic": "Harden"
39158
+ },
39159
+ {
39160
+ "id": "D3-NI",
39161
+ "name": "Network Isolation",
39162
+ "tactic": "Isolate"
39163
+ },
39164
+ {
39165
+ "id": "D3-NTA",
39166
+ "name": "Network Traffic Analysis",
39167
+ "tactic": "Detect"
39168
+ },
39169
+ {
39170
+ "id": "D3-NTPM",
39171
+ "name": "Network Traffic Policy Mapping",
39172
+ "tactic": "Model"
39173
+ }
39174
+ ],
39175
+ "framework_gaps": [
39176
+ {
39177
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
39178
+ "framework": "ALL",
39179
+ "control_name": "AI Pipeline Integrity"
39180
+ },
39181
+ {
39182
+ "id": "ALL-MCP-TOOL-TRUST",
39183
+ "framework": "ALL",
39184
+ "control_name": "MCP/Agent Tool Trust Boundaries"
39185
+ },
39186
+ {
39187
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
39188
+ "framework": "ALL",
39189
+ "control_name": "Prompt Injection as Access Control Failure"
39190
+ },
39191
+ {
39192
+ "id": "CMMC-2.0-Level-2",
39193
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
39194
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
39195
+ },
39196
+ {
39197
+ "id": "FedRAMP-Rev5-Moderate",
39198
+ "framework": "FedRAMP Rev 5 Moderate",
39199
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
39200
+ },
39201
+ {
39202
+ "id": "ISO-27001-2022-A.8.16",
39203
+ "framework": "ISO/IEC 27001:2022",
39204
+ "control_name": "Monitoring activities"
39205
+ },
39206
+ {
39207
+ "id": "ISO-27001-2022-A.8.28",
39208
+ "framework": "ISO/IEC 27001:2022",
39209
+ "control_name": "Secure coding"
39210
+ },
39211
+ {
39212
+ "id": "ISO-27001-2022-A.8.30",
39213
+ "framework": "ISO/IEC 27001:2022",
39214
+ "control_name": "Outsourced development"
39215
+ },
39216
+ {
39217
+ "id": "ISO-IEC-23894-2023-clause-7",
39218
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
39219
+ "control_name": "AI risk management process"
39220
+ },
39221
+ {
39222
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
39223
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
39224
+ "control_name": "AI risk assessment"
38539
39225
  },
38540
39226
  {
38541
39227
  "id": "NIST-800-218-SSDF",
@@ -38548,14 +39234,24 @@
38548
39234
  "control_name": "Account Management"
38549
39235
  },
38550
39236
  {
38551
- "id": "NIST-800-53-SC-8",
39237
+ "id": "NIST-800-53-CM-7",
38552
39238
  "framework": "NIST SP 800-53 Rev 5",
38553
- "control_name": "Transmission Confidentiality and Integrity"
39239
+ "control_name": "Least Functionality"
38554
39240
  },
38555
39241
  {
38556
- "id": "NIST-800-53-SI-2",
39242
+ "id": "NIST-800-53-SA-12",
38557
39243
  "framework": "NIST SP 800-53 Rev 5",
38558
- "control_name": "Flaw Remediation"
39244
+ "control_name": "Supply Chain Protection"
39245
+ },
39246
+ {
39247
+ "id": "NIST-800-53-SC-7",
39248
+ "framework": "NIST SP 800-53 Rev 5",
39249
+ "control_name": "Boundary Protection"
39250
+ },
39251
+ {
39252
+ "id": "NIST-800-53-SI-12",
39253
+ "framework": "NIST SP 800-53 Rev 5",
39254
+ "control_name": "Information Management and Retention"
38559
39255
  },
38560
39256
  {
38561
39257
  "id": "NIST-800-53-SI-3",
@@ -38563,9 +39259,14 @@
38563
39259
  "control_name": "Malicious Code Protection"
38564
39260
  },
38565
39261
  {
38566
- "id": "NIST-800-82r3",
38567
- "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
38568
- "control_name": "Guide to Operational Technology (OT) Security"
39262
+ "id": "NIST-AI-RMF-MEASURE-2.5",
39263
+ "framework": "NIST AI RMF 1.0",
39264
+ "control_name": "AI system to human interaction evaluation"
39265
+ },
39266
+ {
39267
+ "id": "OWASP-ASVS-v5.0-V14",
39268
+ "framework": "OWASP ASVS v5.0",
39269
+ "control_name": "Configuration verification"
38569
39270
  },
38570
39271
  {
38571
39272
  "id": "OWASP-LLM-Top-10-2025-LLM01",
@@ -38578,54 +39279,82 @@
38578
39279
  "control_name": "Sensitive Information Disclosure"
38579
39280
  },
38580
39281
  {
38581
- "id": "OWASP-Pen-Testing-Guide-v5",
38582
- "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
38583
- "control_name": "Web application penetration testing methodology"
39282
+ "id": "OWASP-LLM-Top-10-2025-LLM06",
39283
+ "framework": "OWASP Top 10 for LLM Applications 2025",
39284
+ "control_name": "Excessive Agency"
38584
39285
  },
38585
39286
  {
38586
- "id": "PCI-DSS-4.0-6.3.3",
38587
- "framework": "PCI DSS 4.0",
38588
- "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
39287
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
39288
+ "framework": "OWASP Top 10 for LLM Applications 2025",
39289
+ "control_name": "Vector and Embedding Weaknesses"
38589
39290
  },
38590
39291
  {
38591
- "id": "PTES-Pre-engagement",
38592
- "framework": "Penetration Testing Execution Standard (PTES)",
38593
- "control_name": "Pre-engagement Interactions"
39292
+ "id": "SLSA-v1.0-Build-L3",
39293
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
39294
+ "control_name": "Hardened build platform with non-falsifiable provenance"
38594
39295
  },
38595
39296
  {
38596
39297
  "id": "SOC2-CC6-logical-access",
38597
39298
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
38598
39299
  "control_name": "Logical and Physical Access Controls"
38599
39300
  },
39301
+ {
39302
+ "id": "SOC2-CC7-anomaly-detection",
39303
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
39304
+ "control_name": "System Operations — Threat and Vulnerability Management"
39305
+ },
38600
39306
  {
38601
39307
  "id": "SOC2-CC9-vendor-management",
38602
39308
  "framework": "SOC 2 (AICPA Trust Services Criteria)",
38603
39309
  "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
39310
+ },
39311
+ {
39312
+ "id": "SWIFT-CSCF-v2026-1.1",
39313
+ "framework": "SWIFT Customer Security Controls Framework v2026",
39314
+ "control_name": "SWIFT Environment Protection"
38604
39315
  }
38605
39316
  ],
38606
39317
  "attack_refs": [
38607
- "T0855",
38608
- "T0883",
38609
39318
  "T1059",
38610
39319
  "T1068",
39320
+ "T1071",
38611
39321
  "T1078",
38612
- "T1133",
39322
+ "T1102",
38613
39323
  "T1190",
38614
- "T1548.001",
38615
- "T1566"
39324
+ "T1195.001",
39325
+ "T1505",
39326
+ "T1530",
39327
+ "T1552",
39328
+ "T1565",
39329
+ "T1566",
39330
+ "T1566.001",
39331
+ "T1566.002",
39332
+ "T1566.003",
39333
+ "T1567",
39334
+ "T1568",
39335
+ "T1610",
39336
+ "T1611"
38616
39337
  ],
38617
39338
  "rfc_refs": [
38618
- "RFC-4301",
38619
- "RFC-4303",
38620
- "RFC-7296"
39339
+ "RFC-6749",
39340
+ "RFC-7519",
39341
+ "RFC-8032",
39342
+ "RFC-8446",
39343
+ "RFC-8725",
39344
+ "RFC-9000",
39345
+ "RFC-9114",
39346
+ "RFC-9180",
39347
+ "RFC-9421",
39348
+ "RFC-9458",
39349
+ "RFC-9700"
38621
39350
  ]
38622
39351
  }
38623
39352
  },
38624
- "CVE-2024-5565": {
38625
- "name": "Vanna.AI Prompt Injection to Remote Code Execution",
38626
- "rwep": 40,
38627
- "cvss": 8.1,
38628
- "cisa_kev": false,
39353
+ "CVE-2025-3248": {
39354
+ "name": "Langflow /api/v1/validate/code Unauthenticated Code Injection (CISA KEV)",
39355
+ "rwep": 78,
39356
+ "cvss": 9.8,
39357
+ "cisa_kev": true,
38629
39358
  "epss_score": null,
38630
39359
  "referencing_skills": [
38631
39360
  "ai-attack-surface",
@@ -39045,11 +39774,11 @@
39045
39774
  ]
39046
39775
  }
39047
39776
  },
39048
- "CVE-2024-12366": {
39049
- "name": "PandasAI Prompt Injection to Remote Code Execution",
39050
- "rwep": 46,
39777
+ "CVE-2026-33017": {
39778
+ "name": "Langflow Public Flow-Build Endpoint Unauthenticated Remote Code Execution (CISA KEV)",
39779
+ "rwep": 78,
39051
39780
  "cvss": 9.8,
39052
- "cisa_kev": false,
39781
+ "cisa_kev": true,
39053
39782
  "epss_score": null,
39054
39783
  "referencing_skills": [
39055
39784
  "ai-attack-surface",
@@ -65886,6 +66615,7 @@
65886
66615
  "CVE-2025-30202",
65887
66616
  "CVE-2025-32434",
65888
66617
  "CVE-2025-32444",
66618
+ "CVE-2025-3248",
65889
66619
  "CVE-2025-33236",
65890
66620
  "CVE-2025-34291",
65891
66621
  "CVE-2025-38352",
@@ -65918,6 +66648,7 @@
65918
66648
  "CVE-2026-30624",
65919
66649
  "CVE-2026-30625",
65920
66650
  "CVE-2026-31431",
66651
+ "CVE-2026-33017",
65921
66652
  "CVE-2026-34159",
65922
66653
  "CVE-2026-34926",
65923
66654
  "CVE-2026-39884",
@@ -66116,11 +66847,13 @@
66116
66847
  "CVE-2024-5565",
66117
66848
  "CVE-2025-0133",
66118
66849
  "CVE-2025-1094",
66850
+ "CVE-2025-3248",
66119
66851
  "CVE-2025-49844",
66120
66852
  "CVE-2025-53773",
66121
66853
  "CVE-2025-6965",
66122
66854
  "CVE-2026-30615",
66123
66855
  "CVE-2026-30623",
66856
+ "CVE-2026-33017",
66124
66857
  "CVE-2026-39884",
66125
66858
  "CVE-2026-42208",
66126
66859
  "CVE-2026-45321",
@@ -66296,6 +67029,7 @@
66296
67029
  "CVE-2025-30202",
66297
67030
  "CVE-2025-32434",
66298
67031
  "CVE-2025-32444",
67032
+ "CVE-2025-3248",
66299
67033
  "CVE-2025-33236",
66300
67034
  "CVE-2025-34291",
66301
67035
  "CVE-2025-38352",
@@ -66325,6 +67059,7 @@
66325
67059
  "CVE-2026-30624",
66326
67060
  "CVE-2026-30625",
66327
67061
  "CVE-2026-31431",
67062
+ "CVE-2026-33017",
66328
67063
  "CVE-2026-34159",
66329
67064
  "CVE-2026-34926",
66330
67065
  "CVE-2026-39884",
@@ -66497,6 +67232,7 @@
66497
67232
  "CVE-2025-30202",
66498
67233
  "CVE-2025-32434",
66499
67234
  "CVE-2025-32444",
67235
+ "CVE-2025-3248",
66500
67236
  "CVE-2025-33236",
66501
67237
  "CVE-2025-34291",
66502
67238
  "CVE-2025-38352",
@@ -66526,6 +67262,7 @@
66526
67262
  "CVE-2026-30624",
66527
67263
  "CVE-2026-30625",
66528
67264
  "CVE-2026-31431",
67265
+ "CVE-2026-33017",
66529
67266
  "CVE-2026-34159",
66530
67267
  "CVE-2026-34926",
66531
67268
  "CVE-2026-39884",
@@ -66712,6 +67449,7 @@
66712
67449
  "CVE-2025-30202",
66713
67450
  "CVE-2025-32434",
66714
67451
  "CVE-2025-32444",
67452
+ "CVE-2025-3248",
66715
67453
  "CVE-2025-33236",
66716
67454
  "CVE-2025-34291",
66717
67455
  "CVE-2025-38352",
@@ -66741,6 +67479,7 @@
66741
67479
  "CVE-2026-30624",
66742
67480
  "CVE-2026-30625",
66743
67481
  "CVE-2026-31431",
67482
+ "CVE-2026-33017",
66744
67483
  "CVE-2026-34159",
66745
67484
  "CVE-2026-34926",
66746
67485
  "CVE-2026-39884",
@@ -67032,6 +67771,7 @@
67032
67771
  "CVE-2025-30202",
67033
67772
  "CVE-2025-32434",
67034
67773
  "CVE-2025-32444",
67774
+ "CVE-2025-3248",
67035
67775
  "CVE-2025-33236",
67036
67776
  "CVE-2025-34291",
67037
67777
  "CVE-2025-49596",
@@ -67063,6 +67803,7 @@
67063
67803
  "CVE-2026-30624",
67064
67804
  "CVE-2026-30625",
67065
67805
  "CVE-2026-32202",
67806
+ "CVE-2026-33017",
67066
67807
  "CVE-2026-33825",
67067
67808
  "CVE-2026-34159",
67068
67809
  "CVE-2026-39884",
@@ -67517,7 +68258,6 @@
67517
68258
  "CVE-2026-31635",
67518
68259
  "CVE-2026-32201",
67519
68260
  "CVE-2026-32202",
67520
- "CVE-2026-33017",
67521
68261
  "CVE-2026-33634",
67522
68262
  "CVE-2026-33825",
67523
68263
  "CVE-2026-34159",
@@ -67780,12 +68520,14 @@
67780
68520
  "CVE-2025-23266",
67781
68521
  "CVE-2025-30202",
67782
68522
  "CVE-2025-32444",
68523
+ "CVE-2025-3248",
67783
68524
  "CVE-2025-49844",
67784
68525
  "CVE-2025-53767",
67785
68526
  "CVE-2025-53773",
67786
68527
  "CVE-2025-6965",
67787
68528
  "CVE-2026-30615",
67788
68529
  "CVE-2026-30623",
68530
+ "CVE-2026-33017",
67789
68531
  "CVE-2026-34159",
67790
68532
  "CVE-2026-39884",
67791
68533
  "CVE-2026-42208",
@@ -68171,6 +68913,7 @@
68171
68913
  "CVE-2025-30202",
68172
68914
  "CVE-2025-32434",
68173
68915
  "CVE-2025-32444",
68916
+ "CVE-2025-3248",
68174
68917
  "CVE-2025-33236",
68175
68918
  "CVE-2025-34291",
68176
68919
  "CVE-2025-38352",
@@ -68203,6 +68946,7 @@
68203
68946
  "CVE-2026-30624",
68204
68947
  "CVE-2026-30625",
68205
68948
  "CVE-2026-31431",
68949
+ "CVE-2026-33017",
68206
68950
  "CVE-2026-34159",
68207
68951
  "CVE-2026-34926",
68208
68952
  "CVE-2026-39884",
@@ -68811,6 +69555,7 @@
68811
69555
  "CVE-2025-30202",
68812
69556
  "CVE-2025-32434",
68813
69557
  "CVE-2025-32444",
69558
+ "CVE-2025-3248",
68814
69559
  "CVE-2025-33236",
68815
69560
  "CVE-2025-34291",
68816
69561
  "CVE-2025-38352",
@@ -68843,6 +69588,7 @@
68843
69588
  "CVE-2026-30624",
68844
69589
  "CVE-2026-30625",
68845
69590
  "CVE-2026-31431",
69591
+ "CVE-2026-33017",
68846
69592
  "CVE-2026-34159",
68847
69593
  "CVE-2026-34926",
68848
69594
  "CVE-2026-39884",
@@ -69524,9 +70270,11 @@
69524
70270
  "CVE-2024-3094",
69525
70271
  "CVE-2024-3154",
69526
70272
  "CVE-2024-5565",
70273
+ "CVE-2025-3248",
69527
70274
  "CVE-2025-49844",
69528
70275
  "CVE-2025-53773",
69529
70276
  "CVE-2026-30615",
70277
+ "CVE-2026-33017",
69530
70278
  "CVE-2026-45321",
69531
70279
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
69532
70280
  "MAL-2026-3083",
@@ -69793,6 +70541,7 @@
69793
70541
  "CVE-2025-30202",
69794
70542
  "CVE-2025-32434",
69795
70543
  "CVE-2025-32444",
70544
+ "CVE-2025-3248",
69796
70545
  "CVE-2025-33236",
69797
70546
  "CVE-2025-34291",
69798
70547
  "CVE-2025-38352",
@@ -69825,6 +70574,7 @@
69825
70574
  "CVE-2026-30624",
69826
70575
  "CVE-2026-30625",
69827
70576
  "CVE-2026-31431",
70577
+ "CVE-2026-33017",
69828
70578
  "CVE-2026-34159",
69829
70579
  "CVE-2026-34926",
69830
70580
  "CVE-2026-39884",
@@ -70284,7 +71034,6 @@
70284
71034
  "CVE-2026-31635",
70285
71035
  "CVE-2026-32201",
70286
71036
  "CVE-2026-32202",
70287
- "CVE-2026-33017",
70288
71037
  "CVE-2026-33634",
70289
71038
  "CVE-2026-33825",
70290
71039
  "CVE-2026-34159",
@@ -70743,7 +71492,6 @@
70743
71492
  "CVE-2026-31635",
70744
71493
  "CVE-2026-32201",
70745
71494
  "CVE-2026-32202",
70746
- "CVE-2026-33017",
70747
71495
  "CVE-2026-33634",
70748
71496
  "CVE-2026-33825",
70749
71497
  "CVE-2026-34159",
@@ -71024,6 +71772,7 @@
71024
71772
  "CVE-2025-30202",
71025
71773
  "CVE-2025-32434",
71026
71774
  "CVE-2025-32444",
71775
+ "CVE-2025-3248",
71027
71776
  "CVE-2025-33236",
71028
71777
  "CVE-2025-34291",
71029
71778
  "CVE-2025-38352",
@@ -71056,6 +71805,7 @@
71056
71805
  "CVE-2026-30624",
71057
71806
  "CVE-2026-30625",
71058
71807
  "CVE-2026-31431",
71808
+ "CVE-2026-33017",
71059
71809
  "CVE-2026-34159",
71060
71810
  "CVE-2026-34926",
71061
71811
  "CVE-2026-39884",
@@ -71264,9 +72014,11 @@
71264
72014
  "CVE-2024-3094",
71265
72015
  "CVE-2024-3154",
71266
72016
  "CVE-2024-5565",
72017
+ "CVE-2025-3248",
71267
72018
  "CVE-2025-49844",
71268
72019
  "CVE-2025-53773",
71269
72020
  "CVE-2026-30615",
72021
+ "CVE-2026-33017",
71270
72022
  "CVE-2026-45321",
71271
72023
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
71272
72024
  "MAL-2026-3083",
@@ -71459,9 +72211,11 @@
71459
72211
  "CVE-2024-5565",
71460
72212
  "CVE-2025-0133",
71461
72213
  "CVE-2025-1094",
72214
+ "CVE-2025-3248",
71462
72215
  "CVE-2025-6965",
71463
72216
  "CVE-2026-30615",
71464
72217
  "CVE-2026-30623",
72218
+ "CVE-2026-33017",
71465
72219
  "CVE-2026-39884",
71466
72220
  "CVE-2026-42208",
71467
72221
  "CVE-2026-45321",
@@ -72071,7 +72825,6 @@
72071
72825
  "CVE-2026-31635",
72072
72826
  "CVE-2026-32201",
72073
72827
  "CVE-2026-32202",
72074
- "CVE-2026-33017",
72075
72828
  "CVE-2026-33634",
72076
72829
  "CVE-2026-33825",
72077
72830
  "CVE-2026-34159",
@@ -72416,6 +73169,7 @@
72416
73169
  "CVE-2025-30202",
72417
73170
  "CVE-2025-32434",
72418
73171
  "CVE-2025-32444",
73172
+ "CVE-2025-3248",
72419
73173
  "CVE-2025-33236",
72420
73174
  "CVE-2025-34291",
72421
73175
  "CVE-2025-38352",
@@ -72448,6 +73202,7 @@
72448
73202
  "CVE-2026-30624",
72449
73203
  "CVE-2026-30625",
72450
73204
  "CVE-2026-31431",
73205
+ "CVE-2026-33017",
72451
73206
  "CVE-2026-34159",
72452
73207
  "CVE-2026-34926",
72453
73208
  "CVE-2026-39884",
@@ -72834,6 +73589,7 @@
72834
73589
  "CVE-2025-32434",
72835
73590
  "CVE-2025-32444",
72836
73591
  "CVE-2025-32463",
73592
+ "CVE-2025-3248",
72837
73593
  "CVE-2025-32701",
72838
73594
  "CVE-2025-32706",
72839
73595
  "CVE-2025-32709",
@@ -73350,6 +74106,7 @@
73350
74106
  "CVE-2025-30202",
73351
74107
  "CVE-2025-32434",
73352
74108
  "CVE-2025-32444",
74109
+ "CVE-2025-3248",
73353
74110
  "CVE-2025-33236",
73354
74111
  "CVE-2025-34291",
73355
74112
  "CVE-2025-38352",
@@ -73380,6 +74137,7 @@
73380
74137
  "CVE-2026-30624",
73381
74138
  "CVE-2026-30625",
73382
74139
  "CVE-2026-31431",
74140
+ "CVE-2026-33017",
73383
74141
  "CVE-2026-34159",
73384
74142
  "CVE-2026-34926",
73385
74143
  "CVE-2026-39884",
@@ -73696,11 +74454,13 @@
73696
74454
  "CVE-2024-5565",
73697
74455
  "CVE-2025-0133",
73698
74456
  "CVE-2025-1094",
74457
+ "CVE-2025-3248",
73699
74458
  "CVE-2025-49844",
73700
74459
  "CVE-2025-53773",
73701
74460
  "CVE-2025-6965",
73702
74461
  "CVE-2026-30615",
73703
74462
  "CVE-2026-30623",
74463
+ "CVE-2026-33017",
73704
74464
  "CVE-2026-39884",
73705
74465
  "CVE-2026-42208",
73706
74466
  "CVE-2026-45321",
@@ -73981,10 +74741,12 @@
73981
74741
  "CVE-2024-5565",
73982
74742
  "CVE-2025-0133",
73983
74743
  "CVE-2025-1094",
74744
+ "CVE-2025-3248",
73984
74745
  "CVE-2025-53773",
73985
74746
  "CVE-2025-6965",
73986
74747
  "CVE-2026-30615",
73987
74748
  "CVE-2026-30623",
74749
+ "CVE-2026-33017",
73988
74750
  "CVE-2026-39884",
73989
74751
  "CVE-2026-42208",
73990
74752
  "CVE-2026-45321",
@@ -74330,6 +75092,7 @@
74330
75092
  "CVE-2025-30202",
74331
75093
  "CVE-2025-32434",
74332
75094
  "CVE-2025-32444",
75095
+ "CVE-2025-3248",
74333
75096
  "CVE-2025-33236",
74334
75097
  "CVE-2025-34291",
74335
75098
  "CVE-2025-38352",
@@ -74362,6 +75125,7 @@
74362
75125
  "CVE-2026-30624",
74363
75126
  "CVE-2026-30625",
74364
75127
  "CVE-2026-31431",
75128
+ "CVE-2026-33017",
74365
75129
  "CVE-2026-34159",
74366
75130
  "CVE-2026-34926",
74367
75131
  "CVE-2026-39884",
@@ -74673,6 +75437,7 @@
74673
75437
  "CVE-2025-30202",
74674
75438
  "CVE-2025-32434",
74675
75439
  "CVE-2025-32444",
75440
+ "CVE-2025-3248",
74676
75441
  "CVE-2025-33236",
74677
75442
  "CVE-2025-34291",
74678
75443
  "CVE-2025-49596",
@@ -74702,6 +75467,7 @@
74702
75467
  "CVE-2026-30624",
74703
75468
  "CVE-2026-30625",
74704
75469
  "CVE-2026-32202",
75470
+ "CVE-2026-33017",
74705
75471
  "CVE-2026-33825",
74706
75472
  "CVE-2026-34159",
74707
75473
  "CVE-2026-39884",
@@ -74867,11 +75633,13 @@
74867
75633
  "CVE-2024-5565",
74868
75634
  "CVE-2025-0133",
74869
75635
  "CVE-2025-1094",
75636
+ "CVE-2025-3248",
74870
75637
  "CVE-2025-49844",
74871
75638
  "CVE-2025-53773",
74872
75639
  "CVE-2025-6965",
74873
75640
  "CVE-2026-30615",
74874
75641
  "CVE-2026-30623",
75642
+ "CVE-2026-33017",
74875
75643
  "CVE-2026-39884",
74876
75644
  "CVE-2026-42208",
74877
75645
  "CVE-2026-45321",
@@ -75336,7 +76104,6 @@
75336
76104
  "CVE-2026-31431",
75337
76105
  "CVE-2026-31635",
75338
76106
  "CVE-2026-32201",
75339
- "CVE-2026-33017",
75340
76107
  "CVE-2026-33634",
75341
76108
  "CVE-2026-34159",
75342
76109
  "CVE-2026-34197",
@@ -75616,6 +76383,7 @@
75616
76383
  "CVE-2025-30202",
75617
76384
  "CVE-2025-32434",
75618
76385
  "CVE-2025-32444",
76386
+ "CVE-2025-3248",
75619
76387
  "CVE-2025-33236",
75620
76388
  "CVE-2025-34291",
75621
76389
  "CVE-2025-38352",
@@ -75648,6 +76416,7 @@
75648
76416
  "CVE-2026-30624",
75649
76417
  "CVE-2026-30625",
75650
76418
  "CVE-2026-31431",
76419
+ "CVE-2026-33017",
75651
76420
  "CVE-2026-34159",
75652
76421
  "CVE-2026-34926",
75653
76422
  "CVE-2026-39884",
@@ -75949,6 +76718,7 @@
75949
76718
  "CVE-2025-30202",
75950
76719
  "CVE-2025-32434",
75951
76720
  "CVE-2025-32444",
76721
+ "CVE-2025-3248",
75952
76722
  "CVE-2025-33236",
75953
76723
  "CVE-2025-34291",
75954
76724
  "CVE-2025-49596",
@@ -75980,6 +76750,7 @@
75980
76750
  "CVE-2026-30624",
75981
76751
  "CVE-2026-30625",
75982
76752
  "CVE-2026-32202",
76753
+ "CVE-2026-33017",
75983
76754
  "CVE-2026-33825",
75984
76755
  "CVE-2026-34159",
75985
76756
  "CVE-2026-39884",