@blamejs/exceptd-skills 0.13.110 → 0.13.113

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +1430 -0
  6. package/data/atlas-ttps.json +4 -0
  7. package/data/attack-techniques.json +15 -2
  8. package/data/cve-catalog.json +419 -3
  9. package/data/cwe-catalog.json +5 -0
  10. package/data/framework-control-gaps.json +36 -1
  11. package/data/zeroday-lessons.json +200 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -45042,6 +45042,1366 @@
45042
45042
  ]
45043
45043
  }
45044
45044
  },
45045
+ "CVE-2024-9526": {
45046
+ "name": "Kubeflow Pipelines Stored XSS in Pipeline View",
45047
+ "rwep": 19,
45048
+ "cvss": 5.4,
45049
+ "cisa_kev": false,
45050
+ "epss_score": null,
45051
+ "referencing_skills": [
45052
+ "ai-attack-surface",
45053
+ "compliance-theater",
45054
+ "rag-pipeline-security",
45055
+ "ai-c2-detection",
45056
+ "threat-modeling-methodology",
45057
+ "webapp-security",
45058
+ "api-security",
45059
+ "container-runtime-security",
45060
+ "email-security-anti-phishing"
45061
+ ],
45062
+ "chain": {
45063
+ "cwes": [
45064
+ {
45065
+ "id": "CWE-1039",
45066
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
45067
+ "category": "AI/ML"
45068
+ },
45069
+ {
45070
+ "id": "CWE-1188",
45071
+ "name": "Initialization of a Resource with an Insecure Default",
45072
+ "category": "Configuration"
45073
+ },
45074
+ {
45075
+ "id": "CWE-1395",
45076
+ "name": "Dependency on Vulnerable Third-Party Component",
45077
+ "category": "Supply Chain"
45078
+ },
45079
+ {
45080
+ "id": "CWE-1426",
45081
+ "name": "Improper Validation of Generative AI Output",
45082
+ "category": "AI/ML"
45083
+ },
45084
+ {
45085
+ "id": "CWE-200",
45086
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
45087
+ "category": "Information Exposure"
45088
+ },
45089
+ {
45090
+ "id": "CWE-22",
45091
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
45092
+ "category": "Path/Resource"
45093
+ },
45094
+ {
45095
+ "id": "CWE-269",
45096
+ "name": "Improper Privilege Management",
45097
+ "category": "Authorization"
45098
+ },
45099
+ {
45100
+ "id": "CWE-287",
45101
+ "name": "Improper Authentication",
45102
+ "category": "Authentication"
45103
+ },
45104
+ {
45105
+ "id": "CWE-352",
45106
+ "name": "Cross-Site Request Forgery (CSRF)",
45107
+ "category": "Session"
45108
+ },
45109
+ {
45110
+ "id": "CWE-434",
45111
+ "name": "Unrestricted Upload of File with Dangerous Type",
45112
+ "category": "File Handling"
45113
+ },
45114
+ {
45115
+ "id": "CWE-502",
45116
+ "name": "Deserialization of Untrusted Data",
45117
+ "category": "Serialization"
45118
+ },
45119
+ {
45120
+ "id": "CWE-732",
45121
+ "name": "Incorrect Permission Assignment for Critical Resource",
45122
+ "category": "Authorization"
45123
+ },
45124
+ {
45125
+ "id": "CWE-77",
45126
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
45127
+ "category": "Injection"
45128
+ },
45129
+ {
45130
+ "id": "CWE-78",
45131
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
45132
+ "category": "Injection"
45133
+ },
45134
+ {
45135
+ "id": "CWE-787",
45136
+ "name": "Out-of-bounds Write",
45137
+ "category": "Memory Safety"
45138
+ },
45139
+ {
45140
+ "id": "CWE-79",
45141
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
45142
+ "category": "Injection"
45143
+ },
45144
+ {
45145
+ "id": "CWE-862",
45146
+ "name": "Missing Authorization",
45147
+ "category": "Authorization"
45148
+ },
45149
+ {
45150
+ "id": "CWE-863",
45151
+ "name": "Incorrect Authorization",
45152
+ "category": "Authorization"
45153
+ },
45154
+ {
45155
+ "id": "CWE-89",
45156
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
45157
+ "category": "Injection"
45158
+ },
45159
+ {
45160
+ "id": "CWE-918",
45161
+ "name": "Server-Side Request Forgery (SSRF)",
45162
+ "category": "Network"
45163
+ },
45164
+ {
45165
+ "id": "CWE-94",
45166
+ "name": "Improper Control of Generation of Code (Code Injection)",
45167
+ "category": "Injection"
45168
+ }
45169
+ ],
45170
+ "atlas": [
45171
+ {
45172
+ "id": "AML.T0010",
45173
+ "name": "ML Supply Chain Compromise",
45174
+ "tactic": "Initial Access"
45175
+ },
45176
+ {
45177
+ "id": "AML.T0016",
45178
+ "name": "Obtain Capabilities: Develop Capabilities",
45179
+ "tactic": "Resource Development"
45180
+ },
45181
+ {
45182
+ "id": "AML.T0017",
45183
+ "name": "Discover ML Model Ontology",
45184
+ "tactic": "Discovery"
45185
+ },
45186
+ {
45187
+ "id": "AML.T0018",
45188
+ "name": "Backdoor ML Model",
45189
+ "tactic": "Persistence"
45190
+ },
45191
+ {
45192
+ "id": "AML.T0020",
45193
+ "name": "Poison Training Data",
45194
+ "tactic": "ML Attack Staging"
45195
+ },
45196
+ {
45197
+ "id": "AML.T0043",
45198
+ "name": "Craft Adversarial Data",
45199
+ "tactic": "ML Attack Staging"
45200
+ },
45201
+ {
45202
+ "id": "AML.T0051",
45203
+ "name": "LLM Prompt Injection",
45204
+ "tactic": "Execution"
45205
+ },
45206
+ {
45207
+ "id": "AML.T0054",
45208
+ "name": "LLM Jailbreak",
45209
+ "tactic": "Defense Evasion"
45210
+ },
45211
+ {
45212
+ "id": "AML.T0096",
45213
+ "name": "AI API as Covert C2 Channel",
45214
+ "tactic": "Command and Control"
45215
+ }
45216
+ ],
45217
+ "d3fend": [
45218
+ {
45219
+ "id": "D3-CA",
45220
+ "name": "Certificate Analysis",
45221
+ "tactic": "Detect"
45222
+ },
45223
+ {
45224
+ "id": "D3-CSPP",
45225
+ "name": "Client-server Payload Profiling",
45226
+ "tactic": "Detect"
45227
+ },
45228
+ {
45229
+ "id": "D3-DA",
45230
+ "name": "Domain Analysis",
45231
+ "tactic": "Detect"
45232
+ },
45233
+ {
45234
+ "id": "D3-IOPR",
45235
+ "name": "Input/Output Profiling Resource",
45236
+ "tactic": "Detect"
45237
+ },
45238
+ {
45239
+ "id": "D3-NI",
45240
+ "name": "Network Isolation",
45241
+ "tactic": "Isolate"
45242
+ },
45243
+ {
45244
+ "id": "D3-NTA",
45245
+ "name": "Network Traffic Analysis",
45246
+ "tactic": "Detect"
45247
+ },
45248
+ {
45249
+ "id": "D3-NTPM",
45250
+ "name": "Network Traffic Policy Mapping",
45251
+ "tactic": "Model"
45252
+ }
45253
+ ],
45254
+ "framework_gaps": [
45255
+ {
45256
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
45257
+ "framework": "ALL",
45258
+ "control_name": "AI Pipeline Integrity"
45259
+ },
45260
+ {
45261
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
45262
+ "framework": "ALL",
45263
+ "control_name": "Prompt Injection as Access Control Failure"
45264
+ },
45265
+ {
45266
+ "id": "CMMC-2.0-Level-2",
45267
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
45268
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
45269
+ },
45270
+ {
45271
+ "id": "FedRAMP-Rev5-Moderate",
45272
+ "framework": "FedRAMP Rev 5 Moderate",
45273
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
45274
+ },
45275
+ {
45276
+ "id": "ISO-27001-2022-A.8.16",
45277
+ "framework": "ISO/IEC 27001:2022",
45278
+ "control_name": "Monitoring activities"
45279
+ },
45280
+ {
45281
+ "id": "ISO-27001-2022-A.8.28",
45282
+ "framework": "ISO/IEC 27001:2022",
45283
+ "control_name": "Secure coding"
45284
+ },
45285
+ {
45286
+ "id": "ISO-IEC-23894-2023-clause-7",
45287
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
45288
+ "control_name": "AI risk management process"
45289
+ },
45290
+ {
45291
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
45292
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
45293
+ "control_name": "AI risk assessment"
45294
+ },
45295
+ {
45296
+ "id": "NIST-800-218-SSDF",
45297
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
45298
+ "control_name": "Secure Software Development Framework"
45299
+ },
45300
+ {
45301
+ "id": "NIST-800-53-AC-2",
45302
+ "framework": "NIST SP 800-53 Rev 5",
45303
+ "control_name": "Account Management"
45304
+ },
45305
+ {
45306
+ "id": "NIST-800-53-CM-7",
45307
+ "framework": "NIST SP 800-53 Rev 5",
45308
+ "control_name": "Least Functionality"
45309
+ },
45310
+ {
45311
+ "id": "NIST-800-53-SC-7",
45312
+ "framework": "NIST SP 800-53 Rev 5",
45313
+ "control_name": "Boundary Protection"
45314
+ },
45315
+ {
45316
+ "id": "NIST-800-53-SI-12",
45317
+ "framework": "NIST SP 800-53 Rev 5",
45318
+ "control_name": "Information Management and Retention"
45319
+ },
45320
+ {
45321
+ "id": "NIST-800-53-SI-3",
45322
+ "framework": "NIST SP 800-53 Rev 5",
45323
+ "control_name": "Malicious Code Protection"
45324
+ },
45325
+ {
45326
+ "id": "NIST-AI-RMF-MEASURE-2.5",
45327
+ "framework": "NIST AI RMF 1.0",
45328
+ "control_name": "AI system to human interaction evaluation"
45329
+ },
45330
+ {
45331
+ "id": "OWASP-ASVS-v5.0-V14",
45332
+ "framework": "OWASP ASVS v5.0",
45333
+ "control_name": "Configuration verification"
45334
+ },
45335
+ {
45336
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
45337
+ "framework": "OWASP Top 10 for LLM Applications 2025",
45338
+ "control_name": "Prompt Injection"
45339
+ },
45340
+ {
45341
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
45342
+ "framework": "OWASP Top 10 for LLM Applications 2025",
45343
+ "control_name": "Sensitive Information Disclosure"
45344
+ },
45345
+ {
45346
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
45347
+ "framework": "OWASP Top 10 for LLM Applications 2025",
45348
+ "control_name": "Vector and Embedding Weaknesses"
45349
+ },
45350
+ {
45351
+ "id": "SLSA-v1.0-Build-L3",
45352
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
45353
+ "control_name": "Hardened build platform with non-falsifiable provenance"
45354
+ },
45355
+ {
45356
+ "id": "SOC2-CC6-logical-access",
45357
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
45358
+ "control_name": "Logical and Physical Access Controls"
45359
+ },
45360
+ {
45361
+ "id": "SOC2-CC7-anomaly-detection",
45362
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
45363
+ "control_name": "System Operations — Threat and Vulnerability Management"
45364
+ }
45365
+ ],
45366
+ "attack_refs": [
45367
+ "T1059",
45368
+ "T1068",
45369
+ "T1071",
45370
+ "T1078",
45371
+ "T1102",
45372
+ "T1190",
45373
+ "T1505",
45374
+ "T1565",
45375
+ "T1566",
45376
+ "T1566.001",
45377
+ "T1566.002",
45378
+ "T1566.003",
45379
+ "T1567",
45380
+ "T1568",
45381
+ "T1610",
45382
+ "T1611"
45383
+ ],
45384
+ "rfc_refs": [
45385
+ "RFC-6749",
45386
+ "RFC-7519",
45387
+ "RFC-8032",
45388
+ "RFC-8446",
45389
+ "RFC-8725",
45390
+ "RFC-9000",
45391
+ "RFC-9114",
45392
+ "RFC-9180",
45393
+ "RFC-9421",
45394
+ "RFC-9458",
45395
+ "RFC-9700"
45396
+ ]
45397
+ }
45398
+ },
45399
+ "CVE-2023-6571": {
45400
+ "name": "Kubeflow Reflected XSS",
45401
+ "rwep": 15,
45402
+ "cvss": 6.1,
45403
+ "cisa_kev": false,
45404
+ "epss_score": null,
45405
+ "referencing_skills": [
45406
+ "ai-attack-surface",
45407
+ "compliance-theater",
45408
+ "rag-pipeline-security",
45409
+ "ai-c2-detection",
45410
+ "threat-modeling-methodology",
45411
+ "webapp-security",
45412
+ "api-security",
45413
+ "container-runtime-security",
45414
+ "email-security-anti-phishing"
45415
+ ],
45416
+ "chain": {
45417
+ "cwes": [
45418
+ {
45419
+ "id": "CWE-1039",
45420
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
45421
+ "category": "AI/ML"
45422
+ },
45423
+ {
45424
+ "id": "CWE-1188",
45425
+ "name": "Initialization of a Resource with an Insecure Default",
45426
+ "category": "Configuration"
45427
+ },
45428
+ {
45429
+ "id": "CWE-1395",
45430
+ "name": "Dependency on Vulnerable Third-Party Component",
45431
+ "category": "Supply Chain"
45432
+ },
45433
+ {
45434
+ "id": "CWE-1426",
45435
+ "name": "Improper Validation of Generative AI Output",
45436
+ "category": "AI/ML"
45437
+ },
45438
+ {
45439
+ "id": "CWE-200",
45440
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
45441
+ "category": "Information Exposure"
45442
+ },
45443
+ {
45444
+ "id": "CWE-22",
45445
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
45446
+ "category": "Path/Resource"
45447
+ },
45448
+ {
45449
+ "id": "CWE-269",
45450
+ "name": "Improper Privilege Management",
45451
+ "category": "Authorization"
45452
+ },
45453
+ {
45454
+ "id": "CWE-287",
45455
+ "name": "Improper Authentication",
45456
+ "category": "Authentication"
45457
+ },
45458
+ {
45459
+ "id": "CWE-352",
45460
+ "name": "Cross-Site Request Forgery (CSRF)",
45461
+ "category": "Session"
45462
+ },
45463
+ {
45464
+ "id": "CWE-434",
45465
+ "name": "Unrestricted Upload of File with Dangerous Type",
45466
+ "category": "File Handling"
45467
+ },
45468
+ {
45469
+ "id": "CWE-502",
45470
+ "name": "Deserialization of Untrusted Data",
45471
+ "category": "Serialization"
45472
+ },
45473
+ {
45474
+ "id": "CWE-732",
45475
+ "name": "Incorrect Permission Assignment for Critical Resource",
45476
+ "category": "Authorization"
45477
+ },
45478
+ {
45479
+ "id": "CWE-77",
45480
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
45481
+ "category": "Injection"
45482
+ },
45483
+ {
45484
+ "id": "CWE-78",
45485
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
45486
+ "category": "Injection"
45487
+ },
45488
+ {
45489
+ "id": "CWE-787",
45490
+ "name": "Out-of-bounds Write",
45491
+ "category": "Memory Safety"
45492
+ },
45493
+ {
45494
+ "id": "CWE-79",
45495
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
45496
+ "category": "Injection"
45497
+ },
45498
+ {
45499
+ "id": "CWE-862",
45500
+ "name": "Missing Authorization",
45501
+ "category": "Authorization"
45502
+ },
45503
+ {
45504
+ "id": "CWE-863",
45505
+ "name": "Incorrect Authorization",
45506
+ "category": "Authorization"
45507
+ },
45508
+ {
45509
+ "id": "CWE-89",
45510
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
45511
+ "category": "Injection"
45512
+ },
45513
+ {
45514
+ "id": "CWE-918",
45515
+ "name": "Server-Side Request Forgery (SSRF)",
45516
+ "category": "Network"
45517
+ },
45518
+ {
45519
+ "id": "CWE-94",
45520
+ "name": "Improper Control of Generation of Code (Code Injection)",
45521
+ "category": "Injection"
45522
+ }
45523
+ ],
45524
+ "atlas": [
45525
+ {
45526
+ "id": "AML.T0010",
45527
+ "name": "ML Supply Chain Compromise",
45528
+ "tactic": "Initial Access"
45529
+ },
45530
+ {
45531
+ "id": "AML.T0016",
45532
+ "name": "Obtain Capabilities: Develop Capabilities",
45533
+ "tactic": "Resource Development"
45534
+ },
45535
+ {
45536
+ "id": "AML.T0017",
45537
+ "name": "Discover ML Model Ontology",
45538
+ "tactic": "Discovery"
45539
+ },
45540
+ {
45541
+ "id": "AML.T0018",
45542
+ "name": "Backdoor ML Model",
45543
+ "tactic": "Persistence"
45544
+ },
45545
+ {
45546
+ "id": "AML.T0020",
45547
+ "name": "Poison Training Data",
45548
+ "tactic": "ML Attack Staging"
45549
+ },
45550
+ {
45551
+ "id": "AML.T0043",
45552
+ "name": "Craft Adversarial Data",
45553
+ "tactic": "ML Attack Staging"
45554
+ },
45555
+ {
45556
+ "id": "AML.T0051",
45557
+ "name": "LLM Prompt Injection",
45558
+ "tactic": "Execution"
45559
+ },
45560
+ {
45561
+ "id": "AML.T0054",
45562
+ "name": "LLM Jailbreak",
45563
+ "tactic": "Defense Evasion"
45564
+ },
45565
+ {
45566
+ "id": "AML.T0096",
45567
+ "name": "AI API as Covert C2 Channel",
45568
+ "tactic": "Command and Control"
45569
+ }
45570
+ ],
45571
+ "d3fend": [
45572
+ {
45573
+ "id": "D3-CA",
45574
+ "name": "Certificate Analysis",
45575
+ "tactic": "Detect"
45576
+ },
45577
+ {
45578
+ "id": "D3-CSPP",
45579
+ "name": "Client-server Payload Profiling",
45580
+ "tactic": "Detect"
45581
+ },
45582
+ {
45583
+ "id": "D3-DA",
45584
+ "name": "Domain Analysis",
45585
+ "tactic": "Detect"
45586
+ },
45587
+ {
45588
+ "id": "D3-IOPR",
45589
+ "name": "Input/Output Profiling Resource",
45590
+ "tactic": "Detect"
45591
+ },
45592
+ {
45593
+ "id": "D3-NI",
45594
+ "name": "Network Isolation",
45595
+ "tactic": "Isolate"
45596
+ },
45597
+ {
45598
+ "id": "D3-NTA",
45599
+ "name": "Network Traffic Analysis",
45600
+ "tactic": "Detect"
45601
+ },
45602
+ {
45603
+ "id": "D3-NTPM",
45604
+ "name": "Network Traffic Policy Mapping",
45605
+ "tactic": "Model"
45606
+ }
45607
+ ],
45608
+ "framework_gaps": [
45609
+ {
45610
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
45611
+ "framework": "ALL",
45612
+ "control_name": "AI Pipeline Integrity"
45613
+ },
45614
+ {
45615
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
45616
+ "framework": "ALL",
45617
+ "control_name": "Prompt Injection as Access Control Failure"
45618
+ },
45619
+ {
45620
+ "id": "CMMC-2.0-Level-2",
45621
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
45622
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
45623
+ },
45624
+ {
45625
+ "id": "FedRAMP-Rev5-Moderate",
45626
+ "framework": "FedRAMP Rev 5 Moderate",
45627
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
45628
+ },
45629
+ {
45630
+ "id": "ISO-27001-2022-A.8.16",
45631
+ "framework": "ISO/IEC 27001:2022",
45632
+ "control_name": "Monitoring activities"
45633
+ },
45634
+ {
45635
+ "id": "ISO-27001-2022-A.8.28",
45636
+ "framework": "ISO/IEC 27001:2022",
45637
+ "control_name": "Secure coding"
45638
+ },
45639
+ {
45640
+ "id": "ISO-IEC-23894-2023-clause-7",
45641
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
45642
+ "control_name": "AI risk management process"
45643
+ },
45644
+ {
45645
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
45646
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
45647
+ "control_name": "AI risk assessment"
45648
+ },
45649
+ {
45650
+ "id": "NIST-800-218-SSDF",
45651
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
45652
+ "control_name": "Secure Software Development Framework"
45653
+ },
45654
+ {
45655
+ "id": "NIST-800-53-AC-2",
45656
+ "framework": "NIST SP 800-53 Rev 5",
45657
+ "control_name": "Account Management"
45658
+ },
45659
+ {
45660
+ "id": "NIST-800-53-CM-7",
45661
+ "framework": "NIST SP 800-53 Rev 5",
45662
+ "control_name": "Least Functionality"
45663
+ },
45664
+ {
45665
+ "id": "NIST-800-53-SC-7",
45666
+ "framework": "NIST SP 800-53 Rev 5",
45667
+ "control_name": "Boundary Protection"
45668
+ },
45669
+ {
45670
+ "id": "NIST-800-53-SI-12",
45671
+ "framework": "NIST SP 800-53 Rev 5",
45672
+ "control_name": "Information Management and Retention"
45673
+ },
45674
+ {
45675
+ "id": "NIST-800-53-SI-3",
45676
+ "framework": "NIST SP 800-53 Rev 5",
45677
+ "control_name": "Malicious Code Protection"
45678
+ },
45679
+ {
45680
+ "id": "NIST-AI-RMF-MEASURE-2.5",
45681
+ "framework": "NIST AI RMF 1.0",
45682
+ "control_name": "AI system to human interaction evaluation"
45683
+ },
45684
+ {
45685
+ "id": "OWASP-ASVS-v5.0-V14",
45686
+ "framework": "OWASP ASVS v5.0",
45687
+ "control_name": "Configuration verification"
45688
+ },
45689
+ {
45690
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
45691
+ "framework": "OWASP Top 10 for LLM Applications 2025",
45692
+ "control_name": "Prompt Injection"
45693
+ },
45694
+ {
45695
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
45696
+ "framework": "OWASP Top 10 for LLM Applications 2025",
45697
+ "control_name": "Sensitive Information Disclosure"
45698
+ },
45699
+ {
45700
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
45701
+ "framework": "OWASP Top 10 for LLM Applications 2025",
45702
+ "control_name": "Vector and Embedding Weaknesses"
45703
+ },
45704
+ {
45705
+ "id": "SLSA-v1.0-Build-L3",
45706
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
45707
+ "control_name": "Hardened build platform with non-falsifiable provenance"
45708
+ },
45709
+ {
45710
+ "id": "SOC2-CC6-logical-access",
45711
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
45712
+ "control_name": "Logical and Physical Access Controls"
45713
+ },
45714
+ {
45715
+ "id": "SOC2-CC7-anomaly-detection",
45716
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
45717
+ "control_name": "System Operations — Threat and Vulnerability Management"
45718
+ }
45719
+ ],
45720
+ "attack_refs": [
45721
+ "T1059",
45722
+ "T1068",
45723
+ "T1071",
45724
+ "T1078",
45725
+ "T1102",
45726
+ "T1190",
45727
+ "T1505",
45728
+ "T1565",
45729
+ "T1566",
45730
+ "T1566.001",
45731
+ "T1566.002",
45732
+ "T1566.003",
45733
+ "T1567",
45734
+ "T1568",
45735
+ "T1610",
45736
+ "T1611"
45737
+ ],
45738
+ "rfc_refs": [
45739
+ "RFC-6749",
45740
+ "RFC-7519",
45741
+ "RFC-8032",
45742
+ "RFC-8446",
45743
+ "RFC-8725",
45744
+ "RFC-9000",
45745
+ "RFC-9114",
45746
+ "RFC-9180",
45747
+ "RFC-9421",
45748
+ "RFC-9458",
45749
+ "RFC-9700"
45750
+ ]
45751
+ }
45752
+ },
45753
+ "CVE-2025-3466": {
45754
+ "name": "Dify Code Node Sandbox Escape to Remote Code Execution",
45755
+ "rwep": 33,
45756
+ "cvss": 7.2,
45757
+ "cisa_kev": false,
45758
+ "epss_score": null,
45759
+ "referencing_skills": [
45760
+ "ai-attack-surface",
45761
+ "mcp-agent-trust",
45762
+ "compliance-theater",
45763
+ "rag-pipeline-security",
45764
+ "ai-c2-detection",
45765
+ "threat-modeling-methodology",
45766
+ "webapp-security",
45767
+ "api-security",
45768
+ "cloud-security",
45769
+ "container-runtime-security",
45770
+ "email-security-anti-phishing"
45771
+ ],
45772
+ "chain": {
45773
+ "cwes": [
45774
+ {
45775
+ "id": "CWE-1039",
45776
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
45777
+ "category": "AI/ML"
45778
+ },
45779
+ {
45780
+ "id": "CWE-1188",
45781
+ "name": "Initialization of a Resource with an Insecure Default",
45782
+ "category": "Configuration"
45783
+ },
45784
+ {
45785
+ "id": "CWE-1395",
45786
+ "name": "Dependency on Vulnerable Third-Party Component",
45787
+ "category": "Supply Chain"
45788
+ },
45789
+ {
45790
+ "id": "CWE-1426",
45791
+ "name": "Improper Validation of Generative AI Output",
45792
+ "category": "AI/ML"
45793
+ },
45794
+ {
45795
+ "id": "CWE-200",
45796
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
45797
+ "category": "Information Exposure"
45798
+ },
45799
+ {
45800
+ "id": "CWE-22",
45801
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
45802
+ "category": "Path/Resource"
45803
+ },
45804
+ {
45805
+ "id": "CWE-269",
45806
+ "name": "Improper Privilege Management",
45807
+ "category": "Authorization"
45808
+ },
45809
+ {
45810
+ "id": "CWE-287",
45811
+ "name": "Improper Authentication",
45812
+ "category": "Authentication"
45813
+ },
45814
+ {
45815
+ "id": "CWE-345",
45816
+ "name": "Insufficient Verification of Data Authenticity",
45817
+ "category": "Authenticity / Supply Chain"
45818
+ },
45819
+ {
45820
+ "id": "CWE-352",
45821
+ "name": "Cross-Site Request Forgery (CSRF)",
45822
+ "category": "Session"
45823
+ },
45824
+ {
45825
+ "id": "CWE-434",
45826
+ "name": "Unrestricted Upload of File with Dangerous Type",
45827
+ "category": "File Handling"
45828
+ },
45829
+ {
45830
+ "id": "CWE-494",
45831
+ "name": "Download of Code Without Integrity Check",
45832
+ "category": "Supply Chain"
45833
+ },
45834
+ {
45835
+ "id": "CWE-502",
45836
+ "name": "Deserialization of Untrusted Data",
45837
+ "category": "Serialization"
45838
+ },
45839
+ {
45840
+ "id": "CWE-732",
45841
+ "name": "Incorrect Permission Assignment for Critical Resource",
45842
+ "category": "Authorization"
45843
+ },
45844
+ {
45845
+ "id": "CWE-77",
45846
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
45847
+ "category": "Injection"
45848
+ },
45849
+ {
45850
+ "id": "CWE-78",
45851
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
45852
+ "category": "Injection"
45853
+ },
45854
+ {
45855
+ "id": "CWE-787",
45856
+ "name": "Out-of-bounds Write",
45857
+ "category": "Memory Safety"
45858
+ },
45859
+ {
45860
+ "id": "CWE-79",
45861
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
45862
+ "category": "Injection"
45863
+ },
45864
+ {
45865
+ "id": "CWE-798",
45866
+ "name": "Use of Hard-coded Credentials",
45867
+ "category": "Credentials"
45868
+ },
45869
+ {
45870
+ "id": "CWE-862",
45871
+ "name": "Missing Authorization",
45872
+ "category": "Authorization"
45873
+ },
45874
+ {
45875
+ "id": "CWE-863",
45876
+ "name": "Incorrect Authorization",
45877
+ "category": "Authorization"
45878
+ },
45879
+ {
45880
+ "id": "CWE-89",
45881
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
45882
+ "category": "Injection"
45883
+ },
45884
+ {
45885
+ "id": "CWE-918",
45886
+ "name": "Server-Side Request Forgery (SSRF)",
45887
+ "category": "Network"
45888
+ },
45889
+ {
45890
+ "id": "CWE-94",
45891
+ "name": "Improper Control of Generation of Code (Code Injection)",
45892
+ "category": "Injection"
45893
+ }
45894
+ ],
45895
+ "atlas": [
45896
+ {
45897
+ "id": "AML.T0010",
45898
+ "name": "ML Supply Chain Compromise",
45899
+ "tactic": "Initial Access"
45900
+ },
45901
+ {
45902
+ "id": "AML.T0016",
45903
+ "name": "Obtain Capabilities: Develop Capabilities",
45904
+ "tactic": "Resource Development"
45905
+ },
45906
+ {
45907
+ "id": "AML.T0017",
45908
+ "name": "Discover ML Model Ontology",
45909
+ "tactic": "Discovery"
45910
+ },
45911
+ {
45912
+ "id": "AML.T0018",
45913
+ "name": "Backdoor ML Model",
45914
+ "tactic": "Persistence"
45915
+ },
45916
+ {
45917
+ "id": "AML.T0020",
45918
+ "name": "Poison Training Data",
45919
+ "tactic": "ML Attack Staging"
45920
+ },
45921
+ {
45922
+ "id": "AML.T0043",
45923
+ "name": "Craft Adversarial Data",
45924
+ "tactic": "ML Attack Staging"
45925
+ },
45926
+ {
45927
+ "id": "AML.T0051",
45928
+ "name": "LLM Prompt Injection",
45929
+ "tactic": "Execution"
45930
+ },
45931
+ {
45932
+ "id": "AML.T0054",
45933
+ "name": "LLM Jailbreak",
45934
+ "tactic": "Defense Evasion"
45935
+ },
45936
+ {
45937
+ "id": "AML.T0096",
45938
+ "name": "AI API as Covert C2 Channel",
45939
+ "tactic": "Command and Control"
45940
+ }
45941
+ ],
45942
+ "d3fend": [
45943
+ {
45944
+ "id": "D3-CA",
45945
+ "name": "Certificate Analysis",
45946
+ "tactic": "Detect"
45947
+ },
45948
+ {
45949
+ "id": "D3-CBAN",
45950
+ "name": "Certificate-based Authentication",
45951
+ "tactic": "Harden"
45952
+ },
45953
+ {
45954
+ "id": "D3-CSPP",
45955
+ "name": "Client-server Payload Profiling",
45956
+ "tactic": "Detect"
45957
+ },
45958
+ {
45959
+ "id": "D3-DA",
45960
+ "name": "Domain Analysis",
45961
+ "tactic": "Detect"
45962
+ },
45963
+ {
45964
+ "id": "D3-EAL",
45965
+ "name": "Executable Allowlisting",
45966
+ "tactic": "Harden"
45967
+ },
45968
+ {
45969
+ "id": "D3-EHB",
45970
+ "name": "Executable Hashbased Allowlist",
45971
+ "tactic": "Harden"
45972
+ },
45973
+ {
45974
+ "id": "D3-IOPR",
45975
+ "name": "Input/Output Profiling Resource",
45976
+ "tactic": "Detect"
45977
+ },
45978
+ {
45979
+ "id": "D3-MFA",
45980
+ "name": "Multi-factor Authentication",
45981
+ "tactic": "Harden"
45982
+ },
45983
+ {
45984
+ "id": "D3-NI",
45985
+ "name": "Network Isolation",
45986
+ "tactic": "Isolate"
45987
+ },
45988
+ {
45989
+ "id": "D3-NTA",
45990
+ "name": "Network Traffic Analysis",
45991
+ "tactic": "Detect"
45992
+ },
45993
+ {
45994
+ "id": "D3-NTPM",
45995
+ "name": "Network Traffic Policy Mapping",
45996
+ "tactic": "Model"
45997
+ }
45998
+ ],
45999
+ "framework_gaps": [
46000
+ {
46001
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
46002
+ "framework": "ALL",
46003
+ "control_name": "AI Pipeline Integrity"
46004
+ },
46005
+ {
46006
+ "id": "ALL-MCP-TOOL-TRUST",
46007
+ "framework": "ALL",
46008
+ "control_name": "MCP/Agent Tool Trust Boundaries"
46009
+ },
46010
+ {
46011
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
46012
+ "framework": "ALL",
46013
+ "control_name": "Prompt Injection as Access Control Failure"
46014
+ },
46015
+ {
46016
+ "id": "CMMC-2.0-Level-2",
46017
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
46018
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
46019
+ },
46020
+ {
46021
+ "id": "FedRAMP-Rev5-Moderate",
46022
+ "framework": "FedRAMP Rev 5 Moderate",
46023
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
46024
+ },
46025
+ {
46026
+ "id": "ISO-27001-2022-A.8.16",
46027
+ "framework": "ISO/IEC 27001:2022",
46028
+ "control_name": "Monitoring activities"
46029
+ },
46030
+ {
46031
+ "id": "ISO-27001-2022-A.8.28",
46032
+ "framework": "ISO/IEC 27001:2022",
46033
+ "control_name": "Secure coding"
46034
+ },
46035
+ {
46036
+ "id": "ISO-27001-2022-A.8.30",
46037
+ "framework": "ISO/IEC 27001:2022",
46038
+ "control_name": "Outsourced development"
46039
+ },
46040
+ {
46041
+ "id": "ISO-IEC-23894-2023-clause-7",
46042
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
46043
+ "control_name": "AI risk management process"
46044
+ },
46045
+ {
46046
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
46047
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
46048
+ "control_name": "AI risk assessment"
46049
+ },
46050
+ {
46051
+ "id": "NIST-800-218-SSDF",
46052
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
46053
+ "control_name": "Secure Software Development Framework"
46054
+ },
46055
+ {
46056
+ "id": "NIST-800-53-AC-2",
46057
+ "framework": "NIST SP 800-53 Rev 5",
46058
+ "control_name": "Account Management"
46059
+ },
46060
+ {
46061
+ "id": "NIST-800-53-CM-7",
46062
+ "framework": "NIST SP 800-53 Rev 5",
46063
+ "control_name": "Least Functionality"
46064
+ },
46065
+ {
46066
+ "id": "NIST-800-53-SA-12",
46067
+ "framework": "NIST SP 800-53 Rev 5",
46068
+ "control_name": "Supply Chain Protection"
46069
+ },
46070
+ {
46071
+ "id": "NIST-800-53-SC-7",
46072
+ "framework": "NIST SP 800-53 Rev 5",
46073
+ "control_name": "Boundary Protection"
46074
+ },
46075
+ {
46076
+ "id": "NIST-800-53-SI-12",
46077
+ "framework": "NIST SP 800-53 Rev 5",
46078
+ "control_name": "Information Management and Retention"
46079
+ },
46080
+ {
46081
+ "id": "NIST-800-53-SI-3",
46082
+ "framework": "NIST SP 800-53 Rev 5",
46083
+ "control_name": "Malicious Code Protection"
46084
+ },
46085
+ {
46086
+ "id": "NIST-AI-RMF-MEASURE-2.5",
46087
+ "framework": "NIST AI RMF 1.0",
46088
+ "control_name": "AI system to human interaction evaluation"
46089
+ },
46090
+ {
46091
+ "id": "OWASP-ASVS-v5.0-V14",
46092
+ "framework": "OWASP ASVS v5.0",
46093
+ "control_name": "Configuration verification"
46094
+ },
46095
+ {
46096
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
46097
+ "framework": "OWASP Top 10 for LLM Applications 2025",
46098
+ "control_name": "Prompt Injection"
46099
+ },
46100
+ {
46101
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
46102
+ "framework": "OWASP Top 10 for LLM Applications 2025",
46103
+ "control_name": "Sensitive Information Disclosure"
46104
+ },
46105
+ {
46106
+ "id": "OWASP-LLM-Top-10-2025-LLM06",
46107
+ "framework": "OWASP Top 10 for LLM Applications 2025",
46108
+ "control_name": "Excessive Agency"
46109
+ },
46110
+ {
46111
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
46112
+ "framework": "OWASP Top 10 for LLM Applications 2025",
46113
+ "control_name": "Vector and Embedding Weaknesses"
46114
+ },
46115
+ {
46116
+ "id": "SLSA-v1.0-Build-L3",
46117
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
46118
+ "control_name": "Hardened build platform with non-falsifiable provenance"
46119
+ },
46120
+ {
46121
+ "id": "SOC2-CC6-logical-access",
46122
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
46123
+ "control_name": "Logical and Physical Access Controls"
46124
+ },
46125
+ {
46126
+ "id": "SOC2-CC7-anomaly-detection",
46127
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
46128
+ "control_name": "System Operations — Threat and Vulnerability Management"
46129
+ },
46130
+ {
46131
+ "id": "SOC2-CC9-vendor-management",
46132
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
46133
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
46134
+ },
46135
+ {
46136
+ "id": "SWIFT-CSCF-v2026-1.1",
46137
+ "framework": "SWIFT Customer Security Controls Framework v2026",
46138
+ "control_name": "SWIFT Environment Protection"
46139
+ }
46140
+ ],
46141
+ "attack_refs": [
46142
+ "T1059",
46143
+ "T1068",
46144
+ "T1071",
46145
+ "T1078",
46146
+ "T1102",
46147
+ "T1190",
46148
+ "T1195.001",
46149
+ "T1505",
46150
+ "T1530",
46151
+ "T1552",
46152
+ "T1565",
46153
+ "T1566",
46154
+ "T1566.001",
46155
+ "T1566.002",
46156
+ "T1566.003",
46157
+ "T1567",
46158
+ "T1568",
46159
+ "T1610",
46160
+ "T1611"
46161
+ ],
46162
+ "rfc_refs": [
46163
+ "RFC-6749",
46164
+ "RFC-7519",
46165
+ "RFC-8032",
46166
+ "RFC-8446",
46167
+ "RFC-8725",
46168
+ "RFC-9000",
46169
+ "RFC-9114",
46170
+ "RFC-9180",
46171
+ "RFC-9421",
46172
+ "RFC-9458",
46173
+ "RFC-9700"
46174
+ ]
46175
+ }
46176
+ },
46177
+ "CVE-2025-56520": {
46178
+ "name": "Dify Remote File Upload Server-Side Request Forgery",
46179
+ "rwep": 30,
46180
+ "cvss": 5.3,
46181
+ "cisa_kev": false,
46182
+ "epss_score": null,
46183
+ "referencing_skills": [
46184
+ "ai-attack-surface",
46185
+ "compliance-theater",
46186
+ "ai-c2-detection",
46187
+ "dlp-gap-analysis"
46188
+ ],
46189
+ "chain": {
46190
+ "cwes": [
46191
+ {
46192
+ "id": "CWE-1039",
46193
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
46194
+ "category": "AI/ML"
46195
+ },
46196
+ {
46197
+ "id": "CWE-1426",
46198
+ "name": "Improper Validation of Generative AI Output",
46199
+ "category": "AI/ML"
46200
+ },
46201
+ {
46202
+ "id": "CWE-200",
46203
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
46204
+ "category": "Information Exposure"
46205
+ },
46206
+ {
46207
+ "id": "CWE-94",
46208
+ "name": "Improper Control of Generation of Code (Code Injection)",
46209
+ "category": "Injection"
46210
+ }
46211
+ ],
46212
+ "atlas": [
46213
+ {
46214
+ "id": "AML.T0016",
46215
+ "name": "Obtain Capabilities: Develop Capabilities",
46216
+ "tactic": "Resource Development"
46217
+ },
46218
+ {
46219
+ "id": "AML.T0017",
46220
+ "name": "Discover ML Model Ontology",
46221
+ "tactic": "Discovery"
46222
+ },
46223
+ {
46224
+ "id": "AML.T0018",
46225
+ "name": "Backdoor ML Model",
46226
+ "tactic": "Persistence"
46227
+ },
46228
+ {
46229
+ "id": "AML.T0020",
46230
+ "name": "Poison Training Data",
46231
+ "tactic": "ML Attack Staging"
46232
+ },
46233
+ {
46234
+ "id": "AML.T0043",
46235
+ "name": "Craft Adversarial Data",
46236
+ "tactic": "ML Attack Staging"
46237
+ },
46238
+ {
46239
+ "id": "AML.T0051",
46240
+ "name": "LLM Prompt Injection",
46241
+ "tactic": "Execution"
46242
+ },
46243
+ {
46244
+ "id": "AML.T0054",
46245
+ "name": "LLM Jailbreak",
46246
+ "tactic": "Defense Evasion"
46247
+ },
46248
+ {
46249
+ "id": "AML.T0096",
46250
+ "name": "AI API as Covert C2 Channel",
46251
+ "tactic": "Command and Control"
46252
+ }
46253
+ ],
46254
+ "d3fend": [
46255
+ {
46256
+ "id": "D3-CA",
46257
+ "name": "Certificate Analysis",
46258
+ "tactic": "Detect"
46259
+ },
46260
+ {
46261
+ "id": "D3-CSPP",
46262
+ "name": "Client-server Payload Profiling",
46263
+ "tactic": "Detect"
46264
+ },
46265
+ {
46266
+ "id": "D3-DA",
46267
+ "name": "Domain Analysis",
46268
+ "tactic": "Detect"
46269
+ },
46270
+ {
46271
+ "id": "D3-EAL",
46272
+ "name": "Executable Allowlisting",
46273
+ "tactic": "Harden"
46274
+ },
46275
+ {
46276
+ "id": "D3-IOPR",
46277
+ "name": "Input/Output Profiling Resource",
46278
+ "tactic": "Detect"
46279
+ },
46280
+ {
46281
+ "id": "D3-NI",
46282
+ "name": "Network Isolation",
46283
+ "tactic": "Isolate"
46284
+ },
46285
+ {
46286
+ "id": "D3-NTA",
46287
+ "name": "Network Traffic Analysis",
46288
+ "tactic": "Detect"
46289
+ },
46290
+ {
46291
+ "id": "D3-NTPM",
46292
+ "name": "Network Traffic Policy Mapping",
46293
+ "tactic": "Model"
46294
+ }
46295
+ ],
46296
+ "framework_gaps": [
46297
+ {
46298
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
46299
+ "framework": "ALL",
46300
+ "control_name": "AI Pipeline Integrity"
46301
+ },
46302
+ {
46303
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
46304
+ "framework": "ALL",
46305
+ "control_name": "Prompt Injection as Access Control Failure"
46306
+ },
46307
+ {
46308
+ "id": "CMMC-2.0-Level-2",
46309
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
46310
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
46311
+ },
46312
+ {
46313
+ "id": "FedRAMP-Rev5-Moderate",
46314
+ "framework": "FedRAMP Rev 5 Moderate",
46315
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
46316
+ },
46317
+ {
46318
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
46319
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
46320
+ "control_name": "Access control standard (technical safeguards)"
46321
+ },
46322
+ {
46323
+ "id": "ISO-27001-2022-A.8.16",
46324
+ "framework": "ISO/IEC 27001:2022",
46325
+ "control_name": "Monitoring activities"
46326
+ },
46327
+ {
46328
+ "id": "ISO-27001-2022-A.8.28",
46329
+ "framework": "ISO/IEC 27001:2022",
46330
+ "control_name": "Secure coding"
46331
+ },
46332
+ {
46333
+ "id": "ISO-IEC-23894-2023-clause-7",
46334
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
46335
+ "control_name": "AI risk management process"
46336
+ },
46337
+ {
46338
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
46339
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
46340
+ "control_name": "AI risk assessment"
46341
+ },
46342
+ {
46343
+ "id": "NIST-800-53-AC-2",
46344
+ "framework": "NIST SP 800-53 Rev 5",
46345
+ "control_name": "Account Management"
46346
+ },
46347
+ {
46348
+ "id": "NIST-800-53-SC-28",
46349
+ "framework": "NIST SP 800-53 Rev 5",
46350
+ "control_name": "Protection of Information at Rest"
46351
+ },
46352
+ {
46353
+ "id": "NIST-800-53-SC-7",
46354
+ "framework": "NIST SP 800-53 Rev 5",
46355
+ "control_name": "Boundary Protection"
46356
+ },
46357
+ {
46358
+ "id": "NIST-800-53-SI-3",
46359
+ "framework": "NIST SP 800-53 Rev 5",
46360
+ "control_name": "Malicious Code Protection"
46361
+ },
46362
+ {
46363
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
46364
+ "framework": "OWASP Top 10 for LLM Applications 2025",
46365
+ "control_name": "Prompt Injection"
46366
+ },
46367
+ {
46368
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
46369
+ "framework": "OWASP Top 10 for LLM Applications 2025",
46370
+ "control_name": "Sensitive Information Disclosure"
46371
+ },
46372
+ {
46373
+ "id": "SOC2-CC6-logical-access",
46374
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
46375
+ "control_name": "Logical and Physical Access Controls"
46376
+ },
46377
+ {
46378
+ "id": "SOC2-CC7-anomaly-detection",
46379
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
46380
+ "control_name": "System Operations — Threat and Vulnerability Management"
46381
+ }
46382
+ ],
46383
+ "attack_refs": [
46384
+ "T1041",
46385
+ "T1059",
46386
+ "T1071",
46387
+ "T1102",
46388
+ "T1190",
46389
+ "T1213",
46390
+ "T1530",
46391
+ "T1566",
46392
+ "T1567",
46393
+ "T1568"
46394
+ ],
46395
+ "rfc_refs": [
46396
+ "RFC-8446",
46397
+ "RFC-9000",
46398
+ "RFC-9114",
46399
+ "RFC-9180",
46400
+ "RFC-9421",
46401
+ "RFC-9458"
46402
+ ]
46403
+ }
46404
+ },
45045
46405
  "CVE-2026-41091": {
45046
46406
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
45047
46407
  "rwep": 45,
@@ -71426,6 +72786,7 @@
71426
72786
  "CVE-2023-6016",
71427
72787
  "CVE-2023-6019",
71428
72788
  "CVE-2023-6021",
72789
+ "CVE-2023-6571",
71429
72790
  "CVE-2024-0129",
71430
72791
  "CVE-2024-0132",
71431
72792
  "CVE-2024-11392",
@@ -71453,6 +72814,7 @@
71453
72814
  "CVE-2024-50050",
71454
72815
  "CVE-2024-5565",
71455
72816
  "CVE-2024-6587",
72817
+ "CVE-2024-9526",
71456
72818
  "CVE-2025-0133",
71457
72819
  "CVE-2025-10585",
71458
72820
  "CVE-2025-1094",
@@ -71469,6 +72831,7 @@
71469
72831
  "CVE-2025-3248",
71470
72832
  "CVE-2025-33236",
71471
72833
  "CVE-2025-34291",
72834
+ "CVE-2025-3466",
71472
72835
  "CVE-2025-38352",
71473
72836
  "CVE-2025-43300",
71474
72837
  "CVE-2025-49596",
@@ -71695,6 +73058,7 @@
71695
73058
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
71696
73059
  "CVE-2023-43472",
71697
73060
  "CVE-2023-6016",
73061
+ "CVE-2023-6571",
71698
73062
  "CVE-2024-12366",
71699
73063
  "CVE-2024-24590",
71700
73064
  "CVE-2024-24591",
@@ -71704,10 +73068,12 @@
71704
73068
  "CVE-2024-37052",
71705
73069
  "CVE-2024-37060",
71706
73070
  "CVE-2024-5565",
73071
+ "CVE-2024-9526",
71707
73072
  "CVE-2025-0133",
71708
73073
  "CVE-2025-1094",
71709
73074
  "CVE-2025-27520",
71710
73075
  "CVE-2025-3248",
73076
+ "CVE-2025-3466",
71711
73077
  "CVE-2025-49844",
71712
73078
  "CVE-2025-53773",
71713
73079
  "CVE-2025-6965",
@@ -71860,6 +73226,7 @@
71860
73226
  "CVE-2023-6016",
71861
73227
  "CVE-2023-6019",
71862
73228
  "CVE-2023-6021",
73229
+ "CVE-2023-6571",
71863
73230
  "CVE-2024-0129",
71864
73231
  "CVE-2024-0132",
71865
73232
  "CVE-2024-11392",
@@ -71885,6 +73252,7 @@
71885
73252
  "CVE-2024-50050",
71886
73253
  "CVE-2024-5565",
71887
73254
  "CVE-2024-6587",
73255
+ "CVE-2024-9526",
71888
73256
  "CVE-2025-0133",
71889
73257
  "CVE-2025-10585",
71890
73258
  "CVE-2025-1094",
@@ -71901,6 +73269,7 @@
71901
73269
  "CVE-2025-3248",
71902
73270
  "CVE-2025-33236",
71903
73271
  "CVE-2025-34291",
73272
+ "CVE-2025-3466",
71904
73273
  "CVE-2025-38352",
71905
73274
  "CVE-2025-43300",
71906
73275
  "CVE-2025-49596",
@@ -72072,6 +73441,7 @@
72072
73441
  "CVE-2023-6016",
72073
73442
  "CVE-2023-6019",
72074
73443
  "CVE-2023-6021",
73444
+ "CVE-2023-6571",
72075
73445
  "CVE-2024-0129",
72076
73446
  "CVE-2024-0132",
72077
73447
  "CVE-2024-11392",
@@ -72097,6 +73467,7 @@
72097
73467
  "CVE-2024-50050",
72098
73468
  "CVE-2024-5565",
72099
73469
  "CVE-2024-6587",
73470
+ "CVE-2024-9526",
72100
73471
  "CVE-2025-0133",
72101
73472
  "CVE-2025-10585",
72102
73473
  "CVE-2025-1094",
@@ -72113,6 +73484,7 @@
72113
73484
  "CVE-2025-3248",
72114
73485
  "CVE-2025-33236",
72115
73486
  "CVE-2025-34291",
73487
+ "CVE-2025-3466",
72116
73488
  "CVE-2025-38352",
72117
73489
  "CVE-2025-43300",
72118
73490
  "CVE-2025-49596",
@@ -72298,6 +73670,7 @@
72298
73670
  "CVE-2023-6016",
72299
73671
  "CVE-2023-6019",
72300
73672
  "CVE-2023-6021",
73673
+ "CVE-2023-6571",
72301
73674
  "CVE-2024-0129",
72302
73675
  "CVE-2024-0132",
72303
73676
  "CVE-2024-11392",
@@ -72323,6 +73696,7 @@
72323
73696
  "CVE-2024-50050",
72324
73697
  "CVE-2024-5565",
72325
73698
  "CVE-2024-6587",
73699
+ "CVE-2024-9526",
72326
73700
  "CVE-2025-0133",
72327
73701
  "CVE-2025-10585",
72328
73702
  "CVE-2025-1094",
@@ -72339,6 +73713,7 @@
72339
73713
  "CVE-2025-3248",
72340
73714
  "CVE-2025-33236",
72341
73715
  "CVE-2025-34291",
73716
+ "CVE-2025-3466",
72342
73717
  "CVE-2025-38352",
72343
73718
  "CVE-2025-43300",
72344
73719
  "CVE-2025-49596",
@@ -72632,6 +74007,7 @@
72632
74007
  "CVE-2023-6019",
72633
74008
  "CVE-2023-6021",
72634
74009
  "CVE-2023-6038",
74010
+ "CVE-2023-6571",
72635
74011
  "CVE-2024-0129",
72636
74012
  "CVE-2024-0132",
72637
74013
  "CVE-2024-11392",
@@ -72659,6 +74035,7 @@
72659
74035
  "CVE-2024-50050",
72660
74036
  "CVE-2024-5565",
72661
74037
  "CVE-2024-6587",
74038
+ "CVE-2024-9526",
72662
74039
  "CVE-2025-0133",
72663
74040
  "CVE-2025-1094",
72664
74041
  "CVE-2025-11837",
@@ -72675,10 +74052,12 @@
72675
74052
  "CVE-2025-3248",
72676
74053
  "CVE-2025-33236",
72677
74054
  "CVE-2025-34291",
74055
+ "CVE-2025-3466",
72678
74056
  "CVE-2025-49596",
72679
74057
  "CVE-2025-49844",
72680
74058
  "CVE-2025-53773",
72681
74059
  "CVE-2025-54136",
74060
+ "CVE-2025-56520",
72682
74061
  "CVE-2025-60455",
72683
74062
  "CVE-2025-64496",
72684
74063
  "CVE-2025-64513",
@@ -73414,6 +74793,7 @@
73414
74793
  "CVE-2023-51449",
73415
74794
  "CVE-2023-6016",
73416
74795
  "CVE-2023-6038",
74796
+ "CVE-2023-6571",
73417
74797
  "CVE-2024-0132",
73418
74798
  "CVE-2024-12366",
73419
74799
  "CVE-2024-1561",
@@ -73430,6 +74810,7 @@
73430
74810
  "CVE-2024-42478",
73431
74811
  "CVE-2024-42479",
73432
74812
  "CVE-2024-5565",
74813
+ "CVE-2024-9526",
73433
74814
  "CVE-2025-0133",
73434
74815
  "CVE-2025-1094",
73435
74816
  "CVE-2025-14847",
@@ -73440,9 +74821,11 @@
73440
74821
  "CVE-2025-30202",
73441
74822
  "CVE-2025-32444",
73442
74823
  "CVE-2025-3248",
74824
+ "CVE-2025-3466",
73443
74825
  "CVE-2025-49844",
73444
74826
  "CVE-2025-53767",
73445
74827
  "CVE-2025-53773",
74828
+ "CVE-2025-56520",
73446
74829
  "CVE-2025-6965",
73447
74830
  "CVE-2026-30615",
73448
74831
  "CVE-2026-30623",
@@ -73801,6 +75184,7 @@
73801
75184
  "CVE-2023-6016",
73802
75185
  "CVE-2023-6019",
73803
75186
  "CVE-2023-6021",
75187
+ "CVE-2023-6571",
73804
75188
  "CVE-2024-0129",
73805
75189
  "CVE-2024-0132",
73806
75190
  "CVE-2024-11392",
@@ -73828,6 +75212,7 @@
73828
75212
  "CVE-2024-50050",
73829
75213
  "CVE-2024-5565",
73830
75214
  "CVE-2024-6587",
75215
+ "CVE-2024-9526",
73831
75216
  "CVE-2025-0133",
73832
75217
  "CVE-2025-10585",
73833
75218
  "CVE-2025-1094",
@@ -73844,6 +75229,7 @@
73844
75229
  "CVE-2025-3248",
73845
75230
  "CVE-2025-33236",
73846
75231
  "CVE-2025-34291",
75232
+ "CVE-2025-3466",
73847
75233
  "CVE-2025-38352",
73848
75234
  "CVE-2025-43300",
73849
75235
  "CVE-2025-49596",
@@ -74452,6 +75838,7 @@
74452
75838
  "CVE-2023-6016",
74453
75839
  "CVE-2023-6019",
74454
75840
  "CVE-2023-6021",
75841
+ "CVE-2023-6571",
74455
75842
  "CVE-2024-0129",
74456
75843
  "CVE-2024-0132",
74457
75844
  "CVE-2024-11392",
@@ -74479,6 +75866,7 @@
74479
75866
  "CVE-2024-50050",
74480
75867
  "CVE-2024-5565",
74481
75868
  "CVE-2024-6587",
75869
+ "CVE-2024-9526",
74482
75870
  "CVE-2025-0133",
74483
75871
  "CVE-2025-10585",
74484
75872
  "CVE-2025-1094",
@@ -74495,6 +75883,7 @@
74495
75883
  "CVE-2025-3248",
74496
75884
  "CVE-2025-33236",
74497
75885
  "CVE-2025-34291",
75886
+ "CVE-2025-3466",
74498
75887
  "CVE-2025-38352",
74499
75888
  "CVE-2025-43300",
74500
75889
  "CVE-2025-49596",
@@ -75217,6 +76606,7 @@
75217
76606
  "CVE-2024-5565",
75218
76607
  "CVE-2025-27520",
75219
76608
  "CVE-2025-3248",
76609
+ "CVE-2025-3466",
75220
76610
  "CVE-2025-49844",
75221
76611
  "CVE-2025-53773",
75222
76612
  "CVE-2026-30615",
@@ -75456,6 +76846,7 @@
75456
76846
  "CVE-2023-6016",
75457
76847
  "CVE-2023-6019",
75458
76848
  "CVE-2023-6021",
76849
+ "CVE-2023-6571",
75459
76850
  "CVE-2024-0129",
75460
76851
  "CVE-2024-0132",
75461
76852
  "CVE-2024-11392",
@@ -75483,6 +76874,7 @@
75483
76874
  "CVE-2024-50050",
75484
76875
  "CVE-2024-5565",
75485
76876
  "CVE-2024-6587",
76877
+ "CVE-2024-9526",
75486
76878
  "CVE-2025-0133",
75487
76879
  "CVE-2025-10585",
75488
76880
  "CVE-2025-1094",
@@ -75499,6 +76891,7 @@
75499
76891
  "CVE-2025-3248",
75500
76892
  "CVE-2025-33236",
75501
76893
  "CVE-2025-34291",
76894
+ "CVE-2025-3466",
75502
76895
  "CVE-2025-38352",
75503
76896
  "CVE-2025-43300",
75504
76897
  "CVE-2025-49596",
@@ -76704,6 +78097,7 @@
76704
78097
  "CVE-2023-6016",
76705
78098
  "CVE-2023-6019",
76706
78099
  "CVE-2023-6021",
78100
+ "CVE-2023-6571",
76707
78101
  "CVE-2024-0129",
76708
78102
  "CVE-2024-0132",
76709
78103
  "CVE-2024-11392",
@@ -76731,6 +78125,7 @@
76731
78125
  "CVE-2024-50050",
76732
78126
  "CVE-2024-5565",
76733
78127
  "CVE-2024-6587",
78128
+ "CVE-2024-9526",
76734
78129
  "CVE-2025-0133",
76735
78130
  "CVE-2025-10585",
76736
78131
  "CVE-2025-1094",
@@ -76747,6 +78142,7 @@
76747
78142
  "CVE-2025-3248",
76748
78143
  "CVE-2025-33236",
76749
78144
  "CVE-2025-34291",
78145
+ "CVE-2025-3466",
76750
78146
  "CVE-2025-38352",
76751
78147
  "CVE-2025-43300",
76752
78148
  "CVE-2025-49596",
@@ -76994,6 +78390,7 @@
76994
78390
  "CVE-2024-5565",
76995
78391
  "CVE-2025-27520",
76996
78392
  "CVE-2025-3248",
78393
+ "CVE-2025-3466",
76997
78394
  "CVE-2025-49844",
76998
78395
  "CVE-2025-53773",
76999
78396
  "CVE-2026-30615",
@@ -77188,6 +78585,7 @@
77188
78585
  "related_cves": [
77189
78586
  "CVE-2023-43472",
77190
78587
  "CVE-2023-6016",
78588
+ "CVE-2023-6571",
77191
78589
  "CVE-2024-12366",
77192
78590
  "CVE-2024-24590",
77193
78591
  "CVE-2024-24591",
@@ -77196,10 +78594,12 @@
77196
78594
  "CVE-2024-37052",
77197
78595
  "CVE-2024-37060",
77198
78596
  "CVE-2024-5565",
78597
+ "CVE-2024-9526",
77199
78598
  "CVE-2025-0133",
77200
78599
  "CVE-2025-1094",
77201
78600
  "CVE-2025-27520",
77202
78601
  "CVE-2025-3248",
78602
+ "CVE-2025-3466",
77203
78603
  "CVE-2025-6965",
77204
78604
  "CVE-2026-30615",
77205
78605
  "CVE-2026-30623",
@@ -78130,6 +79530,7 @@
78130
79530
  "CVE-2023-6016",
78131
79531
  "CVE-2023-6019",
78132
79532
  "CVE-2023-6021",
79533
+ "CVE-2023-6571",
78133
79534
  "CVE-2024-0129",
78134
79535
  "CVE-2024-0132",
78135
79536
  "CVE-2024-11392",
@@ -78157,6 +79558,7 @@
78157
79558
  "CVE-2024-50050",
78158
79559
  "CVE-2024-5565",
78159
79560
  "CVE-2024-6587",
79561
+ "CVE-2024-9526",
78160
79562
  "CVE-2025-0133",
78161
79563
  "CVE-2025-10585",
78162
79564
  "CVE-2025-1094",
@@ -78173,6 +79575,7 @@
78173
79575
  "CVE-2025-3248",
78174
79576
  "CVE-2025-33236",
78175
79577
  "CVE-2025-34291",
79578
+ "CVE-2025-3466",
78176
79579
  "CVE-2025-38352",
78177
79580
  "CVE-2025-43300",
78178
79581
  "CVE-2025-49596",
@@ -78501,6 +79904,7 @@
78501
79904
  "CVE-2023-6016",
78502
79905
  "CVE-2023-6019",
78503
79906
  "CVE-2023-6021",
79907
+ "CVE-2023-6571",
78504
79908
  "CVE-2024-0129",
78505
79909
  "CVE-2024-0132",
78506
79910
  "CVE-2024-0769",
@@ -78546,6 +79950,7 @@
78546
79950
  "CVE-2024-7694",
78547
79951
  "CVE-2024-8068",
78548
79952
  "CVE-2024-8069",
79953
+ "CVE-2024-9526",
78549
79954
  "CVE-2025-0133",
78550
79955
  "CVE-2025-10035",
78551
79956
  "CVE-2025-10585",
@@ -78610,6 +80015,7 @@
78610
80015
  "CVE-2025-33236",
78611
80016
  "CVE-2025-34026",
78612
80017
  "CVE-2025-34291",
80018
+ "CVE-2025-3466",
78613
80019
  "CVE-2025-35939",
78614
80020
  "CVE-2025-37164",
78615
80021
  "CVE-2025-38352",
@@ -79126,6 +80532,7 @@
79126
80532
  "CVE-2025-3248",
79127
80533
  "CVE-2025-33236",
79128
80534
  "CVE-2025-34291",
80535
+ "CVE-2025-3466",
79129
80536
  "CVE-2025-38352",
79130
80537
  "CVE-2025-43300",
79131
80538
  "CVE-2025-49596",
@@ -79468,6 +80875,7 @@
79468
80875
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
79469
80876
  "CVE-2023-43472",
79470
80877
  "CVE-2023-6016",
80878
+ "CVE-2023-6571",
79471
80879
  "CVE-2024-12366",
79472
80880
  "CVE-2024-24590",
79473
80881
  "CVE-2024-24591",
@@ -79477,10 +80885,12 @@
79477
80885
  "CVE-2024-37052",
79478
80886
  "CVE-2024-37060",
79479
80887
  "CVE-2024-5565",
80888
+ "CVE-2024-9526",
79480
80889
  "CVE-2025-0133",
79481
80890
  "CVE-2025-1094",
79482
80891
  "CVE-2025-27520",
79483
80892
  "CVE-2025-3248",
80893
+ "CVE-2025-3466",
79484
80894
  "CVE-2025-49844",
79485
80895
  "CVE-2025-53773",
79486
80896
  "CVE-2025-6965",
@@ -79765,6 +81175,7 @@
79765
81175
  "related_cves": [
79766
81176
  "CVE-2023-43472",
79767
81177
  "CVE-2023-6016",
81178
+ "CVE-2023-6571",
79768
81179
  "CVE-2024-12366",
79769
81180
  "CVE-2024-24590",
79770
81181
  "CVE-2024-24591",
@@ -79773,10 +81184,12 @@
79773
81184
  "CVE-2024-37052",
79774
81185
  "CVE-2024-37060",
79775
81186
  "CVE-2024-5565",
81187
+ "CVE-2024-9526",
79776
81188
  "CVE-2025-0133",
79777
81189
  "CVE-2025-1094",
79778
81190
  "CVE-2025-27520",
79779
81191
  "CVE-2025-3248",
81192
+ "CVE-2025-3466",
79780
81193
  "CVE-2025-53773",
79781
81194
  "CVE-2025-6965",
79782
81195
  "CVE-2026-30615",
@@ -80096,6 +81509,7 @@
80096
81509
  "CVE-2023-6016",
80097
81510
  "CVE-2023-6019",
80098
81511
  "CVE-2023-6021",
81512
+ "CVE-2023-6571",
80099
81513
  "CVE-2024-0129",
80100
81514
  "CVE-2024-0132",
80101
81515
  "CVE-2024-11392",
@@ -80123,6 +81537,7 @@
80123
81537
  "CVE-2024-50050",
80124
81538
  "CVE-2024-5565",
80125
81539
  "CVE-2024-6587",
81540
+ "CVE-2024-9526",
80126
81541
  "CVE-2025-0133",
80127
81542
  "CVE-2025-10585",
80128
81543
  "CVE-2025-1094",
@@ -80139,6 +81554,7 @@
80139
81554
  "CVE-2025-3248",
80140
81555
  "CVE-2025-33236",
80141
81556
  "CVE-2025-34291",
81557
+ "CVE-2025-3466",
80142
81558
  "CVE-2025-38352",
80143
81559
  "CVE-2025-43300",
80144
81560
  "CVE-2025-49596",
@@ -80457,6 +81873,7 @@
80457
81873
  "CVE-2023-6019",
80458
81874
  "CVE-2023-6021",
80459
81875
  "CVE-2023-6038",
81876
+ "CVE-2023-6571",
80460
81877
  "CVE-2024-0129",
80461
81878
  "CVE-2024-0132",
80462
81879
  "CVE-2024-11392",
@@ -80482,6 +81899,7 @@
80482
81899
  "CVE-2024-50050",
80483
81900
  "CVE-2024-5565",
80484
81901
  "CVE-2024-6587",
81902
+ "CVE-2024-9526",
80485
81903
  "CVE-2025-0133",
80486
81904
  "CVE-2025-1094",
80487
81905
  "CVE-2025-11837",
@@ -80498,9 +81916,11 @@
80498
81916
  "CVE-2025-3248",
80499
81917
  "CVE-2025-33236",
80500
81918
  "CVE-2025-34291",
81919
+ "CVE-2025-3466",
80501
81920
  "CVE-2025-49596",
80502
81921
  "CVE-2025-53773",
80503
81922
  "CVE-2025-54136",
81923
+ "CVE-2025-56520",
80504
81924
  "CVE-2025-60455",
80505
81925
  "CVE-2025-64496",
80506
81926
  "CVE-2025-64513",
@@ -80688,6 +82108,7 @@
80688
82108
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
80689
82109
  "CVE-2023-43472",
80690
82110
  "CVE-2023-6016",
82111
+ "CVE-2023-6571",
80691
82112
  "CVE-2024-12366",
80692
82113
  "CVE-2024-24590",
80693
82114
  "CVE-2024-24591",
@@ -80697,10 +82118,12 @@
80697
82118
  "CVE-2024-37052",
80698
82119
  "CVE-2024-37060",
80699
82120
  "CVE-2024-5565",
82121
+ "CVE-2024-9526",
80700
82122
  "CVE-2025-0133",
80701
82123
  "CVE-2025-1094",
80702
82124
  "CVE-2025-27520",
80703
82125
  "CVE-2025-3248",
82126
+ "CVE-2025-3466",
80704
82127
  "CVE-2025-49844",
80705
82128
  "CVE-2025-53773",
80706
82129
  "CVE-2025-6965",
@@ -81419,6 +82842,7 @@
81419
82842
  "CVE-2023-6016",
81420
82843
  "CVE-2023-6019",
81421
82844
  "CVE-2023-6021",
82845
+ "CVE-2023-6571",
81422
82846
  "CVE-2024-0129",
81423
82847
  "CVE-2024-0132",
81424
82848
  "CVE-2024-11392",
@@ -81446,6 +82870,7 @@
81446
82870
  "CVE-2024-50050",
81447
82871
  "CVE-2024-5565",
81448
82872
  "CVE-2024-6587",
82873
+ "CVE-2024-9526",
81449
82874
  "CVE-2025-0133",
81450
82875
  "CVE-2025-10585",
81451
82876
  "CVE-2025-1094",
@@ -81462,6 +82887,7 @@
81462
82887
  "CVE-2025-3248",
81463
82888
  "CVE-2025-33236",
81464
82889
  "CVE-2025-34291",
82890
+ "CVE-2025-3466",
81465
82891
  "CVE-2025-38352",
81466
82892
  "CVE-2025-43300",
81467
82893
  "CVE-2025-49596",
@@ -81766,6 +83192,7 @@
81766
83192
  "CVE-2023-6019",
81767
83193
  "CVE-2023-6021",
81768
83194
  "CVE-2023-6038",
83195
+ "CVE-2023-6571",
81769
83196
  "CVE-2024-0129",
81770
83197
  "CVE-2024-0132",
81771
83198
  "CVE-2024-11392",
@@ -81793,6 +83220,7 @@
81793
83220
  "CVE-2024-50050",
81794
83221
  "CVE-2024-5565",
81795
83222
  "CVE-2024-6587",
83223
+ "CVE-2024-9526",
81796
83224
  "CVE-2025-0133",
81797
83225
  "CVE-2025-1094",
81798
83226
  "CVE-2025-11837",
@@ -81811,10 +83239,12 @@
81811
83239
  "CVE-2025-3248",
81812
83240
  "CVE-2025-33236",
81813
83241
  "CVE-2025-34291",
83242
+ "CVE-2025-3466",
81814
83243
  "CVE-2025-49596",
81815
83244
  "CVE-2025-53767",
81816
83245
  "CVE-2025-53773",
81817
83246
  "CVE-2025-54136",
83247
+ "CVE-2025-56520",
81818
83248
  "CVE-2025-60455",
81819
83249
  "CVE-2025-64496",
81820
83250
  "CVE-2025-64513",