@blamejs/exceptd-skills 0.13.110 → 0.13.113

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 0.13.113 — 2026-05-26
+
+CVE catalog — Dify LLM app-platform. Adds two flaws in Dify, the low-code LLM application-development platform. **CVE-2025-3466** (CWE-94 / CWE-693, NVD CVSS 7.2 HIGH; huntr CNA 9.8 CRITICAL) — the code node runs user-supplied code in a sandbox, but unsanitized input lets an attacker override global functions (e.g. `parseInt`) before the sandbox restrictions are applied, escaping the sandbox and executing code with root-level access; fixed in 1.1.3. (NVD classifies it CWE-1100; the catalog maps that to the catalogued CWE-94 + CWE-693.) **CVE-2025-56520** (CWE-918, CISA-ADP CVSS 5.3 MEDIUM) — the `RemoteFileUploadApi` fetches a user-supplied URL without validating the destination, so an unauthenticated attacker reaches internal services or cloud metadata via the server; no fixed version is published, so mitigation is destination allowlisting and network isolation. The code-node RCE reuses the LLM-app-builder execution control (NEW-CTRL-103) — an app builder must initialize its sandbox before evaluating user input — and the SSRF reuses the data-pipeline SSRF control (NEW-CTRL-105). CVE count 400 → 402.
+
+## 0.13.112 — 2026-05-26
+
+CVE catalog — Kubeflow MLOps-console cross-site scripting. Adds two XSS flaws in Kubeflow, the MLOps orchestration console, where user-controlled fields are rendered without neutralization (CWE-79). **CVE-2024-9526** (NVD CVSS 5.4 MEDIUM; Google CNA CVSS v4.0 7.1) — the Pipeline View renders the pipeline description field without filtering HTML, so attacker-stored markup runs in the browser of every operator who views the pipeline; fixed upstream. **CVE-2023-6571** (NVD CVSS 6.1 MEDIUM) — Kubeflow reflects attacker-controlled input into a page without neutralization, so a crafted link runs script in the victim's authenticated session; fixed upstream. Both are patched and introduce NEW-CTRL-107: an MLOps console is a multi-user trust boundary — HTML-encode every user-controlled field it renders, never render description/metadata as raw HTML, set a strict Content-Security-Policy, and mark session cookies HttpOnly, so stored or reflected markup cannot hijack operators' sessions. CVE count 398 → 400.
+
 ## 0.13.110 — 2026-05-26
 
 CVE catalog — Adversarial Robustness Toolbox (ART) code execution. Adds two flaws in ART, the Trusted-AI library used to *defend* ML models against adversarial attacks, both in its Kubeflow component (CISA-ADP CVSS 9.8 CRITICAL; NVD assessment pending). **CVE-2026-31229** (CWE-502) — the model loader calls `torch.load()` without `weights_only=True`, so loading a maliciously crafted model file runs arbitrary code (the same safe-load gap as CVE-2025-32434, here in the defensive library). **CVE-2026-31230** (CWE-88) — the `--clip_values` and `--input_shape` command-line arguments are parsed through an unsafe dynamic-evaluation call, so attacker-controlled values execute arbitrary Python. Both affect ART through 1.20.1 with no published fix, so both are scored without patch credit; CVE-2026-31229 reuses the untrusted-model-artifact control (NEW-CTRL-091) — a model file is executable code — and CVE-2026-31230 reuses the AI-framework CLI input-neutralization control (NEW-CTRL-100), parse argument values with a safe literal parser. CVE count 396 → 398.

package/data/_indexes/_meta.json

@@ -1,21 +1,21 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-26T10:14:46.164Z",
+  "generated_at": "2026-05-26T13:34:53.900Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "8e67e0413e4d53e309d656f76df137c607605dd76540173e4525cd89609b8b8c",
-    "data/atlas-ttps.json": "1d61ae4a16d09612334c866c447b528cfd5b88359372cea3671ce9ef82429a76",
-    "data/attack-techniques.json": "6a20d09951c87d26c3f0212d54f13a7167a9be20902b2fc55f9757e76b6f40e4",
-    "data/cve-catalog.json": "396a5e264c1886259cc5bb8e7d08ed773b49d9947cf006f97b54eb36b8ea923d",
-    "data/cwe-catalog.json": "310b4460a22c1292a52a10e98435aef8ea97c770f1767cd4966804aa62716acd",
+    "manifest.json": "dfa7aea948643c988c5fbff864283218e67bdc84fc30451b6f3955af8618cadb",
+    "data/atlas-ttps.json": "8d89963ab752b250c2cb4d62914d2f979e2d439d9ec8cc6a41df8aaf8bb1b1e8",
+    "data/attack-techniques.json": "b7076891a2e46ca3e1b924fcd168406eca5f63596ea4f7aa6d9e1cc373193349",
+    "data/cve-catalog.json": "fc1f2e08e45c1cafd5ef1685899469624f65f25b8904edf447c337ce1e62afbe",
+    "data/cwe-catalog.json": "634171ed522fac6838fd85fd785d67d5e9e093a28359ff2957b4ffc83a0c55c9",
     "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
-    "data/framework-control-gaps.json": "d2e60889dab692934572789e3c95c2b6499fd1d6250b0d5e257d3d50a0ce4281",
+    "data/framework-control-gaps.json": "39d5765424c17b3702b6beecdec54e234565c844b1d60ff9eaa5bf7b1f942b67",
     "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
     "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
-    "data/zeroday-lessons.json": "d120df17940a2ec2d0e28e35871b8c5e9f0d018629b1f8d4bf69fb6dda7be59f",
+    "data/zeroday-lessons.json": "bc8de69fcd81b95bd4e56ad00e351a7e27641d1bef9515995c37faf304ae11ca",
     "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
     "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
     "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
       "dlp_refs": 0
     },
     "trigger_table_entries": 538,
-    "chains_cve_entries": 387,
+    "chains_cve_entries": 391,
     "chains_cwe_entries": 171,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 42,

package/data/_indexes/activity-feed.json

@@ -149,7 +149,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 398
+      "entry_count": 402
     },
     {
       "date": "2026-05-18",
@@ -165,7 +165,7 @@
       "artifact": "data/zeroday-lessons.json",
       "path": "data/zeroday-lessons.json",
       "schema_version": "1.1.0",
-      "entry_count": 393
+      "entry_count": 397
     },
     {
       "date": "2026-05-17",

package/data/_indexes/catalog-summaries.json

@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 398,
+      "entry_count": 402,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 393,
+      "entry_count": 397,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",