@blamejs/exceptd-skills 0.13.110 → 0.13.112

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +750 -0
  6. package/data/atlas-ttps.json +2 -0
  7. package/data/attack-techniques.json +9 -1
  8. package/data/cve-catalog.json +206 -0
  9. package/data/cwe-catalog.json +2 -0
  10. package/data/framework-control-gaps.json +16 -0
  11. package/data/zeroday-lessons.json +100 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -45042,6 +45042,714 @@
45042
45042
  ]
45043
45043
  }
45044
45044
  },
45045
+ "CVE-2024-9526": {
45046
+ "name": "Kubeflow Pipelines Stored XSS in Pipeline View",
45047
+ "rwep": 19,
45048
+ "cvss": 5.4,
45049
+ "cisa_kev": false,
45050
+ "epss_score": null,
45051
+ "referencing_skills": [
45052
+ "ai-attack-surface",
45053
+ "compliance-theater",
45054
+ "rag-pipeline-security",
45055
+ "ai-c2-detection",
45056
+ "threat-modeling-methodology",
45057
+ "webapp-security",
45058
+ "api-security",
45059
+ "container-runtime-security",
45060
+ "email-security-anti-phishing"
45061
+ ],
45062
+ "chain": {
45063
+ "cwes": [
45064
+ {
45065
+ "id": "CWE-1039",
45066
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
45067
+ "category": "AI/ML"
45068
+ },
45069
+ {
45070
+ "id": "CWE-1188",
45071
+ "name": "Initialization of a Resource with an Insecure Default",
45072
+ "category": "Configuration"
45073
+ },
45074
+ {
45075
+ "id": "CWE-1395",
45076
+ "name": "Dependency on Vulnerable Third-Party Component",
45077
+ "category": "Supply Chain"
45078
+ },
45079
+ {
45080
+ "id": "CWE-1426",
45081
+ "name": "Improper Validation of Generative AI Output",
45082
+ "category": "AI/ML"
45083
+ },
45084
+ {
45085
+ "id": "CWE-200",
45086
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
45087
+ "category": "Information Exposure"
45088
+ },
45089
+ {
45090
+ "id": "CWE-22",
45091
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
45092
+ "category": "Path/Resource"
45093
+ },
45094
+ {
45095
+ "id": "CWE-269",
45096
+ "name": "Improper Privilege Management",
45097
+ "category": "Authorization"
45098
+ },
45099
+ {
45100
+ "id": "CWE-287",
45101
+ "name": "Improper Authentication",
45102
+ "category": "Authentication"
45103
+ },
45104
+ {
45105
+ "id": "CWE-352",
45106
+ "name": "Cross-Site Request Forgery (CSRF)",
45107
+ "category": "Session"
45108
+ },
45109
+ {
45110
+ "id": "CWE-434",
45111
+ "name": "Unrestricted Upload of File with Dangerous Type",
45112
+ "category": "File Handling"
45113
+ },
45114
+ {
45115
+ "id": "CWE-502",
45116
+ "name": "Deserialization of Untrusted Data",
45117
+ "category": "Serialization"
45118
+ },
45119
+ {
45120
+ "id": "CWE-732",
45121
+ "name": "Incorrect Permission Assignment for Critical Resource",
45122
+ "category": "Authorization"
45123
+ },
45124
+ {
45125
+ "id": "CWE-77",
45126
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
45127
+ "category": "Injection"
45128
+ },
45129
+ {
45130
+ "id": "CWE-78",
45131
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
45132
+ "category": "Injection"
45133
+ },
45134
+ {
45135
+ "id": "CWE-787",
45136
+ "name": "Out-of-bounds Write",
45137
+ "category": "Memory Safety"
45138
+ },
45139
+ {
45140
+ "id": "CWE-79",
45141
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
45142
+ "category": "Injection"
45143
+ },
45144
+ {
45145
+ "id": "CWE-862",
45146
+ "name": "Missing Authorization",
45147
+ "category": "Authorization"
45148
+ },
45149
+ {
45150
+ "id": "CWE-863",
45151
+ "name": "Incorrect Authorization",
45152
+ "category": "Authorization"
45153
+ },
45154
+ {
45155
+ "id": "CWE-89",
45156
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
45157
+ "category": "Injection"
45158
+ },
45159
+ {
45160
+ "id": "CWE-918",
45161
+ "name": "Server-Side Request Forgery (SSRF)",
45162
+ "category": "Network"
45163
+ },
45164
+ {
45165
+ "id": "CWE-94",
45166
+ "name": "Improper Control of Generation of Code (Code Injection)",
45167
+ "category": "Injection"
45168
+ }
45169
+ ],
45170
+ "atlas": [
45171
+ {
45172
+ "id": "AML.T0010",
45173
+ "name": "ML Supply Chain Compromise",
45174
+ "tactic": "Initial Access"
45175
+ },
45176
+ {
45177
+ "id": "AML.T0016",
45178
+ "name": "Obtain Capabilities: Develop Capabilities",
45179
+ "tactic": "Resource Development"
45180
+ },
45181
+ {
45182
+ "id": "AML.T0017",
45183
+ "name": "Discover ML Model Ontology",
45184
+ "tactic": "Discovery"
45185
+ },
45186
+ {
45187
+ "id": "AML.T0018",
45188
+ "name": "Backdoor ML Model",
45189
+ "tactic": "Persistence"
45190
+ },
45191
+ {
45192
+ "id": "AML.T0020",
45193
+ "name": "Poison Training Data",
45194
+ "tactic": "ML Attack Staging"
45195
+ },
45196
+ {
45197
+ "id": "AML.T0043",
45198
+ "name": "Craft Adversarial Data",
45199
+ "tactic": "ML Attack Staging"
45200
+ },
45201
+ {
45202
+ "id": "AML.T0051",
45203
+ "name": "LLM Prompt Injection",
45204
+ "tactic": "Execution"
45205
+ },
45206
+ {
45207
+ "id": "AML.T0054",
45208
+ "name": "LLM Jailbreak",
45209
+ "tactic": "Defense Evasion"
45210
+ },
45211
+ {
45212
+ "id": "AML.T0096",
45213
+ "name": "AI API as Covert C2 Channel",
45214
+ "tactic": "Command and Control"
45215
+ }
45216
+ ],
45217
+ "d3fend": [
45218
+ {
45219
+ "id": "D3-CA",
45220
+ "name": "Certificate Analysis",
45221
+ "tactic": "Detect"
45222
+ },
45223
+ {
45224
+ "id": "D3-CSPP",
45225
+ "name": "Client-server Payload Profiling",
45226
+ "tactic": "Detect"
45227
+ },
45228
+ {
45229
+ "id": "D3-DA",
45230
+ "name": "Domain Analysis",
45231
+ "tactic": "Detect"
45232
+ },
45233
+ {
45234
+ "id": "D3-IOPR",
45235
+ "name": "Input/Output Profiling Resource",
45236
+ "tactic": "Detect"
45237
+ },
45238
+ {
45239
+ "id": "D3-NI",
45240
+ "name": "Network Isolation",
45241
+ "tactic": "Isolate"
45242
+ },
45243
+ {
45244
+ "id": "D3-NTA",
45245
+ "name": "Network Traffic Analysis",
45246
+ "tactic": "Detect"
45247
+ },
45248
+ {
45249
+ "id": "D3-NTPM",
45250
+ "name": "Network Traffic Policy Mapping",
45251
+ "tactic": "Model"
45252
+ }
45253
+ ],
45254
+ "framework_gaps": [
45255
+ {
45256
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
45257
+ "framework": "ALL",
45258
+ "control_name": "AI Pipeline Integrity"
45259
+ },
45260
+ {
45261
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
45262
+ "framework": "ALL",
45263
+ "control_name": "Prompt Injection as Access Control Failure"
45264
+ },
45265
+ {
45266
+ "id": "CMMC-2.0-Level-2",
45267
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
45268
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
45269
+ },
45270
+ {
45271
+ "id": "FedRAMP-Rev5-Moderate",
45272
+ "framework": "FedRAMP Rev 5 Moderate",
45273
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
45274
+ },
45275
+ {
45276
+ "id": "ISO-27001-2022-A.8.16",
45277
+ "framework": "ISO/IEC 27001:2022",
45278
+ "control_name": "Monitoring activities"
45279
+ },
45280
+ {
45281
+ "id": "ISO-27001-2022-A.8.28",
45282
+ "framework": "ISO/IEC 27001:2022",
45283
+ "control_name": "Secure coding"
45284
+ },
45285
+ {
45286
+ "id": "ISO-IEC-23894-2023-clause-7",
45287
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
45288
+ "control_name": "AI risk management process"
45289
+ },
45290
+ {
45291
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
45292
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
45293
+ "control_name": "AI risk assessment"
45294
+ },
45295
+ {
45296
+ "id": "NIST-800-218-SSDF",
45297
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
45298
+ "control_name": "Secure Software Development Framework"
45299
+ },
45300
+ {
45301
+ "id": "NIST-800-53-AC-2",
45302
+ "framework": "NIST SP 800-53 Rev 5",
45303
+ "control_name": "Account Management"
45304
+ },
45305
+ {
45306
+ "id": "NIST-800-53-CM-7",
45307
+ "framework": "NIST SP 800-53 Rev 5",
45308
+ "control_name": "Least Functionality"
45309
+ },
45310
+ {
45311
+ "id": "NIST-800-53-SC-7",
45312
+ "framework": "NIST SP 800-53 Rev 5",
45313
+ "control_name": "Boundary Protection"
45314
+ },
45315
+ {
45316
+ "id": "NIST-800-53-SI-12",
45317
+ "framework": "NIST SP 800-53 Rev 5",
45318
+ "control_name": "Information Management and Retention"
45319
+ },
45320
+ {
45321
+ "id": "NIST-800-53-SI-3",
45322
+ "framework": "NIST SP 800-53 Rev 5",
45323
+ "control_name": "Malicious Code Protection"
45324
+ },
45325
+ {
45326
+ "id": "NIST-AI-RMF-MEASURE-2.5",
45327
+ "framework": "NIST AI RMF 1.0",
45328
+ "control_name": "AI system to human interaction evaluation"
45329
+ },
45330
+ {
45331
+ "id": "OWASP-ASVS-v5.0-V14",
45332
+ "framework": "OWASP ASVS v5.0",
45333
+ "control_name": "Configuration verification"
45334
+ },
45335
+ {
45336
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
45337
+ "framework": "OWASP Top 10 for LLM Applications 2025",
45338
+ "control_name": "Prompt Injection"
45339
+ },
45340
+ {
45341
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
45342
+ "framework": "OWASP Top 10 for LLM Applications 2025",
45343
+ "control_name": "Sensitive Information Disclosure"
45344
+ },
45345
+ {
45346
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
45347
+ "framework": "OWASP Top 10 for LLM Applications 2025",
45348
+ "control_name": "Vector and Embedding Weaknesses"
45349
+ },
45350
+ {
45351
+ "id": "SLSA-v1.0-Build-L3",
45352
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
45353
+ "control_name": "Hardened build platform with non-falsifiable provenance"
45354
+ },
45355
+ {
45356
+ "id": "SOC2-CC6-logical-access",
45357
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
45358
+ "control_name": "Logical and Physical Access Controls"
45359
+ },
45360
+ {
45361
+ "id": "SOC2-CC7-anomaly-detection",
45362
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
45363
+ "control_name": "System Operations — Threat and Vulnerability Management"
45364
+ }
45365
+ ],
45366
+ "attack_refs": [
45367
+ "T1059",
45368
+ "T1068",
45369
+ "T1071",
45370
+ "T1078",
45371
+ "T1102",
45372
+ "T1190",
45373
+ "T1505",
45374
+ "T1565",
45375
+ "T1566",
45376
+ "T1566.001",
45377
+ "T1566.002",
45378
+ "T1566.003",
45379
+ "T1567",
45380
+ "T1568",
45381
+ "T1610",
45382
+ "T1611"
45383
+ ],
45384
+ "rfc_refs": [
45385
+ "RFC-6749",
45386
+ "RFC-7519",
45387
+ "RFC-8032",
45388
+ "RFC-8446",
45389
+ "RFC-8725",
45390
+ "RFC-9000",
45391
+ "RFC-9114",
45392
+ "RFC-9180",
45393
+ "RFC-9421",
45394
+ "RFC-9458",
45395
+ "RFC-9700"
45396
+ ]
45397
+ }
45398
+ },
45399
+ "CVE-2023-6571": {
45400
+ "name": "Kubeflow Reflected XSS",
45401
+ "rwep": 15,
45402
+ "cvss": 6.1,
45403
+ "cisa_kev": false,
45404
+ "epss_score": null,
45405
+ "referencing_skills": [
45406
+ "ai-attack-surface",
45407
+ "compliance-theater",
45408
+ "rag-pipeline-security",
45409
+ "ai-c2-detection",
45410
+ "threat-modeling-methodology",
45411
+ "webapp-security",
45412
+ "api-security",
45413
+ "container-runtime-security",
45414
+ "email-security-anti-phishing"
45415
+ ],
45416
+ "chain": {
45417
+ "cwes": [
45418
+ {
45419
+ "id": "CWE-1039",
45420
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
45421
+ "category": "AI/ML"
45422
+ },
45423
+ {
45424
+ "id": "CWE-1188",
45425
+ "name": "Initialization of a Resource with an Insecure Default",
45426
+ "category": "Configuration"
45427
+ },
45428
+ {
45429
+ "id": "CWE-1395",
45430
+ "name": "Dependency on Vulnerable Third-Party Component",
45431
+ "category": "Supply Chain"
45432
+ },
45433
+ {
45434
+ "id": "CWE-1426",
45435
+ "name": "Improper Validation of Generative AI Output",
45436
+ "category": "AI/ML"
45437
+ },
45438
+ {
45439
+ "id": "CWE-200",
45440
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
45441
+ "category": "Information Exposure"
45442
+ },
45443
+ {
45444
+ "id": "CWE-22",
45445
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
45446
+ "category": "Path/Resource"
45447
+ },
45448
+ {
45449
+ "id": "CWE-269",
45450
+ "name": "Improper Privilege Management",
45451
+ "category": "Authorization"
45452
+ },
45453
+ {
45454
+ "id": "CWE-287",
45455
+ "name": "Improper Authentication",
45456
+ "category": "Authentication"
45457
+ },
45458
+ {
45459
+ "id": "CWE-352",
45460
+ "name": "Cross-Site Request Forgery (CSRF)",
45461
+ "category": "Session"
45462
+ },
45463
+ {
45464
+ "id": "CWE-434",
45465
+ "name": "Unrestricted Upload of File with Dangerous Type",
45466
+ "category": "File Handling"
45467
+ },
45468
+ {
45469
+ "id": "CWE-502",
45470
+ "name": "Deserialization of Untrusted Data",
45471
+ "category": "Serialization"
45472
+ },
45473
+ {
45474
+ "id": "CWE-732",
45475
+ "name": "Incorrect Permission Assignment for Critical Resource",
45476
+ "category": "Authorization"
45477
+ },
45478
+ {
45479
+ "id": "CWE-77",
45480
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
45481
+ "category": "Injection"
45482
+ },
45483
+ {
45484
+ "id": "CWE-78",
45485
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
45486
+ "category": "Injection"
45487
+ },
45488
+ {
45489
+ "id": "CWE-787",
45490
+ "name": "Out-of-bounds Write",
45491
+ "category": "Memory Safety"
45492
+ },
45493
+ {
45494
+ "id": "CWE-79",
45495
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
45496
+ "category": "Injection"
45497
+ },
45498
+ {
45499
+ "id": "CWE-862",
45500
+ "name": "Missing Authorization",
45501
+ "category": "Authorization"
45502
+ },
45503
+ {
45504
+ "id": "CWE-863",
45505
+ "name": "Incorrect Authorization",
45506
+ "category": "Authorization"
45507
+ },
45508
+ {
45509
+ "id": "CWE-89",
45510
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
45511
+ "category": "Injection"
45512
+ },
45513
+ {
45514
+ "id": "CWE-918",
45515
+ "name": "Server-Side Request Forgery (SSRF)",
45516
+ "category": "Network"
45517
+ },
45518
+ {
45519
+ "id": "CWE-94",
45520
+ "name": "Improper Control of Generation of Code (Code Injection)",
45521
+ "category": "Injection"
45522
+ }
45523
+ ],
45524
+ "atlas": [
45525
+ {
45526
+ "id": "AML.T0010",
45527
+ "name": "ML Supply Chain Compromise",
45528
+ "tactic": "Initial Access"
45529
+ },
45530
+ {
45531
+ "id": "AML.T0016",
45532
+ "name": "Obtain Capabilities: Develop Capabilities",
45533
+ "tactic": "Resource Development"
45534
+ },
45535
+ {
45536
+ "id": "AML.T0017",
45537
+ "name": "Discover ML Model Ontology",
45538
+ "tactic": "Discovery"
45539
+ },
45540
+ {
45541
+ "id": "AML.T0018",
45542
+ "name": "Backdoor ML Model",
45543
+ "tactic": "Persistence"
45544
+ },
45545
+ {
45546
+ "id": "AML.T0020",
45547
+ "name": "Poison Training Data",
45548
+ "tactic": "ML Attack Staging"
45549
+ },
45550
+ {
45551
+ "id": "AML.T0043",
45552
+ "name": "Craft Adversarial Data",
45553
+ "tactic": "ML Attack Staging"
45554
+ },
45555
+ {
45556
+ "id": "AML.T0051",
45557
+ "name": "LLM Prompt Injection",
45558
+ "tactic": "Execution"
45559
+ },
45560
+ {
45561
+ "id": "AML.T0054",
45562
+ "name": "LLM Jailbreak",
45563
+ "tactic": "Defense Evasion"
45564
+ },
45565
+ {
45566
+ "id": "AML.T0096",
45567
+ "name": "AI API as Covert C2 Channel",
45568
+ "tactic": "Command and Control"
45569
+ }
45570
+ ],
45571
+ "d3fend": [
45572
+ {
45573
+ "id": "D3-CA",
45574
+ "name": "Certificate Analysis",
45575
+ "tactic": "Detect"
45576
+ },
45577
+ {
45578
+ "id": "D3-CSPP",
45579
+ "name": "Client-server Payload Profiling",
45580
+ "tactic": "Detect"
45581
+ },
45582
+ {
45583
+ "id": "D3-DA",
45584
+ "name": "Domain Analysis",
45585
+ "tactic": "Detect"
45586
+ },
45587
+ {
45588
+ "id": "D3-IOPR",
45589
+ "name": "Input/Output Profiling Resource",
45590
+ "tactic": "Detect"
45591
+ },
45592
+ {
45593
+ "id": "D3-NI",
45594
+ "name": "Network Isolation",
45595
+ "tactic": "Isolate"
45596
+ },
45597
+ {
45598
+ "id": "D3-NTA",
45599
+ "name": "Network Traffic Analysis",
45600
+ "tactic": "Detect"
45601
+ },
45602
+ {
45603
+ "id": "D3-NTPM",
45604
+ "name": "Network Traffic Policy Mapping",
45605
+ "tactic": "Model"
45606
+ }
45607
+ ],
45608
+ "framework_gaps": [
45609
+ {
45610
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
45611
+ "framework": "ALL",
45612
+ "control_name": "AI Pipeline Integrity"
45613
+ },
45614
+ {
45615
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
45616
+ "framework": "ALL",
45617
+ "control_name": "Prompt Injection as Access Control Failure"
45618
+ },
45619
+ {
45620
+ "id": "CMMC-2.0-Level-2",
45621
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
45622
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
45623
+ },
45624
+ {
45625
+ "id": "FedRAMP-Rev5-Moderate",
45626
+ "framework": "FedRAMP Rev 5 Moderate",
45627
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
45628
+ },
45629
+ {
45630
+ "id": "ISO-27001-2022-A.8.16",
45631
+ "framework": "ISO/IEC 27001:2022",
45632
+ "control_name": "Monitoring activities"
45633
+ },
45634
+ {
45635
+ "id": "ISO-27001-2022-A.8.28",
45636
+ "framework": "ISO/IEC 27001:2022",
45637
+ "control_name": "Secure coding"
45638
+ },
45639
+ {
45640
+ "id": "ISO-IEC-23894-2023-clause-7",
45641
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
45642
+ "control_name": "AI risk management process"
45643
+ },
45644
+ {
45645
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
45646
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
45647
+ "control_name": "AI risk assessment"
45648
+ },
45649
+ {
45650
+ "id": "NIST-800-218-SSDF",
45651
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
45652
+ "control_name": "Secure Software Development Framework"
45653
+ },
45654
+ {
45655
+ "id": "NIST-800-53-AC-2",
45656
+ "framework": "NIST SP 800-53 Rev 5",
45657
+ "control_name": "Account Management"
45658
+ },
45659
+ {
45660
+ "id": "NIST-800-53-CM-7",
45661
+ "framework": "NIST SP 800-53 Rev 5",
45662
+ "control_name": "Least Functionality"
45663
+ },
45664
+ {
45665
+ "id": "NIST-800-53-SC-7",
45666
+ "framework": "NIST SP 800-53 Rev 5",
45667
+ "control_name": "Boundary Protection"
45668
+ },
45669
+ {
45670
+ "id": "NIST-800-53-SI-12",
45671
+ "framework": "NIST SP 800-53 Rev 5",
45672
+ "control_name": "Information Management and Retention"
45673
+ },
45674
+ {
45675
+ "id": "NIST-800-53-SI-3",
45676
+ "framework": "NIST SP 800-53 Rev 5",
45677
+ "control_name": "Malicious Code Protection"
45678
+ },
45679
+ {
45680
+ "id": "NIST-AI-RMF-MEASURE-2.5",
45681
+ "framework": "NIST AI RMF 1.0",
45682
+ "control_name": "AI system to human interaction evaluation"
45683
+ },
45684
+ {
45685
+ "id": "OWASP-ASVS-v5.0-V14",
45686
+ "framework": "OWASP ASVS v5.0",
45687
+ "control_name": "Configuration verification"
45688
+ },
45689
+ {
45690
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
45691
+ "framework": "OWASP Top 10 for LLM Applications 2025",
45692
+ "control_name": "Prompt Injection"
45693
+ },
45694
+ {
45695
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
45696
+ "framework": "OWASP Top 10 for LLM Applications 2025",
45697
+ "control_name": "Sensitive Information Disclosure"
45698
+ },
45699
+ {
45700
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
45701
+ "framework": "OWASP Top 10 for LLM Applications 2025",
45702
+ "control_name": "Vector and Embedding Weaknesses"
45703
+ },
45704
+ {
45705
+ "id": "SLSA-v1.0-Build-L3",
45706
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
45707
+ "control_name": "Hardened build platform with non-falsifiable provenance"
45708
+ },
45709
+ {
45710
+ "id": "SOC2-CC6-logical-access",
45711
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
45712
+ "control_name": "Logical and Physical Access Controls"
45713
+ },
45714
+ {
45715
+ "id": "SOC2-CC7-anomaly-detection",
45716
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
45717
+ "control_name": "System Operations — Threat and Vulnerability Management"
45718
+ }
45719
+ ],
45720
+ "attack_refs": [
45721
+ "T1059",
45722
+ "T1068",
45723
+ "T1071",
45724
+ "T1078",
45725
+ "T1102",
45726
+ "T1190",
45727
+ "T1505",
45728
+ "T1565",
45729
+ "T1566",
45730
+ "T1566.001",
45731
+ "T1566.002",
45732
+ "T1566.003",
45733
+ "T1567",
45734
+ "T1568",
45735
+ "T1610",
45736
+ "T1611"
45737
+ ],
45738
+ "rfc_refs": [
45739
+ "RFC-6749",
45740
+ "RFC-7519",
45741
+ "RFC-8032",
45742
+ "RFC-8446",
45743
+ "RFC-8725",
45744
+ "RFC-9000",
45745
+ "RFC-9114",
45746
+ "RFC-9180",
45747
+ "RFC-9421",
45748
+ "RFC-9458",
45749
+ "RFC-9700"
45750
+ ]
45751
+ }
45752
+ },
45045
45753
  "CVE-2026-41091": {
45046
45754
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
45047
45755
  "rwep": 45,
@@ -71426,6 +72134,7 @@
71426
72134
  "CVE-2023-6016",
71427
72135
  "CVE-2023-6019",
71428
72136
  "CVE-2023-6021",
72137
+ "CVE-2023-6571",
71429
72138
  "CVE-2024-0129",
71430
72139
  "CVE-2024-0132",
71431
72140
  "CVE-2024-11392",
@@ -71453,6 +72162,7 @@
71453
72162
  "CVE-2024-50050",
71454
72163
  "CVE-2024-5565",
71455
72164
  "CVE-2024-6587",
72165
+ "CVE-2024-9526",
71456
72166
  "CVE-2025-0133",
71457
72167
  "CVE-2025-10585",
71458
72168
  "CVE-2025-1094",
@@ -71695,6 +72405,7 @@
71695
72405
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
71696
72406
  "CVE-2023-43472",
71697
72407
  "CVE-2023-6016",
72408
+ "CVE-2023-6571",
71698
72409
  "CVE-2024-12366",
71699
72410
  "CVE-2024-24590",
71700
72411
  "CVE-2024-24591",
@@ -71704,6 +72415,7 @@
71704
72415
  "CVE-2024-37052",
71705
72416
  "CVE-2024-37060",
71706
72417
  "CVE-2024-5565",
72418
+ "CVE-2024-9526",
71707
72419
  "CVE-2025-0133",
71708
72420
  "CVE-2025-1094",
71709
72421
  "CVE-2025-27520",
@@ -71860,6 +72572,7 @@
71860
72572
  "CVE-2023-6016",
71861
72573
  "CVE-2023-6019",
71862
72574
  "CVE-2023-6021",
72575
+ "CVE-2023-6571",
71863
72576
  "CVE-2024-0129",
71864
72577
  "CVE-2024-0132",
71865
72578
  "CVE-2024-11392",
@@ -71885,6 +72598,7 @@
71885
72598
  "CVE-2024-50050",
71886
72599
  "CVE-2024-5565",
71887
72600
  "CVE-2024-6587",
72601
+ "CVE-2024-9526",
71888
72602
  "CVE-2025-0133",
71889
72603
  "CVE-2025-10585",
71890
72604
  "CVE-2025-1094",
@@ -72072,6 +72786,7 @@
72072
72786
  "CVE-2023-6016",
72073
72787
  "CVE-2023-6019",
72074
72788
  "CVE-2023-6021",
72789
+ "CVE-2023-6571",
72075
72790
  "CVE-2024-0129",
72076
72791
  "CVE-2024-0132",
72077
72792
  "CVE-2024-11392",
@@ -72097,6 +72812,7 @@
72097
72812
  "CVE-2024-50050",
72098
72813
  "CVE-2024-5565",
72099
72814
  "CVE-2024-6587",
72815
+ "CVE-2024-9526",
72100
72816
  "CVE-2025-0133",
72101
72817
  "CVE-2025-10585",
72102
72818
  "CVE-2025-1094",
@@ -72298,6 +73014,7 @@
72298
73014
  "CVE-2023-6016",
72299
73015
  "CVE-2023-6019",
72300
73016
  "CVE-2023-6021",
73017
+ "CVE-2023-6571",
72301
73018
  "CVE-2024-0129",
72302
73019
  "CVE-2024-0132",
72303
73020
  "CVE-2024-11392",
@@ -72323,6 +73040,7 @@
72323
73040
  "CVE-2024-50050",
72324
73041
  "CVE-2024-5565",
72325
73042
  "CVE-2024-6587",
73043
+ "CVE-2024-9526",
72326
73044
  "CVE-2025-0133",
72327
73045
  "CVE-2025-10585",
72328
73046
  "CVE-2025-1094",
@@ -72632,6 +73350,7 @@
72632
73350
  "CVE-2023-6019",
72633
73351
  "CVE-2023-6021",
72634
73352
  "CVE-2023-6038",
73353
+ "CVE-2023-6571",
72635
73354
  "CVE-2024-0129",
72636
73355
  "CVE-2024-0132",
72637
73356
  "CVE-2024-11392",
@@ -72659,6 +73378,7 @@
72659
73378
  "CVE-2024-50050",
72660
73379
  "CVE-2024-5565",
72661
73380
  "CVE-2024-6587",
73381
+ "CVE-2024-9526",
72662
73382
  "CVE-2025-0133",
72663
73383
  "CVE-2025-1094",
72664
73384
  "CVE-2025-11837",
@@ -73414,6 +74134,7 @@
73414
74134
  "CVE-2023-51449",
73415
74135
  "CVE-2023-6016",
73416
74136
  "CVE-2023-6038",
74137
+ "CVE-2023-6571",
73417
74138
  "CVE-2024-0132",
73418
74139
  "CVE-2024-12366",
73419
74140
  "CVE-2024-1561",
@@ -73430,6 +74151,7 @@
73430
74151
  "CVE-2024-42478",
73431
74152
  "CVE-2024-42479",
73432
74153
  "CVE-2024-5565",
74154
+ "CVE-2024-9526",
73433
74155
  "CVE-2025-0133",
73434
74156
  "CVE-2025-1094",
73435
74157
  "CVE-2025-14847",
@@ -73801,6 +74523,7 @@
73801
74523
  "CVE-2023-6016",
73802
74524
  "CVE-2023-6019",
73803
74525
  "CVE-2023-6021",
74526
+ "CVE-2023-6571",
73804
74527
  "CVE-2024-0129",
73805
74528
  "CVE-2024-0132",
73806
74529
  "CVE-2024-11392",
@@ -73828,6 +74551,7 @@
73828
74551
  "CVE-2024-50050",
73829
74552
  "CVE-2024-5565",
73830
74553
  "CVE-2024-6587",
74554
+ "CVE-2024-9526",
73831
74555
  "CVE-2025-0133",
73832
74556
  "CVE-2025-10585",
73833
74557
  "CVE-2025-1094",
@@ -74452,6 +75176,7 @@
74452
75176
  "CVE-2023-6016",
74453
75177
  "CVE-2023-6019",
74454
75178
  "CVE-2023-6021",
75179
+ "CVE-2023-6571",
74455
75180
  "CVE-2024-0129",
74456
75181
  "CVE-2024-0132",
74457
75182
  "CVE-2024-11392",
@@ -74479,6 +75204,7 @@
74479
75204
  "CVE-2024-50050",
74480
75205
  "CVE-2024-5565",
74481
75206
  "CVE-2024-6587",
75207
+ "CVE-2024-9526",
74482
75208
  "CVE-2025-0133",
74483
75209
  "CVE-2025-10585",
74484
75210
  "CVE-2025-1094",
@@ -75456,6 +76182,7 @@
75456
76182
  "CVE-2023-6016",
75457
76183
  "CVE-2023-6019",
75458
76184
  "CVE-2023-6021",
76185
+ "CVE-2023-6571",
75459
76186
  "CVE-2024-0129",
75460
76187
  "CVE-2024-0132",
75461
76188
  "CVE-2024-11392",
@@ -75483,6 +76210,7 @@
75483
76210
  "CVE-2024-50050",
75484
76211
  "CVE-2024-5565",
75485
76212
  "CVE-2024-6587",
76213
+ "CVE-2024-9526",
75486
76214
  "CVE-2025-0133",
75487
76215
  "CVE-2025-10585",
75488
76216
  "CVE-2025-1094",
@@ -76704,6 +77432,7 @@
76704
77432
  "CVE-2023-6016",
76705
77433
  "CVE-2023-6019",
76706
77434
  "CVE-2023-6021",
77435
+ "CVE-2023-6571",
76707
77436
  "CVE-2024-0129",
76708
77437
  "CVE-2024-0132",
76709
77438
  "CVE-2024-11392",
@@ -76731,6 +77460,7 @@
76731
77460
  "CVE-2024-50050",
76732
77461
  "CVE-2024-5565",
76733
77462
  "CVE-2024-6587",
77463
+ "CVE-2024-9526",
76734
77464
  "CVE-2025-0133",
76735
77465
  "CVE-2025-10585",
76736
77466
  "CVE-2025-1094",
@@ -77188,6 +77918,7 @@
77188
77918
  "related_cves": [
77189
77919
  "CVE-2023-43472",
77190
77920
  "CVE-2023-6016",
77921
+ "CVE-2023-6571",
77191
77922
  "CVE-2024-12366",
77192
77923
  "CVE-2024-24590",
77193
77924
  "CVE-2024-24591",
@@ -77196,6 +77927,7 @@
77196
77927
  "CVE-2024-37052",
77197
77928
  "CVE-2024-37060",
77198
77929
  "CVE-2024-5565",
77930
+ "CVE-2024-9526",
77199
77931
  "CVE-2025-0133",
77200
77932
  "CVE-2025-1094",
77201
77933
  "CVE-2025-27520",
@@ -78130,6 +78862,7 @@
78130
78862
  "CVE-2023-6016",
78131
78863
  "CVE-2023-6019",
78132
78864
  "CVE-2023-6021",
78865
+ "CVE-2023-6571",
78133
78866
  "CVE-2024-0129",
78134
78867
  "CVE-2024-0132",
78135
78868
  "CVE-2024-11392",
@@ -78157,6 +78890,7 @@
78157
78890
  "CVE-2024-50050",
78158
78891
  "CVE-2024-5565",
78159
78892
  "CVE-2024-6587",
78893
+ "CVE-2024-9526",
78160
78894
  "CVE-2025-0133",
78161
78895
  "CVE-2025-10585",
78162
78896
  "CVE-2025-1094",
@@ -78501,6 +79235,7 @@
78501
79235
  "CVE-2023-6016",
78502
79236
  "CVE-2023-6019",
78503
79237
  "CVE-2023-6021",
79238
+ "CVE-2023-6571",
78504
79239
  "CVE-2024-0129",
78505
79240
  "CVE-2024-0132",
78506
79241
  "CVE-2024-0769",
@@ -78546,6 +79281,7 @@
78546
79281
  "CVE-2024-7694",
78547
79282
  "CVE-2024-8068",
78548
79283
  "CVE-2024-8069",
79284
+ "CVE-2024-9526",
78549
79285
  "CVE-2025-0133",
78550
79286
  "CVE-2025-10035",
78551
79287
  "CVE-2025-10585",
@@ -79468,6 +80204,7 @@
79468
80204
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
79469
80205
  "CVE-2023-43472",
79470
80206
  "CVE-2023-6016",
80207
+ "CVE-2023-6571",
79471
80208
  "CVE-2024-12366",
79472
80209
  "CVE-2024-24590",
79473
80210
  "CVE-2024-24591",
@@ -79477,6 +80214,7 @@
79477
80214
  "CVE-2024-37052",
79478
80215
  "CVE-2024-37060",
79479
80216
  "CVE-2024-5565",
80217
+ "CVE-2024-9526",
79480
80218
  "CVE-2025-0133",
79481
80219
  "CVE-2025-1094",
79482
80220
  "CVE-2025-27520",
@@ -79765,6 +80503,7 @@
79765
80503
  "related_cves": [
79766
80504
  "CVE-2023-43472",
79767
80505
  "CVE-2023-6016",
80506
+ "CVE-2023-6571",
79768
80507
  "CVE-2024-12366",
79769
80508
  "CVE-2024-24590",
79770
80509
  "CVE-2024-24591",
@@ -79773,6 +80512,7 @@
79773
80512
  "CVE-2024-37052",
79774
80513
  "CVE-2024-37060",
79775
80514
  "CVE-2024-5565",
80515
+ "CVE-2024-9526",
79776
80516
  "CVE-2025-0133",
79777
80517
  "CVE-2025-1094",
79778
80518
  "CVE-2025-27520",
@@ -80096,6 +80836,7 @@
80096
80836
  "CVE-2023-6016",
80097
80837
  "CVE-2023-6019",
80098
80838
  "CVE-2023-6021",
80839
+ "CVE-2023-6571",
80099
80840
  "CVE-2024-0129",
80100
80841
  "CVE-2024-0132",
80101
80842
  "CVE-2024-11392",
@@ -80123,6 +80864,7 @@
80123
80864
  "CVE-2024-50050",
80124
80865
  "CVE-2024-5565",
80125
80866
  "CVE-2024-6587",
80867
+ "CVE-2024-9526",
80126
80868
  "CVE-2025-0133",
80127
80869
  "CVE-2025-10585",
80128
80870
  "CVE-2025-1094",
@@ -80457,6 +81199,7 @@
80457
81199
  "CVE-2023-6019",
80458
81200
  "CVE-2023-6021",
80459
81201
  "CVE-2023-6038",
81202
+ "CVE-2023-6571",
80460
81203
  "CVE-2024-0129",
80461
81204
  "CVE-2024-0132",
80462
81205
  "CVE-2024-11392",
@@ -80482,6 +81225,7 @@
80482
81225
  "CVE-2024-50050",
80483
81226
  "CVE-2024-5565",
80484
81227
  "CVE-2024-6587",
81228
+ "CVE-2024-9526",
80485
81229
  "CVE-2025-0133",
80486
81230
  "CVE-2025-1094",
80487
81231
  "CVE-2025-11837",
@@ -80688,6 +81432,7 @@
80688
81432
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
80689
81433
  "CVE-2023-43472",
80690
81434
  "CVE-2023-6016",
81435
+ "CVE-2023-6571",
80691
81436
  "CVE-2024-12366",
80692
81437
  "CVE-2024-24590",
80693
81438
  "CVE-2024-24591",
@@ -80697,6 +81442,7 @@
80697
81442
  "CVE-2024-37052",
80698
81443
  "CVE-2024-37060",
80699
81444
  "CVE-2024-5565",
81445
+ "CVE-2024-9526",
80700
81446
  "CVE-2025-0133",
80701
81447
  "CVE-2025-1094",
80702
81448
  "CVE-2025-27520",
@@ -81419,6 +82165,7 @@
81419
82165
  "CVE-2023-6016",
81420
82166
  "CVE-2023-6019",
81421
82167
  "CVE-2023-6021",
82168
+ "CVE-2023-6571",
81422
82169
  "CVE-2024-0129",
81423
82170
  "CVE-2024-0132",
81424
82171
  "CVE-2024-11392",
@@ -81446,6 +82193,7 @@
81446
82193
  "CVE-2024-50050",
81447
82194
  "CVE-2024-5565",
81448
82195
  "CVE-2024-6587",
82196
+ "CVE-2024-9526",
81449
82197
  "CVE-2025-0133",
81450
82198
  "CVE-2025-10585",
81451
82199
  "CVE-2025-1094",
@@ -81766,6 +82514,7 @@
81766
82514
  "CVE-2023-6019",
81767
82515
  "CVE-2023-6021",
81768
82516
  "CVE-2023-6038",
82517
+ "CVE-2023-6571",
81769
82518
  "CVE-2024-0129",
81770
82519
  "CVE-2024-0132",
81771
82520
  "CVE-2024-11392",
@@ -81793,6 +82542,7 @@
81793
82542
  "CVE-2024-50050",
81794
82543
  "CVE-2024-5565",
81795
82544
  "CVE-2024-6587",
82545
+ "CVE-2024-9526",
81796
82546
  "CVE-2025-0133",
81797
82547
  "CVE-2025-1094",
81798
82548
  "CVE-2025-11837",