@blamejs/exceptd-skills 0.13.109 → 0.13.112
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +1704 -0
- package/data/atlas-ttps.json +6 -0
- package/data/attack-techniques.json +15 -2
- package/data/cve-catalog.json +401 -0
- package/data/cwe-catalog.json +5 -1
- package/data/framework-control-gaps.json +34 -0
- package/data/zeroday-lessons.json +200 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
|
@@ -44144,6 +44144,1612 @@
|
|
|
44144
44144
|
]
|
|
44145
44145
|
}
|
|
44146
44146
|
},
|
|
44147
|
+
"CVE-2026-31229": {
|
|
44148
|
+
"name": "Adversarial Robustness Toolbox torch.load Model Deserialization RCE",
|
|
44149
|
+
"rwep": 46,
|
|
44150
|
+
"cvss": 9.8,
|
|
44151
|
+
"cisa_kev": false,
|
|
44152
|
+
"epss_score": null,
|
|
44153
|
+
"referencing_skills": [
|
|
44154
|
+
"kernel-lpe-triage",
|
|
44155
|
+
"ai-attack-surface",
|
|
44156
|
+
"mcp-agent-trust",
|
|
44157
|
+
"compliance-theater",
|
|
44158
|
+
"rag-pipeline-security",
|
|
44159
|
+
"threat-modeling-methodology",
|
|
44160
|
+
"webapp-security",
|
|
44161
|
+
"api-security",
|
|
44162
|
+
"cloud-security",
|
|
44163
|
+
"container-runtime-security"
|
|
44164
|
+
],
|
|
44165
|
+
"chain": {
|
|
44166
|
+
"cwes": [
|
|
44167
|
+
{
|
|
44168
|
+
"id": "CWE-1039",
|
|
44169
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
44170
|
+
"category": "AI/ML"
|
|
44171
|
+
},
|
|
44172
|
+
{
|
|
44173
|
+
"id": "CWE-1188",
|
|
44174
|
+
"name": "Initialization of a Resource with an Insecure Default",
|
|
44175
|
+
"category": "Configuration"
|
|
44176
|
+
},
|
|
44177
|
+
{
|
|
44178
|
+
"id": "CWE-125",
|
|
44179
|
+
"name": "Out-of-bounds Read",
|
|
44180
|
+
"category": "Memory Safety"
|
|
44181
|
+
},
|
|
44182
|
+
{
|
|
44183
|
+
"id": "CWE-1395",
|
|
44184
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
44185
|
+
"category": "Supply Chain"
|
|
44186
|
+
},
|
|
44187
|
+
{
|
|
44188
|
+
"id": "CWE-1426",
|
|
44189
|
+
"name": "Improper Validation of Generative AI Output",
|
|
44190
|
+
"category": "AI/ML"
|
|
44191
|
+
},
|
|
44192
|
+
{
|
|
44193
|
+
"id": "CWE-200",
|
|
44194
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
44195
|
+
"category": "Information Exposure"
|
|
44196
|
+
},
|
|
44197
|
+
{
|
|
44198
|
+
"id": "CWE-22",
|
|
44199
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
44200
|
+
"category": "Path/Resource"
|
|
44201
|
+
},
|
|
44202
|
+
{
|
|
44203
|
+
"id": "CWE-269",
|
|
44204
|
+
"name": "Improper Privilege Management",
|
|
44205
|
+
"category": "Authorization"
|
|
44206
|
+
},
|
|
44207
|
+
{
|
|
44208
|
+
"id": "CWE-287",
|
|
44209
|
+
"name": "Improper Authentication",
|
|
44210
|
+
"category": "Authentication"
|
|
44211
|
+
},
|
|
44212
|
+
{
|
|
44213
|
+
"id": "CWE-345",
|
|
44214
|
+
"name": "Insufficient Verification of Data Authenticity",
|
|
44215
|
+
"category": "Authenticity / Supply Chain"
|
|
44216
|
+
},
|
|
44217
|
+
{
|
|
44218
|
+
"id": "CWE-352",
|
|
44219
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
44220
|
+
"category": "Session"
|
|
44221
|
+
},
|
|
44222
|
+
{
|
|
44223
|
+
"id": "CWE-362",
|
|
44224
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
44225
|
+
"category": "Concurrency"
|
|
44226
|
+
},
|
|
44227
|
+
{
|
|
44228
|
+
"id": "CWE-416",
|
|
44229
|
+
"name": "Use After Free",
|
|
44230
|
+
"category": "Memory Safety"
|
|
44231
|
+
},
|
|
44232
|
+
{
|
|
44233
|
+
"id": "CWE-434",
|
|
44234
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
44235
|
+
"category": "File Handling"
|
|
44236
|
+
},
|
|
44237
|
+
{
|
|
44238
|
+
"id": "CWE-494",
|
|
44239
|
+
"name": "Download of Code Without Integrity Check",
|
|
44240
|
+
"category": "Supply Chain"
|
|
44241
|
+
},
|
|
44242
|
+
{
|
|
44243
|
+
"id": "CWE-502",
|
|
44244
|
+
"name": "Deserialization of Untrusted Data",
|
|
44245
|
+
"category": "Serialization"
|
|
44246
|
+
},
|
|
44247
|
+
{
|
|
44248
|
+
"id": "CWE-672",
|
|
44249
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
44250
|
+
"category": "Memory Safety"
|
|
44251
|
+
},
|
|
44252
|
+
{
|
|
44253
|
+
"id": "CWE-732",
|
|
44254
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
44255
|
+
"category": "Authorization"
|
|
44256
|
+
},
|
|
44257
|
+
{
|
|
44258
|
+
"id": "CWE-77",
|
|
44259
|
+
"name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
|
|
44260
|
+
"category": "Injection"
|
|
44261
|
+
},
|
|
44262
|
+
{
|
|
44263
|
+
"id": "CWE-78",
|
|
44264
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
44265
|
+
"category": "Injection"
|
|
44266
|
+
},
|
|
44267
|
+
{
|
|
44268
|
+
"id": "CWE-787",
|
|
44269
|
+
"name": "Out-of-bounds Write",
|
|
44270
|
+
"category": "Memory Safety"
|
|
44271
|
+
},
|
|
44272
|
+
{
|
|
44273
|
+
"id": "CWE-79",
|
|
44274
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
44275
|
+
"category": "Injection"
|
|
44276
|
+
},
|
|
44277
|
+
{
|
|
44278
|
+
"id": "CWE-798",
|
|
44279
|
+
"name": "Use of Hard-coded Credentials",
|
|
44280
|
+
"category": "Credentials"
|
|
44281
|
+
},
|
|
44282
|
+
{
|
|
44283
|
+
"id": "CWE-862",
|
|
44284
|
+
"name": "Missing Authorization",
|
|
44285
|
+
"category": "Authorization"
|
|
44286
|
+
},
|
|
44287
|
+
{
|
|
44288
|
+
"id": "CWE-863",
|
|
44289
|
+
"name": "Incorrect Authorization",
|
|
44290
|
+
"category": "Authorization"
|
|
44291
|
+
},
|
|
44292
|
+
{
|
|
44293
|
+
"id": "CWE-89",
|
|
44294
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
44295
|
+
"category": "Injection"
|
|
44296
|
+
},
|
|
44297
|
+
{
|
|
44298
|
+
"id": "CWE-918",
|
|
44299
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
44300
|
+
"category": "Network"
|
|
44301
|
+
},
|
|
44302
|
+
{
|
|
44303
|
+
"id": "CWE-94",
|
|
44304
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
44305
|
+
"category": "Injection"
|
|
44306
|
+
}
|
|
44307
|
+
],
|
|
44308
|
+
"atlas": [
|
|
44309
|
+
{
|
|
44310
|
+
"id": "AML.T0010",
|
|
44311
|
+
"name": "ML Supply Chain Compromise",
|
|
44312
|
+
"tactic": "Initial Access"
|
|
44313
|
+
},
|
|
44314
|
+
{
|
|
44315
|
+
"id": "AML.T0016",
|
|
44316
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
44317
|
+
"tactic": "Resource Development"
|
|
44318
|
+
},
|
|
44319
|
+
{
|
|
44320
|
+
"id": "AML.T0017",
|
|
44321
|
+
"name": "Discover ML Model Ontology",
|
|
44322
|
+
"tactic": "Discovery"
|
|
44323
|
+
},
|
|
44324
|
+
{
|
|
44325
|
+
"id": "AML.T0018",
|
|
44326
|
+
"name": "Backdoor ML Model",
|
|
44327
|
+
"tactic": "Persistence"
|
|
44328
|
+
},
|
|
44329
|
+
{
|
|
44330
|
+
"id": "AML.T0020",
|
|
44331
|
+
"name": "Poison Training Data",
|
|
44332
|
+
"tactic": "ML Attack Staging"
|
|
44333
|
+
},
|
|
44334
|
+
{
|
|
44335
|
+
"id": "AML.T0043",
|
|
44336
|
+
"name": "Craft Adversarial Data",
|
|
44337
|
+
"tactic": "ML Attack Staging"
|
|
44338
|
+
},
|
|
44339
|
+
{
|
|
44340
|
+
"id": "AML.T0051",
|
|
44341
|
+
"name": "LLM Prompt Injection",
|
|
44342
|
+
"tactic": "Execution"
|
|
44343
|
+
},
|
|
44344
|
+
{
|
|
44345
|
+
"id": "AML.T0054",
|
|
44346
|
+
"name": "LLM Jailbreak",
|
|
44347
|
+
"tactic": "Defense Evasion"
|
|
44348
|
+
},
|
|
44349
|
+
{
|
|
44350
|
+
"id": "AML.T0096",
|
|
44351
|
+
"name": "AI API as Covert C2 Channel",
|
|
44352
|
+
"tactic": "Command and Control"
|
|
44353
|
+
}
|
|
44354
|
+
],
|
|
44355
|
+
"d3fend": [
|
|
44356
|
+
{
|
|
44357
|
+
"id": "D3-ASLR",
|
|
44358
|
+
"name": "Address Space Layout Randomization",
|
|
44359
|
+
"tactic": "Harden"
|
|
44360
|
+
},
|
|
44361
|
+
{
|
|
44362
|
+
"id": "D3-CBAN",
|
|
44363
|
+
"name": "Certificate-based Authentication",
|
|
44364
|
+
"tactic": "Harden"
|
|
44365
|
+
},
|
|
44366
|
+
{
|
|
44367
|
+
"id": "D3-CSPP",
|
|
44368
|
+
"name": "Client-server Payload Profiling",
|
|
44369
|
+
"tactic": "Detect"
|
|
44370
|
+
},
|
|
44371
|
+
{
|
|
44372
|
+
"id": "D3-EAL",
|
|
44373
|
+
"name": "Executable Allowlisting",
|
|
44374
|
+
"tactic": "Harden"
|
|
44375
|
+
},
|
|
44376
|
+
{
|
|
44377
|
+
"id": "D3-EHB",
|
|
44378
|
+
"name": "Executable Hashbased Allowlist",
|
|
44379
|
+
"tactic": "Harden"
|
|
44380
|
+
},
|
|
44381
|
+
{
|
|
44382
|
+
"id": "D3-IOPR",
|
|
44383
|
+
"name": "Input/Output Profiling Resource",
|
|
44384
|
+
"tactic": "Detect"
|
|
44385
|
+
},
|
|
44386
|
+
{
|
|
44387
|
+
"id": "D3-MFA",
|
|
44388
|
+
"name": "Multi-factor Authentication",
|
|
44389
|
+
"tactic": "Harden"
|
|
44390
|
+
},
|
|
44391
|
+
{
|
|
44392
|
+
"id": "D3-NTA",
|
|
44393
|
+
"name": "Network Traffic Analysis",
|
|
44394
|
+
"tactic": "Detect"
|
|
44395
|
+
},
|
|
44396
|
+
{
|
|
44397
|
+
"id": "D3-PHRA",
|
|
44398
|
+
"name": "Process Hardware Resource Access",
|
|
44399
|
+
"tactic": "Isolate"
|
|
44400
|
+
},
|
|
44401
|
+
{
|
|
44402
|
+
"id": "D3-PSEP",
|
|
44403
|
+
"name": "Process Segment Execution Prevention",
|
|
44404
|
+
"tactic": "Harden"
|
|
44405
|
+
}
|
|
44406
|
+
],
|
|
44407
|
+
"framework_gaps": [
|
|
44408
|
+
{
|
|
44409
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
44410
|
+
"framework": "ALL",
|
|
44411
|
+
"control_name": "AI Pipeline Integrity"
|
|
44412
|
+
},
|
|
44413
|
+
{
|
|
44414
|
+
"id": "ALL-MCP-TOOL-TRUST",
|
|
44415
|
+
"framework": "ALL",
|
|
44416
|
+
"control_name": "MCP/Agent Tool Trust Boundaries"
|
|
44417
|
+
},
|
|
44418
|
+
{
|
|
44419
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
44420
|
+
"framework": "ALL",
|
|
44421
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
44422
|
+
},
|
|
44423
|
+
{
|
|
44424
|
+
"id": "CIS-Controls-v8-Control7",
|
|
44425
|
+
"framework": "CIS Controls v8",
|
|
44426
|
+
"control_name": "Continuous Vulnerability Management"
|
|
44427
|
+
},
|
|
44428
|
+
{
|
|
44429
|
+
"id": "CMMC-2.0-Level-2",
|
|
44430
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
44431
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
44432
|
+
},
|
|
44433
|
+
{
|
|
44434
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
44435
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
44436
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
44437
|
+
},
|
|
44438
|
+
{
|
|
44439
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
44440
|
+
"framework": "ISO/IEC 27001:2022",
|
|
44441
|
+
"control_name": "Secure coding"
|
|
44442
|
+
},
|
|
44443
|
+
{
|
|
44444
|
+
"id": "ISO-27001-2022-A.8.30",
|
|
44445
|
+
"framework": "ISO/IEC 27001:2022",
|
|
44446
|
+
"control_name": "Outsourced development"
|
|
44447
|
+
},
|
|
44448
|
+
{
|
|
44449
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
44450
|
+
"framework": "ISO/IEC 27001:2022",
|
|
44451
|
+
"control_name": "Management of technical vulnerabilities"
|
|
44452
|
+
},
|
|
44453
|
+
{
|
|
44454
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
44455
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
44456
|
+
"control_name": "AI risk management process"
|
|
44457
|
+
},
|
|
44458
|
+
{
|
|
44459
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
44460
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
44461
|
+
"control_name": "AI risk assessment"
|
|
44462
|
+
},
|
|
44463
|
+
{
|
|
44464
|
+
"id": "NIS2-Art21-patch-management",
|
|
44465
|
+
"framework": "EU NIS2 Directive",
|
|
44466
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
44467
|
+
},
|
|
44468
|
+
{
|
|
44469
|
+
"id": "NIST-800-218-SSDF",
|
|
44470
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
44471
|
+
"control_name": "Secure Software Development Framework"
|
|
44472
|
+
},
|
|
44473
|
+
{
|
|
44474
|
+
"id": "NIST-800-53-AC-2",
|
|
44475
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44476
|
+
"control_name": "Account Management"
|
|
44477
|
+
},
|
|
44478
|
+
{
|
|
44479
|
+
"id": "NIST-800-53-CM-7",
|
|
44480
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44481
|
+
"control_name": "Least Functionality"
|
|
44482
|
+
},
|
|
44483
|
+
{
|
|
44484
|
+
"id": "NIST-800-53-SA-12",
|
|
44485
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44486
|
+
"control_name": "Supply Chain Protection"
|
|
44487
|
+
},
|
|
44488
|
+
{
|
|
44489
|
+
"id": "NIST-800-53-SC-8",
|
|
44490
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44491
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
44492
|
+
},
|
|
44493
|
+
{
|
|
44494
|
+
"id": "NIST-800-53-SI-12",
|
|
44495
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44496
|
+
"control_name": "Information Management and Retention"
|
|
44497
|
+
},
|
|
44498
|
+
{
|
|
44499
|
+
"id": "NIST-800-53-SI-2",
|
|
44500
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44501
|
+
"control_name": "Flaw Remediation"
|
|
44502
|
+
},
|
|
44503
|
+
{
|
|
44504
|
+
"id": "NIST-800-53-SI-3",
|
|
44505
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44506
|
+
"control_name": "Malicious Code Protection"
|
|
44507
|
+
},
|
|
44508
|
+
{
|
|
44509
|
+
"id": "NIST-AI-RMF-MEASURE-2.5",
|
|
44510
|
+
"framework": "NIST AI RMF 1.0",
|
|
44511
|
+
"control_name": "AI system to human interaction evaluation"
|
|
44512
|
+
},
|
|
44513
|
+
{
|
|
44514
|
+
"id": "OWASP-ASVS-v5.0-V14",
|
|
44515
|
+
"framework": "OWASP ASVS v5.0",
|
|
44516
|
+
"control_name": "Configuration verification"
|
|
44517
|
+
},
|
|
44518
|
+
{
|
|
44519
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
44520
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
44521
|
+
"control_name": "Prompt Injection"
|
|
44522
|
+
},
|
|
44523
|
+
{
|
|
44524
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
44525
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
44526
|
+
"control_name": "Sensitive Information Disclosure"
|
|
44527
|
+
},
|
|
44528
|
+
{
|
|
44529
|
+
"id": "OWASP-LLM-Top-10-2025-LLM06",
|
|
44530
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
44531
|
+
"control_name": "Excessive Agency"
|
|
44532
|
+
},
|
|
44533
|
+
{
|
|
44534
|
+
"id": "OWASP-LLM-Top-10-2025-LLM08",
|
|
44535
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
44536
|
+
"control_name": "Vector and Embedding Weaknesses"
|
|
44537
|
+
},
|
|
44538
|
+
{
|
|
44539
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
44540
|
+
"framework": "PCI DSS 4.0",
|
|
44541
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
44542
|
+
},
|
|
44543
|
+
{
|
|
44544
|
+
"id": "SLSA-v1.0-Build-L3",
|
|
44545
|
+
"framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
|
|
44546
|
+
"control_name": "Hardened build platform with non-falsifiable provenance"
|
|
44547
|
+
},
|
|
44548
|
+
{
|
|
44549
|
+
"id": "SOC2-CC6-logical-access",
|
|
44550
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
44551
|
+
"control_name": "Logical and Physical Access Controls"
|
|
44552
|
+
},
|
|
44553
|
+
{
|
|
44554
|
+
"id": "SOC2-CC9-vendor-management",
|
|
44555
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
44556
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
44557
|
+
},
|
|
44558
|
+
{
|
|
44559
|
+
"id": "SWIFT-CSCF-v2026-1.1",
|
|
44560
|
+
"framework": "SWIFT Customer Security Controls Framework v2026",
|
|
44561
|
+
"control_name": "SWIFT Environment Protection"
|
|
44562
|
+
}
|
|
44563
|
+
],
|
|
44564
|
+
"attack_refs": [
|
|
44565
|
+
"T1059",
|
|
44566
|
+
"T1068",
|
|
44567
|
+
"T1078",
|
|
44568
|
+
"T1190",
|
|
44569
|
+
"T1195.001",
|
|
44570
|
+
"T1505",
|
|
44571
|
+
"T1530",
|
|
44572
|
+
"T1548.001",
|
|
44573
|
+
"T1552",
|
|
44574
|
+
"T1565",
|
|
44575
|
+
"T1566",
|
|
44576
|
+
"T1567",
|
|
44577
|
+
"T1610",
|
|
44578
|
+
"T1611"
|
|
44579
|
+
],
|
|
44580
|
+
"rfc_refs": [
|
|
44581
|
+
"RFC-4301",
|
|
44582
|
+
"RFC-4303",
|
|
44583
|
+
"RFC-6749",
|
|
44584
|
+
"RFC-7296",
|
|
44585
|
+
"RFC-7519",
|
|
44586
|
+
"RFC-8032",
|
|
44587
|
+
"RFC-8446",
|
|
44588
|
+
"RFC-8725",
|
|
44589
|
+
"RFC-9114",
|
|
44590
|
+
"RFC-9180",
|
|
44591
|
+
"RFC-9421",
|
|
44592
|
+
"RFC-9700"
|
|
44593
|
+
]
|
|
44594
|
+
}
|
|
44595
|
+
},
|
|
44596
|
+
"CVE-2026-31230": {
|
|
44597
|
+
"name": "Adversarial Robustness Toolbox CLI Argument Dynamic-Evaluation Code Execution",
|
|
44598
|
+
"rwep": 42,
|
|
44599
|
+
"cvss": 9.8,
|
|
44600
|
+
"cisa_kev": false,
|
|
44601
|
+
"epss_score": null,
|
|
44602
|
+
"referencing_skills": [
|
|
44603
|
+
"kernel-lpe-triage",
|
|
44604
|
+
"ai-attack-surface",
|
|
44605
|
+
"mcp-agent-trust",
|
|
44606
|
+
"compliance-theater",
|
|
44607
|
+
"rag-pipeline-security",
|
|
44608
|
+
"threat-modeling-methodology",
|
|
44609
|
+
"webapp-security",
|
|
44610
|
+
"api-security",
|
|
44611
|
+
"cloud-security",
|
|
44612
|
+
"container-runtime-security"
|
|
44613
|
+
],
|
|
44614
|
+
"chain": {
|
|
44615
|
+
"cwes": [
|
|
44616
|
+
{
|
|
44617
|
+
"id": "CWE-1039",
|
|
44618
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
44619
|
+
"category": "AI/ML"
|
|
44620
|
+
},
|
|
44621
|
+
{
|
|
44622
|
+
"id": "CWE-1188",
|
|
44623
|
+
"name": "Initialization of a Resource with an Insecure Default",
|
|
44624
|
+
"category": "Configuration"
|
|
44625
|
+
},
|
|
44626
|
+
{
|
|
44627
|
+
"id": "CWE-125",
|
|
44628
|
+
"name": "Out-of-bounds Read",
|
|
44629
|
+
"category": "Memory Safety"
|
|
44630
|
+
},
|
|
44631
|
+
{
|
|
44632
|
+
"id": "CWE-1395",
|
|
44633
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
44634
|
+
"category": "Supply Chain"
|
|
44635
|
+
},
|
|
44636
|
+
{
|
|
44637
|
+
"id": "CWE-1426",
|
|
44638
|
+
"name": "Improper Validation of Generative AI Output",
|
|
44639
|
+
"category": "AI/ML"
|
|
44640
|
+
},
|
|
44641
|
+
{
|
|
44642
|
+
"id": "CWE-200",
|
|
44643
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
44644
|
+
"category": "Information Exposure"
|
|
44645
|
+
},
|
|
44646
|
+
{
|
|
44647
|
+
"id": "CWE-22",
|
|
44648
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
44649
|
+
"category": "Path/Resource"
|
|
44650
|
+
},
|
|
44651
|
+
{
|
|
44652
|
+
"id": "CWE-269",
|
|
44653
|
+
"name": "Improper Privilege Management",
|
|
44654
|
+
"category": "Authorization"
|
|
44655
|
+
},
|
|
44656
|
+
{
|
|
44657
|
+
"id": "CWE-287",
|
|
44658
|
+
"name": "Improper Authentication",
|
|
44659
|
+
"category": "Authentication"
|
|
44660
|
+
},
|
|
44661
|
+
{
|
|
44662
|
+
"id": "CWE-345",
|
|
44663
|
+
"name": "Insufficient Verification of Data Authenticity",
|
|
44664
|
+
"category": "Authenticity / Supply Chain"
|
|
44665
|
+
},
|
|
44666
|
+
{
|
|
44667
|
+
"id": "CWE-352",
|
|
44668
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
44669
|
+
"category": "Session"
|
|
44670
|
+
},
|
|
44671
|
+
{
|
|
44672
|
+
"id": "CWE-362",
|
|
44673
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
44674
|
+
"category": "Concurrency"
|
|
44675
|
+
},
|
|
44676
|
+
{
|
|
44677
|
+
"id": "CWE-416",
|
|
44678
|
+
"name": "Use After Free",
|
|
44679
|
+
"category": "Memory Safety"
|
|
44680
|
+
},
|
|
44681
|
+
{
|
|
44682
|
+
"id": "CWE-434",
|
|
44683
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
44684
|
+
"category": "File Handling"
|
|
44685
|
+
},
|
|
44686
|
+
{
|
|
44687
|
+
"id": "CWE-494",
|
|
44688
|
+
"name": "Download of Code Without Integrity Check",
|
|
44689
|
+
"category": "Supply Chain"
|
|
44690
|
+
},
|
|
44691
|
+
{
|
|
44692
|
+
"id": "CWE-502",
|
|
44693
|
+
"name": "Deserialization of Untrusted Data",
|
|
44694
|
+
"category": "Serialization"
|
|
44695
|
+
},
|
|
44696
|
+
{
|
|
44697
|
+
"id": "CWE-672",
|
|
44698
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
44699
|
+
"category": "Memory Safety"
|
|
44700
|
+
},
|
|
44701
|
+
{
|
|
44702
|
+
"id": "CWE-732",
|
|
44703
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
44704
|
+
"category": "Authorization"
|
|
44705
|
+
},
|
|
44706
|
+
{
|
|
44707
|
+
"id": "CWE-77",
|
|
44708
|
+
"name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
|
|
44709
|
+
"category": "Injection"
|
|
44710
|
+
},
|
|
44711
|
+
{
|
|
44712
|
+
"id": "CWE-78",
|
|
44713
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
44714
|
+
"category": "Injection"
|
|
44715
|
+
},
|
|
44716
|
+
{
|
|
44717
|
+
"id": "CWE-787",
|
|
44718
|
+
"name": "Out-of-bounds Write",
|
|
44719
|
+
"category": "Memory Safety"
|
|
44720
|
+
},
|
|
44721
|
+
{
|
|
44722
|
+
"id": "CWE-79",
|
|
44723
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
44724
|
+
"category": "Injection"
|
|
44725
|
+
},
|
|
44726
|
+
{
|
|
44727
|
+
"id": "CWE-798",
|
|
44728
|
+
"name": "Use of Hard-coded Credentials",
|
|
44729
|
+
"category": "Credentials"
|
|
44730
|
+
},
|
|
44731
|
+
{
|
|
44732
|
+
"id": "CWE-862",
|
|
44733
|
+
"name": "Missing Authorization",
|
|
44734
|
+
"category": "Authorization"
|
|
44735
|
+
},
|
|
44736
|
+
{
|
|
44737
|
+
"id": "CWE-863",
|
|
44738
|
+
"name": "Incorrect Authorization",
|
|
44739
|
+
"category": "Authorization"
|
|
44740
|
+
},
|
|
44741
|
+
{
|
|
44742
|
+
"id": "CWE-89",
|
|
44743
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
44744
|
+
"category": "Injection"
|
|
44745
|
+
},
|
|
44746
|
+
{
|
|
44747
|
+
"id": "CWE-918",
|
|
44748
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
44749
|
+
"category": "Network"
|
|
44750
|
+
},
|
|
44751
|
+
{
|
|
44752
|
+
"id": "CWE-94",
|
|
44753
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
44754
|
+
"category": "Injection"
|
|
44755
|
+
}
|
|
44756
|
+
],
|
|
44757
|
+
"atlas": [
|
|
44758
|
+
{
|
|
44759
|
+
"id": "AML.T0010",
|
|
44760
|
+
"name": "ML Supply Chain Compromise",
|
|
44761
|
+
"tactic": "Initial Access"
|
|
44762
|
+
},
|
|
44763
|
+
{
|
|
44764
|
+
"id": "AML.T0016",
|
|
44765
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
44766
|
+
"tactic": "Resource Development"
|
|
44767
|
+
},
|
|
44768
|
+
{
|
|
44769
|
+
"id": "AML.T0017",
|
|
44770
|
+
"name": "Discover ML Model Ontology",
|
|
44771
|
+
"tactic": "Discovery"
|
|
44772
|
+
},
|
|
44773
|
+
{
|
|
44774
|
+
"id": "AML.T0018",
|
|
44775
|
+
"name": "Backdoor ML Model",
|
|
44776
|
+
"tactic": "Persistence"
|
|
44777
|
+
},
|
|
44778
|
+
{
|
|
44779
|
+
"id": "AML.T0020",
|
|
44780
|
+
"name": "Poison Training Data",
|
|
44781
|
+
"tactic": "ML Attack Staging"
|
|
44782
|
+
},
|
|
44783
|
+
{
|
|
44784
|
+
"id": "AML.T0043",
|
|
44785
|
+
"name": "Craft Adversarial Data",
|
|
44786
|
+
"tactic": "ML Attack Staging"
|
|
44787
|
+
},
|
|
44788
|
+
{
|
|
44789
|
+
"id": "AML.T0051",
|
|
44790
|
+
"name": "LLM Prompt Injection",
|
|
44791
|
+
"tactic": "Execution"
|
|
44792
|
+
},
|
|
44793
|
+
{
|
|
44794
|
+
"id": "AML.T0054",
|
|
44795
|
+
"name": "LLM Jailbreak",
|
|
44796
|
+
"tactic": "Defense Evasion"
|
|
44797
|
+
},
|
|
44798
|
+
{
|
|
44799
|
+
"id": "AML.T0096",
|
|
44800
|
+
"name": "AI API as Covert C2 Channel",
|
|
44801
|
+
"tactic": "Command and Control"
|
|
44802
|
+
}
|
|
44803
|
+
],
|
|
44804
|
+
"d3fend": [
|
|
44805
|
+
{
|
|
44806
|
+
"id": "D3-ASLR",
|
|
44807
|
+
"name": "Address Space Layout Randomization",
|
|
44808
|
+
"tactic": "Harden"
|
|
44809
|
+
},
|
|
44810
|
+
{
|
|
44811
|
+
"id": "D3-CBAN",
|
|
44812
|
+
"name": "Certificate-based Authentication",
|
|
44813
|
+
"tactic": "Harden"
|
|
44814
|
+
},
|
|
44815
|
+
{
|
|
44816
|
+
"id": "D3-CSPP",
|
|
44817
|
+
"name": "Client-server Payload Profiling",
|
|
44818
|
+
"tactic": "Detect"
|
|
44819
|
+
},
|
|
44820
|
+
{
|
|
44821
|
+
"id": "D3-EAL",
|
|
44822
|
+
"name": "Executable Allowlisting",
|
|
44823
|
+
"tactic": "Harden"
|
|
44824
|
+
},
|
|
44825
|
+
{
|
|
44826
|
+
"id": "D3-EHB",
|
|
44827
|
+
"name": "Executable Hashbased Allowlist",
|
|
44828
|
+
"tactic": "Harden"
|
|
44829
|
+
},
|
|
44830
|
+
{
|
|
44831
|
+
"id": "D3-IOPR",
|
|
44832
|
+
"name": "Input/Output Profiling Resource",
|
|
44833
|
+
"tactic": "Detect"
|
|
44834
|
+
},
|
|
44835
|
+
{
|
|
44836
|
+
"id": "D3-MFA",
|
|
44837
|
+
"name": "Multi-factor Authentication",
|
|
44838
|
+
"tactic": "Harden"
|
|
44839
|
+
},
|
|
44840
|
+
{
|
|
44841
|
+
"id": "D3-NTA",
|
|
44842
|
+
"name": "Network Traffic Analysis",
|
|
44843
|
+
"tactic": "Detect"
|
|
44844
|
+
},
|
|
44845
|
+
{
|
|
44846
|
+
"id": "D3-PHRA",
|
|
44847
|
+
"name": "Process Hardware Resource Access",
|
|
44848
|
+
"tactic": "Isolate"
|
|
44849
|
+
},
|
|
44850
|
+
{
|
|
44851
|
+
"id": "D3-PSEP",
|
|
44852
|
+
"name": "Process Segment Execution Prevention",
|
|
44853
|
+
"tactic": "Harden"
|
|
44854
|
+
}
|
|
44855
|
+
],
|
|
44856
|
+
"framework_gaps": [
|
|
44857
|
+
{
|
|
44858
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
44859
|
+
"framework": "ALL",
|
|
44860
|
+
"control_name": "AI Pipeline Integrity"
|
|
44861
|
+
},
|
|
44862
|
+
{
|
|
44863
|
+
"id": "ALL-MCP-TOOL-TRUST",
|
|
44864
|
+
"framework": "ALL",
|
|
44865
|
+
"control_name": "MCP/Agent Tool Trust Boundaries"
|
|
44866
|
+
},
|
|
44867
|
+
{
|
|
44868
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
44869
|
+
"framework": "ALL",
|
|
44870
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
44871
|
+
},
|
|
44872
|
+
{
|
|
44873
|
+
"id": "CIS-Controls-v8-Control7",
|
|
44874
|
+
"framework": "CIS Controls v8",
|
|
44875
|
+
"control_name": "Continuous Vulnerability Management"
|
|
44876
|
+
},
|
|
44877
|
+
{
|
|
44878
|
+
"id": "CMMC-2.0-Level-2",
|
|
44879
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
44880
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
44881
|
+
},
|
|
44882
|
+
{
|
|
44883
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
44884
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
44885
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
44886
|
+
},
|
|
44887
|
+
{
|
|
44888
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
44889
|
+
"framework": "ISO/IEC 27001:2022",
|
|
44890
|
+
"control_name": "Secure coding"
|
|
44891
|
+
},
|
|
44892
|
+
{
|
|
44893
|
+
"id": "ISO-27001-2022-A.8.30",
|
|
44894
|
+
"framework": "ISO/IEC 27001:2022",
|
|
44895
|
+
"control_name": "Outsourced development"
|
|
44896
|
+
},
|
|
44897
|
+
{
|
|
44898
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
44899
|
+
"framework": "ISO/IEC 27001:2022",
|
|
44900
|
+
"control_name": "Management of technical vulnerabilities"
|
|
44901
|
+
},
|
|
44902
|
+
{
|
|
44903
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
44904
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
44905
|
+
"control_name": "AI risk management process"
|
|
44906
|
+
},
|
|
44907
|
+
{
|
|
44908
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
44909
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
44910
|
+
"control_name": "AI risk assessment"
|
|
44911
|
+
},
|
|
44912
|
+
{
|
|
44913
|
+
"id": "NIS2-Art21-patch-management",
|
|
44914
|
+
"framework": "EU NIS2 Directive",
|
|
44915
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
44916
|
+
},
|
|
44917
|
+
{
|
|
44918
|
+
"id": "NIST-800-218-SSDF",
|
|
44919
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
44920
|
+
"control_name": "Secure Software Development Framework"
|
|
44921
|
+
},
|
|
44922
|
+
{
|
|
44923
|
+
"id": "NIST-800-53-AC-2",
|
|
44924
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44925
|
+
"control_name": "Account Management"
|
|
44926
|
+
},
|
|
44927
|
+
{
|
|
44928
|
+
"id": "NIST-800-53-CM-7",
|
|
44929
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44930
|
+
"control_name": "Least Functionality"
|
|
44931
|
+
},
|
|
44932
|
+
{
|
|
44933
|
+
"id": "NIST-800-53-SA-12",
|
|
44934
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44935
|
+
"control_name": "Supply Chain Protection"
|
|
44936
|
+
},
|
|
44937
|
+
{
|
|
44938
|
+
"id": "NIST-800-53-SC-8",
|
|
44939
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44940
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
44941
|
+
},
|
|
44942
|
+
{
|
|
44943
|
+
"id": "NIST-800-53-SI-12",
|
|
44944
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44945
|
+
"control_name": "Information Management and Retention"
|
|
44946
|
+
},
|
|
44947
|
+
{
|
|
44948
|
+
"id": "NIST-800-53-SI-2",
|
|
44949
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44950
|
+
"control_name": "Flaw Remediation"
|
|
44951
|
+
},
|
|
44952
|
+
{
|
|
44953
|
+
"id": "NIST-800-53-SI-3",
|
|
44954
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
44955
|
+
"control_name": "Malicious Code Protection"
|
|
44956
|
+
},
|
|
44957
|
+
{
|
|
44958
|
+
"id": "NIST-AI-RMF-MEASURE-2.5",
|
|
44959
|
+
"framework": "NIST AI RMF 1.0",
|
|
44960
|
+
"control_name": "AI system to human interaction evaluation"
|
|
44961
|
+
},
|
|
44962
|
+
{
|
|
44963
|
+
"id": "OWASP-ASVS-v5.0-V14",
|
|
44964
|
+
"framework": "OWASP ASVS v5.0",
|
|
44965
|
+
"control_name": "Configuration verification"
|
|
44966
|
+
},
|
|
44967
|
+
{
|
|
44968
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
44969
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
44970
|
+
"control_name": "Prompt Injection"
|
|
44971
|
+
},
|
|
44972
|
+
{
|
|
44973
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
44974
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
44975
|
+
"control_name": "Sensitive Information Disclosure"
|
|
44976
|
+
},
|
|
44977
|
+
{
|
|
44978
|
+
"id": "OWASP-LLM-Top-10-2025-LLM06",
|
|
44979
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
44980
|
+
"control_name": "Excessive Agency"
|
|
44981
|
+
},
|
|
44982
|
+
{
|
|
44983
|
+
"id": "OWASP-LLM-Top-10-2025-LLM08",
|
|
44984
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
44985
|
+
"control_name": "Vector and Embedding Weaknesses"
|
|
44986
|
+
},
|
|
44987
|
+
{
|
|
44988
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
44989
|
+
"framework": "PCI DSS 4.0",
|
|
44990
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
44991
|
+
},
|
|
44992
|
+
{
|
|
44993
|
+
"id": "SLSA-v1.0-Build-L3",
|
|
44994
|
+
"framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
|
|
44995
|
+
"control_name": "Hardened build platform with non-falsifiable provenance"
|
|
44996
|
+
},
|
|
44997
|
+
{
|
|
44998
|
+
"id": "SOC2-CC6-logical-access",
|
|
44999
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
45000
|
+
"control_name": "Logical and Physical Access Controls"
|
|
45001
|
+
},
|
|
45002
|
+
{
|
|
45003
|
+
"id": "SOC2-CC9-vendor-management",
|
|
45004
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
45005
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
45006
|
+
},
|
|
45007
|
+
{
|
|
45008
|
+
"id": "SWIFT-CSCF-v2026-1.1",
|
|
45009
|
+
"framework": "SWIFT Customer Security Controls Framework v2026",
|
|
45010
|
+
"control_name": "SWIFT Environment Protection"
|
|
45011
|
+
}
|
|
45012
|
+
],
|
|
45013
|
+
"attack_refs": [
|
|
45014
|
+
"T1059",
|
|
45015
|
+
"T1068",
|
|
45016
|
+
"T1078",
|
|
45017
|
+
"T1190",
|
|
45018
|
+
"T1195.001",
|
|
45019
|
+
"T1505",
|
|
45020
|
+
"T1530",
|
|
45021
|
+
"T1548.001",
|
|
45022
|
+
"T1552",
|
|
45023
|
+
"T1565",
|
|
45024
|
+
"T1566",
|
|
45025
|
+
"T1567",
|
|
45026
|
+
"T1610",
|
|
45027
|
+
"T1611"
|
|
45028
|
+
],
|
|
45029
|
+
"rfc_refs": [
|
|
45030
|
+
"RFC-4301",
|
|
45031
|
+
"RFC-4303",
|
|
45032
|
+
"RFC-6749",
|
|
45033
|
+
"RFC-7296",
|
|
45034
|
+
"RFC-7519",
|
|
45035
|
+
"RFC-8032",
|
|
45036
|
+
"RFC-8446",
|
|
45037
|
+
"RFC-8725",
|
|
45038
|
+
"RFC-9114",
|
|
45039
|
+
"RFC-9180",
|
|
45040
|
+
"RFC-9421",
|
|
45041
|
+
"RFC-9700"
|
|
45042
|
+
]
|
|
45043
|
+
}
|
|
45044
|
+
},
|
|
45045
|
+
"CVE-2024-9526": {
|
|
45046
|
+
"name": "Kubeflow Pipelines Stored XSS in Pipeline View",
|
|
45047
|
+
"rwep": 19,
|
|
45048
|
+
"cvss": 5.4,
|
|
45049
|
+
"cisa_kev": false,
|
|
45050
|
+
"epss_score": null,
|
|
45051
|
+
"referencing_skills": [
|
|
45052
|
+
"ai-attack-surface",
|
|
45053
|
+
"compliance-theater",
|
|
45054
|
+
"rag-pipeline-security",
|
|
45055
|
+
"ai-c2-detection",
|
|
45056
|
+
"threat-modeling-methodology",
|
|
45057
|
+
"webapp-security",
|
|
45058
|
+
"api-security",
|
|
45059
|
+
"container-runtime-security",
|
|
45060
|
+
"email-security-anti-phishing"
|
|
45061
|
+
],
|
|
45062
|
+
"chain": {
|
|
45063
|
+
"cwes": [
|
|
45064
|
+
{
|
|
45065
|
+
"id": "CWE-1039",
|
|
45066
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
45067
|
+
"category": "AI/ML"
|
|
45068
|
+
},
|
|
45069
|
+
{
|
|
45070
|
+
"id": "CWE-1188",
|
|
45071
|
+
"name": "Initialization of a Resource with an Insecure Default",
|
|
45072
|
+
"category": "Configuration"
|
|
45073
|
+
},
|
|
45074
|
+
{
|
|
45075
|
+
"id": "CWE-1395",
|
|
45076
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
45077
|
+
"category": "Supply Chain"
|
|
45078
|
+
},
|
|
45079
|
+
{
|
|
45080
|
+
"id": "CWE-1426",
|
|
45081
|
+
"name": "Improper Validation of Generative AI Output",
|
|
45082
|
+
"category": "AI/ML"
|
|
45083
|
+
},
|
|
45084
|
+
{
|
|
45085
|
+
"id": "CWE-200",
|
|
45086
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
45087
|
+
"category": "Information Exposure"
|
|
45088
|
+
},
|
|
45089
|
+
{
|
|
45090
|
+
"id": "CWE-22",
|
|
45091
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
45092
|
+
"category": "Path/Resource"
|
|
45093
|
+
},
|
|
45094
|
+
{
|
|
45095
|
+
"id": "CWE-269",
|
|
45096
|
+
"name": "Improper Privilege Management",
|
|
45097
|
+
"category": "Authorization"
|
|
45098
|
+
},
|
|
45099
|
+
{
|
|
45100
|
+
"id": "CWE-287",
|
|
45101
|
+
"name": "Improper Authentication",
|
|
45102
|
+
"category": "Authentication"
|
|
45103
|
+
},
|
|
45104
|
+
{
|
|
45105
|
+
"id": "CWE-352",
|
|
45106
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
45107
|
+
"category": "Session"
|
|
45108
|
+
},
|
|
45109
|
+
{
|
|
45110
|
+
"id": "CWE-434",
|
|
45111
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
45112
|
+
"category": "File Handling"
|
|
45113
|
+
},
|
|
45114
|
+
{
|
|
45115
|
+
"id": "CWE-502",
|
|
45116
|
+
"name": "Deserialization of Untrusted Data",
|
|
45117
|
+
"category": "Serialization"
|
|
45118
|
+
},
|
|
45119
|
+
{
|
|
45120
|
+
"id": "CWE-732",
|
|
45121
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
45122
|
+
"category": "Authorization"
|
|
45123
|
+
},
|
|
45124
|
+
{
|
|
45125
|
+
"id": "CWE-77",
|
|
45126
|
+
"name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
|
|
45127
|
+
"category": "Injection"
|
|
45128
|
+
},
|
|
45129
|
+
{
|
|
45130
|
+
"id": "CWE-78",
|
|
45131
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
45132
|
+
"category": "Injection"
|
|
45133
|
+
},
|
|
45134
|
+
{
|
|
45135
|
+
"id": "CWE-787",
|
|
45136
|
+
"name": "Out-of-bounds Write",
|
|
45137
|
+
"category": "Memory Safety"
|
|
45138
|
+
},
|
|
45139
|
+
{
|
|
45140
|
+
"id": "CWE-79",
|
|
45141
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
45142
|
+
"category": "Injection"
|
|
45143
|
+
},
|
|
45144
|
+
{
|
|
45145
|
+
"id": "CWE-862",
|
|
45146
|
+
"name": "Missing Authorization",
|
|
45147
|
+
"category": "Authorization"
|
|
45148
|
+
},
|
|
45149
|
+
{
|
|
45150
|
+
"id": "CWE-863",
|
|
45151
|
+
"name": "Incorrect Authorization",
|
|
45152
|
+
"category": "Authorization"
|
|
45153
|
+
},
|
|
45154
|
+
{
|
|
45155
|
+
"id": "CWE-89",
|
|
45156
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
45157
|
+
"category": "Injection"
|
|
45158
|
+
},
|
|
45159
|
+
{
|
|
45160
|
+
"id": "CWE-918",
|
|
45161
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
45162
|
+
"category": "Network"
|
|
45163
|
+
},
|
|
45164
|
+
{
|
|
45165
|
+
"id": "CWE-94",
|
|
45166
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
45167
|
+
"category": "Injection"
|
|
45168
|
+
}
|
|
45169
|
+
],
|
|
45170
|
+
"atlas": [
|
|
45171
|
+
{
|
|
45172
|
+
"id": "AML.T0010",
|
|
45173
|
+
"name": "ML Supply Chain Compromise",
|
|
45174
|
+
"tactic": "Initial Access"
|
|
45175
|
+
},
|
|
45176
|
+
{
|
|
45177
|
+
"id": "AML.T0016",
|
|
45178
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
45179
|
+
"tactic": "Resource Development"
|
|
45180
|
+
},
|
|
45181
|
+
{
|
|
45182
|
+
"id": "AML.T0017",
|
|
45183
|
+
"name": "Discover ML Model Ontology",
|
|
45184
|
+
"tactic": "Discovery"
|
|
45185
|
+
},
|
|
45186
|
+
{
|
|
45187
|
+
"id": "AML.T0018",
|
|
45188
|
+
"name": "Backdoor ML Model",
|
|
45189
|
+
"tactic": "Persistence"
|
|
45190
|
+
},
|
|
45191
|
+
{
|
|
45192
|
+
"id": "AML.T0020",
|
|
45193
|
+
"name": "Poison Training Data",
|
|
45194
|
+
"tactic": "ML Attack Staging"
|
|
45195
|
+
},
|
|
45196
|
+
{
|
|
45197
|
+
"id": "AML.T0043",
|
|
45198
|
+
"name": "Craft Adversarial Data",
|
|
45199
|
+
"tactic": "ML Attack Staging"
|
|
45200
|
+
},
|
|
45201
|
+
{
|
|
45202
|
+
"id": "AML.T0051",
|
|
45203
|
+
"name": "LLM Prompt Injection",
|
|
45204
|
+
"tactic": "Execution"
|
|
45205
|
+
},
|
|
45206
|
+
{
|
|
45207
|
+
"id": "AML.T0054",
|
|
45208
|
+
"name": "LLM Jailbreak",
|
|
45209
|
+
"tactic": "Defense Evasion"
|
|
45210
|
+
},
|
|
45211
|
+
{
|
|
45212
|
+
"id": "AML.T0096",
|
|
45213
|
+
"name": "AI API as Covert C2 Channel",
|
|
45214
|
+
"tactic": "Command and Control"
|
|
45215
|
+
}
|
|
45216
|
+
],
|
|
45217
|
+
"d3fend": [
|
|
45218
|
+
{
|
|
45219
|
+
"id": "D3-CA",
|
|
45220
|
+
"name": "Certificate Analysis",
|
|
45221
|
+
"tactic": "Detect"
|
|
45222
|
+
},
|
|
45223
|
+
{
|
|
45224
|
+
"id": "D3-CSPP",
|
|
45225
|
+
"name": "Client-server Payload Profiling",
|
|
45226
|
+
"tactic": "Detect"
|
|
45227
|
+
},
|
|
45228
|
+
{
|
|
45229
|
+
"id": "D3-DA",
|
|
45230
|
+
"name": "Domain Analysis",
|
|
45231
|
+
"tactic": "Detect"
|
|
45232
|
+
},
|
|
45233
|
+
{
|
|
45234
|
+
"id": "D3-IOPR",
|
|
45235
|
+
"name": "Input/Output Profiling Resource",
|
|
45236
|
+
"tactic": "Detect"
|
|
45237
|
+
},
|
|
45238
|
+
{
|
|
45239
|
+
"id": "D3-NI",
|
|
45240
|
+
"name": "Network Isolation",
|
|
45241
|
+
"tactic": "Isolate"
|
|
45242
|
+
},
|
|
45243
|
+
{
|
|
45244
|
+
"id": "D3-NTA",
|
|
45245
|
+
"name": "Network Traffic Analysis",
|
|
45246
|
+
"tactic": "Detect"
|
|
45247
|
+
},
|
|
45248
|
+
{
|
|
45249
|
+
"id": "D3-NTPM",
|
|
45250
|
+
"name": "Network Traffic Policy Mapping",
|
|
45251
|
+
"tactic": "Model"
|
|
45252
|
+
}
|
|
45253
|
+
],
|
|
45254
|
+
"framework_gaps": [
|
|
45255
|
+
{
|
|
45256
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
45257
|
+
"framework": "ALL",
|
|
45258
|
+
"control_name": "AI Pipeline Integrity"
|
|
45259
|
+
},
|
|
45260
|
+
{
|
|
45261
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
45262
|
+
"framework": "ALL",
|
|
45263
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
45264
|
+
},
|
|
45265
|
+
{
|
|
45266
|
+
"id": "CMMC-2.0-Level-2",
|
|
45267
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
45268
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
45269
|
+
},
|
|
45270
|
+
{
|
|
45271
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
45272
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
45273
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
45274
|
+
},
|
|
45275
|
+
{
|
|
45276
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
45277
|
+
"framework": "ISO/IEC 27001:2022",
|
|
45278
|
+
"control_name": "Monitoring activities"
|
|
45279
|
+
},
|
|
45280
|
+
{
|
|
45281
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
45282
|
+
"framework": "ISO/IEC 27001:2022",
|
|
45283
|
+
"control_name": "Secure coding"
|
|
45284
|
+
},
|
|
45285
|
+
{
|
|
45286
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
45287
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
45288
|
+
"control_name": "AI risk management process"
|
|
45289
|
+
},
|
|
45290
|
+
{
|
|
45291
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
45292
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
45293
|
+
"control_name": "AI risk assessment"
|
|
45294
|
+
},
|
|
45295
|
+
{
|
|
45296
|
+
"id": "NIST-800-218-SSDF",
|
|
45297
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
45298
|
+
"control_name": "Secure Software Development Framework"
|
|
45299
|
+
},
|
|
45300
|
+
{
|
|
45301
|
+
"id": "NIST-800-53-AC-2",
|
|
45302
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
45303
|
+
"control_name": "Account Management"
|
|
45304
|
+
},
|
|
45305
|
+
{
|
|
45306
|
+
"id": "NIST-800-53-CM-7",
|
|
45307
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
45308
|
+
"control_name": "Least Functionality"
|
|
45309
|
+
},
|
|
45310
|
+
{
|
|
45311
|
+
"id": "NIST-800-53-SC-7",
|
|
45312
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
45313
|
+
"control_name": "Boundary Protection"
|
|
45314
|
+
},
|
|
45315
|
+
{
|
|
45316
|
+
"id": "NIST-800-53-SI-12",
|
|
45317
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
45318
|
+
"control_name": "Information Management and Retention"
|
|
45319
|
+
},
|
|
45320
|
+
{
|
|
45321
|
+
"id": "NIST-800-53-SI-3",
|
|
45322
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
45323
|
+
"control_name": "Malicious Code Protection"
|
|
45324
|
+
},
|
|
45325
|
+
{
|
|
45326
|
+
"id": "NIST-AI-RMF-MEASURE-2.5",
|
|
45327
|
+
"framework": "NIST AI RMF 1.0",
|
|
45328
|
+
"control_name": "AI system to human interaction evaluation"
|
|
45329
|
+
},
|
|
45330
|
+
{
|
|
45331
|
+
"id": "OWASP-ASVS-v5.0-V14",
|
|
45332
|
+
"framework": "OWASP ASVS v5.0",
|
|
45333
|
+
"control_name": "Configuration verification"
|
|
45334
|
+
},
|
|
45335
|
+
{
|
|
45336
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
45337
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
45338
|
+
"control_name": "Prompt Injection"
|
|
45339
|
+
},
|
|
45340
|
+
{
|
|
45341
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
45342
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
45343
|
+
"control_name": "Sensitive Information Disclosure"
|
|
45344
|
+
},
|
|
45345
|
+
{
|
|
45346
|
+
"id": "OWASP-LLM-Top-10-2025-LLM08",
|
|
45347
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
45348
|
+
"control_name": "Vector and Embedding Weaknesses"
|
|
45349
|
+
},
|
|
45350
|
+
{
|
|
45351
|
+
"id": "SLSA-v1.0-Build-L3",
|
|
45352
|
+
"framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
|
|
45353
|
+
"control_name": "Hardened build platform with non-falsifiable provenance"
|
|
45354
|
+
},
|
|
45355
|
+
{
|
|
45356
|
+
"id": "SOC2-CC6-logical-access",
|
|
45357
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
45358
|
+
"control_name": "Logical and Physical Access Controls"
|
|
45359
|
+
},
|
|
45360
|
+
{
|
|
45361
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
45362
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
45363
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
45364
|
+
}
|
|
45365
|
+
],
|
|
45366
|
+
"attack_refs": [
|
|
45367
|
+
"T1059",
|
|
45368
|
+
"T1068",
|
|
45369
|
+
"T1071",
|
|
45370
|
+
"T1078",
|
|
45371
|
+
"T1102",
|
|
45372
|
+
"T1190",
|
|
45373
|
+
"T1505",
|
|
45374
|
+
"T1565",
|
|
45375
|
+
"T1566",
|
|
45376
|
+
"T1566.001",
|
|
45377
|
+
"T1566.002",
|
|
45378
|
+
"T1566.003",
|
|
45379
|
+
"T1567",
|
|
45380
|
+
"T1568",
|
|
45381
|
+
"T1610",
|
|
45382
|
+
"T1611"
|
|
45383
|
+
],
|
|
45384
|
+
"rfc_refs": [
|
|
45385
|
+
"RFC-6749",
|
|
45386
|
+
"RFC-7519",
|
|
45387
|
+
"RFC-8032",
|
|
45388
|
+
"RFC-8446",
|
|
45389
|
+
"RFC-8725",
|
|
45390
|
+
"RFC-9000",
|
|
45391
|
+
"RFC-9114",
|
|
45392
|
+
"RFC-9180",
|
|
45393
|
+
"RFC-9421",
|
|
45394
|
+
"RFC-9458",
|
|
45395
|
+
"RFC-9700"
|
|
45396
|
+
]
|
|
45397
|
+
}
|
|
45398
|
+
},
|
|
45399
|
+
"CVE-2023-6571": {
|
|
45400
|
+
"name": "Kubeflow Reflected XSS",
|
|
45401
|
+
"rwep": 15,
|
|
45402
|
+
"cvss": 6.1,
|
|
45403
|
+
"cisa_kev": false,
|
|
45404
|
+
"epss_score": null,
|
|
45405
|
+
"referencing_skills": [
|
|
45406
|
+
"ai-attack-surface",
|
|
45407
|
+
"compliance-theater",
|
|
45408
|
+
"rag-pipeline-security",
|
|
45409
|
+
"ai-c2-detection",
|
|
45410
|
+
"threat-modeling-methodology",
|
|
45411
|
+
"webapp-security",
|
|
45412
|
+
"api-security",
|
|
45413
|
+
"container-runtime-security",
|
|
45414
|
+
"email-security-anti-phishing"
|
|
45415
|
+
],
|
|
45416
|
+
"chain": {
|
|
45417
|
+
"cwes": [
|
|
45418
|
+
{
|
|
45419
|
+
"id": "CWE-1039",
|
|
45420
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
45421
|
+
"category": "AI/ML"
|
|
45422
|
+
},
|
|
45423
|
+
{
|
|
45424
|
+
"id": "CWE-1188",
|
|
45425
|
+
"name": "Initialization of a Resource with an Insecure Default",
|
|
45426
|
+
"category": "Configuration"
|
|
45427
|
+
},
|
|
45428
|
+
{
|
|
45429
|
+
"id": "CWE-1395",
|
|
45430
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
45431
|
+
"category": "Supply Chain"
|
|
45432
|
+
},
|
|
45433
|
+
{
|
|
45434
|
+
"id": "CWE-1426",
|
|
45435
|
+
"name": "Improper Validation of Generative AI Output",
|
|
45436
|
+
"category": "AI/ML"
|
|
45437
|
+
},
|
|
45438
|
+
{
|
|
45439
|
+
"id": "CWE-200",
|
|
45440
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
45441
|
+
"category": "Information Exposure"
|
|
45442
|
+
},
|
|
45443
|
+
{
|
|
45444
|
+
"id": "CWE-22",
|
|
45445
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
45446
|
+
"category": "Path/Resource"
|
|
45447
|
+
},
|
|
45448
|
+
{
|
|
45449
|
+
"id": "CWE-269",
|
|
45450
|
+
"name": "Improper Privilege Management",
|
|
45451
|
+
"category": "Authorization"
|
|
45452
|
+
},
|
|
45453
|
+
{
|
|
45454
|
+
"id": "CWE-287",
|
|
45455
|
+
"name": "Improper Authentication",
|
|
45456
|
+
"category": "Authentication"
|
|
45457
|
+
},
|
|
45458
|
+
{
|
|
45459
|
+
"id": "CWE-352",
|
|
45460
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
45461
|
+
"category": "Session"
|
|
45462
|
+
},
|
|
45463
|
+
{
|
|
45464
|
+
"id": "CWE-434",
|
|
45465
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
45466
|
+
"category": "File Handling"
|
|
45467
|
+
},
|
|
45468
|
+
{
|
|
45469
|
+
"id": "CWE-502",
|
|
45470
|
+
"name": "Deserialization of Untrusted Data",
|
|
45471
|
+
"category": "Serialization"
|
|
45472
|
+
},
|
|
45473
|
+
{
|
|
45474
|
+
"id": "CWE-732",
|
|
45475
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
45476
|
+
"category": "Authorization"
|
|
45477
|
+
},
|
|
45478
|
+
{
|
|
45479
|
+
"id": "CWE-77",
|
|
45480
|
+
"name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
|
|
45481
|
+
"category": "Injection"
|
|
45482
|
+
},
|
|
45483
|
+
{
|
|
45484
|
+
"id": "CWE-78",
|
|
45485
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
45486
|
+
"category": "Injection"
|
|
45487
|
+
},
|
|
45488
|
+
{
|
|
45489
|
+
"id": "CWE-787",
|
|
45490
|
+
"name": "Out-of-bounds Write",
|
|
45491
|
+
"category": "Memory Safety"
|
|
45492
|
+
},
|
|
45493
|
+
{
|
|
45494
|
+
"id": "CWE-79",
|
|
45495
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
45496
|
+
"category": "Injection"
|
|
45497
|
+
},
|
|
45498
|
+
{
|
|
45499
|
+
"id": "CWE-862",
|
|
45500
|
+
"name": "Missing Authorization",
|
|
45501
|
+
"category": "Authorization"
|
|
45502
|
+
},
|
|
45503
|
+
{
|
|
45504
|
+
"id": "CWE-863",
|
|
45505
|
+
"name": "Incorrect Authorization",
|
|
45506
|
+
"category": "Authorization"
|
|
45507
|
+
},
|
|
45508
|
+
{
|
|
45509
|
+
"id": "CWE-89",
|
|
45510
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
45511
|
+
"category": "Injection"
|
|
45512
|
+
},
|
|
45513
|
+
{
|
|
45514
|
+
"id": "CWE-918",
|
|
45515
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
45516
|
+
"category": "Network"
|
|
45517
|
+
},
|
|
45518
|
+
{
|
|
45519
|
+
"id": "CWE-94",
|
|
45520
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
45521
|
+
"category": "Injection"
|
|
45522
|
+
}
|
|
45523
|
+
],
|
|
45524
|
+
"atlas": [
|
|
45525
|
+
{
|
|
45526
|
+
"id": "AML.T0010",
|
|
45527
|
+
"name": "ML Supply Chain Compromise",
|
|
45528
|
+
"tactic": "Initial Access"
|
|
45529
|
+
},
|
|
45530
|
+
{
|
|
45531
|
+
"id": "AML.T0016",
|
|
45532
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
45533
|
+
"tactic": "Resource Development"
|
|
45534
|
+
},
|
|
45535
|
+
{
|
|
45536
|
+
"id": "AML.T0017",
|
|
45537
|
+
"name": "Discover ML Model Ontology",
|
|
45538
|
+
"tactic": "Discovery"
|
|
45539
|
+
},
|
|
45540
|
+
{
|
|
45541
|
+
"id": "AML.T0018",
|
|
45542
|
+
"name": "Backdoor ML Model",
|
|
45543
|
+
"tactic": "Persistence"
|
|
45544
|
+
},
|
|
45545
|
+
{
|
|
45546
|
+
"id": "AML.T0020",
|
|
45547
|
+
"name": "Poison Training Data",
|
|
45548
|
+
"tactic": "ML Attack Staging"
|
|
45549
|
+
},
|
|
45550
|
+
{
|
|
45551
|
+
"id": "AML.T0043",
|
|
45552
|
+
"name": "Craft Adversarial Data",
|
|
45553
|
+
"tactic": "ML Attack Staging"
|
|
45554
|
+
},
|
|
45555
|
+
{
|
|
45556
|
+
"id": "AML.T0051",
|
|
45557
|
+
"name": "LLM Prompt Injection",
|
|
45558
|
+
"tactic": "Execution"
|
|
45559
|
+
},
|
|
45560
|
+
{
|
|
45561
|
+
"id": "AML.T0054",
|
|
45562
|
+
"name": "LLM Jailbreak",
|
|
45563
|
+
"tactic": "Defense Evasion"
|
|
45564
|
+
},
|
|
45565
|
+
{
|
|
45566
|
+
"id": "AML.T0096",
|
|
45567
|
+
"name": "AI API as Covert C2 Channel",
|
|
45568
|
+
"tactic": "Command and Control"
|
|
45569
|
+
}
|
|
45570
|
+
],
|
|
45571
|
+
"d3fend": [
|
|
45572
|
+
{
|
|
45573
|
+
"id": "D3-CA",
|
|
45574
|
+
"name": "Certificate Analysis",
|
|
45575
|
+
"tactic": "Detect"
|
|
45576
|
+
},
|
|
45577
|
+
{
|
|
45578
|
+
"id": "D3-CSPP",
|
|
45579
|
+
"name": "Client-server Payload Profiling",
|
|
45580
|
+
"tactic": "Detect"
|
|
45581
|
+
},
|
|
45582
|
+
{
|
|
45583
|
+
"id": "D3-DA",
|
|
45584
|
+
"name": "Domain Analysis",
|
|
45585
|
+
"tactic": "Detect"
|
|
45586
|
+
},
|
|
45587
|
+
{
|
|
45588
|
+
"id": "D3-IOPR",
|
|
45589
|
+
"name": "Input/Output Profiling Resource",
|
|
45590
|
+
"tactic": "Detect"
|
|
45591
|
+
},
|
|
45592
|
+
{
|
|
45593
|
+
"id": "D3-NI",
|
|
45594
|
+
"name": "Network Isolation",
|
|
45595
|
+
"tactic": "Isolate"
|
|
45596
|
+
},
|
|
45597
|
+
{
|
|
45598
|
+
"id": "D3-NTA",
|
|
45599
|
+
"name": "Network Traffic Analysis",
|
|
45600
|
+
"tactic": "Detect"
|
|
45601
|
+
},
|
|
45602
|
+
{
|
|
45603
|
+
"id": "D3-NTPM",
|
|
45604
|
+
"name": "Network Traffic Policy Mapping",
|
|
45605
|
+
"tactic": "Model"
|
|
45606
|
+
}
|
|
45607
|
+
],
|
|
45608
|
+
"framework_gaps": [
|
|
45609
|
+
{
|
|
45610
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
45611
|
+
"framework": "ALL",
|
|
45612
|
+
"control_name": "AI Pipeline Integrity"
|
|
45613
|
+
},
|
|
45614
|
+
{
|
|
45615
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
45616
|
+
"framework": "ALL",
|
|
45617
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
45618
|
+
},
|
|
45619
|
+
{
|
|
45620
|
+
"id": "CMMC-2.0-Level-2",
|
|
45621
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
45622
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
45623
|
+
},
|
|
45624
|
+
{
|
|
45625
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
45626
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
45627
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
45628
|
+
},
|
|
45629
|
+
{
|
|
45630
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
45631
|
+
"framework": "ISO/IEC 27001:2022",
|
|
45632
|
+
"control_name": "Monitoring activities"
|
|
45633
|
+
},
|
|
45634
|
+
{
|
|
45635
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
45636
|
+
"framework": "ISO/IEC 27001:2022",
|
|
45637
|
+
"control_name": "Secure coding"
|
|
45638
|
+
},
|
|
45639
|
+
{
|
|
45640
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
45641
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
45642
|
+
"control_name": "AI risk management process"
|
|
45643
|
+
},
|
|
45644
|
+
{
|
|
45645
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
45646
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
45647
|
+
"control_name": "AI risk assessment"
|
|
45648
|
+
},
|
|
45649
|
+
{
|
|
45650
|
+
"id": "NIST-800-218-SSDF",
|
|
45651
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
45652
|
+
"control_name": "Secure Software Development Framework"
|
|
45653
|
+
},
|
|
45654
|
+
{
|
|
45655
|
+
"id": "NIST-800-53-AC-2",
|
|
45656
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
45657
|
+
"control_name": "Account Management"
|
|
45658
|
+
},
|
|
45659
|
+
{
|
|
45660
|
+
"id": "NIST-800-53-CM-7",
|
|
45661
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
45662
|
+
"control_name": "Least Functionality"
|
|
45663
|
+
},
|
|
45664
|
+
{
|
|
45665
|
+
"id": "NIST-800-53-SC-7",
|
|
45666
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
45667
|
+
"control_name": "Boundary Protection"
|
|
45668
|
+
},
|
|
45669
|
+
{
|
|
45670
|
+
"id": "NIST-800-53-SI-12",
|
|
45671
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
45672
|
+
"control_name": "Information Management and Retention"
|
|
45673
|
+
},
|
|
45674
|
+
{
|
|
45675
|
+
"id": "NIST-800-53-SI-3",
|
|
45676
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
45677
|
+
"control_name": "Malicious Code Protection"
|
|
45678
|
+
},
|
|
45679
|
+
{
|
|
45680
|
+
"id": "NIST-AI-RMF-MEASURE-2.5",
|
|
45681
|
+
"framework": "NIST AI RMF 1.0",
|
|
45682
|
+
"control_name": "AI system to human interaction evaluation"
|
|
45683
|
+
},
|
|
45684
|
+
{
|
|
45685
|
+
"id": "OWASP-ASVS-v5.0-V14",
|
|
45686
|
+
"framework": "OWASP ASVS v5.0",
|
|
45687
|
+
"control_name": "Configuration verification"
|
|
45688
|
+
},
|
|
45689
|
+
{
|
|
45690
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
45691
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
45692
|
+
"control_name": "Prompt Injection"
|
|
45693
|
+
},
|
|
45694
|
+
{
|
|
45695
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
45696
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
45697
|
+
"control_name": "Sensitive Information Disclosure"
|
|
45698
|
+
},
|
|
45699
|
+
{
|
|
45700
|
+
"id": "OWASP-LLM-Top-10-2025-LLM08",
|
|
45701
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
45702
|
+
"control_name": "Vector and Embedding Weaknesses"
|
|
45703
|
+
},
|
|
45704
|
+
{
|
|
45705
|
+
"id": "SLSA-v1.0-Build-L3",
|
|
45706
|
+
"framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
|
|
45707
|
+
"control_name": "Hardened build platform with non-falsifiable provenance"
|
|
45708
|
+
},
|
|
45709
|
+
{
|
|
45710
|
+
"id": "SOC2-CC6-logical-access",
|
|
45711
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
45712
|
+
"control_name": "Logical and Physical Access Controls"
|
|
45713
|
+
},
|
|
45714
|
+
{
|
|
45715
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
45716
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
45717
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
45718
|
+
}
|
|
45719
|
+
],
|
|
45720
|
+
"attack_refs": [
|
|
45721
|
+
"T1059",
|
|
45722
|
+
"T1068",
|
|
45723
|
+
"T1071",
|
|
45724
|
+
"T1078",
|
|
45725
|
+
"T1102",
|
|
45726
|
+
"T1190",
|
|
45727
|
+
"T1505",
|
|
45728
|
+
"T1565",
|
|
45729
|
+
"T1566",
|
|
45730
|
+
"T1566.001",
|
|
45731
|
+
"T1566.002",
|
|
45732
|
+
"T1566.003",
|
|
45733
|
+
"T1567",
|
|
45734
|
+
"T1568",
|
|
45735
|
+
"T1610",
|
|
45736
|
+
"T1611"
|
|
45737
|
+
],
|
|
45738
|
+
"rfc_refs": [
|
|
45739
|
+
"RFC-6749",
|
|
45740
|
+
"RFC-7519",
|
|
45741
|
+
"RFC-8032",
|
|
45742
|
+
"RFC-8446",
|
|
45743
|
+
"RFC-8725",
|
|
45744
|
+
"RFC-9000",
|
|
45745
|
+
"RFC-9114",
|
|
45746
|
+
"RFC-9180",
|
|
45747
|
+
"RFC-9421",
|
|
45748
|
+
"RFC-9458",
|
|
45749
|
+
"RFC-9700"
|
|
45750
|
+
]
|
|
45751
|
+
}
|
|
45752
|
+
},
|
|
44147
45753
|
"CVE-2026-41091": {
|
|
44148
45754
|
"name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
|
|
44149
45755
|
"rwep": 45,
|
|
@@ -70528,6 +72134,7 @@
|
|
|
70528
72134
|
"CVE-2023-6016",
|
|
70529
72135
|
"CVE-2023-6019",
|
|
70530
72136
|
"CVE-2023-6021",
|
|
72137
|
+
"CVE-2023-6571",
|
|
70531
72138
|
"CVE-2024-0129",
|
|
70532
72139
|
"CVE-2024-0132",
|
|
70533
72140
|
"CVE-2024-11392",
|
|
@@ -70555,6 +72162,7 @@
|
|
|
70555
72162
|
"CVE-2024-50050",
|
|
70556
72163
|
"CVE-2024-5565",
|
|
70557
72164
|
"CVE-2024-6587",
|
|
72165
|
+
"CVE-2024-9526",
|
|
70558
72166
|
"CVE-2025-0133",
|
|
70559
72167
|
"CVE-2025-10585",
|
|
70560
72168
|
"CVE-2025-1094",
|
|
@@ -70600,6 +72208,8 @@
|
|
|
70600
72208
|
"CVE-2026-30623",
|
|
70601
72209
|
"CVE-2026-30624",
|
|
70602
72210
|
"CVE-2026-30625",
|
|
72211
|
+
"CVE-2026-31229",
|
|
72212
|
+
"CVE-2026-31230",
|
|
70603
72213
|
"CVE-2026-31431",
|
|
70604
72214
|
"CVE-2026-33017",
|
|
70605
72215
|
"CVE-2026-34159",
|
|
@@ -70795,6 +72405,7 @@
|
|
|
70795
72405
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
70796
72406
|
"CVE-2023-43472",
|
|
70797
72407
|
"CVE-2023-6016",
|
|
72408
|
+
"CVE-2023-6571",
|
|
70798
72409
|
"CVE-2024-12366",
|
|
70799
72410
|
"CVE-2024-24590",
|
|
70800
72411
|
"CVE-2024-24591",
|
|
@@ -70804,6 +72415,7 @@
|
|
|
70804
72415
|
"CVE-2024-37052",
|
|
70805
72416
|
"CVE-2024-37060",
|
|
70806
72417
|
"CVE-2024-5565",
|
|
72418
|
+
"CVE-2024-9526",
|
|
70807
72419
|
"CVE-2025-0133",
|
|
70808
72420
|
"CVE-2025-1094",
|
|
70809
72421
|
"CVE-2025-27520",
|
|
@@ -70813,6 +72425,8 @@
|
|
|
70813
72425
|
"CVE-2025-6965",
|
|
70814
72426
|
"CVE-2026-30615",
|
|
70815
72427
|
"CVE-2026-30623",
|
|
72428
|
+
"CVE-2026-31229",
|
|
72429
|
+
"CVE-2026-31230",
|
|
70816
72430
|
"CVE-2026-33017",
|
|
70817
72431
|
"CVE-2026-39884",
|
|
70818
72432
|
"CVE-2026-42208",
|
|
@@ -70958,6 +72572,7 @@
|
|
|
70958
72572
|
"CVE-2023-6016",
|
|
70959
72573
|
"CVE-2023-6019",
|
|
70960
72574
|
"CVE-2023-6021",
|
|
72575
|
+
"CVE-2023-6571",
|
|
70961
72576
|
"CVE-2024-0129",
|
|
70962
72577
|
"CVE-2024-0132",
|
|
70963
72578
|
"CVE-2024-11392",
|
|
@@ -70983,6 +72598,7 @@
|
|
|
70983
72598
|
"CVE-2024-50050",
|
|
70984
72599
|
"CVE-2024-5565",
|
|
70985
72600
|
"CVE-2024-6587",
|
|
72601
|
+
"CVE-2024-9526",
|
|
70986
72602
|
"CVE-2025-0133",
|
|
70987
72603
|
"CVE-2025-10585",
|
|
70988
72604
|
"CVE-2025-1094",
|
|
@@ -71025,6 +72641,8 @@
|
|
|
71025
72641
|
"CVE-2026-30623",
|
|
71026
72642
|
"CVE-2026-30624",
|
|
71027
72643
|
"CVE-2026-30625",
|
|
72644
|
+
"CVE-2026-31229",
|
|
72645
|
+
"CVE-2026-31230",
|
|
71028
72646
|
"CVE-2026-31431",
|
|
71029
72647
|
"CVE-2026-33017",
|
|
71030
72648
|
"CVE-2026-34159",
|
|
@@ -71168,6 +72786,7 @@
|
|
|
71168
72786
|
"CVE-2023-6016",
|
|
71169
72787
|
"CVE-2023-6019",
|
|
71170
72788
|
"CVE-2023-6021",
|
|
72789
|
+
"CVE-2023-6571",
|
|
71171
72790
|
"CVE-2024-0129",
|
|
71172
72791
|
"CVE-2024-0132",
|
|
71173
72792
|
"CVE-2024-11392",
|
|
@@ -71193,6 +72812,7 @@
|
|
|
71193
72812
|
"CVE-2024-50050",
|
|
71194
72813
|
"CVE-2024-5565",
|
|
71195
72814
|
"CVE-2024-6587",
|
|
72815
|
+
"CVE-2024-9526",
|
|
71196
72816
|
"CVE-2025-0133",
|
|
71197
72817
|
"CVE-2025-10585",
|
|
71198
72818
|
"CVE-2025-1094",
|
|
@@ -71235,6 +72855,8 @@
|
|
|
71235
72855
|
"CVE-2026-30623",
|
|
71236
72856
|
"CVE-2026-30624",
|
|
71237
72857
|
"CVE-2026-30625",
|
|
72858
|
+
"CVE-2026-31229",
|
|
72859
|
+
"CVE-2026-31230",
|
|
71238
72860
|
"CVE-2026-31431",
|
|
71239
72861
|
"CVE-2026-33017",
|
|
71240
72862
|
"CVE-2026-34159",
|
|
@@ -71392,6 +73014,7 @@
|
|
|
71392
73014
|
"CVE-2023-6016",
|
|
71393
73015
|
"CVE-2023-6019",
|
|
71394
73016
|
"CVE-2023-6021",
|
|
73017
|
+
"CVE-2023-6571",
|
|
71395
73018
|
"CVE-2024-0129",
|
|
71396
73019
|
"CVE-2024-0132",
|
|
71397
73020
|
"CVE-2024-11392",
|
|
@@ -71417,6 +73040,7 @@
|
|
|
71417
73040
|
"CVE-2024-50050",
|
|
71418
73041
|
"CVE-2024-5565",
|
|
71419
73042
|
"CVE-2024-6587",
|
|
73043
|
+
"CVE-2024-9526",
|
|
71420
73044
|
"CVE-2025-0133",
|
|
71421
73045
|
"CVE-2025-10585",
|
|
71422
73046
|
"CVE-2025-1094",
|
|
@@ -71459,6 +73083,8 @@
|
|
|
71459
73083
|
"CVE-2026-30623",
|
|
71460
73084
|
"CVE-2026-30624",
|
|
71461
73085
|
"CVE-2026-30625",
|
|
73086
|
+
"CVE-2026-31229",
|
|
73087
|
+
"CVE-2026-31230",
|
|
71462
73088
|
"CVE-2026-31431",
|
|
71463
73089
|
"CVE-2026-33017",
|
|
71464
73090
|
"CVE-2026-34159",
|
|
@@ -71724,6 +73350,7 @@
|
|
|
71724
73350
|
"CVE-2023-6019",
|
|
71725
73351
|
"CVE-2023-6021",
|
|
71726
73352
|
"CVE-2023-6038",
|
|
73353
|
+
"CVE-2023-6571",
|
|
71727
73354
|
"CVE-2024-0129",
|
|
71728
73355
|
"CVE-2024-0132",
|
|
71729
73356
|
"CVE-2024-11392",
|
|
@@ -71751,6 +73378,7 @@
|
|
|
71751
73378
|
"CVE-2024-50050",
|
|
71752
73379
|
"CVE-2024-5565",
|
|
71753
73380
|
"CVE-2024-6587",
|
|
73381
|
+
"CVE-2024-9526",
|
|
71754
73382
|
"CVE-2025-0133",
|
|
71755
73383
|
"CVE-2025-1094",
|
|
71756
73384
|
"CVE-2025-11837",
|
|
@@ -71795,6 +73423,8 @@
|
|
|
71795
73423
|
"CVE-2026-30623",
|
|
71796
73424
|
"CVE-2026-30624",
|
|
71797
73425
|
"CVE-2026-30625",
|
|
73426
|
+
"CVE-2026-31229",
|
|
73427
|
+
"CVE-2026-31230",
|
|
71798
73428
|
"CVE-2026-32202",
|
|
71799
73429
|
"CVE-2026-33017",
|
|
71800
73430
|
"CVE-2026-33825",
|
|
@@ -72249,6 +73879,8 @@
|
|
|
72249
73879
|
"CVE-2026-30617",
|
|
72250
73880
|
"CVE-2026-30624",
|
|
72251
73881
|
"CVE-2026-30625",
|
|
73882
|
+
"CVE-2026-31229",
|
|
73883
|
+
"CVE-2026-31230",
|
|
72252
73884
|
"CVE-2026-31431",
|
|
72253
73885
|
"CVE-2026-31635",
|
|
72254
73886
|
"CVE-2026-32201",
|
|
@@ -72502,6 +74134,7 @@
|
|
|
72502
74134
|
"CVE-2023-51449",
|
|
72503
74135
|
"CVE-2023-6016",
|
|
72504
74136
|
"CVE-2023-6038",
|
|
74137
|
+
"CVE-2023-6571",
|
|
72505
74138
|
"CVE-2024-0132",
|
|
72506
74139
|
"CVE-2024-12366",
|
|
72507
74140
|
"CVE-2024-1561",
|
|
@@ -72518,6 +74151,7 @@
|
|
|
72518
74151
|
"CVE-2024-42478",
|
|
72519
74152
|
"CVE-2024-42479",
|
|
72520
74153
|
"CVE-2024-5565",
|
|
74154
|
+
"CVE-2024-9526",
|
|
72521
74155
|
"CVE-2025-0133",
|
|
72522
74156
|
"CVE-2025-1094",
|
|
72523
74157
|
"CVE-2025-14847",
|
|
@@ -72534,6 +74168,8 @@
|
|
|
72534
74168
|
"CVE-2025-6965",
|
|
72535
74169
|
"CVE-2026-30615",
|
|
72536
74170
|
"CVE-2026-30623",
|
|
74171
|
+
"CVE-2026-31229",
|
|
74172
|
+
"CVE-2026-31230",
|
|
72537
74173
|
"CVE-2026-33017",
|
|
72538
74174
|
"CVE-2026-34159",
|
|
72539
74175
|
"CVE-2026-39884",
|
|
@@ -72887,6 +74523,7 @@
|
|
|
72887
74523
|
"CVE-2023-6016",
|
|
72888
74524
|
"CVE-2023-6019",
|
|
72889
74525
|
"CVE-2023-6021",
|
|
74526
|
+
"CVE-2023-6571",
|
|
72890
74527
|
"CVE-2024-0129",
|
|
72891
74528
|
"CVE-2024-0132",
|
|
72892
74529
|
"CVE-2024-11392",
|
|
@@ -72914,6 +74551,7 @@
|
|
|
72914
74551
|
"CVE-2024-50050",
|
|
72915
74552
|
"CVE-2024-5565",
|
|
72916
74553
|
"CVE-2024-6587",
|
|
74554
|
+
"CVE-2024-9526",
|
|
72917
74555
|
"CVE-2025-0133",
|
|
72918
74556
|
"CVE-2025-10585",
|
|
72919
74557
|
"CVE-2025-1094",
|
|
@@ -72959,6 +74597,8 @@
|
|
|
72959
74597
|
"CVE-2026-30623",
|
|
72960
74598
|
"CVE-2026-30624",
|
|
72961
74599
|
"CVE-2026-30625",
|
|
74600
|
+
"CVE-2026-31229",
|
|
74601
|
+
"CVE-2026-31230",
|
|
72962
74602
|
"CVE-2026-31431",
|
|
72963
74603
|
"CVE-2026-33017",
|
|
72964
74604
|
"CVE-2026-34159",
|
|
@@ -73536,6 +75176,7 @@
|
|
|
73536
75176
|
"CVE-2023-6016",
|
|
73537
75177
|
"CVE-2023-6019",
|
|
73538
75178
|
"CVE-2023-6021",
|
|
75179
|
+
"CVE-2023-6571",
|
|
73539
75180
|
"CVE-2024-0129",
|
|
73540
75181
|
"CVE-2024-0132",
|
|
73541
75182
|
"CVE-2024-11392",
|
|
@@ -73563,6 +75204,7 @@
|
|
|
73563
75204
|
"CVE-2024-50050",
|
|
73564
75205
|
"CVE-2024-5565",
|
|
73565
75206
|
"CVE-2024-6587",
|
|
75207
|
+
"CVE-2024-9526",
|
|
73566
75208
|
"CVE-2025-0133",
|
|
73567
75209
|
"CVE-2025-10585",
|
|
73568
75210
|
"CVE-2025-1094",
|
|
@@ -73608,6 +75250,8 @@
|
|
|
73608
75250
|
"CVE-2026-30623",
|
|
73609
75251
|
"CVE-2026-30624",
|
|
73610
75252
|
"CVE-2026-30625",
|
|
75253
|
+
"CVE-2026-31229",
|
|
75254
|
+
"CVE-2026-31230",
|
|
73611
75255
|
"CVE-2026-31431",
|
|
73612
75256
|
"CVE-2026-33017",
|
|
73613
75257
|
"CVE-2026-34159",
|
|
@@ -74302,6 +75946,8 @@
|
|
|
74302
75946
|
"CVE-2025-49844",
|
|
74303
75947
|
"CVE-2025-53773",
|
|
74304
75948
|
"CVE-2026-30615",
|
|
75949
|
+
"CVE-2026-31229",
|
|
75950
|
+
"CVE-2026-31230",
|
|
74305
75951
|
"CVE-2026-33017",
|
|
74306
75952
|
"CVE-2026-45321",
|
|
74307
75953
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -74536,6 +76182,7 @@
|
|
|
74536
76182
|
"CVE-2023-6016",
|
|
74537
76183
|
"CVE-2023-6019",
|
|
74538
76184
|
"CVE-2023-6021",
|
|
76185
|
+
"CVE-2023-6571",
|
|
74539
76186
|
"CVE-2024-0129",
|
|
74540
76187
|
"CVE-2024-0132",
|
|
74541
76188
|
"CVE-2024-11392",
|
|
@@ -74563,6 +76210,7 @@
|
|
|
74563
76210
|
"CVE-2024-50050",
|
|
74564
76211
|
"CVE-2024-5565",
|
|
74565
76212
|
"CVE-2024-6587",
|
|
76213
|
+
"CVE-2024-9526",
|
|
74566
76214
|
"CVE-2025-0133",
|
|
74567
76215
|
"CVE-2025-10585",
|
|
74568
76216
|
"CVE-2025-1094",
|
|
@@ -74608,6 +76256,8 @@
|
|
|
74608
76256
|
"CVE-2026-30623",
|
|
74609
76257
|
"CVE-2026-30624",
|
|
74610
76258
|
"CVE-2026-30625",
|
|
76259
|
+
"CVE-2026-31229",
|
|
76260
|
+
"CVE-2026-31230",
|
|
74611
76261
|
"CVE-2026-31431",
|
|
74612
76262
|
"CVE-2026-33017",
|
|
74613
76263
|
"CVE-2026-34159",
|
|
@@ -75067,6 +76717,8 @@
|
|
|
75067
76717
|
"CVE-2026-30617",
|
|
75068
76718
|
"CVE-2026-30624",
|
|
75069
76719
|
"CVE-2026-30625",
|
|
76720
|
+
"CVE-2026-31229",
|
|
76721
|
+
"CVE-2026-31230",
|
|
75070
76722
|
"CVE-2026-31431",
|
|
75071
76723
|
"CVE-2026-31635",
|
|
75072
76724
|
"CVE-2026-32201",
|
|
@@ -75527,6 +77179,8 @@
|
|
|
75527
77179
|
"CVE-2026-30617",
|
|
75528
77180
|
"CVE-2026-30624",
|
|
75529
77181
|
"CVE-2026-30625",
|
|
77182
|
+
"CVE-2026-31229",
|
|
77183
|
+
"CVE-2026-31230",
|
|
75530
77184
|
"CVE-2026-31431",
|
|
75531
77185
|
"CVE-2026-31635",
|
|
75532
77186
|
"CVE-2026-32201",
|
|
@@ -75778,6 +77432,7 @@
|
|
|
75778
77432
|
"CVE-2023-6016",
|
|
75779
77433
|
"CVE-2023-6019",
|
|
75780
77434
|
"CVE-2023-6021",
|
|
77435
|
+
"CVE-2023-6571",
|
|
75781
77436
|
"CVE-2024-0129",
|
|
75782
77437
|
"CVE-2024-0132",
|
|
75783
77438
|
"CVE-2024-11392",
|
|
@@ -75805,6 +77460,7 @@
|
|
|
75805
77460
|
"CVE-2024-50050",
|
|
75806
77461
|
"CVE-2024-5565",
|
|
75807
77462
|
"CVE-2024-6587",
|
|
77463
|
+
"CVE-2024-9526",
|
|
75808
77464
|
"CVE-2025-0133",
|
|
75809
77465
|
"CVE-2025-10585",
|
|
75810
77466
|
"CVE-2025-1094",
|
|
@@ -75850,6 +77506,8 @@
|
|
|
75850
77506
|
"CVE-2026-30623",
|
|
75851
77507
|
"CVE-2026-30624",
|
|
75852
77508
|
"CVE-2026-30625",
|
|
77509
|
+
"CVE-2026-31229",
|
|
77510
|
+
"CVE-2026-31230",
|
|
75853
77511
|
"CVE-2026-31431",
|
|
75854
77512
|
"CVE-2026-33017",
|
|
75855
77513
|
"CVE-2026-34159",
|
|
@@ -76069,6 +77727,8 @@
|
|
|
76069
77727
|
"CVE-2025-49844",
|
|
76070
77728
|
"CVE-2025-53773",
|
|
76071
77729
|
"CVE-2026-30615",
|
|
77730
|
+
"CVE-2026-31229",
|
|
77731
|
+
"CVE-2026-31230",
|
|
76072
77732
|
"CVE-2026-33017",
|
|
76073
77733
|
"CVE-2026-45321",
|
|
76074
77734
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -76258,6 +77918,7 @@
|
|
|
76258
77918
|
"related_cves": [
|
|
76259
77919
|
"CVE-2023-43472",
|
|
76260
77920
|
"CVE-2023-6016",
|
|
77921
|
+
"CVE-2023-6571",
|
|
76261
77922
|
"CVE-2024-12366",
|
|
76262
77923
|
"CVE-2024-24590",
|
|
76263
77924
|
"CVE-2024-24591",
|
|
@@ -76266,6 +77927,7 @@
|
|
|
76266
77927
|
"CVE-2024-37052",
|
|
76267
77928
|
"CVE-2024-37060",
|
|
76268
77929
|
"CVE-2024-5565",
|
|
77930
|
+
"CVE-2024-9526",
|
|
76269
77931
|
"CVE-2025-0133",
|
|
76270
77932
|
"CVE-2025-1094",
|
|
76271
77933
|
"CVE-2025-27520",
|
|
@@ -76273,6 +77935,8 @@
|
|
|
76273
77935
|
"CVE-2025-6965",
|
|
76274
77936
|
"CVE-2026-30615",
|
|
76275
77937
|
"CVE-2026-30623",
|
|
77938
|
+
"CVE-2026-31229",
|
|
77939
|
+
"CVE-2026-31230",
|
|
76276
77940
|
"CVE-2026-33017",
|
|
76277
77941
|
"CVE-2026-39884",
|
|
76278
77942
|
"CVE-2026-42208",
|
|
@@ -76881,6 +78545,8 @@
|
|
|
76881
78545
|
"CVE-2026-30617",
|
|
76882
78546
|
"CVE-2026-30624",
|
|
76883
78547
|
"CVE-2026-30625",
|
|
78548
|
+
"CVE-2026-31229",
|
|
78549
|
+
"CVE-2026-31230",
|
|
76884
78550
|
"CVE-2026-31431",
|
|
76885
78551
|
"CVE-2026-31635",
|
|
76886
78552
|
"CVE-2026-32201",
|
|
@@ -77196,6 +78862,7 @@
|
|
|
77196
78862
|
"CVE-2023-6016",
|
|
77197
78863
|
"CVE-2023-6019",
|
|
77198
78864
|
"CVE-2023-6021",
|
|
78865
|
+
"CVE-2023-6571",
|
|
77199
78866
|
"CVE-2024-0129",
|
|
77200
78867
|
"CVE-2024-0132",
|
|
77201
78868
|
"CVE-2024-11392",
|
|
@@ -77223,6 +78890,7 @@
|
|
|
77223
78890
|
"CVE-2024-50050",
|
|
77224
78891
|
"CVE-2024-5565",
|
|
77225
78892
|
"CVE-2024-6587",
|
|
78893
|
+
"CVE-2024-9526",
|
|
77226
78894
|
"CVE-2025-0133",
|
|
77227
78895
|
"CVE-2025-10585",
|
|
77228
78896
|
"CVE-2025-1094",
|
|
@@ -77268,6 +78936,8 @@
|
|
|
77268
78936
|
"CVE-2026-30623",
|
|
77269
78937
|
"CVE-2026-30624",
|
|
77270
78938
|
"CVE-2026-30625",
|
|
78939
|
+
"CVE-2026-31229",
|
|
78940
|
+
"CVE-2026-31230",
|
|
77271
78941
|
"CVE-2026-31431",
|
|
77272
78942
|
"CVE-2026-33017",
|
|
77273
78943
|
"CVE-2026-34159",
|
|
@@ -77565,6 +79235,7 @@
|
|
|
77565
79235
|
"CVE-2023-6016",
|
|
77566
79236
|
"CVE-2023-6019",
|
|
77567
79237
|
"CVE-2023-6021",
|
|
79238
|
+
"CVE-2023-6571",
|
|
77568
79239
|
"CVE-2024-0129",
|
|
77569
79240
|
"CVE-2024-0132",
|
|
77570
79241
|
"CVE-2024-0769",
|
|
@@ -77610,6 +79281,7 @@
|
|
|
77610
79281
|
"CVE-2024-7694",
|
|
77611
79282
|
"CVE-2024-8068",
|
|
77612
79283
|
"CVE-2024-8069",
|
|
79284
|
+
"CVE-2024-9526",
|
|
77613
79285
|
"CVE-2025-0133",
|
|
77614
79286
|
"CVE-2025-10035",
|
|
77615
79287
|
"CVE-2025-10585",
|
|
@@ -77820,6 +79492,8 @@
|
|
|
77820
79492
|
"CVE-2026-30623",
|
|
77821
79493
|
"CVE-2026-30624",
|
|
77822
79494
|
"CVE-2026-30625",
|
|
79495
|
+
"CVE-2026-31229",
|
|
79496
|
+
"CVE-2026-31230",
|
|
77823
79497
|
"CVE-2026-31431",
|
|
77824
79498
|
"CVE-2026-31635",
|
|
77825
79499
|
"CVE-2026-32201",
|
|
@@ -78215,6 +79889,8 @@
|
|
|
78215
79889
|
"CVE-2026-30617",
|
|
78216
79890
|
"CVE-2026-30624",
|
|
78217
79891
|
"CVE-2026-30625",
|
|
79892
|
+
"CVE-2026-31229",
|
|
79893
|
+
"CVE-2026-31230",
|
|
78218
79894
|
"CVE-2026-31431",
|
|
78219
79895
|
"CVE-2026-33017",
|
|
78220
79896
|
"CVE-2026-34159",
|
|
@@ -78528,6 +80204,7 @@
|
|
|
78528
80204
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
78529
80205
|
"CVE-2023-43472",
|
|
78530
80206
|
"CVE-2023-6016",
|
|
80207
|
+
"CVE-2023-6571",
|
|
78531
80208
|
"CVE-2024-12366",
|
|
78532
80209
|
"CVE-2024-24590",
|
|
78533
80210
|
"CVE-2024-24591",
|
|
@@ -78537,6 +80214,7 @@
|
|
|
78537
80214
|
"CVE-2024-37052",
|
|
78538
80215
|
"CVE-2024-37060",
|
|
78539
80216
|
"CVE-2024-5565",
|
|
80217
|
+
"CVE-2024-9526",
|
|
78540
80218
|
"CVE-2025-0133",
|
|
78541
80219
|
"CVE-2025-1094",
|
|
78542
80220
|
"CVE-2025-27520",
|
|
@@ -78546,6 +80224,8 @@
|
|
|
78546
80224
|
"CVE-2025-6965",
|
|
78547
80225
|
"CVE-2026-30615",
|
|
78548
80226
|
"CVE-2026-30623",
|
|
80227
|
+
"CVE-2026-31229",
|
|
80228
|
+
"CVE-2026-31230",
|
|
78549
80229
|
"CVE-2026-33017",
|
|
78550
80230
|
"CVE-2026-39884",
|
|
78551
80231
|
"CVE-2026-42208",
|
|
@@ -78823,6 +80503,7 @@
|
|
|
78823
80503
|
"related_cves": [
|
|
78824
80504
|
"CVE-2023-43472",
|
|
78825
80505
|
"CVE-2023-6016",
|
|
80506
|
+
"CVE-2023-6571",
|
|
78826
80507
|
"CVE-2024-12366",
|
|
78827
80508
|
"CVE-2024-24590",
|
|
78828
80509
|
"CVE-2024-24591",
|
|
@@ -78831,6 +80512,7 @@
|
|
|
78831
80512
|
"CVE-2024-37052",
|
|
78832
80513
|
"CVE-2024-37060",
|
|
78833
80514
|
"CVE-2024-5565",
|
|
80515
|
+
"CVE-2024-9526",
|
|
78834
80516
|
"CVE-2025-0133",
|
|
78835
80517
|
"CVE-2025-1094",
|
|
78836
80518
|
"CVE-2025-27520",
|
|
@@ -78839,6 +80521,8 @@
|
|
|
78839
80521
|
"CVE-2025-6965",
|
|
78840
80522
|
"CVE-2026-30615",
|
|
78841
80523
|
"CVE-2026-30623",
|
|
80524
|
+
"CVE-2026-31229",
|
|
80525
|
+
"CVE-2026-31230",
|
|
78842
80526
|
"CVE-2026-33017",
|
|
78843
80527
|
"CVE-2026-39884",
|
|
78844
80528
|
"CVE-2026-42208",
|
|
@@ -79152,6 +80836,7 @@
|
|
|
79152
80836
|
"CVE-2023-6016",
|
|
79153
80837
|
"CVE-2023-6019",
|
|
79154
80838
|
"CVE-2023-6021",
|
|
80839
|
+
"CVE-2023-6571",
|
|
79155
80840
|
"CVE-2024-0129",
|
|
79156
80841
|
"CVE-2024-0132",
|
|
79157
80842
|
"CVE-2024-11392",
|
|
@@ -79179,6 +80864,7 @@
|
|
|
79179
80864
|
"CVE-2024-50050",
|
|
79180
80865
|
"CVE-2024-5565",
|
|
79181
80866
|
"CVE-2024-6587",
|
|
80867
|
+
"CVE-2024-9526",
|
|
79182
80868
|
"CVE-2025-0133",
|
|
79183
80869
|
"CVE-2025-10585",
|
|
79184
80870
|
"CVE-2025-1094",
|
|
@@ -79224,6 +80910,8 @@
|
|
|
79224
80910
|
"CVE-2026-30623",
|
|
79225
80911
|
"CVE-2026-30624",
|
|
79226
80912
|
"CVE-2026-30625",
|
|
80913
|
+
"CVE-2026-31229",
|
|
80914
|
+
"CVE-2026-31230",
|
|
79227
80915
|
"CVE-2026-31431",
|
|
79228
80916
|
"CVE-2026-33017",
|
|
79229
80917
|
"CVE-2026-34159",
|
|
@@ -79511,6 +81199,7 @@
|
|
|
79511
81199
|
"CVE-2023-6019",
|
|
79512
81200
|
"CVE-2023-6021",
|
|
79513
81201
|
"CVE-2023-6038",
|
|
81202
|
+
"CVE-2023-6571",
|
|
79514
81203
|
"CVE-2024-0129",
|
|
79515
81204
|
"CVE-2024-0132",
|
|
79516
81205
|
"CVE-2024-11392",
|
|
@@ -79536,6 +81225,7 @@
|
|
|
79536
81225
|
"CVE-2024-50050",
|
|
79537
81226
|
"CVE-2024-5565",
|
|
79538
81227
|
"CVE-2024-6587",
|
|
81228
|
+
"CVE-2024-9526",
|
|
79539
81229
|
"CVE-2025-0133",
|
|
79540
81230
|
"CVE-2025-1094",
|
|
79541
81231
|
"CVE-2025-11837",
|
|
@@ -79578,6 +81268,8 @@
|
|
|
79578
81268
|
"CVE-2026-30623",
|
|
79579
81269
|
"CVE-2026-30624",
|
|
79580
81270
|
"CVE-2026-30625",
|
|
81271
|
+
"CVE-2026-31229",
|
|
81272
|
+
"CVE-2026-31230",
|
|
79581
81273
|
"CVE-2026-32202",
|
|
79582
81274
|
"CVE-2026-33017",
|
|
79583
81275
|
"CVE-2026-33825",
|
|
@@ -79740,6 +81432,7 @@
|
|
|
79740
81432
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
79741
81433
|
"CVE-2023-43472",
|
|
79742
81434
|
"CVE-2023-6016",
|
|
81435
|
+
"CVE-2023-6571",
|
|
79743
81436
|
"CVE-2024-12366",
|
|
79744
81437
|
"CVE-2024-24590",
|
|
79745
81438
|
"CVE-2024-24591",
|
|
@@ -79749,6 +81442,7 @@
|
|
|
79749
81442
|
"CVE-2024-37052",
|
|
79750
81443
|
"CVE-2024-37060",
|
|
79751
81444
|
"CVE-2024-5565",
|
|
81445
|
+
"CVE-2024-9526",
|
|
79752
81446
|
"CVE-2025-0133",
|
|
79753
81447
|
"CVE-2025-1094",
|
|
79754
81448
|
"CVE-2025-27520",
|
|
@@ -79758,6 +81452,8 @@
|
|
|
79758
81452
|
"CVE-2025-6965",
|
|
79759
81453
|
"CVE-2026-30615",
|
|
79760
81454
|
"CVE-2026-30623",
|
|
81455
|
+
"CVE-2026-31229",
|
|
81456
|
+
"CVE-2026-31230",
|
|
79761
81457
|
"CVE-2026-33017",
|
|
79762
81458
|
"CVE-2026-39884",
|
|
79763
81459
|
"CVE-2026-42208",
|
|
@@ -80469,6 +82165,7 @@
|
|
|
80469
82165
|
"CVE-2023-6016",
|
|
80470
82166
|
"CVE-2023-6019",
|
|
80471
82167
|
"CVE-2023-6021",
|
|
82168
|
+
"CVE-2023-6571",
|
|
80472
82169
|
"CVE-2024-0129",
|
|
80473
82170
|
"CVE-2024-0132",
|
|
80474
82171
|
"CVE-2024-11392",
|
|
@@ -80496,6 +82193,7 @@
|
|
|
80496
82193
|
"CVE-2024-50050",
|
|
80497
82194
|
"CVE-2024-5565",
|
|
80498
82195
|
"CVE-2024-6587",
|
|
82196
|
+
"CVE-2024-9526",
|
|
80499
82197
|
"CVE-2025-0133",
|
|
80500
82198
|
"CVE-2025-10585",
|
|
80501
82199
|
"CVE-2025-1094",
|
|
@@ -80541,6 +82239,8 @@
|
|
|
80541
82239
|
"CVE-2026-30623",
|
|
80542
82240
|
"CVE-2026-30624",
|
|
80543
82241
|
"CVE-2026-30625",
|
|
82242
|
+
"CVE-2026-31229",
|
|
82243
|
+
"CVE-2026-31230",
|
|
80544
82244
|
"CVE-2026-31431",
|
|
80545
82245
|
"CVE-2026-33017",
|
|
80546
82246
|
"CVE-2026-34159",
|
|
@@ -80814,6 +82514,7 @@
|
|
|
80814
82514
|
"CVE-2023-6019",
|
|
80815
82515
|
"CVE-2023-6021",
|
|
80816
82516
|
"CVE-2023-6038",
|
|
82517
|
+
"CVE-2023-6571",
|
|
80817
82518
|
"CVE-2024-0129",
|
|
80818
82519
|
"CVE-2024-0132",
|
|
80819
82520
|
"CVE-2024-11392",
|
|
@@ -80841,6 +82542,7 @@
|
|
|
80841
82542
|
"CVE-2024-50050",
|
|
80842
82543
|
"CVE-2024-5565",
|
|
80843
82544
|
"CVE-2024-6587",
|
|
82545
|
+
"CVE-2024-9526",
|
|
80844
82546
|
"CVE-2025-0133",
|
|
80845
82547
|
"CVE-2025-1094",
|
|
80846
82548
|
"CVE-2025-11837",
|
|
@@ -80887,6 +82589,8 @@
|
|
|
80887
82589
|
"CVE-2026-30623",
|
|
80888
82590
|
"CVE-2026-30624",
|
|
80889
82591
|
"CVE-2026-30625",
|
|
82592
|
+
"CVE-2026-31229",
|
|
82593
|
+
"CVE-2026-31230",
|
|
80890
82594
|
"CVE-2026-32202",
|
|
80891
82595
|
"CVE-2026-33017",
|
|
80892
82596
|
"CVE-2026-33825",
|