@blamejs/exceptd-skills 0.13.106 → 0.13.108

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +1280 -0
  6. package/data/atlas-ttps.json +8 -0
  7. package/data/attack-techniques.json +13 -1
  8. package/data/cve-catalog.json +419 -1
  9. package/data/cwe-catalog.json +4 -0
  10. package/data/framework-control-gaps.json +37 -1
  11. package/data/zeroday-lessons.json +200 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -42456,6 +42456,1228 @@
42456
42456
  ]
42457
42457
  }
42458
42458
  },
42459
+ "CVE-2024-37052": {
42460
+ "name": "MLflow scikit-learn Model Deserialization Remote Code Execution",
42461
+ "rwep": 42,
42462
+ "cvss": 8.8,
42463
+ "cisa_kev": false,
42464
+ "epss_score": null,
42465
+ "referencing_skills": [
42466
+ "kernel-lpe-triage",
42467
+ "ai-attack-surface",
42468
+ "compliance-theater",
42469
+ "rag-pipeline-security",
42470
+ "threat-modeling-methodology",
42471
+ "webapp-security",
42472
+ "api-security",
42473
+ "container-runtime-security"
42474
+ ],
42475
+ "chain": {
42476
+ "cwes": [
42477
+ {
42478
+ "id": "CWE-1039",
42479
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
42480
+ "category": "AI/ML"
42481
+ },
42482
+ {
42483
+ "id": "CWE-1188",
42484
+ "name": "Initialization of a Resource with an Insecure Default",
42485
+ "category": "Configuration"
42486
+ },
42487
+ {
42488
+ "id": "CWE-125",
42489
+ "name": "Out-of-bounds Read",
42490
+ "category": "Memory Safety"
42491
+ },
42492
+ {
42493
+ "id": "CWE-1395",
42494
+ "name": "Dependency on Vulnerable Third-Party Component",
42495
+ "category": "Supply Chain"
42496
+ },
42497
+ {
42498
+ "id": "CWE-1426",
42499
+ "name": "Improper Validation of Generative AI Output",
42500
+ "category": "AI/ML"
42501
+ },
42502
+ {
42503
+ "id": "CWE-200",
42504
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
42505
+ "category": "Information Exposure"
42506
+ },
42507
+ {
42508
+ "id": "CWE-22",
42509
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
42510
+ "category": "Path/Resource"
42511
+ },
42512
+ {
42513
+ "id": "CWE-269",
42514
+ "name": "Improper Privilege Management",
42515
+ "category": "Authorization"
42516
+ },
42517
+ {
42518
+ "id": "CWE-287",
42519
+ "name": "Improper Authentication",
42520
+ "category": "Authentication"
42521
+ },
42522
+ {
42523
+ "id": "CWE-352",
42524
+ "name": "Cross-Site Request Forgery (CSRF)",
42525
+ "category": "Session"
42526
+ },
42527
+ {
42528
+ "id": "CWE-362",
42529
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
42530
+ "category": "Concurrency"
42531
+ },
42532
+ {
42533
+ "id": "CWE-416",
42534
+ "name": "Use After Free",
42535
+ "category": "Memory Safety"
42536
+ },
42537
+ {
42538
+ "id": "CWE-434",
42539
+ "name": "Unrestricted Upload of File with Dangerous Type",
42540
+ "category": "File Handling"
42541
+ },
42542
+ {
42543
+ "id": "CWE-502",
42544
+ "name": "Deserialization of Untrusted Data",
42545
+ "category": "Serialization"
42546
+ },
42547
+ {
42548
+ "id": "CWE-672",
42549
+ "name": "Operation on a Resource after Expiration or Release",
42550
+ "category": "Memory Safety"
42551
+ },
42552
+ {
42553
+ "id": "CWE-732",
42554
+ "name": "Incorrect Permission Assignment for Critical Resource",
42555
+ "category": "Authorization"
42556
+ },
42557
+ {
42558
+ "id": "CWE-77",
42559
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
42560
+ "category": "Injection"
42561
+ },
42562
+ {
42563
+ "id": "CWE-78",
42564
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
42565
+ "category": "Injection"
42566
+ },
42567
+ {
42568
+ "id": "CWE-787",
42569
+ "name": "Out-of-bounds Write",
42570
+ "category": "Memory Safety"
42571
+ },
42572
+ {
42573
+ "id": "CWE-79",
42574
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
42575
+ "category": "Injection"
42576
+ },
42577
+ {
42578
+ "id": "CWE-862",
42579
+ "name": "Missing Authorization",
42580
+ "category": "Authorization"
42581
+ },
42582
+ {
42583
+ "id": "CWE-863",
42584
+ "name": "Incorrect Authorization",
42585
+ "category": "Authorization"
42586
+ },
42587
+ {
42588
+ "id": "CWE-89",
42589
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
42590
+ "category": "Injection"
42591
+ },
42592
+ {
42593
+ "id": "CWE-918",
42594
+ "name": "Server-Side Request Forgery (SSRF)",
42595
+ "category": "Network"
42596
+ },
42597
+ {
42598
+ "id": "CWE-94",
42599
+ "name": "Improper Control of Generation of Code (Code Injection)",
42600
+ "category": "Injection"
42601
+ }
42602
+ ],
42603
+ "atlas": [
42604
+ {
42605
+ "id": "AML.T0010",
42606
+ "name": "ML Supply Chain Compromise",
42607
+ "tactic": "Initial Access"
42608
+ },
42609
+ {
42610
+ "id": "AML.T0016",
42611
+ "name": "Obtain Capabilities: Develop Capabilities",
42612
+ "tactic": "Resource Development"
42613
+ },
42614
+ {
42615
+ "id": "AML.T0017",
42616
+ "name": "Discover ML Model Ontology",
42617
+ "tactic": "Discovery"
42618
+ },
42619
+ {
42620
+ "id": "AML.T0018",
42621
+ "name": "Backdoor ML Model",
42622
+ "tactic": "Persistence"
42623
+ },
42624
+ {
42625
+ "id": "AML.T0020",
42626
+ "name": "Poison Training Data",
42627
+ "tactic": "ML Attack Staging"
42628
+ },
42629
+ {
42630
+ "id": "AML.T0043",
42631
+ "name": "Craft Adversarial Data",
42632
+ "tactic": "ML Attack Staging"
42633
+ },
42634
+ {
42635
+ "id": "AML.T0051",
42636
+ "name": "LLM Prompt Injection",
42637
+ "tactic": "Execution"
42638
+ },
42639
+ {
42640
+ "id": "AML.T0054",
42641
+ "name": "LLM Jailbreak",
42642
+ "tactic": "Defense Evasion"
42643
+ },
42644
+ {
42645
+ "id": "AML.T0096",
42646
+ "name": "AI API as Covert C2 Channel",
42647
+ "tactic": "Command and Control"
42648
+ }
42649
+ ],
42650
+ "d3fend": [
42651
+ {
42652
+ "id": "D3-ASLR",
42653
+ "name": "Address Space Layout Randomization",
42654
+ "tactic": "Harden"
42655
+ },
42656
+ {
42657
+ "id": "D3-CSPP",
42658
+ "name": "Client-server Payload Profiling",
42659
+ "tactic": "Detect"
42660
+ },
42661
+ {
42662
+ "id": "D3-EAL",
42663
+ "name": "Executable Allowlisting",
42664
+ "tactic": "Harden"
42665
+ },
42666
+ {
42667
+ "id": "D3-IOPR",
42668
+ "name": "Input/Output Profiling Resource",
42669
+ "tactic": "Detect"
42670
+ },
42671
+ {
42672
+ "id": "D3-NTA",
42673
+ "name": "Network Traffic Analysis",
42674
+ "tactic": "Detect"
42675
+ },
42676
+ {
42677
+ "id": "D3-PHRA",
42678
+ "name": "Process Hardware Resource Access",
42679
+ "tactic": "Isolate"
42680
+ },
42681
+ {
42682
+ "id": "D3-PSEP",
42683
+ "name": "Process Segment Execution Prevention",
42684
+ "tactic": "Harden"
42685
+ }
42686
+ ],
42687
+ "framework_gaps": [
42688
+ {
42689
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
42690
+ "framework": "ALL",
42691
+ "control_name": "AI Pipeline Integrity"
42692
+ },
42693
+ {
42694
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
42695
+ "framework": "ALL",
42696
+ "control_name": "Prompt Injection as Access Control Failure"
42697
+ },
42698
+ {
42699
+ "id": "CIS-Controls-v8-Control7",
42700
+ "framework": "CIS Controls v8",
42701
+ "control_name": "Continuous Vulnerability Management"
42702
+ },
42703
+ {
42704
+ "id": "CMMC-2.0-Level-2",
42705
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
42706
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
42707
+ },
42708
+ {
42709
+ "id": "FedRAMP-Rev5-Moderate",
42710
+ "framework": "FedRAMP Rev 5 Moderate",
42711
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
42712
+ },
42713
+ {
42714
+ "id": "ISO-27001-2022-A.8.28",
42715
+ "framework": "ISO/IEC 27001:2022",
42716
+ "control_name": "Secure coding"
42717
+ },
42718
+ {
42719
+ "id": "ISO-27001-2022-A.8.8",
42720
+ "framework": "ISO/IEC 27001:2022",
42721
+ "control_name": "Management of technical vulnerabilities"
42722
+ },
42723
+ {
42724
+ "id": "ISO-IEC-23894-2023-clause-7",
42725
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
42726
+ "control_name": "AI risk management process"
42727
+ },
42728
+ {
42729
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
42730
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
42731
+ "control_name": "AI risk assessment"
42732
+ },
42733
+ {
42734
+ "id": "NIS2-Art21-patch-management",
42735
+ "framework": "EU NIS2 Directive",
42736
+ "control_name": "Vulnerability handling and disclosure"
42737
+ },
42738
+ {
42739
+ "id": "NIST-800-218-SSDF",
42740
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
42741
+ "control_name": "Secure Software Development Framework"
42742
+ },
42743
+ {
42744
+ "id": "NIST-800-53-AC-2",
42745
+ "framework": "NIST SP 800-53 Rev 5",
42746
+ "control_name": "Account Management"
42747
+ },
42748
+ {
42749
+ "id": "NIST-800-53-CM-7",
42750
+ "framework": "NIST SP 800-53 Rev 5",
42751
+ "control_name": "Least Functionality"
42752
+ },
42753
+ {
42754
+ "id": "NIST-800-53-SC-8",
42755
+ "framework": "NIST SP 800-53 Rev 5",
42756
+ "control_name": "Transmission Confidentiality and Integrity"
42757
+ },
42758
+ {
42759
+ "id": "NIST-800-53-SI-12",
42760
+ "framework": "NIST SP 800-53 Rev 5",
42761
+ "control_name": "Information Management and Retention"
42762
+ },
42763
+ {
42764
+ "id": "NIST-800-53-SI-2",
42765
+ "framework": "NIST SP 800-53 Rev 5",
42766
+ "control_name": "Flaw Remediation"
42767
+ },
42768
+ {
42769
+ "id": "NIST-800-53-SI-3",
42770
+ "framework": "NIST SP 800-53 Rev 5",
42771
+ "control_name": "Malicious Code Protection"
42772
+ },
42773
+ {
42774
+ "id": "NIST-AI-RMF-MEASURE-2.5",
42775
+ "framework": "NIST AI RMF 1.0",
42776
+ "control_name": "AI system to human interaction evaluation"
42777
+ },
42778
+ {
42779
+ "id": "OWASP-ASVS-v5.0-V14",
42780
+ "framework": "OWASP ASVS v5.0",
42781
+ "control_name": "Configuration verification"
42782
+ },
42783
+ {
42784
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
42785
+ "framework": "OWASP Top 10 for LLM Applications 2025",
42786
+ "control_name": "Prompt Injection"
42787
+ },
42788
+ {
42789
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
42790
+ "framework": "OWASP Top 10 for LLM Applications 2025",
42791
+ "control_name": "Sensitive Information Disclosure"
42792
+ },
42793
+ {
42794
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
42795
+ "framework": "OWASP Top 10 for LLM Applications 2025",
42796
+ "control_name": "Vector and Embedding Weaknesses"
42797
+ },
42798
+ {
42799
+ "id": "PCI-DSS-4.0-6.3.3",
42800
+ "framework": "PCI DSS 4.0",
42801
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
42802
+ },
42803
+ {
42804
+ "id": "SLSA-v1.0-Build-L3",
42805
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
42806
+ "control_name": "Hardened build platform with non-falsifiable provenance"
42807
+ },
42808
+ {
42809
+ "id": "SOC2-CC6-logical-access",
42810
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
42811
+ "control_name": "Logical and Physical Access Controls"
42812
+ }
42813
+ ],
42814
+ "attack_refs": [
42815
+ "T1059",
42816
+ "T1068",
42817
+ "T1078",
42818
+ "T1190",
42819
+ "T1505",
42820
+ "T1548.001",
42821
+ "T1565",
42822
+ "T1566",
42823
+ "T1567",
42824
+ "T1610",
42825
+ "T1611"
42826
+ ],
42827
+ "rfc_refs": [
42828
+ "RFC-4301",
42829
+ "RFC-4303",
42830
+ "RFC-6749",
42831
+ "RFC-7296",
42832
+ "RFC-7519",
42833
+ "RFC-8032",
42834
+ "RFC-8446",
42835
+ "RFC-8725",
42836
+ "RFC-9114",
42837
+ "RFC-9421",
42838
+ "RFC-9700"
42839
+ ]
42840
+ }
42841
+ },
42842
+ "CVE-2024-37060": {
42843
+ "name": "MLflow Recipe Deserialization Remote Code Execution",
42844
+ "rwep": 42,
42845
+ "cvss": 8.8,
42846
+ "cisa_kev": false,
42847
+ "epss_score": null,
42848
+ "referencing_skills": [
42849
+ "kernel-lpe-triage",
42850
+ "ai-attack-surface",
42851
+ "compliance-theater",
42852
+ "rag-pipeline-security",
42853
+ "threat-modeling-methodology",
42854
+ "webapp-security",
42855
+ "api-security",
42856
+ "container-runtime-security"
42857
+ ],
42858
+ "chain": {
42859
+ "cwes": [
42860
+ {
42861
+ "id": "CWE-1039",
42862
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
42863
+ "category": "AI/ML"
42864
+ },
42865
+ {
42866
+ "id": "CWE-1188",
42867
+ "name": "Initialization of a Resource with an Insecure Default",
42868
+ "category": "Configuration"
42869
+ },
42870
+ {
42871
+ "id": "CWE-125",
42872
+ "name": "Out-of-bounds Read",
42873
+ "category": "Memory Safety"
42874
+ },
42875
+ {
42876
+ "id": "CWE-1395",
42877
+ "name": "Dependency on Vulnerable Third-Party Component",
42878
+ "category": "Supply Chain"
42879
+ },
42880
+ {
42881
+ "id": "CWE-1426",
42882
+ "name": "Improper Validation of Generative AI Output",
42883
+ "category": "AI/ML"
42884
+ },
42885
+ {
42886
+ "id": "CWE-200",
42887
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
42888
+ "category": "Information Exposure"
42889
+ },
42890
+ {
42891
+ "id": "CWE-22",
42892
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
42893
+ "category": "Path/Resource"
42894
+ },
42895
+ {
42896
+ "id": "CWE-269",
42897
+ "name": "Improper Privilege Management",
42898
+ "category": "Authorization"
42899
+ },
42900
+ {
42901
+ "id": "CWE-287",
42902
+ "name": "Improper Authentication",
42903
+ "category": "Authentication"
42904
+ },
42905
+ {
42906
+ "id": "CWE-352",
42907
+ "name": "Cross-Site Request Forgery (CSRF)",
42908
+ "category": "Session"
42909
+ },
42910
+ {
42911
+ "id": "CWE-362",
42912
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
42913
+ "category": "Concurrency"
42914
+ },
42915
+ {
42916
+ "id": "CWE-416",
42917
+ "name": "Use After Free",
42918
+ "category": "Memory Safety"
42919
+ },
42920
+ {
42921
+ "id": "CWE-434",
42922
+ "name": "Unrestricted Upload of File with Dangerous Type",
42923
+ "category": "File Handling"
42924
+ },
42925
+ {
42926
+ "id": "CWE-502",
42927
+ "name": "Deserialization of Untrusted Data",
42928
+ "category": "Serialization"
42929
+ },
42930
+ {
42931
+ "id": "CWE-672",
42932
+ "name": "Operation on a Resource after Expiration or Release",
42933
+ "category": "Memory Safety"
42934
+ },
42935
+ {
42936
+ "id": "CWE-732",
42937
+ "name": "Incorrect Permission Assignment for Critical Resource",
42938
+ "category": "Authorization"
42939
+ },
42940
+ {
42941
+ "id": "CWE-77",
42942
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
42943
+ "category": "Injection"
42944
+ },
42945
+ {
42946
+ "id": "CWE-78",
42947
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
42948
+ "category": "Injection"
42949
+ },
42950
+ {
42951
+ "id": "CWE-787",
42952
+ "name": "Out-of-bounds Write",
42953
+ "category": "Memory Safety"
42954
+ },
42955
+ {
42956
+ "id": "CWE-79",
42957
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
42958
+ "category": "Injection"
42959
+ },
42960
+ {
42961
+ "id": "CWE-862",
42962
+ "name": "Missing Authorization",
42963
+ "category": "Authorization"
42964
+ },
42965
+ {
42966
+ "id": "CWE-863",
42967
+ "name": "Incorrect Authorization",
42968
+ "category": "Authorization"
42969
+ },
42970
+ {
42971
+ "id": "CWE-89",
42972
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
42973
+ "category": "Injection"
42974
+ },
42975
+ {
42976
+ "id": "CWE-918",
42977
+ "name": "Server-Side Request Forgery (SSRF)",
42978
+ "category": "Network"
42979
+ },
42980
+ {
42981
+ "id": "CWE-94",
42982
+ "name": "Improper Control of Generation of Code (Code Injection)",
42983
+ "category": "Injection"
42984
+ }
42985
+ ],
42986
+ "atlas": [
42987
+ {
42988
+ "id": "AML.T0010",
42989
+ "name": "ML Supply Chain Compromise",
42990
+ "tactic": "Initial Access"
42991
+ },
42992
+ {
42993
+ "id": "AML.T0016",
42994
+ "name": "Obtain Capabilities: Develop Capabilities",
42995
+ "tactic": "Resource Development"
42996
+ },
42997
+ {
42998
+ "id": "AML.T0017",
42999
+ "name": "Discover ML Model Ontology",
43000
+ "tactic": "Discovery"
43001
+ },
43002
+ {
43003
+ "id": "AML.T0018",
43004
+ "name": "Backdoor ML Model",
43005
+ "tactic": "Persistence"
43006
+ },
43007
+ {
43008
+ "id": "AML.T0020",
43009
+ "name": "Poison Training Data",
43010
+ "tactic": "ML Attack Staging"
43011
+ },
43012
+ {
43013
+ "id": "AML.T0043",
43014
+ "name": "Craft Adversarial Data",
43015
+ "tactic": "ML Attack Staging"
43016
+ },
43017
+ {
43018
+ "id": "AML.T0051",
43019
+ "name": "LLM Prompt Injection",
43020
+ "tactic": "Execution"
43021
+ },
43022
+ {
43023
+ "id": "AML.T0054",
43024
+ "name": "LLM Jailbreak",
43025
+ "tactic": "Defense Evasion"
43026
+ },
43027
+ {
43028
+ "id": "AML.T0096",
43029
+ "name": "AI API as Covert C2 Channel",
43030
+ "tactic": "Command and Control"
43031
+ }
43032
+ ],
43033
+ "d3fend": [
43034
+ {
43035
+ "id": "D3-ASLR",
43036
+ "name": "Address Space Layout Randomization",
43037
+ "tactic": "Harden"
43038
+ },
43039
+ {
43040
+ "id": "D3-CSPP",
43041
+ "name": "Client-server Payload Profiling",
43042
+ "tactic": "Detect"
43043
+ },
43044
+ {
43045
+ "id": "D3-EAL",
43046
+ "name": "Executable Allowlisting",
43047
+ "tactic": "Harden"
43048
+ },
43049
+ {
43050
+ "id": "D3-IOPR",
43051
+ "name": "Input/Output Profiling Resource",
43052
+ "tactic": "Detect"
43053
+ },
43054
+ {
43055
+ "id": "D3-NTA",
43056
+ "name": "Network Traffic Analysis",
43057
+ "tactic": "Detect"
43058
+ },
43059
+ {
43060
+ "id": "D3-PHRA",
43061
+ "name": "Process Hardware Resource Access",
43062
+ "tactic": "Isolate"
43063
+ },
43064
+ {
43065
+ "id": "D3-PSEP",
43066
+ "name": "Process Segment Execution Prevention",
43067
+ "tactic": "Harden"
43068
+ }
43069
+ ],
43070
+ "framework_gaps": [
43071
+ {
43072
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
43073
+ "framework": "ALL",
43074
+ "control_name": "AI Pipeline Integrity"
43075
+ },
43076
+ {
43077
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
43078
+ "framework": "ALL",
43079
+ "control_name": "Prompt Injection as Access Control Failure"
43080
+ },
43081
+ {
43082
+ "id": "CIS-Controls-v8-Control7",
43083
+ "framework": "CIS Controls v8",
43084
+ "control_name": "Continuous Vulnerability Management"
43085
+ },
43086
+ {
43087
+ "id": "CMMC-2.0-Level-2",
43088
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
43089
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
43090
+ },
43091
+ {
43092
+ "id": "FedRAMP-Rev5-Moderate",
43093
+ "framework": "FedRAMP Rev 5 Moderate",
43094
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
43095
+ },
43096
+ {
43097
+ "id": "ISO-27001-2022-A.8.28",
43098
+ "framework": "ISO/IEC 27001:2022",
43099
+ "control_name": "Secure coding"
43100
+ },
43101
+ {
43102
+ "id": "ISO-27001-2022-A.8.8",
43103
+ "framework": "ISO/IEC 27001:2022",
43104
+ "control_name": "Management of technical vulnerabilities"
43105
+ },
43106
+ {
43107
+ "id": "ISO-IEC-23894-2023-clause-7",
43108
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
43109
+ "control_name": "AI risk management process"
43110
+ },
43111
+ {
43112
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
43113
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
43114
+ "control_name": "AI risk assessment"
43115
+ },
43116
+ {
43117
+ "id": "NIS2-Art21-patch-management",
43118
+ "framework": "EU NIS2 Directive",
43119
+ "control_name": "Vulnerability handling and disclosure"
43120
+ },
43121
+ {
43122
+ "id": "NIST-800-218-SSDF",
43123
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
43124
+ "control_name": "Secure Software Development Framework"
43125
+ },
43126
+ {
43127
+ "id": "NIST-800-53-AC-2",
43128
+ "framework": "NIST SP 800-53 Rev 5",
43129
+ "control_name": "Account Management"
43130
+ },
43131
+ {
43132
+ "id": "NIST-800-53-CM-7",
43133
+ "framework": "NIST SP 800-53 Rev 5",
43134
+ "control_name": "Least Functionality"
43135
+ },
43136
+ {
43137
+ "id": "NIST-800-53-SC-8",
43138
+ "framework": "NIST SP 800-53 Rev 5",
43139
+ "control_name": "Transmission Confidentiality and Integrity"
43140
+ },
43141
+ {
43142
+ "id": "NIST-800-53-SI-12",
43143
+ "framework": "NIST SP 800-53 Rev 5",
43144
+ "control_name": "Information Management and Retention"
43145
+ },
43146
+ {
43147
+ "id": "NIST-800-53-SI-2",
43148
+ "framework": "NIST SP 800-53 Rev 5",
43149
+ "control_name": "Flaw Remediation"
43150
+ },
43151
+ {
43152
+ "id": "NIST-800-53-SI-3",
43153
+ "framework": "NIST SP 800-53 Rev 5",
43154
+ "control_name": "Malicious Code Protection"
43155
+ },
43156
+ {
43157
+ "id": "NIST-AI-RMF-MEASURE-2.5",
43158
+ "framework": "NIST AI RMF 1.0",
43159
+ "control_name": "AI system to human interaction evaluation"
43160
+ },
43161
+ {
43162
+ "id": "OWASP-ASVS-v5.0-V14",
43163
+ "framework": "OWASP ASVS v5.0",
43164
+ "control_name": "Configuration verification"
43165
+ },
43166
+ {
43167
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
43168
+ "framework": "OWASP Top 10 for LLM Applications 2025",
43169
+ "control_name": "Prompt Injection"
43170
+ },
43171
+ {
43172
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
43173
+ "framework": "OWASP Top 10 for LLM Applications 2025",
43174
+ "control_name": "Sensitive Information Disclosure"
43175
+ },
43176
+ {
43177
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
43178
+ "framework": "OWASP Top 10 for LLM Applications 2025",
43179
+ "control_name": "Vector and Embedding Weaknesses"
43180
+ },
43181
+ {
43182
+ "id": "PCI-DSS-4.0-6.3.3",
43183
+ "framework": "PCI DSS 4.0",
43184
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
43185
+ },
43186
+ {
43187
+ "id": "SLSA-v1.0-Build-L3",
43188
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
43189
+ "control_name": "Hardened build platform with non-falsifiable provenance"
43190
+ },
43191
+ {
43192
+ "id": "SOC2-CC6-logical-access",
43193
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
43194
+ "control_name": "Logical and Physical Access Controls"
43195
+ }
43196
+ ],
43197
+ "attack_refs": [
43198
+ "T1059",
43199
+ "T1068",
43200
+ "T1078",
43201
+ "T1190",
43202
+ "T1505",
43203
+ "T1548.001",
43204
+ "T1565",
43205
+ "T1566",
43206
+ "T1567",
43207
+ "T1610",
43208
+ "T1611"
43209
+ ],
43210
+ "rfc_refs": [
43211
+ "RFC-4301",
43212
+ "RFC-4303",
43213
+ "RFC-6749",
43214
+ "RFC-7296",
43215
+ "RFC-7519",
43216
+ "RFC-8032",
43217
+ "RFC-8446",
43218
+ "RFC-8725",
43219
+ "RFC-9114",
43220
+ "RFC-9421",
43221
+ "RFC-9700"
43222
+ ]
43223
+ }
43224
+ },
43225
+ "CVE-2025-25297": {
43226
+ "name": "Label Studio S3 Storage Endpoint Server-Side Request Forgery",
43227
+ "rwep": 23,
43228
+ "cvss": 7.7,
43229
+ "cisa_kev": false,
43230
+ "epss_score": null,
43231
+ "referencing_skills": [
43232
+ "ai-attack-surface",
43233
+ "compliance-theater",
43234
+ "ai-c2-detection",
43235
+ "dlp-gap-analysis"
43236
+ ],
43237
+ "chain": {
43238
+ "cwes": [
43239
+ {
43240
+ "id": "CWE-1039",
43241
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
43242
+ "category": "AI/ML"
43243
+ },
43244
+ {
43245
+ "id": "CWE-1426",
43246
+ "name": "Improper Validation of Generative AI Output",
43247
+ "category": "AI/ML"
43248
+ },
43249
+ {
43250
+ "id": "CWE-200",
43251
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
43252
+ "category": "Information Exposure"
43253
+ },
43254
+ {
43255
+ "id": "CWE-94",
43256
+ "name": "Improper Control of Generation of Code (Code Injection)",
43257
+ "category": "Injection"
43258
+ }
43259
+ ],
43260
+ "atlas": [
43261
+ {
43262
+ "id": "AML.T0016",
43263
+ "name": "Obtain Capabilities: Develop Capabilities",
43264
+ "tactic": "Resource Development"
43265
+ },
43266
+ {
43267
+ "id": "AML.T0017",
43268
+ "name": "Discover ML Model Ontology",
43269
+ "tactic": "Discovery"
43270
+ },
43271
+ {
43272
+ "id": "AML.T0018",
43273
+ "name": "Backdoor ML Model",
43274
+ "tactic": "Persistence"
43275
+ },
43276
+ {
43277
+ "id": "AML.T0020",
43278
+ "name": "Poison Training Data",
43279
+ "tactic": "ML Attack Staging"
43280
+ },
43281
+ {
43282
+ "id": "AML.T0043",
43283
+ "name": "Craft Adversarial Data",
43284
+ "tactic": "ML Attack Staging"
43285
+ },
43286
+ {
43287
+ "id": "AML.T0051",
43288
+ "name": "LLM Prompt Injection",
43289
+ "tactic": "Execution"
43290
+ },
43291
+ {
43292
+ "id": "AML.T0054",
43293
+ "name": "LLM Jailbreak",
43294
+ "tactic": "Defense Evasion"
43295
+ },
43296
+ {
43297
+ "id": "AML.T0096",
43298
+ "name": "AI API as Covert C2 Channel",
43299
+ "tactic": "Command and Control"
43300
+ }
43301
+ ],
43302
+ "d3fend": [
43303
+ {
43304
+ "id": "D3-CA",
43305
+ "name": "Certificate Analysis",
43306
+ "tactic": "Detect"
43307
+ },
43308
+ {
43309
+ "id": "D3-CSPP",
43310
+ "name": "Client-server Payload Profiling",
43311
+ "tactic": "Detect"
43312
+ },
43313
+ {
43314
+ "id": "D3-DA",
43315
+ "name": "Domain Analysis",
43316
+ "tactic": "Detect"
43317
+ },
43318
+ {
43319
+ "id": "D3-EAL",
43320
+ "name": "Executable Allowlisting",
43321
+ "tactic": "Harden"
43322
+ },
43323
+ {
43324
+ "id": "D3-IOPR",
43325
+ "name": "Input/Output Profiling Resource",
43326
+ "tactic": "Detect"
43327
+ },
43328
+ {
43329
+ "id": "D3-NI",
43330
+ "name": "Network Isolation",
43331
+ "tactic": "Isolate"
43332
+ },
43333
+ {
43334
+ "id": "D3-NTA",
43335
+ "name": "Network Traffic Analysis",
43336
+ "tactic": "Detect"
43337
+ },
43338
+ {
43339
+ "id": "D3-NTPM",
43340
+ "name": "Network Traffic Policy Mapping",
43341
+ "tactic": "Model"
43342
+ }
43343
+ ],
43344
+ "framework_gaps": [
43345
+ {
43346
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
43347
+ "framework": "ALL",
43348
+ "control_name": "AI Pipeline Integrity"
43349
+ },
43350
+ {
43351
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
43352
+ "framework": "ALL",
43353
+ "control_name": "Prompt Injection as Access Control Failure"
43354
+ },
43355
+ {
43356
+ "id": "CMMC-2.0-Level-2",
43357
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
43358
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
43359
+ },
43360
+ {
43361
+ "id": "FedRAMP-Rev5-Moderate",
43362
+ "framework": "FedRAMP Rev 5 Moderate",
43363
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
43364
+ },
43365
+ {
43366
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
43367
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
43368
+ "control_name": "Access control standard (technical safeguards)"
43369
+ },
43370
+ {
43371
+ "id": "ISO-27001-2022-A.8.16",
43372
+ "framework": "ISO/IEC 27001:2022",
43373
+ "control_name": "Monitoring activities"
43374
+ },
43375
+ {
43376
+ "id": "ISO-27001-2022-A.8.28",
43377
+ "framework": "ISO/IEC 27001:2022",
43378
+ "control_name": "Secure coding"
43379
+ },
43380
+ {
43381
+ "id": "ISO-IEC-23894-2023-clause-7",
43382
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
43383
+ "control_name": "AI risk management process"
43384
+ },
43385
+ {
43386
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
43387
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
43388
+ "control_name": "AI risk assessment"
43389
+ },
43390
+ {
43391
+ "id": "NIST-800-53-AC-2",
43392
+ "framework": "NIST SP 800-53 Rev 5",
43393
+ "control_name": "Account Management"
43394
+ },
43395
+ {
43396
+ "id": "NIST-800-53-SC-28",
43397
+ "framework": "NIST SP 800-53 Rev 5",
43398
+ "control_name": "Protection of Information at Rest"
43399
+ },
43400
+ {
43401
+ "id": "NIST-800-53-SC-7",
43402
+ "framework": "NIST SP 800-53 Rev 5",
43403
+ "control_name": "Boundary Protection"
43404
+ },
43405
+ {
43406
+ "id": "NIST-800-53-SI-3",
43407
+ "framework": "NIST SP 800-53 Rev 5",
43408
+ "control_name": "Malicious Code Protection"
43409
+ },
43410
+ {
43411
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
43412
+ "framework": "OWASP Top 10 for LLM Applications 2025",
43413
+ "control_name": "Prompt Injection"
43414
+ },
43415
+ {
43416
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
43417
+ "framework": "OWASP Top 10 for LLM Applications 2025",
43418
+ "control_name": "Sensitive Information Disclosure"
43419
+ },
43420
+ {
43421
+ "id": "SOC2-CC6-logical-access",
43422
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
43423
+ "control_name": "Logical and Physical Access Controls"
43424
+ },
43425
+ {
43426
+ "id": "SOC2-CC7-anomaly-detection",
43427
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
43428
+ "control_name": "System Operations — Threat and Vulnerability Management"
43429
+ }
43430
+ ],
43431
+ "attack_refs": [
43432
+ "T1041",
43433
+ "T1059",
43434
+ "T1071",
43435
+ "T1102",
43436
+ "T1190",
43437
+ "T1213",
43438
+ "T1530",
43439
+ "T1566",
43440
+ "T1567",
43441
+ "T1568"
43442
+ ],
43443
+ "rfc_refs": [
43444
+ "RFC-8446",
43445
+ "RFC-9000",
43446
+ "RFC-9114",
43447
+ "RFC-9180",
43448
+ "RFC-9421",
43449
+ "RFC-9458"
43450
+ ]
43451
+ }
43452
+ },
43453
+ "CVE-2022-36551": {
43454
+ "name": "Label Studio Data Import Server-Side Request Forgery",
43455
+ "rwep": 21,
43456
+ "cvss": 6.5,
43457
+ "cisa_kev": false,
43458
+ "epss_score": null,
43459
+ "referencing_skills": [
43460
+ "ai-attack-surface",
43461
+ "compliance-theater",
43462
+ "ai-c2-detection",
43463
+ "dlp-gap-analysis"
43464
+ ],
43465
+ "chain": {
43466
+ "cwes": [
43467
+ {
43468
+ "id": "CWE-1039",
43469
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
43470
+ "category": "AI/ML"
43471
+ },
43472
+ {
43473
+ "id": "CWE-1426",
43474
+ "name": "Improper Validation of Generative AI Output",
43475
+ "category": "AI/ML"
43476
+ },
43477
+ {
43478
+ "id": "CWE-200",
43479
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
43480
+ "category": "Information Exposure"
43481
+ },
43482
+ {
43483
+ "id": "CWE-94",
43484
+ "name": "Improper Control of Generation of Code (Code Injection)",
43485
+ "category": "Injection"
43486
+ }
43487
+ ],
43488
+ "atlas": [
43489
+ {
43490
+ "id": "AML.T0016",
43491
+ "name": "Obtain Capabilities: Develop Capabilities",
43492
+ "tactic": "Resource Development"
43493
+ },
43494
+ {
43495
+ "id": "AML.T0017",
43496
+ "name": "Discover ML Model Ontology",
43497
+ "tactic": "Discovery"
43498
+ },
43499
+ {
43500
+ "id": "AML.T0018",
43501
+ "name": "Backdoor ML Model",
43502
+ "tactic": "Persistence"
43503
+ },
43504
+ {
43505
+ "id": "AML.T0020",
43506
+ "name": "Poison Training Data",
43507
+ "tactic": "ML Attack Staging"
43508
+ },
43509
+ {
43510
+ "id": "AML.T0043",
43511
+ "name": "Craft Adversarial Data",
43512
+ "tactic": "ML Attack Staging"
43513
+ },
43514
+ {
43515
+ "id": "AML.T0051",
43516
+ "name": "LLM Prompt Injection",
43517
+ "tactic": "Execution"
43518
+ },
43519
+ {
43520
+ "id": "AML.T0054",
43521
+ "name": "LLM Jailbreak",
43522
+ "tactic": "Defense Evasion"
43523
+ },
43524
+ {
43525
+ "id": "AML.T0096",
43526
+ "name": "AI API as Covert C2 Channel",
43527
+ "tactic": "Command and Control"
43528
+ }
43529
+ ],
43530
+ "d3fend": [
43531
+ {
43532
+ "id": "D3-CA",
43533
+ "name": "Certificate Analysis",
43534
+ "tactic": "Detect"
43535
+ },
43536
+ {
43537
+ "id": "D3-CSPP",
43538
+ "name": "Client-server Payload Profiling",
43539
+ "tactic": "Detect"
43540
+ },
43541
+ {
43542
+ "id": "D3-DA",
43543
+ "name": "Domain Analysis",
43544
+ "tactic": "Detect"
43545
+ },
43546
+ {
43547
+ "id": "D3-EAL",
43548
+ "name": "Executable Allowlisting",
43549
+ "tactic": "Harden"
43550
+ },
43551
+ {
43552
+ "id": "D3-IOPR",
43553
+ "name": "Input/Output Profiling Resource",
43554
+ "tactic": "Detect"
43555
+ },
43556
+ {
43557
+ "id": "D3-NI",
43558
+ "name": "Network Isolation",
43559
+ "tactic": "Isolate"
43560
+ },
43561
+ {
43562
+ "id": "D3-NTA",
43563
+ "name": "Network Traffic Analysis",
43564
+ "tactic": "Detect"
43565
+ },
43566
+ {
43567
+ "id": "D3-NTPM",
43568
+ "name": "Network Traffic Policy Mapping",
43569
+ "tactic": "Model"
43570
+ }
43571
+ ],
43572
+ "framework_gaps": [
43573
+ {
43574
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
43575
+ "framework": "ALL",
43576
+ "control_name": "AI Pipeline Integrity"
43577
+ },
43578
+ {
43579
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
43580
+ "framework": "ALL",
43581
+ "control_name": "Prompt Injection as Access Control Failure"
43582
+ },
43583
+ {
43584
+ "id": "CMMC-2.0-Level-2",
43585
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
43586
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
43587
+ },
43588
+ {
43589
+ "id": "FedRAMP-Rev5-Moderate",
43590
+ "framework": "FedRAMP Rev 5 Moderate",
43591
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
43592
+ },
43593
+ {
43594
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
43595
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
43596
+ "control_name": "Access control standard (technical safeguards)"
43597
+ },
43598
+ {
43599
+ "id": "ISO-27001-2022-A.8.16",
43600
+ "framework": "ISO/IEC 27001:2022",
43601
+ "control_name": "Monitoring activities"
43602
+ },
43603
+ {
43604
+ "id": "ISO-27001-2022-A.8.28",
43605
+ "framework": "ISO/IEC 27001:2022",
43606
+ "control_name": "Secure coding"
43607
+ },
43608
+ {
43609
+ "id": "ISO-IEC-23894-2023-clause-7",
43610
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
43611
+ "control_name": "AI risk management process"
43612
+ },
43613
+ {
43614
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
43615
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
43616
+ "control_name": "AI risk assessment"
43617
+ },
43618
+ {
43619
+ "id": "NIST-800-53-AC-2",
43620
+ "framework": "NIST SP 800-53 Rev 5",
43621
+ "control_name": "Account Management"
43622
+ },
43623
+ {
43624
+ "id": "NIST-800-53-SC-28",
43625
+ "framework": "NIST SP 800-53 Rev 5",
43626
+ "control_name": "Protection of Information at Rest"
43627
+ },
43628
+ {
43629
+ "id": "NIST-800-53-SC-7",
43630
+ "framework": "NIST SP 800-53 Rev 5",
43631
+ "control_name": "Boundary Protection"
43632
+ },
43633
+ {
43634
+ "id": "NIST-800-53-SI-3",
43635
+ "framework": "NIST SP 800-53 Rev 5",
43636
+ "control_name": "Malicious Code Protection"
43637
+ },
43638
+ {
43639
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
43640
+ "framework": "OWASP Top 10 for LLM Applications 2025",
43641
+ "control_name": "Prompt Injection"
43642
+ },
43643
+ {
43644
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
43645
+ "framework": "OWASP Top 10 for LLM Applications 2025",
43646
+ "control_name": "Sensitive Information Disclosure"
43647
+ },
43648
+ {
43649
+ "id": "SOC2-CC6-logical-access",
43650
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
43651
+ "control_name": "Logical and Physical Access Controls"
43652
+ },
43653
+ {
43654
+ "id": "SOC2-CC7-anomaly-detection",
43655
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
43656
+ "control_name": "System Operations — Threat and Vulnerability Management"
43657
+ }
43658
+ ],
43659
+ "attack_refs": [
43660
+ "T1041",
43661
+ "T1059",
43662
+ "T1071",
43663
+ "T1102",
43664
+ "T1190",
43665
+ "T1213",
43666
+ "T1530",
43667
+ "T1566",
43668
+ "T1567",
43669
+ "T1568"
43670
+ ],
43671
+ "rfc_refs": [
43672
+ "RFC-8446",
43673
+ "RFC-9000",
43674
+ "RFC-9114",
43675
+ "RFC-9180",
43676
+ "RFC-9421",
43677
+ "RFC-9458"
43678
+ ]
43679
+ }
43680
+ },
42459
43681
  "CVE-2026-41091": {
42460
43682
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
42461
43683
  "rwep": 45,
@@ -68858,6 +70080,8 @@
68858
70080
  "CVE-2024-3094",
68859
70081
  "CVE-2024-3154",
68860
70082
  "CVE-2024-37032",
70083
+ "CVE-2024-37052",
70084
+ "CVE-2024-37060",
68861
70085
  "CVE-2024-39722",
68862
70086
  "CVE-2024-42478",
68863
70087
  "CVE-2024-42479",
@@ -69111,6 +70335,8 @@
69111
70335
  "CVE-2024-2912",
69112
70336
  "CVE-2024-3094",
69113
70337
  "CVE-2024-3154",
70338
+ "CVE-2024-37052",
70339
+ "CVE-2024-37060",
69114
70340
  "CVE-2024-5565",
69115
70341
  "CVE-2025-0133",
69116
70342
  "CVE-2025-1094",
@@ -69282,6 +70508,8 @@
69282
70508
  "CVE-2024-27132",
69283
70509
  "CVE-2024-2912",
69284
70510
  "CVE-2024-37032",
70511
+ "CVE-2024-37052",
70512
+ "CVE-2024-37060",
69285
70513
  "CVE-2024-39722",
69286
70514
  "CVE-2024-42478",
69287
70515
  "CVE-2024-42479",
@@ -69490,6 +70718,8 @@
69490
70718
  "CVE-2024-27132",
69491
70719
  "CVE-2024-2912",
69492
70720
  "CVE-2024-37032",
70721
+ "CVE-2024-37052",
70722
+ "CVE-2024-37060",
69493
70723
  "CVE-2024-39722",
69494
70724
  "CVE-2024-42478",
69495
70725
  "CVE-2024-42479",
@@ -69712,6 +70942,8 @@
69712
70942
  "CVE-2024-27132",
69713
70943
  "CVE-2024-2912",
69714
70944
  "CVE-2024-37032",
70945
+ "CVE-2024-37052",
70946
+ "CVE-2024-37060",
69715
70947
  "CVE-2024-39722",
69716
70948
  "CVE-2024-42478",
69717
70949
  "CVE-2024-42479",
@@ -70014,6 +71246,7 @@
70014
71246
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
70015
71247
  "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
70016
71248
  "CVE-2022-1471",
71249
+ "CVE-2022-36551",
70017
71250
  "CVE-2023-43472",
70018
71251
  "CVE-2023-43654",
70019
71252
  "CVE-2023-44467",
@@ -70041,6 +71274,8 @@
70041
71274
  "CVE-2024-3094",
70042
71275
  "CVE-2024-3154",
70043
71276
  "CVE-2024-37032",
71277
+ "CVE-2024-37052",
71278
+ "CVE-2024-37060",
70044
71279
  "CVE-2024-39722",
70045
71280
  "CVE-2024-42478",
70046
71281
  "CVE-2024-42479",
@@ -70055,6 +71290,7 @@
70055
71290
  "CVE-2025-1753",
70056
71291
  "CVE-2025-23254",
70057
71292
  "CVE-2025-23266",
71293
+ "CVE-2025-25297",
70058
71294
  "CVE-2025-27520",
70059
71295
  "CVE-2025-30165",
70060
71296
  "CVE-2025-30202",
@@ -70323,6 +71559,8 @@
70323
71559
  "CVE-2024-27199",
70324
71560
  "CVE-2024-27443",
70325
71561
  "CVE-2024-37032",
71562
+ "CVE-2024-37052",
71563
+ "CVE-2024-37060",
70326
71564
  "CVE-2024-37079",
70327
71565
  "CVE-2024-39722",
70328
71566
  "CVE-2024-42009",
@@ -70788,6 +72026,7 @@
70788
72026
  "related_cves": [
70789
72027
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
70790
72028
  "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
72029
+ "CVE-2022-36551",
70791
72030
  "CVE-2023-43472",
70792
72031
  "CVE-2023-48022",
70793
72032
  "CVE-2023-51449",
@@ -70803,6 +72042,8 @@
70803
72042
  "CVE-2024-2912",
70804
72043
  "CVE-2024-3094",
70805
72044
  "CVE-2024-3154",
72045
+ "CVE-2024-37052",
72046
+ "CVE-2024-37060",
70806
72047
  "CVE-2024-40635",
70807
72048
  "CVE-2024-42478",
70808
72049
  "CVE-2024-42479",
@@ -70812,6 +72053,7 @@
70812
72053
  "CVE-2025-14847",
70813
72054
  "CVE-2025-22226",
70814
72055
  "CVE-2025-23266",
72056
+ "CVE-2025-25297",
70815
72057
  "CVE-2025-27520",
70816
72058
  "CVE-2025-30202",
70817
72059
  "CVE-2025-32444",
@@ -71193,6 +72435,8 @@
71193
72435
  "CVE-2024-3094",
71194
72436
  "CVE-2024-3154",
71195
72437
  "CVE-2024-37032",
72438
+ "CVE-2024-37052",
72439
+ "CVE-2024-37060",
71196
72440
  "CVE-2024-39722",
71197
72441
  "CVE-2024-42478",
71198
72442
  "CVE-2024-42479",
@@ -71840,6 +73084,8 @@
71840
73084
  "CVE-2024-3094",
71841
73085
  "CVE-2024-3154",
71842
73086
  "CVE-2024-37032",
73087
+ "CVE-2024-37052",
73088
+ "CVE-2024-37060",
71843
73089
  "CVE-2024-39722",
71844
73090
  "CVE-2024-42478",
71845
73091
  "CVE-2024-42479",
@@ -72836,6 +74082,8 @@
72836
74082
  "CVE-2024-3094",
72837
74083
  "CVE-2024-3154",
72838
74084
  "CVE-2024-37032",
74085
+ "CVE-2024-37052",
74086
+ "CVE-2024-37060",
72839
74087
  "CVE-2024-39722",
72840
74088
  "CVE-2024-42478",
72841
74089
  "CVE-2024-42479",
@@ -73125,6 +74373,8 @@
73125
74373
  "CVE-2024-27199",
73126
74374
  "CVE-2024-27443",
73127
74375
  "CVE-2024-37032",
74376
+ "CVE-2024-37052",
74377
+ "CVE-2024-37060",
73128
74378
  "CVE-2024-37079",
73129
74379
  "CVE-2024-39722",
73130
74380
  "CVE-2024-42009",
@@ -73583,6 +74833,8 @@
73583
74833
  "CVE-2024-27199",
73584
74834
  "CVE-2024-27443",
73585
74835
  "CVE-2024-37032",
74836
+ "CVE-2024-37052",
74837
+ "CVE-2024-37060",
73586
74838
  "CVE-2024-37079",
73587
74839
  "CVE-2024-39722",
73588
74840
  "CVE-2024-42009",
@@ -74072,6 +75324,8 @@
74072
75324
  "CVE-2024-3094",
74073
75325
  "CVE-2024-3154",
74074
75326
  "CVE-2024-37032",
75327
+ "CVE-2024-37052",
75328
+ "CVE-2024-37060",
74075
75329
  "CVE-2024-39722",
74076
75330
  "CVE-2024-42478",
74077
75331
  "CVE-2024-42479",
@@ -74537,6 +75791,8 @@
74537
75791
  "CVE-2024-24591",
74538
75792
  "CVE-2024-2912",
74539
75793
  "CVE-2024-3094",
75794
+ "CVE-2024-37052",
75795
+ "CVE-2024-37060",
74540
75796
  "CVE-2024-5565",
74541
75797
  "CVE-2025-0133",
74542
75798
  "CVE-2025-1094",
@@ -74931,6 +76187,8 @@
74931
76187
  "CVE-2024-27199",
74932
76188
  "CVE-2024-27443",
74933
76189
  "CVE-2024-37032",
76190
+ "CVE-2024-37052",
76191
+ "CVE-2024-37060",
74934
76192
  "CVE-2024-37079",
74935
76193
  "CVE-2024-39722",
74936
76194
  "CVE-2024-42009",
@@ -75484,6 +76742,8 @@
75484
76742
  "CVE-2024-3094",
75485
76743
  "CVE-2024-3154",
75486
76744
  "CVE-2024-37032",
76745
+ "CVE-2024-37052",
76746
+ "CVE-2024-37060",
75487
76747
  "CVE-2024-39722",
75488
76748
  "CVE-2024-42478",
75489
76749
  "CVE-2024-42479",
@@ -75858,6 +77118,8 @@
75858
77118
  "CVE-2024-3094",
75859
77119
  "CVE-2024-3154",
75860
77120
  "CVE-2024-37032",
77121
+ "CVE-2024-37052",
77122
+ "CVE-2024-37060",
75861
77123
  "CVE-2024-37079",
75862
77124
  "CVE-2024-39722",
75863
77125
  "CVE-2024-42009",
@@ -76800,6 +78062,8 @@
76800
78062
  "CVE-2024-2912",
76801
78063
  "CVE-2024-3094",
76802
78064
  "CVE-2024-3154",
78065
+ "CVE-2024-37052",
78066
+ "CVE-2024-37060",
76803
78067
  "CVE-2024-5565",
76804
78068
  "CVE-2025-0133",
76805
78069
  "CVE-2025-1094",
@@ -77092,6 +78356,8 @@
77092
78356
  "CVE-2024-24591",
77093
78357
  "CVE-2024-2912",
77094
78358
  "CVE-2024-3094",
78359
+ "CVE-2024-37052",
78360
+ "CVE-2024-37060",
77095
78361
  "CVE-2024-5565",
77096
78362
  "CVE-2025-0133",
77097
78363
  "CVE-2025-1094",
@@ -77432,6 +78698,8 @@
77432
78698
  "CVE-2024-3094",
77433
78699
  "CVE-2024-3154",
77434
78700
  "CVE-2024-37032",
78701
+ "CVE-2024-37052",
78702
+ "CVE-2024-37060",
77435
78703
  "CVE-2024-39722",
77436
78704
  "CVE-2024-42478",
77437
78705
  "CVE-2024-42479",
@@ -77759,6 +79027,7 @@
77759
79027
  "related_cves": [
77760
79028
  "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
77761
79029
  "CVE-2022-1471",
79030
+ "CVE-2022-36551",
77762
79031
  "CVE-2023-43472",
77763
79032
  "CVE-2023-43654",
77764
79033
  "CVE-2023-44467",
@@ -77784,6 +79053,8 @@
77784
79053
  "CVE-2024-27132",
77785
79054
  "CVE-2024-2912",
77786
79055
  "CVE-2024-37032",
79056
+ "CVE-2024-37052",
79057
+ "CVE-2024-37060",
77787
79058
  "CVE-2024-39722",
77788
79059
  "CVE-2024-42478",
77789
79060
  "CVE-2024-42479",
@@ -77798,6 +79069,7 @@
77798
79069
  "CVE-2025-1753",
77799
79070
  "CVE-2025-23254",
77800
79071
  "CVE-2025-23266",
79072
+ "CVE-2025-25297",
77801
79073
  "CVE-2025-27520",
77802
79074
  "CVE-2025-30165",
77803
79075
  "CVE-2025-30202",
@@ -78000,6 +79272,8 @@
78000
79272
  "CVE-2024-2912",
78001
79273
  "CVE-2024-3094",
78002
79274
  "CVE-2024-3154",
79275
+ "CVE-2024-37052",
79276
+ "CVE-2024-37060",
78003
79277
  "CVE-2024-5565",
78004
79278
  "CVE-2025-0133",
78005
79279
  "CVE-2025-1094",
@@ -78739,6 +80013,8 @@
78739
80013
  "CVE-2024-3094",
78740
80014
  "CVE-2024-3154",
78741
80015
  "CVE-2024-37032",
80016
+ "CVE-2024-37052",
80017
+ "CVE-2024-37060",
78742
80018
  "CVE-2024-39722",
78743
80019
  "CVE-2024-42478",
78744
80020
  "CVE-2024-42479",
@@ -79052,6 +80328,7 @@
79052
80328
  "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
79053
80329
  "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
79054
80330
  "CVE-2022-1471",
80331
+ "CVE-2022-36551",
79055
80332
  "CVE-2023-43472",
79056
80333
  "CVE-2023-43654",
79057
80334
  "CVE-2023-44467",
@@ -79078,6 +80355,8 @@
79078
80355
  "CVE-2024-2912",
79079
80356
  "CVE-2024-3094",
79080
80357
  "CVE-2024-37032",
80358
+ "CVE-2024-37052",
80359
+ "CVE-2024-37060",
79081
80360
  "CVE-2024-39722",
79082
80361
  "CVE-2024-40635",
79083
80362
  "CVE-2024-42478",
@@ -79095,6 +80374,7 @@
79095
80374
  "CVE-2025-22226",
79096
80375
  "CVE-2025-23254",
79097
80376
  "CVE-2025-23266",
80377
+ "CVE-2025-25297",
79098
80378
  "CVE-2025-27520",
79099
80379
  "CVE-2025-30165",
79100
80380
  "CVE-2025-30202",