@blamejs/exceptd-skills 0.13.105 → 0.13.106

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +896 -0
  6. package/data/atlas-ttps.json +2 -0
  7. package/data/attack-techniques.json +4 -0
  8. package/data/cve-catalog.json +208 -0
  9. package/data/cwe-catalog.json +2 -0
  10. package/data/framework-control-gaps.json +20 -0
  11. package/data/zeroday-lessons.json +100 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -41608,6 +41608,854 @@
41608
41608
  ]
41609
41609
  }
41610
41610
  },
41611
+ "CVE-2024-2912": {
41612
+ "name": "BentoML Insecure Deserialization Unauthenticated Remote Code Execution",
41613
+ "rwep": 33,
41614
+ "cvss": 10,
41615
+ "cisa_kev": false,
41616
+ "epss_score": null,
41617
+ "referencing_skills": [
41618
+ "ai-attack-surface",
41619
+ "mcp-agent-trust",
41620
+ "compliance-theater",
41621
+ "rag-pipeline-security",
41622
+ "ai-c2-detection",
41623
+ "threat-modeling-methodology",
41624
+ "webapp-security",
41625
+ "api-security",
41626
+ "cloud-security",
41627
+ "container-runtime-security",
41628
+ "email-security-anti-phishing"
41629
+ ],
41630
+ "chain": {
41631
+ "cwes": [
41632
+ {
41633
+ "id": "CWE-1039",
41634
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
41635
+ "category": "AI/ML"
41636
+ },
41637
+ {
41638
+ "id": "CWE-1188",
41639
+ "name": "Initialization of a Resource with an Insecure Default",
41640
+ "category": "Configuration"
41641
+ },
41642
+ {
41643
+ "id": "CWE-1395",
41644
+ "name": "Dependency on Vulnerable Third-Party Component",
41645
+ "category": "Supply Chain"
41646
+ },
41647
+ {
41648
+ "id": "CWE-1426",
41649
+ "name": "Improper Validation of Generative AI Output",
41650
+ "category": "AI/ML"
41651
+ },
41652
+ {
41653
+ "id": "CWE-200",
41654
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
41655
+ "category": "Information Exposure"
41656
+ },
41657
+ {
41658
+ "id": "CWE-22",
41659
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
41660
+ "category": "Path/Resource"
41661
+ },
41662
+ {
41663
+ "id": "CWE-269",
41664
+ "name": "Improper Privilege Management",
41665
+ "category": "Authorization"
41666
+ },
41667
+ {
41668
+ "id": "CWE-287",
41669
+ "name": "Improper Authentication",
41670
+ "category": "Authentication"
41671
+ },
41672
+ {
41673
+ "id": "CWE-345",
41674
+ "name": "Insufficient Verification of Data Authenticity",
41675
+ "category": "Authenticity / Supply Chain"
41676
+ },
41677
+ {
41678
+ "id": "CWE-352",
41679
+ "name": "Cross-Site Request Forgery (CSRF)",
41680
+ "category": "Session"
41681
+ },
41682
+ {
41683
+ "id": "CWE-434",
41684
+ "name": "Unrestricted Upload of File with Dangerous Type",
41685
+ "category": "File Handling"
41686
+ },
41687
+ {
41688
+ "id": "CWE-494",
41689
+ "name": "Download of Code Without Integrity Check",
41690
+ "category": "Supply Chain"
41691
+ },
41692
+ {
41693
+ "id": "CWE-502",
41694
+ "name": "Deserialization of Untrusted Data",
41695
+ "category": "Serialization"
41696
+ },
41697
+ {
41698
+ "id": "CWE-732",
41699
+ "name": "Incorrect Permission Assignment for Critical Resource",
41700
+ "category": "Authorization"
41701
+ },
41702
+ {
41703
+ "id": "CWE-77",
41704
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
41705
+ "category": "Injection"
41706
+ },
41707
+ {
41708
+ "id": "CWE-78",
41709
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
41710
+ "category": "Injection"
41711
+ },
41712
+ {
41713
+ "id": "CWE-787",
41714
+ "name": "Out-of-bounds Write",
41715
+ "category": "Memory Safety"
41716
+ },
41717
+ {
41718
+ "id": "CWE-79",
41719
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
41720
+ "category": "Injection"
41721
+ },
41722
+ {
41723
+ "id": "CWE-798",
41724
+ "name": "Use of Hard-coded Credentials",
41725
+ "category": "Credentials"
41726
+ },
41727
+ {
41728
+ "id": "CWE-862",
41729
+ "name": "Missing Authorization",
41730
+ "category": "Authorization"
41731
+ },
41732
+ {
41733
+ "id": "CWE-863",
41734
+ "name": "Incorrect Authorization",
41735
+ "category": "Authorization"
41736
+ },
41737
+ {
41738
+ "id": "CWE-89",
41739
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
41740
+ "category": "Injection"
41741
+ },
41742
+ {
41743
+ "id": "CWE-918",
41744
+ "name": "Server-Side Request Forgery (SSRF)",
41745
+ "category": "Network"
41746
+ },
41747
+ {
41748
+ "id": "CWE-94",
41749
+ "name": "Improper Control of Generation of Code (Code Injection)",
41750
+ "category": "Injection"
41751
+ }
41752
+ ],
41753
+ "atlas": [
41754
+ {
41755
+ "id": "AML.T0010",
41756
+ "name": "ML Supply Chain Compromise",
41757
+ "tactic": "Initial Access"
41758
+ },
41759
+ {
41760
+ "id": "AML.T0016",
41761
+ "name": "Obtain Capabilities: Develop Capabilities",
41762
+ "tactic": "Resource Development"
41763
+ },
41764
+ {
41765
+ "id": "AML.T0017",
41766
+ "name": "Discover ML Model Ontology",
41767
+ "tactic": "Discovery"
41768
+ },
41769
+ {
41770
+ "id": "AML.T0018",
41771
+ "name": "Backdoor ML Model",
41772
+ "tactic": "Persistence"
41773
+ },
41774
+ {
41775
+ "id": "AML.T0020",
41776
+ "name": "Poison Training Data",
41777
+ "tactic": "ML Attack Staging"
41778
+ },
41779
+ {
41780
+ "id": "AML.T0043",
41781
+ "name": "Craft Adversarial Data",
41782
+ "tactic": "ML Attack Staging"
41783
+ },
41784
+ {
41785
+ "id": "AML.T0051",
41786
+ "name": "LLM Prompt Injection",
41787
+ "tactic": "Execution"
41788
+ },
41789
+ {
41790
+ "id": "AML.T0054",
41791
+ "name": "LLM Jailbreak",
41792
+ "tactic": "Defense Evasion"
41793
+ },
41794
+ {
41795
+ "id": "AML.T0096",
41796
+ "name": "AI API as Covert C2 Channel",
41797
+ "tactic": "Command and Control"
41798
+ }
41799
+ ],
41800
+ "d3fend": [
41801
+ {
41802
+ "id": "D3-CA",
41803
+ "name": "Certificate Analysis",
41804
+ "tactic": "Detect"
41805
+ },
41806
+ {
41807
+ "id": "D3-CBAN",
41808
+ "name": "Certificate-based Authentication",
41809
+ "tactic": "Harden"
41810
+ },
41811
+ {
41812
+ "id": "D3-CSPP",
41813
+ "name": "Client-server Payload Profiling",
41814
+ "tactic": "Detect"
41815
+ },
41816
+ {
41817
+ "id": "D3-DA",
41818
+ "name": "Domain Analysis",
41819
+ "tactic": "Detect"
41820
+ },
41821
+ {
41822
+ "id": "D3-EAL",
41823
+ "name": "Executable Allowlisting",
41824
+ "tactic": "Harden"
41825
+ },
41826
+ {
41827
+ "id": "D3-EHB",
41828
+ "name": "Executable Hashbased Allowlist",
41829
+ "tactic": "Harden"
41830
+ },
41831
+ {
41832
+ "id": "D3-IOPR",
41833
+ "name": "Input/Output Profiling Resource",
41834
+ "tactic": "Detect"
41835
+ },
41836
+ {
41837
+ "id": "D3-MFA",
41838
+ "name": "Multi-factor Authentication",
41839
+ "tactic": "Harden"
41840
+ },
41841
+ {
41842
+ "id": "D3-NI",
41843
+ "name": "Network Isolation",
41844
+ "tactic": "Isolate"
41845
+ },
41846
+ {
41847
+ "id": "D3-NTA",
41848
+ "name": "Network Traffic Analysis",
41849
+ "tactic": "Detect"
41850
+ },
41851
+ {
41852
+ "id": "D3-NTPM",
41853
+ "name": "Network Traffic Policy Mapping",
41854
+ "tactic": "Model"
41855
+ }
41856
+ ],
41857
+ "framework_gaps": [
41858
+ {
41859
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
41860
+ "framework": "ALL",
41861
+ "control_name": "AI Pipeline Integrity"
41862
+ },
41863
+ {
41864
+ "id": "ALL-MCP-TOOL-TRUST",
41865
+ "framework": "ALL",
41866
+ "control_name": "MCP/Agent Tool Trust Boundaries"
41867
+ },
41868
+ {
41869
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
41870
+ "framework": "ALL",
41871
+ "control_name": "Prompt Injection as Access Control Failure"
41872
+ },
41873
+ {
41874
+ "id": "CMMC-2.0-Level-2",
41875
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
41876
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
41877
+ },
41878
+ {
41879
+ "id": "FedRAMP-Rev5-Moderate",
41880
+ "framework": "FedRAMP Rev 5 Moderate",
41881
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
41882
+ },
41883
+ {
41884
+ "id": "ISO-27001-2022-A.8.16",
41885
+ "framework": "ISO/IEC 27001:2022",
41886
+ "control_name": "Monitoring activities"
41887
+ },
41888
+ {
41889
+ "id": "ISO-27001-2022-A.8.28",
41890
+ "framework": "ISO/IEC 27001:2022",
41891
+ "control_name": "Secure coding"
41892
+ },
41893
+ {
41894
+ "id": "ISO-27001-2022-A.8.30",
41895
+ "framework": "ISO/IEC 27001:2022",
41896
+ "control_name": "Outsourced development"
41897
+ },
41898
+ {
41899
+ "id": "ISO-IEC-23894-2023-clause-7",
41900
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
41901
+ "control_name": "AI risk management process"
41902
+ },
41903
+ {
41904
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
41905
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
41906
+ "control_name": "AI risk assessment"
41907
+ },
41908
+ {
41909
+ "id": "NIST-800-218-SSDF",
41910
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
41911
+ "control_name": "Secure Software Development Framework"
41912
+ },
41913
+ {
41914
+ "id": "NIST-800-53-AC-2",
41915
+ "framework": "NIST SP 800-53 Rev 5",
41916
+ "control_name": "Account Management"
41917
+ },
41918
+ {
41919
+ "id": "NIST-800-53-CM-7",
41920
+ "framework": "NIST SP 800-53 Rev 5",
41921
+ "control_name": "Least Functionality"
41922
+ },
41923
+ {
41924
+ "id": "NIST-800-53-SA-12",
41925
+ "framework": "NIST SP 800-53 Rev 5",
41926
+ "control_name": "Supply Chain Protection"
41927
+ },
41928
+ {
41929
+ "id": "NIST-800-53-SC-7",
41930
+ "framework": "NIST SP 800-53 Rev 5",
41931
+ "control_name": "Boundary Protection"
41932
+ },
41933
+ {
41934
+ "id": "NIST-800-53-SI-12",
41935
+ "framework": "NIST SP 800-53 Rev 5",
41936
+ "control_name": "Information Management and Retention"
41937
+ },
41938
+ {
41939
+ "id": "NIST-800-53-SI-3",
41940
+ "framework": "NIST SP 800-53 Rev 5",
41941
+ "control_name": "Malicious Code Protection"
41942
+ },
41943
+ {
41944
+ "id": "NIST-AI-RMF-MEASURE-2.5",
41945
+ "framework": "NIST AI RMF 1.0",
41946
+ "control_name": "AI system to human interaction evaluation"
41947
+ },
41948
+ {
41949
+ "id": "OWASP-ASVS-v5.0-V14",
41950
+ "framework": "OWASP ASVS v5.0",
41951
+ "control_name": "Configuration verification"
41952
+ },
41953
+ {
41954
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
41955
+ "framework": "OWASP Top 10 for LLM Applications 2025",
41956
+ "control_name": "Prompt Injection"
41957
+ },
41958
+ {
41959
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
41960
+ "framework": "OWASP Top 10 for LLM Applications 2025",
41961
+ "control_name": "Sensitive Information Disclosure"
41962
+ },
41963
+ {
41964
+ "id": "OWASP-LLM-Top-10-2025-LLM06",
41965
+ "framework": "OWASP Top 10 for LLM Applications 2025",
41966
+ "control_name": "Excessive Agency"
41967
+ },
41968
+ {
41969
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
41970
+ "framework": "OWASP Top 10 for LLM Applications 2025",
41971
+ "control_name": "Vector and Embedding Weaknesses"
41972
+ },
41973
+ {
41974
+ "id": "SLSA-v1.0-Build-L3",
41975
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
41976
+ "control_name": "Hardened build platform with non-falsifiable provenance"
41977
+ },
41978
+ {
41979
+ "id": "SOC2-CC6-logical-access",
41980
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
41981
+ "control_name": "Logical and Physical Access Controls"
41982
+ },
41983
+ {
41984
+ "id": "SOC2-CC7-anomaly-detection",
41985
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
41986
+ "control_name": "System Operations — Threat and Vulnerability Management"
41987
+ },
41988
+ {
41989
+ "id": "SOC2-CC9-vendor-management",
41990
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
41991
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
41992
+ },
41993
+ {
41994
+ "id": "SWIFT-CSCF-v2026-1.1",
41995
+ "framework": "SWIFT Customer Security Controls Framework v2026",
41996
+ "control_name": "SWIFT Environment Protection"
41997
+ }
41998
+ ],
41999
+ "attack_refs": [
42000
+ "T1059",
42001
+ "T1068",
42002
+ "T1071",
42003
+ "T1078",
42004
+ "T1102",
42005
+ "T1190",
42006
+ "T1195.001",
42007
+ "T1505",
42008
+ "T1530",
42009
+ "T1552",
42010
+ "T1565",
42011
+ "T1566",
42012
+ "T1566.001",
42013
+ "T1566.002",
42014
+ "T1566.003",
42015
+ "T1567",
42016
+ "T1568",
42017
+ "T1610",
42018
+ "T1611"
42019
+ ],
42020
+ "rfc_refs": [
42021
+ "RFC-6749",
42022
+ "RFC-7519",
42023
+ "RFC-8032",
42024
+ "RFC-8446",
42025
+ "RFC-8725",
42026
+ "RFC-9000",
42027
+ "RFC-9114",
42028
+ "RFC-9180",
42029
+ "RFC-9421",
42030
+ "RFC-9458",
42031
+ "RFC-9700"
42032
+ ]
42033
+ }
42034
+ },
42035
+ "CVE-2025-27520": {
42036
+ "name": "BentoML serde.py Insecure Deserialization Unauthenticated Remote Code Execution",
42037
+ "rwep": 33,
42038
+ "cvss": 9.8,
42039
+ "cisa_kev": false,
42040
+ "epss_score": null,
42041
+ "referencing_skills": [
42042
+ "ai-attack-surface",
42043
+ "mcp-agent-trust",
42044
+ "compliance-theater",
42045
+ "rag-pipeline-security",
42046
+ "ai-c2-detection",
42047
+ "threat-modeling-methodology",
42048
+ "webapp-security",
42049
+ "api-security",
42050
+ "cloud-security",
42051
+ "container-runtime-security",
42052
+ "email-security-anti-phishing"
42053
+ ],
42054
+ "chain": {
42055
+ "cwes": [
42056
+ {
42057
+ "id": "CWE-1039",
42058
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
42059
+ "category": "AI/ML"
42060
+ },
42061
+ {
42062
+ "id": "CWE-1188",
42063
+ "name": "Initialization of a Resource with an Insecure Default",
42064
+ "category": "Configuration"
42065
+ },
42066
+ {
42067
+ "id": "CWE-1395",
42068
+ "name": "Dependency on Vulnerable Third-Party Component",
42069
+ "category": "Supply Chain"
42070
+ },
42071
+ {
42072
+ "id": "CWE-1426",
42073
+ "name": "Improper Validation of Generative AI Output",
42074
+ "category": "AI/ML"
42075
+ },
42076
+ {
42077
+ "id": "CWE-200",
42078
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
42079
+ "category": "Information Exposure"
42080
+ },
42081
+ {
42082
+ "id": "CWE-22",
42083
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
42084
+ "category": "Path/Resource"
42085
+ },
42086
+ {
42087
+ "id": "CWE-269",
42088
+ "name": "Improper Privilege Management",
42089
+ "category": "Authorization"
42090
+ },
42091
+ {
42092
+ "id": "CWE-287",
42093
+ "name": "Improper Authentication",
42094
+ "category": "Authentication"
42095
+ },
42096
+ {
42097
+ "id": "CWE-345",
42098
+ "name": "Insufficient Verification of Data Authenticity",
42099
+ "category": "Authenticity / Supply Chain"
42100
+ },
42101
+ {
42102
+ "id": "CWE-352",
42103
+ "name": "Cross-Site Request Forgery (CSRF)",
42104
+ "category": "Session"
42105
+ },
42106
+ {
42107
+ "id": "CWE-434",
42108
+ "name": "Unrestricted Upload of File with Dangerous Type",
42109
+ "category": "File Handling"
42110
+ },
42111
+ {
42112
+ "id": "CWE-494",
42113
+ "name": "Download of Code Without Integrity Check",
42114
+ "category": "Supply Chain"
42115
+ },
42116
+ {
42117
+ "id": "CWE-502",
42118
+ "name": "Deserialization of Untrusted Data",
42119
+ "category": "Serialization"
42120
+ },
42121
+ {
42122
+ "id": "CWE-732",
42123
+ "name": "Incorrect Permission Assignment for Critical Resource",
42124
+ "category": "Authorization"
42125
+ },
42126
+ {
42127
+ "id": "CWE-77",
42128
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
42129
+ "category": "Injection"
42130
+ },
42131
+ {
42132
+ "id": "CWE-78",
42133
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
42134
+ "category": "Injection"
42135
+ },
42136
+ {
42137
+ "id": "CWE-787",
42138
+ "name": "Out-of-bounds Write",
42139
+ "category": "Memory Safety"
42140
+ },
42141
+ {
42142
+ "id": "CWE-79",
42143
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
42144
+ "category": "Injection"
42145
+ },
42146
+ {
42147
+ "id": "CWE-798",
42148
+ "name": "Use of Hard-coded Credentials",
42149
+ "category": "Credentials"
42150
+ },
42151
+ {
42152
+ "id": "CWE-862",
42153
+ "name": "Missing Authorization",
42154
+ "category": "Authorization"
42155
+ },
42156
+ {
42157
+ "id": "CWE-863",
42158
+ "name": "Incorrect Authorization",
42159
+ "category": "Authorization"
42160
+ },
42161
+ {
42162
+ "id": "CWE-89",
42163
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
42164
+ "category": "Injection"
42165
+ },
42166
+ {
42167
+ "id": "CWE-918",
42168
+ "name": "Server-Side Request Forgery (SSRF)",
42169
+ "category": "Network"
42170
+ },
42171
+ {
42172
+ "id": "CWE-94",
42173
+ "name": "Improper Control of Generation of Code (Code Injection)",
42174
+ "category": "Injection"
42175
+ }
42176
+ ],
42177
+ "atlas": [
42178
+ {
42179
+ "id": "AML.T0010",
42180
+ "name": "ML Supply Chain Compromise",
42181
+ "tactic": "Initial Access"
42182
+ },
42183
+ {
42184
+ "id": "AML.T0016",
42185
+ "name": "Obtain Capabilities: Develop Capabilities",
42186
+ "tactic": "Resource Development"
42187
+ },
42188
+ {
42189
+ "id": "AML.T0017",
42190
+ "name": "Discover ML Model Ontology",
42191
+ "tactic": "Discovery"
42192
+ },
42193
+ {
42194
+ "id": "AML.T0018",
42195
+ "name": "Backdoor ML Model",
42196
+ "tactic": "Persistence"
42197
+ },
42198
+ {
42199
+ "id": "AML.T0020",
42200
+ "name": "Poison Training Data",
42201
+ "tactic": "ML Attack Staging"
42202
+ },
42203
+ {
42204
+ "id": "AML.T0043",
42205
+ "name": "Craft Adversarial Data",
42206
+ "tactic": "ML Attack Staging"
42207
+ },
42208
+ {
42209
+ "id": "AML.T0051",
42210
+ "name": "LLM Prompt Injection",
42211
+ "tactic": "Execution"
42212
+ },
42213
+ {
42214
+ "id": "AML.T0054",
42215
+ "name": "LLM Jailbreak",
42216
+ "tactic": "Defense Evasion"
42217
+ },
42218
+ {
42219
+ "id": "AML.T0096",
42220
+ "name": "AI API as Covert C2 Channel",
42221
+ "tactic": "Command and Control"
42222
+ }
42223
+ ],
42224
+ "d3fend": [
42225
+ {
42226
+ "id": "D3-CA",
42227
+ "name": "Certificate Analysis",
42228
+ "tactic": "Detect"
42229
+ },
42230
+ {
42231
+ "id": "D3-CBAN",
42232
+ "name": "Certificate-based Authentication",
42233
+ "tactic": "Harden"
42234
+ },
42235
+ {
42236
+ "id": "D3-CSPP",
42237
+ "name": "Client-server Payload Profiling",
42238
+ "tactic": "Detect"
42239
+ },
42240
+ {
42241
+ "id": "D3-DA",
42242
+ "name": "Domain Analysis",
42243
+ "tactic": "Detect"
42244
+ },
42245
+ {
42246
+ "id": "D3-EAL",
42247
+ "name": "Executable Allowlisting",
42248
+ "tactic": "Harden"
42249
+ },
42250
+ {
42251
+ "id": "D3-EHB",
42252
+ "name": "Executable Hashbased Allowlist",
42253
+ "tactic": "Harden"
42254
+ },
42255
+ {
42256
+ "id": "D3-IOPR",
42257
+ "name": "Input/Output Profiling Resource",
42258
+ "tactic": "Detect"
42259
+ },
42260
+ {
42261
+ "id": "D3-MFA",
42262
+ "name": "Multi-factor Authentication",
42263
+ "tactic": "Harden"
42264
+ },
42265
+ {
42266
+ "id": "D3-NI",
42267
+ "name": "Network Isolation",
42268
+ "tactic": "Isolate"
42269
+ },
42270
+ {
42271
+ "id": "D3-NTA",
42272
+ "name": "Network Traffic Analysis",
42273
+ "tactic": "Detect"
42274
+ },
42275
+ {
42276
+ "id": "D3-NTPM",
42277
+ "name": "Network Traffic Policy Mapping",
42278
+ "tactic": "Model"
42279
+ }
42280
+ ],
42281
+ "framework_gaps": [
42282
+ {
42283
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
42284
+ "framework": "ALL",
42285
+ "control_name": "AI Pipeline Integrity"
42286
+ },
42287
+ {
42288
+ "id": "ALL-MCP-TOOL-TRUST",
42289
+ "framework": "ALL",
42290
+ "control_name": "MCP/Agent Tool Trust Boundaries"
42291
+ },
42292
+ {
42293
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
42294
+ "framework": "ALL",
42295
+ "control_name": "Prompt Injection as Access Control Failure"
42296
+ },
42297
+ {
42298
+ "id": "CMMC-2.0-Level-2",
42299
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
42300
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
42301
+ },
42302
+ {
42303
+ "id": "FedRAMP-Rev5-Moderate",
42304
+ "framework": "FedRAMP Rev 5 Moderate",
42305
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
42306
+ },
42307
+ {
42308
+ "id": "ISO-27001-2022-A.8.16",
42309
+ "framework": "ISO/IEC 27001:2022",
42310
+ "control_name": "Monitoring activities"
42311
+ },
42312
+ {
42313
+ "id": "ISO-27001-2022-A.8.28",
42314
+ "framework": "ISO/IEC 27001:2022",
42315
+ "control_name": "Secure coding"
42316
+ },
42317
+ {
42318
+ "id": "ISO-27001-2022-A.8.30",
42319
+ "framework": "ISO/IEC 27001:2022",
42320
+ "control_name": "Outsourced development"
42321
+ },
42322
+ {
42323
+ "id": "ISO-IEC-23894-2023-clause-7",
42324
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
42325
+ "control_name": "AI risk management process"
42326
+ },
42327
+ {
42328
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
42329
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
42330
+ "control_name": "AI risk assessment"
42331
+ },
42332
+ {
42333
+ "id": "NIST-800-218-SSDF",
42334
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
42335
+ "control_name": "Secure Software Development Framework"
42336
+ },
42337
+ {
42338
+ "id": "NIST-800-53-AC-2",
42339
+ "framework": "NIST SP 800-53 Rev 5",
42340
+ "control_name": "Account Management"
42341
+ },
42342
+ {
42343
+ "id": "NIST-800-53-CM-7",
42344
+ "framework": "NIST SP 800-53 Rev 5",
42345
+ "control_name": "Least Functionality"
42346
+ },
42347
+ {
42348
+ "id": "NIST-800-53-SA-12",
42349
+ "framework": "NIST SP 800-53 Rev 5",
42350
+ "control_name": "Supply Chain Protection"
42351
+ },
42352
+ {
42353
+ "id": "NIST-800-53-SC-7",
42354
+ "framework": "NIST SP 800-53 Rev 5",
42355
+ "control_name": "Boundary Protection"
42356
+ },
42357
+ {
42358
+ "id": "NIST-800-53-SI-12",
42359
+ "framework": "NIST SP 800-53 Rev 5",
42360
+ "control_name": "Information Management and Retention"
42361
+ },
42362
+ {
42363
+ "id": "NIST-800-53-SI-3",
42364
+ "framework": "NIST SP 800-53 Rev 5",
42365
+ "control_name": "Malicious Code Protection"
42366
+ },
42367
+ {
42368
+ "id": "NIST-AI-RMF-MEASURE-2.5",
42369
+ "framework": "NIST AI RMF 1.0",
42370
+ "control_name": "AI system to human interaction evaluation"
42371
+ },
42372
+ {
42373
+ "id": "OWASP-ASVS-v5.0-V14",
42374
+ "framework": "OWASP ASVS v5.0",
42375
+ "control_name": "Configuration verification"
42376
+ },
42377
+ {
42378
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
42379
+ "framework": "OWASP Top 10 for LLM Applications 2025",
42380
+ "control_name": "Prompt Injection"
42381
+ },
42382
+ {
42383
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
42384
+ "framework": "OWASP Top 10 for LLM Applications 2025",
42385
+ "control_name": "Sensitive Information Disclosure"
42386
+ },
42387
+ {
42388
+ "id": "OWASP-LLM-Top-10-2025-LLM06",
42389
+ "framework": "OWASP Top 10 for LLM Applications 2025",
42390
+ "control_name": "Excessive Agency"
42391
+ },
42392
+ {
42393
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
42394
+ "framework": "OWASP Top 10 for LLM Applications 2025",
42395
+ "control_name": "Vector and Embedding Weaknesses"
42396
+ },
42397
+ {
42398
+ "id": "SLSA-v1.0-Build-L3",
42399
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
42400
+ "control_name": "Hardened build platform with non-falsifiable provenance"
42401
+ },
42402
+ {
42403
+ "id": "SOC2-CC6-logical-access",
42404
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
42405
+ "control_name": "Logical and Physical Access Controls"
42406
+ },
42407
+ {
42408
+ "id": "SOC2-CC7-anomaly-detection",
42409
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
42410
+ "control_name": "System Operations — Threat and Vulnerability Management"
42411
+ },
42412
+ {
42413
+ "id": "SOC2-CC9-vendor-management",
42414
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
42415
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
42416
+ },
42417
+ {
42418
+ "id": "SWIFT-CSCF-v2026-1.1",
42419
+ "framework": "SWIFT Customer Security Controls Framework v2026",
42420
+ "control_name": "SWIFT Environment Protection"
42421
+ }
42422
+ ],
42423
+ "attack_refs": [
42424
+ "T1059",
42425
+ "T1068",
42426
+ "T1071",
42427
+ "T1078",
42428
+ "T1102",
42429
+ "T1190",
42430
+ "T1195.001",
42431
+ "T1505",
42432
+ "T1530",
42433
+ "T1552",
42434
+ "T1565",
42435
+ "T1566",
42436
+ "T1566.001",
42437
+ "T1566.002",
42438
+ "T1566.003",
42439
+ "T1567",
42440
+ "T1568",
42441
+ "T1610",
42442
+ "T1611"
42443
+ ],
42444
+ "rfc_refs": [
42445
+ "RFC-6749",
42446
+ "RFC-7519",
42447
+ "RFC-8032",
42448
+ "RFC-8446",
42449
+ "RFC-8725",
42450
+ "RFC-9000",
42451
+ "RFC-9114",
42452
+ "RFC-9180",
42453
+ "RFC-9421",
42454
+ "RFC-9458",
42455
+ "RFC-9700"
42456
+ ]
42457
+ }
42458
+ },
41611
42459
  "CVE-2026-41091": {
41612
42460
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
41613
42461
  "rwep": 45,
@@ -68006,6 +68854,7 @@
68006
68854
  "CVE-2024-24590",
68007
68855
  "CVE-2024-24591",
68008
68856
  "CVE-2024-27132",
68857
+ "CVE-2024-2912",
68009
68858
  "CVE-2024-3094",
68010
68859
  "CVE-2024-3154",
68011
68860
  "CVE-2024-37032",
@@ -68024,6 +68873,7 @@
68024
68873
  "CVE-2025-1753",
68025
68874
  "CVE-2025-23254",
68026
68875
  "CVE-2025-23266",
68876
+ "CVE-2025-27520",
68027
68877
  "CVE-2025-30165",
68028
68878
  "CVE-2025-30202",
68029
68879
  "CVE-2025-32434",
@@ -68258,11 +69108,13 @@
68258
69108
  "CVE-2024-12366",
68259
69109
  "CVE-2024-24590",
68260
69110
  "CVE-2024-24591",
69111
+ "CVE-2024-2912",
68261
69112
  "CVE-2024-3094",
68262
69113
  "CVE-2024-3154",
68263
69114
  "CVE-2024-5565",
68264
69115
  "CVE-2025-0133",
68265
69116
  "CVE-2025-1094",
69117
+ "CVE-2025-27520",
68266
69118
  "CVE-2025-3248",
68267
69119
  "CVE-2025-49844",
68268
69120
  "CVE-2025-53773",
@@ -68428,6 +69280,7 @@
68428
69280
  "CVE-2024-24590",
68429
69281
  "CVE-2024-24591",
68430
69282
  "CVE-2024-27132",
69283
+ "CVE-2024-2912",
68431
69284
  "CVE-2024-37032",
68432
69285
  "CVE-2024-39722",
68433
69286
  "CVE-2024-42478",
@@ -68444,6 +69297,7 @@
68444
69297
  "CVE-2025-1753",
68445
69298
  "CVE-2025-23254",
68446
69299
  "CVE-2025-23266",
69300
+ "CVE-2025-27520",
68447
69301
  "CVE-2025-30165",
68448
69302
  "CVE-2025-30202",
68449
69303
  "CVE-2025-32434",
@@ -68634,6 +69488,7 @@
68634
69488
  "CVE-2024-24590",
68635
69489
  "CVE-2024-24591",
68636
69490
  "CVE-2024-27132",
69491
+ "CVE-2024-2912",
68637
69492
  "CVE-2024-37032",
68638
69493
  "CVE-2024-39722",
68639
69494
  "CVE-2024-42478",
@@ -68650,6 +69505,7 @@
68650
69505
  "CVE-2025-1753",
68651
69506
  "CVE-2025-23254",
68652
69507
  "CVE-2025-23266",
69508
+ "CVE-2025-27520",
68653
69509
  "CVE-2025-30165",
68654
69510
  "CVE-2025-30202",
68655
69511
  "CVE-2025-32434",
@@ -68854,6 +69710,7 @@
68854
69710
  "CVE-2024-24590",
68855
69711
  "CVE-2024-24591",
68856
69712
  "CVE-2024-27132",
69713
+ "CVE-2024-2912",
68857
69714
  "CVE-2024-37032",
68858
69715
  "CVE-2024-39722",
68859
69716
  "CVE-2024-42478",
@@ -68870,6 +69727,7 @@
68870
69727
  "CVE-2025-1753",
68871
69728
  "CVE-2025-23254",
68872
69729
  "CVE-2025-23266",
69730
+ "CVE-2025-27520",
68873
69731
  "CVE-2025-30165",
68874
69732
  "CVE-2025-30202",
68875
69733
  "CVE-2025-32434",
@@ -69179,6 +70037,7 @@
69179
70037
  "CVE-2024-24590",
69180
70038
  "CVE-2024-24591",
69181
70039
  "CVE-2024-27132",
70040
+ "CVE-2024-2912",
69182
70041
  "CVE-2024-3094",
69183
70042
  "CVE-2024-3154",
69184
70043
  "CVE-2024-37032",
@@ -69196,6 +70055,7 @@
69196
70055
  "CVE-2025-1753",
69197
70056
  "CVE-2025-23254",
69198
70057
  "CVE-2025-23266",
70058
+ "CVE-2025-27520",
69199
70059
  "CVE-2025-30165",
69200
70060
  "CVE-2025-30202",
69201
70061
  "CVE-2025-32434",
@@ -69940,6 +70800,7 @@
69940
70800
  "CVE-2024-21576",
69941
70801
  "CVE-2024-24590",
69942
70802
  "CVE-2024-24591",
70803
+ "CVE-2024-2912",
69943
70804
  "CVE-2024-3094",
69944
70805
  "CVE-2024-3154",
69945
70806
  "CVE-2024-40635",
@@ -69951,6 +70812,7 @@
69951
70812
  "CVE-2025-14847",
69952
70813
  "CVE-2025-22226",
69953
70814
  "CVE-2025-23266",
70815
+ "CVE-2025-27520",
69954
70816
  "CVE-2025-30202",
69955
70817
  "CVE-2025-32444",
69956
70818
  "CVE-2025-3248",
@@ -70327,6 +71189,7 @@
70327
71189
  "CVE-2024-24590",
70328
71190
  "CVE-2024-24591",
70329
71191
  "CVE-2024-27132",
71192
+ "CVE-2024-2912",
70330
71193
  "CVE-2024-3094",
70331
71194
  "CVE-2024-3154",
70332
71195
  "CVE-2024-37032",
@@ -70345,6 +71208,7 @@
70345
71208
  "CVE-2025-1753",
70346
71209
  "CVE-2025-23254",
70347
71210
  "CVE-2025-23266",
71211
+ "CVE-2025-27520",
70348
71212
  "CVE-2025-30165",
70349
71213
  "CVE-2025-30202",
70350
71214
  "CVE-2025-32434",
@@ -70972,6 +71836,7 @@
70972
71836
  "CVE-2024-24590",
70973
71837
  "CVE-2024-24591",
70974
71838
  "CVE-2024-27132",
71839
+ "CVE-2024-2912",
70975
71840
  "CVE-2024-3094",
70976
71841
  "CVE-2024-3154",
70977
71842
  "CVE-2024-37032",
@@ -70990,6 +71855,7 @@
70990
71855
  "CVE-2025-1753",
70991
71856
  "CVE-2025-23254",
70992
71857
  "CVE-2025-23266",
71858
+ "CVE-2025-27520",
70993
71859
  "CVE-2025-30165",
70994
71860
  "CVE-2025-30202",
70995
71861
  "CVE-2025-32434",
@@ -71709,9 +72575,11 @@
71709
72575
  "CVE-2024-12366",
71710
72576
  "CVE-2024-24590",
71711
72577
  "CVE-2024-24591",
72578
+ "CVE-2024-2912",
71712
72579
  "CVE-2024-3094",
71713
72580
  "CVE-2024-3154",
71714
72581
  "CVE-2024-5565",
72582
+ "CVE-2025-27520",
71715
72583
  "CVE-2025-3248",
71716
72584
  "CVE-2025-49844",
71717
72585
  "CVE-2025-53773",
@@ -71964,6 +72832,7 @@
71964
72832
  "CVE-2024-24590",
71965
72833
  "CVE-2024-24591",
71966
72834
  "CVE-2024-27132",
72835
+ "CVE-2024-2912",
71967
72836
  "CVE-2024-3094",
71968
72837
  "CVE-2024-3154",
71969
72838
  "CVE-2024-37032",
@@ -71982,6 +72851,7 @@
71982
72851
  "CVE-2025-1753",
71983
72852
  "CVE-2025-23254",
71984
72853
  "CVE-2025-23266",
72854
+ "CVE-2025-27520",
71985
72855
  "CVE-2025-30165",
71986
72856
  "CVE-2025-30202",
71987
72857
  "CVE-2025-32434",
@@ -73198,6 +74068,7 @@
73198
74068
  "CVE-2024-24590",
73199
74069
  "CVE-2024-24591",
73200
74070
  "CVE-2024-27132",
74071
+ "CVE-2024-2912",
73201
74072
  "CVE-2024-3094",
73202
74073
  "CVE-2024-3154",
73203
74074
  "CVE-2024-37032",
@@ -73216,6 +74087,7 @@
73216
74087
  "CVE-2025-1753",
73217
74088
  "CVE-2025-23254",
73218
74089
  "CVE-2025-23266",
74090
+ "CVE-2025-27520",
73219
74091
  "CVE-2025-30165",
73220
74092
  "CVE-2025-30202",
73221
74093
  "CVE-2025-32434",
@@ -73462,9 +74334,11 @@
73462
74334
  "CVE-2024-12366",
73463
74335
  "CVE-2024-24590",
73464
74336
  "CVE-2024-24591",
74337
+ "CVE-2024-2912",
73465
74338
  "CVE-2024-3094",
73466
74339
  "CVE-2024-3154",
73467
74340
  "CVE-2024-5565",
74341
+ "CVE-2025-27520",
73468
74342
  "CVE-2025-3248",
73469
74343
  "CVE-2025-49844",
73470
74344
  "CVE-2025-53773",
@@ -73661,10 +74535,12 @@
73661
74535
  "CVE-2024-12366",
73662
74536
  "CVE-2024-24590",
73663
74537
  "CVE-2024-24591",
74538
+ "CVE-2024-2912",
73664
74539
  "CVE-2024-3094",
73665
74540
  "CVE-2024-5565",
73666
74541
  "CVE-2025-0133",
73667
74542
  "CVE-2025-1094",
74543
+ "CVE-2025-27520",
73668
74544
  "CVE-2025-3248",
73669
74545
  "CVE-2025-6965",
73670
74546
  "CVE-2026-30615",
@@ -74604,6 +75480,7 @@
74604
75480
  "CVE-2024-24590",
74605
75481
  "CVE-2024-24591",
74606
75482
  "CVE-2024-27132",
75483
+ "CVE-2024-2912",
74607
75484
  "CVE-2024-3094",
74608
75485
  "CVE-2024-3154",
74609
75486
  "CVE-2024-37032",
@@ -74622,6 +75499,7 @@
74622
75499
  "CVE-2025-1753",
74623
75500
  "CVE-2025-23254",
74624
75501
  "CVE-2025-23266",
75502
+ "CVE-2025-27520",
74625
75503
  "CVE-2025-30165",
74626
75504
  "CVE-2025-30202",
74627
75505
  "CVE-2025-32434",
@@ -74976,6 +75854,7 @@
74976
75854
  "CVE-2024-27132",
74977
75855
  "CVE-2024-27199",
74978
75856
  "CVE-2024-27443",
75857
+ "CVE-2024-2912",
74979
75858
  "CVE-2024-3094",
74980
75859
  "CVE-2024-3154",
74981
75860
  "CVE-2024-37032",
@@ -75034,6 +75913,7 @@
75034
75913
  "CVE-2025-2746",
75035
75914
  "CVE-2025-2747",
75036
75915
  "CVE-2025-2749",
75916
+ "CVE-2025-27520",
75037
75917
  "CVE-2025-2775",
75038
75918
  "CVE-2025-2776",
75039
75919
  "CVE-2025-27915",
@@ -75548,6 +76428,7 @@
75548
76428
  "CVE-2024-24590",
75549
76429
  "CVE-2024-24591",
75550
76430
  "CVE-2024-27132",
76431
+ "CVE-2024-2912",
75551
76432
  "CVE-2024-3094",
75552
76433
  "CVE-2024-3154",
75553
76434
  "CVE-2024-37032",
@@ -75565,6 +76446,7 @@
75565
76446
  "CVE-2025-1753",
75566
76447
  "CVE-2025-23254",
75567
76448
  "CVE-2025-23266",
76449
+ "CVE-2025-27520",
75568
76450
  "CVE-2025-30165",
75569
76451
  "CVE-2025-30202",
75570
76452
  "CVE-2025-32434",
@@ -75915,11 +76797,13 @@
75915
76797
  "CVE-2024-12366",
75916
76798
  "CVE-2024-24590",
75917
76799
  "CVE-2024-24591",
76800
+ "CVE-2024-2912",
75918
76801
  "CVE-2024-3094",
75919
76802
  "CVE-2024-3154",
75920
76803
  "CVE-2024-5565",
75921
76804
  "CVE-2025-0133",
75922
76805
  "CVE-2025-1094",
76806
+ "CVE-2025-27520",
75923
76807
  "CVE-2025-3248",
75924
76808
  "CVE-2025-49844",
75925
76809
  "CVE-2025-53773",
@@ -76206,10 +77090,12 @@
76206
77090
  "CVE-2024-12366",
76207
77091
  "CVE-2024-24590",
76208
77092
  "CVE-2024-24591",
77093
+ "CVE-2024-2912",
76209
77094
  "CVE-2024-3094",
76210
77095
  "CVE-2024-5565",
76211
77096
  "CVE-2025-0133",
76212
77097
  "CVE-2025-1094",
77098
+ "CVE-2025-27520",
76213
77099
  "CVE-2025-3248",
76214
77100
  "CVE-2025-53773",
76215
77101
  "CVE-2025-6965",
@@ -76542,6 +77428,7 @@
76542
77428
  "CVE-2024-24590",
76543
77429
  "CVE-2024-24591",
76544
77430
  "CVE-2024-27132",
77431
+ "CVE-2024-2912",
76545
77432
  "CVE-2024-3094",
76546
77433
  "CVE-2024-3154",
76547
77434
  "CVE-2024-37032",
@@ -76560,6 +77447,7 @@
76560
77447
  "CVE-2025-1753",
76561
77448
  "CVE-2025-23254",
76562
77449
  "CVE-2025-23266",
77450
+ "CVE-2025-27520",
76563
77451
  "CVE-2025-30165",
76564
77452
  "CVE-2025-30202",
76565
77453
  "CVE-2025-32434",
@@ -76894,6 +77782,7 @@
76894
77782
  "CVE-2024-24590",
76895
77783
  "CVE-2024-24591",
76896
77784
  "CVE-2024-27132",
77785
+ "CVE-2024-2912",
76897
77786
  "CVE-2024-37032",
76898
77787
  "CVE-2024-39722",
76899
77788
  "CVE-2024-42478",
@@ -76909,6 +77798,7 @@
76909
77798
  "CVE-2025-1753",
76910
77799
  "CVE-2025-23254",
76911
77800
  "CVE-2025-23266",
77801
+ "CVE-2025-27520",
76912
77802
  "CVE-2025-30165",
76913
77803
  "CVE-2025-30202",
76914
77804
  "CVE-2025-32434",
@@ -77107,11 +77997,13 @@
77107
77997
  "CVE-2024-12366",
77108
77998
  "CVE-2024-24590",
77109
77999
  "CVE-2024-24591",
78000
+ "CVE-2024-2912",
77110
78001
  "CVE-2024-3094",
77111
78002
  "CVE-2024-3154",
77112
78003
  "CVE-2024-5565",
77113
78004
  "CVE-2025-0133",
77114
78005
  "CVE-2025-1094",
78006
+ "CVE-2025-27520",
77115
78007
  "CVE-2025-3248",
77116
78008
  "CVE-2025-49844",
77117
78009
  "CVE-2025-53773",
@@ -77843,6 +78735,7 @@
77843
78735
  "CVE-2024-24590",
77844
78736
  "CVE-2024-24591",
77845
78737
  "CVE-2024-27132",
78738
+ "CVE-2024-2912",
77846
78739
  "CVE-2024-3094",
77847
78740
  "CVE-2024-3154",
77848
78741
  "CVE-2024-37032",
@@ -77861,6 +78754,7 @@
77861
78754
  "CVE-2025-1753",
77862
78755
  "CVE-2025-23254",
77863
78756
  "CVE-2025-23266",
78757
+ "CVE-2025-27520",
77864
78758
  "CVE-2025-30165",
77865
78759
  "CVE-2025-30202",
77866
78760
  "CVE-2025-32434",
@@ -78181,6 +79075,7 @@
78181
79075
  "CVE-2024-24590",
78182
79076
  "CVE-2024-24591",
78183
79077
  "CVE-2024-27132",
79078
+ "CVE-2024-2912",
78184
79079
  "CVE-2024-3094",
78185
79080
  "CVE-2024-37032",
78186
79081
  "CVE-2024-39722",
@@ -78200,6 +79095,7 @@
78200
79095
  "CVE-2025-22226",
78201
79096
  "CVE-2025-23254",
78202
79097
  "CVE-2025-23266",
79098
+ "CVE-2025-27520",
78203
79099
  "CVE-2025-30165",
78204
79100
  "CVE-2025-30202",
78205
79101
  "CVE-2025-32434",