@blamejs/exceptd-skills 0.13.107 → 0.13.109
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +940 -0
- package/data/atlas-ttps.json +4 -0
- package/data/attack-techniques.json +12 -1
- package/data/cve-catalog.json +414 -1
- package/data/cwe-catalog.json +4 -0
- package/data/framework-control-gaps.json +37 -1
- package/data/zeroday-lessons.json +200 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
|
@@ -43222,6 +43222,928 @@
|
|
|
43222
43222
|
]
|
|
43223
43223
|
}
|
|
43224
43224
|
},
|
|
43225
|
+
"CVE-2025-25297": {
|
|
43226
|
+
"name": "Label Studio S3 Storage Endpoint Server-Side Request Forgery",
|
|
43227
|
+
"rwep": 23,
|
|
43228
|
+
"cvss": 7.7,
|
|
43229
|
+
"cisa_kev": false,
|
|
43230
|
+
"epss_score": null,
|
|
43231
|
+
"referencing_skills": [
|
|
43232
|
+
"ai-attack-surface",
|
|
43233
|
+
"compliance-theater",
|
|
43234
|
+
"ai-c2-detection",
|
|
43235
|
+
"dlp-gap-analysis"
|
|
43236
|
+
],
|
|
43237
|
+
"chain": {
|
|
43238
|
+
"cwes": [
|
|
43239
|
+
{
|
|
43240
|
+
"id": "CWE-1039",
|
|
43241
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
43242
|
+
"category": "AI/ML"
|
|
43243
|
+
},
|
|
43244
|
+
{
|
|
43245
|
+
"id": "CWE-1426",
|
|
43246
|
+
"name": "Improper Validation of Generative AI Output",
|
|
43247
|
+
"category": "AI/ML"
|
|
43248
|
+
},
|
|
43249
|
+
{
|
|
43250
|
+
"id": "CWE-200",
|
|
43251
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
43252
|
+
"category": "Information Exposure"
|
|
43253
|
+
},
|
|
43254
|
+
{
|
|
43255
|
+
"id": "CWE-94",
|
|
43256
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
43257
|
+
"category": "Injection"
|
|
43258
|
+
}
|
|
43259
|
+
],
|
|
43260
|
+
"atlas": [
|
|
43261
|
+
{
|
|
43262
|
+
"id": "AML.T0016",
|
|
43263
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
43264
|
+
"tactic": "Resource Development"
|
|
43265
|
+
},
|
|
43266
|
+
{
|
|
43267
|
+
"id": "AML.T0017",
|
|
43268
|
+
"name": "Discover ML Model Ontology",
|
|
43269
|
+
"tactic": "Discovery"
|
|
43270
|
+
},
|
|
43271
|
+
{
|
|
43272
|
+
"id": "AML.T0018",
|
|
43273
|
+
"name": "Backdoor ML Model",
|
|
43274
|
+
"tactic": "Persistence"
|
|
43275
|
+
},
|
|
43276
|
+
{
|
|
43277
|
+
"id": "AML.T0020",
|
|
43278
|
+
"name": "Poison Training Data",
|
|
43279
|
+
"tactic": "ML Attack Staging"
|
|
43280
|
+
},
|
|
43281
|
+
{
|
|
43282
|
+
"id": "AML.T0043",
|
|
43283
|
+
"name": "Craft Adversarial Data",
|
|
43284
|
+
"tactic": "ML Attack Staging"
|
|
43285
|
+
},
|
|
43286
|
+
{
|
|
43287
|
+
"id": "AML.T0051",
|
|
43288
|
+
"name": "LLM Prompt Injection",
|
|
43289
|
+
"tactic": "Execution"
|
|
43290
|
+
},
|
|
43291
|
+
{
|
|
43292
|
+
"id": "AML.T0054",
|
|
43293
|
+
"name": "LLM Jailbreak",
|
|
43294
|
+
"tactic": "Defense Evasion"
|
|
43295
|
+
},
|
|
43296
|
+
{
|
|
43297
|
+
"id": "AML.T0096",
|
|
43298
|
+
"name": "AI API as Covert C2 Channel",
|
|
43299
|
+
"tactic": "Command and Control"
|
|
43300
|
+
}
|
|
43301
|
+
],
|
|
43302
|
+
"d3fend": [
|
|
43303
|
+
{
|
|
43304
|
+
"id": "D3-CA",
|
|
43305
|
+
"name": "Certificate Analysis",
|
|
43306
|
+
"tactic": "Detect"
|
|
43307
|
+
},
|
|
43308
|
+
{
|
|
43309
|
+
"id": "D3-CSPP",
|
|
43310
|
+
"name": "Client-server Payload Profiling",
|
|
43311
|
+
"tactic": "Detect"
|
|
43312
|
+
},
|
|
43313
|
+
{
|
|
43314
|
+
"id": "D3-DA",
|
|
43315
|
+
"name": "Domain Analysis",
|
|
43316
|
+
"tactic": "Detect"
|
|
43317
|
+
},
|
|
43318
|
+
{
|
|
43319
|
+
"id": "D3-EAL",
|
|
43320
|
+
"name": "Executable Allowlisting",
|
|
43321
|
+
"tactic": "Harden"
|
|
43322
|
+
},
|
|
43323
|
+
{
|
|
43324
|
+
"id": "D3-IOPR",
|
|
43325
|
+
"name": "Input/Output Profiling Resource",
|
|
43326
|
+
"tactic": "Detect"
|
|
43327
|
+
},
|
|
43328
|
+
{
|
|
43329
|
+
"id": "D3-NI",
|
|
43330
|
+
"name": "Network Isolation",
|
|
43331
|
+
"tactic": "Isolate"
|
|
43332
|
+
},
|
|
43333
|
+
{
|
|
43334
|
+
"id": "D3-NTA",
|
|
43335
|
+
"name": "Network Traffic Analysis",
|
|
43336
|
+
"tactic": "Detect"
|
|
43337
|
+
},
|
|
43338
|
+
{
|
|
43339
|
+
"id": "D3-NTPM",
|
|
43340
|
+
"name": "Network Traffic Policy Mapping",
|
|
43341
|
+
"tactic": "Model"
|
|
43342
|
+
}
|
|
43343
|
+
],
|
|
43344
|
+
"framework_gaps": [
|
|
43345
|
+
{
|
|
43346
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
43347
|
+
"framework": "ALL",
|
|
43348
|
+
"control_name": "AI Pipeline Integrity"
|
|
43349
|
+
},
|
|
43350
|
+
{
|
|
43351
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
43352
|
+
"framework": "ALL",
|
|
43353
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
43354
|
+
},
|
|
43355
|
+
{
|
|
43356
|
+
"id": "CMMC-2.0-Level-2",
|
|
43357
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
43358
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
43359
|
+
},
|
|
43360
|
+
{
|
|
43361
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
43362
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
43363
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
43364
|
+
},
|
|
43365
|
+
{
|
|
43366
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
43367
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
43368
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
43369
|
+
},
|
|
43370
|
+
{
|
|
43371
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
43372
|
+
"framework": "ISO/IEC 27001:2022",
|
|
43373
|
+
"control_name": "Monitoring activities"
|
|
43374
|
+
},
|
|
43375
|
+
{
|
|
43376
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
43377
|
+
"framework": "ISO/IEC 27001:2022",
|
|
43378
|
+
"control_name": "Secure coding"
|
|
43379
|
+
},
|
|
43380
|
+
{
|
|
43381
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
43382
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
43383
|
+
"control_name": "AI risk management process"
|
|
43384
|
+
},
|
|
43385
|
+
{
|
|
43386
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
43387
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
43388
|
+
"control_name": "AI risk assessment"
|
|
43389
|
+
},
|
|
43390
|
+
{
|
|
43391
|
+
"id": "NIST-800-53-AC-2",
|
|
43392
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
43393
|
+
"control_name": "Account Management"
|
|
43394
|
+
},
|
|
43395
|
+
{
|
|
43396
|
+
"id": "NIST-800-53-SC-28",
|
|
43397
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
43398
|
+
"control_name": "Protection of Information at Rest"
|
|
43399
|
+
},
|
|
43400
|
+
{
|
|
43401
|
+
"id": "NIST-800-53-SC-7",
|
|
43402
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
43403
|
+
"control_name": "Boundary Protection"
|
|
43404
|
+
},
|
|
43405
|
+
{
|
|
43406
|
+
"id": "NIST-800-53-SI-3",
|
|
43407
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
43408
|
+
"control_name": "Malicious Code Protection"
|
|
43409
|
+
},
|
|
43410
|
+
{
|
|
43411
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
43412
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
43413
|
+
"control_name": "Prompt Injection"
|
|
43414
|
+
},
|
|
43415
|
+
{
|
|
43416
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
43417
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
43418
|
+
"control_name": "Sensitive Information Disclosure"
|
|
43419
|
+
},
|
|
43420
|
+
{
|
|
43421
|
+
"id": "SOC2-CC6-logical-access",
|
|
43422
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
43423
|
+
"control_name": "Logical and Physical Access Controls"
|
|
43424
|
+
},
|
|
43425
|
+
{
|
|
43426
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
43427
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
43428
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
43429
|
+
}
|
|
43430
|
+
],
|
|
43431
|
+
"attack_refs": [
|
|
43432
|
+
"T1041",
|
|
43433
|
+
"T1059",
|
|
43434
|
+
"T1071",
|
|
43435
|
+
"T1102",
|
|
43436
|
+
"T1190",
|
|
43437
|
+
"T1213",
|
|
43438
|
+
"T1530",
|
|
43439
|
+
"T1566",
|
|
43440
|
+
"T1567",
|
|
43441
|
+
"T1568"
|
|
43442
|
+
],
|
|
43443
|
+
"rfc_refs": [
|
|
43444
|
+
"RFC-8446",
|
|
43445
|
+
"RFC-9000",
|
|
43446
|
+
"RFC-9114",
|
|
43447
|
+
"RFC-9180",
|
|
43448
|
+
"RFC-9421",
|
|
43449
|
+
"RFC-9458"
|
|
43450
|
+
]
|
|
43451
|
+
}
|
|
43452
|
+
},
|
|
43453
|
+
"CVE-2022-36551": {
|
|
43454
|
+
"name": "Label Studio Data Import Server-Side Request Forgery",
|
|
43455
|
+
"rwep": 21,
|
|
43456
|
+
"cvss": 6.5,
|
|
43457
|
+
"cisa_kev": false,
|
|
43458
|
+
"epss_score": null,
|
|
43459
|
+
"referencing_skills": [
|
|
43460
|
+
"ai-attack-surface",
|
|
43461
|
+
"compliance-theater",
|
|
43462
|
+
"ai-c2-detection",
|
|
43463
|
+
"dlp-gap-analysis"
|
|
43464
|
+
],
|
|
43465
|
+
"chain": {
|
|
43466
|
+
"cwes": [
|
|
43467
|
+
{
|
|
43468
|
+
"id": "CWE-1039",
|
|
43469
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
43470
|
+
"category": "AI/ML"
|
|
43471
|
+
},
|
|
43472
|
+
{
|
|
43473
|
+
"id": "CWE-1426",
|
|
43474
|
+
"name": "Improper Validation of Generative AI Output",
|
|
43475
|
+
"category": "AI/ML"
|
|
43476
|
+
},
|
|
43477
|
+
{
|
|
43478
|
+
"id": "CWE-200",
|
|
43479
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
43480
|
+
"category": "Information Exposure"
|
|
43481
|
+
},
|
|
43482
|
+
{
|
|
43483
|
+
"id": "CWE-94",
|
|
43484
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
43485
|
+
"category": "Injection"
|
|
43486
|
+
}
|
|
43487
|
+
],
|
|
43488
|
+
"atlas": [
|
|
43489
|
+
{
|
|
43490
|
+
"id": "AML.T0016",
|
|
43491
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
43492
|
+
"tactic": "Resource Development"
|
|
43493
|
+
},
|
|
43494
|
+
{
|
|
43495
|
+
"id": "AML.T0017",
|
|
43496
|
+
"name": "Discover ML Model Ontology",
|
|
43497
|
+
"tactic": "Discovery"
|
|
43498
|
+
},
|
|
43499
|
+
{
|
|
43500
|
+
"id": "AML.T0018",
|
|
43501
|
+
"name": "Backdoor ML Model",
|
|
43502
|
+
"tactic": "Persistence"
|
|
43503
|
+
},
|
|
43504
|
+
{
|
|
43505
|
+
"id": "AML.T0020",
|
|
43506
|
+
"name": "Poison Training Data",
|
|
43507
|
+
"tactic": "ML Attack Staging"
|
|
43508
|
+
},
|
|
43509
|
+
{
|
|
43510
|
+
"id": "AML.T0043",
|
|
43511
|
+
"name": "Craft Adversarial Data",
|
|
43512
|
+
"tactic": "ML Attack Staging"
|
|
43513
|
+
},
|
|
43514
|
+
{
|
|
43515
|
+
"id": "AML.T0051",
|
|
43516
|
+
"name": "LLM Prompt Injection",
|
|
43517
|
+
"tactic": "Execution"
|
|
43518
|
+
},
|
|
43519
|
+
{
|
|
43520
|
+
"id": "AML.T0054",
|
|
43521
|
+
"name": "LLM Jailbreak",
|
|
43522
|
+
"tactic": "Defense Evasion"
|
|
43523
|
+
},
|
|
43524
|
+
{
|
|
43525
|
+
"id": "AML.T0096",
|
|
43526
|
+
"name": "AI API as Covert C2 Channel",
|
|
43527
|
+
"tactic": "Command and Control"
|
|
43528
|
+
}
|
|
43529
|
+
],
|
|
43530
|
+
"d3fend": [
|
|
43531
|
+
{
|
|
43532
|
+
"id": "D3-CA",
|
|
43533
|
+
"name": "Certificate Analysis",
|
|
43534
|
+
"tactic": "Detect"
|
|
43535
|
+
},
|
|
43536
|
+
{
|
|
43537
|
+
"id": "D3-CSPP",
|
|
43538
|
+
"name": "Client-server Payload Profiling",
|
|
43539
|
+
"tactic": "Detect"
|
|
43540
|
+
},
|
|
43541
|
+
{
|
|
43542
|
+
"id": "D3-DA",
|
|
43543
|
+
"name": "Domain Analysis",
|
|
43544
|
+
"tactic": "Detect"
|
|
43545
|
+
},
|
|
43546
|
+
{
|
|
43547
|
+
"id": "D3-EAL",
|
|
43548
|
+
"name": "Executable Allowlisting",
|
|
43549
|
+
"tactic": "Harden"
|
|
43550
|
+
},
|
|
43551
|
+
{
|
|
43552
|
+
"id": "D3-IOPR",
|
|
43553
|
+
"name": "Input/Output Profiling Resource",
|
|
43554
|
+
"tactic": "Detect"
|
|
43555
|
+
},
|
|
43556
|
+
{
|
|
43557
|
+
"id": "D3-NI",
|
|
43558
|
+
"name": "Network Isolation",
|
|
43559
|
+
"tactic": "Isolate"
|
|
43560
|
+
},
|
|
43561
|
+
{
|
|
43562
|
+
"id": "D3-NTA",
|
|
43563
|
+
"name": "Network Traffic Analysis",
|
|
43564
|
+
"tactic": "Detect"
|
|
43565
|
+
},
|
|
43566
|
+
{
|
|
43567
|
+
"id": "D3-NTPM",
|
|
43568
|
+
"name": "Network Traffic Policy Mapping",
|
|
43569
|
+
"tactic": "Model"
|
|
43570
|
+
}
|
|
43571
|
+
],
|
|
43572
|
+
"framework_gaps": [
|
|
43573
|
+
{
|
|
43574
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
43575
|
+
"framework": "ALL",
|
|
43576
|
+
"control_name": "AI Pipeline Integrity"
|
|
43577
|
+
},
|
|
43578
|
+
{
|
|
43579
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
43580
|
+
"framework": "ALL",
|
|
43581
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
43582
|
+
},
|
|
43583
|
+
{
|
|
43584
|
+
"id": "CMMC-2.0-Level-2",
|
|
43585
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
43586
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
43587
|
+
},
|
|
43588
|
+
{
|
|
43589
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
43590
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
43591
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
43592
|
+
},
|
|
43593
|
+
{
|
|
43594
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
43595
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
43596
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
43597
|
+
},
|
|
43598
|
+
{
|
|
43599
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
43600
|
+
"framework": "ISO/IEC 27001:2022",
|
|
43601
|
+
"control_name": "Monitoring activities"
|
|
43602
|
+
},
|
|
43603
|
+
{
|
|
43604
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
43605
|
+
"framework": "ISO/IEC 27001:2022",
|
|
43606
|
+
"control_name": "Secure coding"
|
|
43607
|
+
},
|
|
43608
|
+
{
|
|
43609
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
43610
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
43611
|
+
"control_name": "AI risk management process"
|
|
43612
|
+
},
|
|
43613
|
+
{
|
|
43614
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
43615
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
43616
|
+
"control_name": "AI risk assessment"
|
|
43617
|
+
},
|
|
43618
|
+
{
|
|
43619
|
+
"id": "NIST-800-53-AC-2",
|
|
43620
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
43621
|
+
"control_name": "Account Management"
|
|
43622
|
+
},
|
|
43623
|
+
{
|
|
43624
|
+
"id": "NIST-800-53-SC-28",
|
|
43625
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
43626
|
+
"control_name": "Protection of Information at Rest"
|
|
43627
|
+
},
|
|
43628
|
+
{
|
|
43629
|
+
"id": "NIST-800-53-SC-7",
|
|
43630
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
43631
|
+
"control_name": "Boundary Protection"
|
|
43632
|
+
},
|
|
43633
|
+
{
|
|
43634
|
+
"id": "NIST-800-53-SI-3",
|
|
43635
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
43636
|
+
"control_name": "Malicious Code Protection"
|
|
43637
|
+
},
|
|
43638
|
+
{
|
|
43639
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
43640
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
43641
|
+
"control_name": "Prompt Injection"
|
|
43642
|
+
},
|
|
43643
|
+
{
|
|
43644
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
43645
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
43646
|
+
"control_name": "Sensitive Information Disclosure"
|
|
43647
|
+
},
|
|
43648
|
+
{
|
|
43649
|
+
"id": "SOC2-CC6-logical-access",
|
|
43650
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
43651
|
+
"control_name": "Logical and Physical Access Controls"
|
|
43652
|
+
},
|
|
43653
|
+
{
|
|
43654
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
43655
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
43656
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
43657
|
+
}
|
|
43658
|
+
],
|
|
43659
|
+
"attack_refs": [
|
|
43660
|
+
"T1041",
|
|
43661
|
+
"T1059",
|
|
43662
|
+
"T1071",
|
|
43663
|
+
"T1102",
|
|
43664
|
+
"T1190",
|
|
43665
|
+
"T1213",
|
|
43666
|
+
"T1530",
|
|
43667
|
+
"T1566",
|
|
43668
|
+
"T1567",
|
|
43669
|
+
"T1568"
|
|
43670
|
+
],
|
|
43671
|
+
"rfc_refs": [
|
|
43672
|
+
"RFC-8446",
|
|
43673
|
+
"RFC-9000",
|
|
43674
|
+
"RFC-9114",
|
|
43675
|
+
"RFC-9180",
|
|
43676
|
+
"RFC-9421",
|
|
43677
|
+
"RFC-9458"
|
|
43678
|
+
]
|
|
43679
|
+
}
|
|
43680
|
+
},
|
|
43681
|
+
"CVE-2023-47117": {
|
|
43682
|
+
"name": "Label Studio ORM Filter Manipulation Sensitive-Field Disclosure",
|
|
43683
|
+
"rwep": 23,
|
|
43684
|
+
"cvss": 7.5,
|
|
43685
|
+
"cisa_kev": false,
|
|
43686
|
+
"epss_score": null,
|
|
43687
|
+
"referencing_skills": [
|
|
43688
|
+
"ai-attack-surface",
|
|
43689
|
+
"compliance-theater",
|
|
43690
|
+
"pqc-first",
|
|
43691
|
+
"dlp-gap-analysis"
|
|
43692
|
+
],
|
|
43693
|
+
"chain": {
|
|
43694
|
+
"cwes": [
|
|
43695
|
+
{
|
|
43696
|
+
"id": "CWE-1039",
|
|
43697
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
43698
|
+
"category": "AI/ML"
|
|
43699
|
+
},
|
|
43700
|
+
{
|
|
43701
|
+
"id": "CWE-1426",
|
|
43702
|
+
"name": "Improper Validation of Generative AI Output",
|
|
43703
|
+
"category": "AI/ML"
|
|
43704
|
+
},
|
|
43705
|
+
{
|
|
43706
|
+
"id": "CWE-200",
|
|
43707
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
43708
|
+
"category": "Information Exposure"
|
|
43709
|
+
},
|
|
43710
|
+
{
|
|
43711
|
+
"id": "CWE-327",
|
|
43712
|
+
"name": "Use of a Broken or Risky Cryptographic Algorithm",
|
|
43713
|
+
"category": "Cryptography"
|
|
43714
|
+
},
|
|
43715
|
+
{
|
|
43716
|
+
"id": "CWE-94",
|
|
43717
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
43718
|
+
"category": "Injection"
|
|
43719
|
+
}
|
|
43720
|
+
],
|
|
43721
|
+
"atlas": [
|
|
43722
|
+
{
|
|
43723
|
+
"id": "AML.T0016",
|
|
43724
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
43725
|
+
"tactic": "Resource Development"
|
|
43726
|
+
},
|
|
43727
|
+
{
|
|
43728
|
+
"id": "AML.T0017",
|
|
43729
|
+
"name": "Discover ML Model Ontology",
|
|
43730
|
+
"tactic": "Discovery"
|
|
43731
|
+
},
|
|
43732
|
+
{
|
|
43733
|
+
"id": "AML.T0018",
|
|
43734
|
+
"name": "Backdoor ML Model",
|
|
43735
|
+
"tactic": "Persistence"
|
|
43736
|
+
},
|
|
43737
|
+
{
|
|
43738
|
+
"id": "AML.T0020",
|
|
43739
|
+
"name": "Poison Training Data",
|
|
43740
|
+
"tactic": "ML Attack Staging"
|
|
43741
|
+
},
|
|
43742
|
+
{
|
|
43743
|
+
"id": "AML.T0043",
|
|
43744
|
+
"name": "Craft Adversarial Data",
|
|
43745
|
+
"tactic": "ML Attack Staging"
|
|
43746
|
+
},
|
|
43747
|
+
{
|
|
43748
|
+
"id": "AML.T0051",
|
|
43749
|
+
"name": "LLM Prompt Injection",
|
|
43750
|
+
"tactic": "Execution"
|
|
43751
|
+
},
|
|
43752
|
+
{
|
|
43753
|
+
"id": "AML.T0054",
|
|
43754
|
+
"name": "LLM Jailbreak",
|
|
43755
|
+
"tactic": "Defense Evasion"
|
|
43756
|
+
},
|
|
43757
|
+
{
|
|
43758
|
+
"id": "AML.T0096",
|
|
43759
|
+
"name": "AI API as Covert C2 Channel",
|
|
43760
|
+
"tactic": "Command and Control"
|
|
43761
|
+
}
|
|
43762
|
+
],
|
|
43763
|
+
"d3fend": [
|
|
43764
|
+
{
|
|
43765
|
+
"id": "D3-CSPP",
|
|
43766
|
+
"name": "Client-server Payload Profiling",
|
|
43767
|
+
"tactic": "Detect"
|
|
43768
|
+
},
|
|
43769
|
+
{
|
|
43770
|
+
"id": "D3-EAL",
|
|
43771
|
+
"name": "Executable Allowlisting",
|
|
43772
|
+
"tactic": "Harden"
|
|
43773
|
+
},
|
|
43774
|
+
{
|
|
43775
|
+
"id": "D3-FE",
|
|
43776
|
+
"name": "File Encryption",
|
|
43777
|
+
"tactic": "Harden"
|
|
43778
|
+
},
|
|
43779
|
+
{
|
|
43780
|
+
"id": "D3-IOPR",
|
|
43781
|
+
"name": "Input/Output Profiling Resource",
|
|
43782
|
+
"tactic": "Detect"
|
|
43783
|
+
},
|
|
43784
|
+
{
|
|
43785
|
+
"id": "D3-MENCR",
|
|
43786
|
+
"name": "Message Encryption",
|
|
43787
|
+
"tactic": "Harden"
|
|
43788
|
+
},
|
|
43789
|
+
{
|
|
43790
|
+
"id": "D3-NTA",
|
|
43791
|
+
"name": "Network Traffic Analysis",
|
|
43792
|
+
"tactic": "Detect"
|
|
43793
|
+
},
|
|
43794
|
+
{
|
|
43795
|
+
"id": "D3-NTPM",
|
|
43796
|
+
"name": "Network Traffic Policy Mapping",
|
|
43797
|
+
"tactic": "Model"
|
|
43798
|
+
}
|
|
43799
|
+
],
|
|
43800
|
+
"framework_gaps": [
|
|
43801
|
+
{
|
|
43802
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
43803
|
+
"framework": "ALL",
|
|
43804
|
+
"control_name": "AI Pipeline Integrity"
|
|
43805
|
+
},
|
|
43806
|
+
{
|
|
43807
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
43808
|
+
"framework": "ALL",
|
|
43809
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
43810
|
+
},
|
|
43811
|
+
{
|
|
43812
|
+
"id": "CMMC-2.0-Level-2",
|
|
43813
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
43814
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
43815
|
+
},
|
|
43816
|
+
{
|
|
43817
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
43818
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
43819
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
43820
|
+
},
|
|
43821
|
+
{
|
|
43822
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
43823
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
43824
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
43825
|
+
},
|
|
43826
|
+
{
|
|
43827
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
43828
|
+
"framework": "ISO/IEC 27001:2022",
|
|
43829
|
+
"control_name": "Monitoring activities"
|
|
43830
|
+
},
|
|
43831
|
+
{
|
|
43832
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
43833
|
+
"framework": "ISO/IEC 27001:2022",
|
|
43834
|
+
"control_name": "Secure coding"
|
|
43835
|
+
},
|
|
43836
|
+
{
|
|
43837
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
43838
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
43839
|
+
"control_name": "AI risk management process"
|
|
43840
|
+
},
|
|
43841
|
+
{
|
|
43842
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
43843
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
43844
|
+
"control_name": "AI risk assessment"
|
|
43845
|
+
},
|
|
43846
|
+
{
|
|
43847
|
+
"id": "NIST-800-53-AC-2",
|
|
43848
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
43849
|
+
"control_name": "Account Management"
|
|
43850
|
+
},
|
|
43851
|
+
{
|
|
43852
|
+
"id": "NIST-800-53-SC-28",
|
|
43853
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
43854
|
+
"control_name": "Protection of Information at Rest"
|
|
43855
|
+
},
|
|
43856
|
+
{
|
|
43857
|
+
"id": "NIST-800-53-SC-7",
|
|
43858
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
43859
|
+
"control_name": "Boundary Protection"
|
|
43860
|
+
},
|
|
43861
|
+
{
|
|
43862
|
+
"id": "NIST-800-53-SC-8",
|
|
43863
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
43864
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
43865
|
+
},
|
|
43866
|
+
{
|
|
43867
|
+
"id": "NIST-800-53-SI-3",
|
|
43868
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
43869
|
+
"control_name": "Malicious Code Protection"
|
|
43870
|
+
},
|
|
43871
|
+
{
|
|
43872
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
43873
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
43874
|
+
"control_name": "Prompt Injection"
|
|
43875
|
+
},
|
|
43876
|
+
{
|
|
43877
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
43878
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
43879
|
+
"control_name": "Sensitive Information Disclosure"
|
|
43880
|
+
},
|
|
43881
|
+
{
|
|
43882
|
+
"id": "SOC2-CC6-logical-access",
|
|
43883
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
43884
|
+
"control_name": "Logical and Physical Access Controls"
|
|
43885
|
+
},
|
|
43886
|
+
{
|
|
43887
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
43888
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
43889
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
43890
|
+
}
|
|
43891
|
+
],
|
|
43892
|
+
"attack_refs": [
|
|
43893
|
+
"T1041",
|
|
43894
|
+
"T1059",
|
|
43895
|
+
"T1190",
|
|
43896
|
+
"T1213",
|
|
43897
|
+
"T1530",
|
|
43898
|
+
"T1566",
|
|
43899
|
+
"T1567"
|
|
43900
|
+
],
|
|
43901
|
+
"rfc_refs": [
|
|
43902
|
+
"DRAFT-IETF-TLS-ECDHE-MLKEM",
|
|
43903
|
+
"DRAFT-IETF-TLS-HYBRID-DESIGN",
|
|
43904
|
+
"RFC-8032",
|
|
43905
|
+
"RFC-8446",
|
|
43906
|
+
"RFC-9106",
|
|
43907
|
+
"RFC-9180",
|
|
43908
|
+
"RFC-9420",
|
|
43909
|
+
"RFC-9458",
|
|
43910
|
+
"RFC-9794"
|
|
43911
|
+
]
|
|
43912
|
+
}
|
|
43913
|
+
},
|
|
43914
|
+
"CVE-2023-43791": {
|
|
43915
|
+
"name": "Label Studio Account Impersonation and Privilege Escalation",
|
|
43916
|
+
"rwep": 29,
|
|
43917
|
+
"cvss": 8.8,
|
|
43918
|
+
"cisa_kev": false,
|
|
43919
|
+
"epss_score": null,
|
|
43920
|
+
"referencing_skills": [
|
|
43921
|
+
"ai-attack-surface",
|
|
43922
|
+
"compliance-theater",
|
|
43923
|
+
"pqc-first",
|
|
43924
|
+
"dlp-gap-analysis"
|
|
43925
|
+
],
|
|
43926
|
+
"chain": {
|
|
43927
|
+
"cwes": [
|
|
43928
|
+
{
|
|
43929
|
+
"id": "CWE-1039",
|
|
43930
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
43931
|
+
"category": "AI/ML"
|
|
43932
|
+
},
|
|
43933
|
+
{
|
|
43934
|
+
"id": "CWE-1426",
|
|
43935
|
+
"name": "Improper Validation of Generative AI Output",
|
|
43936
|
+
"category": "AI/ML"
|
|
43937
|
+
},
|
|
43938
|
+
{
|
|
43939
|
+
"id": "CWE-200",
|
|
43940
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
43941
|
+
"category": "Information Exposure"
|
|
43942
|
+
},
|
|
43943
|
+
{
|
|
43944
|
+
"id": "CWE-327",
|
|
43945
|
+
"name": "Use of a Broken or Risky Cryptographic Algorithm",
|
|
43946
|
+
"category": "Cryptography"
|
|
43947
|
+
},
|
|
43948
|
+
{
|
|
43949
|
+
"id": "CWE-94",
|
|
43950
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
43951
|
+
"category": "Injection"
|
|
43952
|
+
}
|
|
43953
|
+
],
|
|
43954
|
+
"atlas": [
|
|
43955
|
+
{
|
|
43956
|
+
"id": "AML.T0016",
|
|
43957
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
43958
|
+
"tactic": "Resource Development"
|
|
43959
|
+
},
|
|
43960
|
+
{
|
|
43961
|
+
"id": "AML.T0017",
|
|
43962
|
+
"name": "Discover ML Model Ontology",
|
|
43963
|
+
"tactic": "Discovery"
|
|
43964
|
+
},
|
|
43965
|
+
{
|
|
43966
|
+
"id": "AML.T0018",
|
|
43967
|
+
"name": "Backdoor ML Model",
|
|
43968
|
+
"tactic": "Persistence"
|
|
43969
|
+
},
|
|
43970
|
+
{
|
|
43971
|
+
"id": "AML.T0020",
|
|
43972
|
+
"name": "Poison Training Data",
|
|
43973
|
+
"tactic": "ML Attack Staging"
|
|
43974
|
+
},
|
|
43975
|
+
{
|
|
43976
|
+
"id": "AML.T0043",
|
|
43977
|
+
"name": "Craft Adversarial Data",
|
|
43978
|
+
"tactic": "ML Attack Staging"
|
|
43979
|
+
},
|
|
43980
|
+
{
|
|
43981
|
+
"id": "AML.T0051",
|
|
43982
|
+
"name": "LLM Prompt Injection",
|
|
43983
|
+
"tactic": "Execution"
|
|
43984
|
+
},
|
|
43985
|
+
{
|
|
43986
|
+
"id": "AML.T0054",
|
|
43987
|
+
"name": "LLM Jailbreak",
|
|
43988
|
+
"tactic": "Defense Evasion"
|
|
43989
|
+
},
|
|
43990
|
+
{
|
|
43991
|
+
"id": "AML.T0096",
|
|
43992
|
+
"name": "AI API as Covert C2 Channel",
|
|
43993
|
+
"tactic": "Command and Control"
|
|
43994
|
+
}
|
|
43995
|
+
],
|
|
43996
|
+
"d3fend": [
|
|
43997
|
+
{
|
|
43998
|
+
"id": "D3-CSPP",
|
|
43999
|
+
"name": "Client-server Payload Profiling",
|
|
44000
|
+
"tactic": "Detect"
|
|
44001
|
+
},
|
|
44002
|
+
{
|
|
44003
|
+
"id": "D3-EAL",
|
|
44004
|
+
"name": "Executable Allowlisting",
|
|
44005
|
+
"tactic": "Harden"
|
|
44006
|
+
},
|
|
44007
|
+
{
|
|
44008
|
+
"id": "D3-FE",
|
|
44009
|
+
"name": "File Encryption",
|
|
44010
|
+
"tactic": "Harden"
|
|
44011
|
+
},
|
|
44012
|
+
{
|
|
44013
|
+
"id": "D3-IOPR",
|
|
44014
|
+
"name": "Input/Output Profiling Resource",
|
|
44015
|
+
"tactic": "Detect"
|
|
44016
|
+
},
|
|
44017
|
+
{
|
|
44018
|
+
"id": "D3-MENCR",
|
|
44019
|
+
"name": "Message Encryption",
|
|
44020
|
+
"tactic": "Harden"
|
|
44021
|
+
},
|
|
44022
|
+
{
|
|
44023
|
+
"id": "D3-NTA",
|
|
44024
|
+
"name": "Network Traffic Analysis",
|
|
44025
|
+
"tactic": "Detect"
|
|
44026
|
+
},
|
|
44027
|
+
{
|
|
44028
|
+
"id": "D3-NTPM",
|
|
44029
|
+
"name": "Network Traffic Policy Mapping",
|
|
44030
|
+
"tactic": "Model"
|
|
44031
|
+
}
|
|
44032
|
+
],
|
|
44033
|
+
"framework_gaps": [
|
|
44034
|
+
{
|
|
44035
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
44036
|
+
"framework": "ALL",
|
|
44037
|
+
"control_name": "AI Pipeline Integrity"
|
|
44038
|
+
},
|
|
44039
|
+
{
|
|
44040
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
44041
|
+
"framework": "ALL",
|
|
44042
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
44043
|
+
},
|
|
44044
|
+
{
|
|
44045
|
+
"id": "CMMC-2.0-Level-2",
|
|
44046
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
44047
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
44048
|
+
},
|
|
44049
|
+
{
|
|
44050
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
44051
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
44052
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
44053
|
+
},
|
|
44054
|
+
{
|
|
44055
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
44056
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
44057
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
44058
|
+
},
|
|
44059
|
+
{
|
|
44060
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
44061
|
+
"framework": "ISO/IEC 27001:2022",
|
|
44062
|
+
"control_name": "Monitoring activities"
|
|
44063
|
+
},
|
|
44064
|
+
{
|
|
44065
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
44066
|
+
"framework": "ISO/IEC 27001:2022",
|
|
44067
|
+
"control_name": "Secure coding"
|
|
44068
|
+
},
|
|
44069
|
+
{
|
|
44070
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
44071
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
44072
|
+
"control_name": "AI risk management process"
|
|
44073
|
+
},
|
|
44074
|
+
{
|
|
44075
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
44076
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
44077
|
+
"control_name": "AI risk assessment"
|
|
44078
|
+
},
|
|
44079
|
+
{
|
|
44080
|
+
"id": "NIST-800-53-AC-2",
|
|
44081
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44082
|
+
"control_name": "Account Management"
|
|
44083
|
+
},
|
|
44084
|
+
{
|
|
44085
|
+
"id": "NIST-800-53-SC-28",
|
|
44086
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44087
|
+
"control_name": "Protection of Information at Rest"
|
|
44088
|
+
},
|
|
44089
|
+
{
|
|
44090
|
+
"id": "NIST-800-53-SC-7",
|
|
44091
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44092
|
+
"control_name": "Boundary Protection"
|
|
44093
|
+
},
|
|
44094
|
+
{
|
|
44095
|
+
"id": "NIST-800-53-SC-8",
|
|
44096
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44097
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
44098
|
+
},
|
|
44099
|
+
{
|
|
44100
|
+
"id": "NIST-800-53-SI-3",
|
|
44101
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44102
|
+
"control_name": "Malicious Code Protection"
|
|
44103
|
+
},
|
|
44104
|
+
{
|
|
44105
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
44106
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
44107
|
+
"control_name": "Prompt Injection"
|
|
44108
|
+
},
|
|
44109
|
+
{
|
|
44110
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
44111
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
44112
|
+
"control_name": "Sensitive Information Disclosure"
|
|
44113
|
+
},
|
|
44114
|
+
{
|
|
44115
|
+
"id": "SOC2-CC6-logical-access",
|
|
44116
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
44117
|
+
"control_name": "Logical and Physical Access Controls"
|
|
44118
|
+
},
|
|
44119
|
+
{
|
|
44120
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
44121
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
44122
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
44123
|
+
}
|
|
44124
|
+
],
|
|
44125
|
+
"attack_refs": [
|
|
44126
|
+
"T1041",
|
|
44127
|
+
"T1059",
|
|
44128
|
+
"T1190",
|
|
44129
|
+
"T1213",
|
|
44130
|
+
"T1530",
|
|
44131
|
+
"T1566",
|
|
44132
|
+
"T1567"
|
|
44133
|
+
],
|
|
44134
|
+
"rfc_refs": [
|
|
44135
|
+
"DRAFT-IETF-TLS-ECDHE-MLKEM",
|
|
44136
|
+
"DRAFT-IETF-TLS-HYBRID-DESIGN",
|
|
44137
|
+
"RFC-8032",
|
|
44138
|
+
"RFC-8446",
|
|
44139
|
+
"RFC-9106",
|
|
44140
|
+
"RFC-9180",
|
|
44141
|
+
"RFC-9420",
|
|
44142
|
+
"RFC-9458",
|
|
44143
|
+
"RFC-9794"
|
|
44144
|
+
]
|
|
44145
|
+
}
|
|
44146
|
+
},
|
|
43225
44147
|
"CVE-2026-41091": {
|
|
43226
44148
|
"name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
|
|
43227
44149
|
"rwep": 45,
|
|
@@ -70790,9 +71712,12 @@
|
|
|
70790
71712
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
70791
71713
|
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
70792
71714
|
"CVE-2022-1471",
|
|
71715
|
+
"CVE-2022-36551",
|
|
70793
71716
|
"CVE-2023-43472",
|
|
70794
71717
|
"CVE-2023-43654",
|
|
71718
|
+
"CVE-2023-43791",
|
|
70795
71719
|
"CVE-2023-44467",
|
|
71720
|
+
"CVE-2023-47117",
|
|
70796
71721
|
"CVE-2023-48022",
|
|
70797
71722
|
"CVE-2023-51449",
|
|
70798
71723
|
"CVE-2023-6016",
|
|
@@ -70833,6 +71758,7 @@
|
|
|
70833
71758
|
"CVE-2025-1753",
|
|
70834
71759
|
"CVE-2025-23254",
|
|
70835
71760
|
"CVE-2025-23266",
|
|
71761
|
+
"CVE-2025-25297",
|
|
70836
71762
|
"CVE-2025-27520",
|
|
70837
71763
|
"CVE-2025-30165",
|
|
70838
71764
|
"CVE-2025-30202",
|
|
@@ -71568,7 +72494,10 @@
|
|
|
71568
72494
|
"related_cves": [
|
|
71569
72495
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
71570
72496
|
"BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
|
|
72497
|
+
"CVE-2022-36551",
|
|
71571
72498
|
"CVE-2023-43472",
|
|
72499
|
+
"CVE-2023-43791",
|
|
72500
|
+
"CVE-2023-47117",
|
|
71572
72501
|
"CVE-2023-48022",
|
|
71573
72502
|
"CVE-2023-51449",
|
|
71574
72503
|
"CVE-2023-6016",
|
|
@@ -71594,6 +72523,7 @@
|
|
|
71594
72523
|
"CVE-2025-14847",
|
|
71595
72524
|
"CVE-2025-22226",
|
|
71596
72525
|
"CVE-2025-23266",
|
|
72526
|
+
"CVE-2025-25297",
|
|
71597
72527
|
"CVE-2025-27520",
|
|
71598
72528
|
"CVE-2025-30202",
|
|
71599
72529
|
"CVE-2025-32444",
|
|
@@ -73087,6 +74017,8 @@
|
|
|
73087
74017
|
},
|
|
73088
74018
|
"related_cves": [
|
|
73089
74019
|
"BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
|
|
74020
|
+
"CVE-2023-43791",
|
|
74021
|
+
"CVE-2023-47117",
|
|
73090
74022
|
"CVE-2025-14847",
|
|
73091
74023
|
"CVE-2025-22226",
|
|
73092
74024
|
"CVE-2026-43284"
|
|
@@ -78567,9 +79499,12 @@
|
|
|
78567
79499
|
"related_cves": [
|
|
78568
79500
|
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
78569
79501
|
"CVE-2022-1471",
|
|
79502
|
+
"CVE-2022-36551",
|
|
78570
79503
|
"CVE-2023-43472",
|
|
78571
79504
|
"CVE-2023-43654",
|
|
79505
|
+
"CVE-2023-43791",
|
|
78572
79506
|
"CVE-2023-44467",
|
|
79507
|
+
"CVE-2023-47117",
|
|
78573
79508
|
"CVE-2023-48022",
|
|
78574
79509
|
"CVE-2023-51449",
|
|
78575
79510
|
"CVE-2023-6016",
|
|
@@ -78608,6 +79543,7 @@
|
|
|
78608
79543
|
"CVE-2025-1753",
|
|
78609
79544
|
"CVE-2025-23254",
|
|
78610
79545
|
"CVE-2025-23266",
|
|
79546
|
+
"CVE-2025-25297",
|
|
78611
79547
|
"CVE-2025-27520",
|
|
78612
79548
|
"CVE-2025-30165",
|
|
78613
79549
|
"CVE-2025-30202",
|
|
@@ -79866,9 +80802,12 @@
|
|
|
79866
80802
|
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
79867
80803
|
"BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
|
|
79868
80804
|
"CVE-2022-1471",
|
|
80805
|
+
"CVE-2022-36551",
|
|
79869
80806
|
"CVE-2023-43472",
|
|
79870
80807
|
"CVE-2023-43654",
|
|
80808
|
+
"CVE-2023-43791",
|
|
79871
80809
|
"CVE-2023-44467",
|
|
80810
|
+
"CVE-2023-47117",
|
|
79872
80811
|
"CVE-2023-48022",
|
|
79873
80812
|
"CVE-2023-51449",
|
|
79874
80813
|
"CVE-2023-6016",
|
|
@@ -79911,6 +80850,7 @@
|
|
|
79911
80850
|
"CVE-2025-22226",
|
|
79912
80851
|
"CVE-2025-23254",
|
|
79913
80852
|
"CVE-2025-23266",
|
|
80853
|
+
"CVE-2025-25297",
|
|
79914
80854
|
"CVE-2025-27520",
|
|
79915
80855
|
"CVE-2025-30165",
|
|
79916
80856
|
"CVE-2025-30202",
|