@blamejs/exceptd-skills 0.13.112 → 0.13.114

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +980 -0
  6. package/data/atlas-ttps.json +4 -0
  7. package/data/attack-techniques.json +18 -4
  8. package/data/cve-catalog.json +421 -3
  9. package/data/cwe-catalog.json +11 -2
  10. package/data/framework-control-gaps.json +36 -1
  11. package/data/zeroday-lessons.json +200 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -45750,6 +45750,952 @@
45750
45750
  ]
45751
45751
  }
45752
45752
  },
45753
+ "CVE-2025-3466": {
45754
+ "name": "Dify Code Node Sandbox Escape to Remote Code Execution",
45755
+ "rwep": 33,
45756
+ "cvss": 7.2,
45757
+ "cisa_kev": false,
45758
+ "epss_score": null,
45759
+ "referencing_skills": [
45760
+ "ai-attack-surface",
45761
+ "mcp-agent-trust",
45762
+ "compliance-theater",
45763
+ "rag-pipeline-security",
45764
+ "ai-c2-detection",
45765
+ "threat-modeling-methodology",
45766
+ "webapp-security",
45767
+ "api-security",
45768
+ "cloud-security",
45769
+ "container-runtime-security",
45770
+ "email-security-anti-phishing"
45771
+ ],
45772
+ "chain": {
45773
+ "cwes": [
45774
+ {
45775
+ "id": "CWE-1039",
45776
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
45777
+ "category": "AI/ML"
45778
+ },
45779
+ {
45780
+ "id": "CWE-1188",
45781
+ "name": "Initialization of a Resource with an Insecure Default",
45782
+ "category": "Configuration"
45783
+ },
45784
+ {
45785
+ "id": "CWE-1395",
45786
+ "name": "Dependency on Vulnerable Third-Party Component",
45787
+ "category": "Supply Chain"
45788
+ },
45789
+ {
45790
+ "id": "CWE-1426",
45791
+ "name": "Improper Validation of Generative AI Output",
45792
+ "category": "AI/ML"
45793
+ },
45794
+ {
45795
+ "id": "CWE-200",
45796
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
45797
+ "category": "Information Exposure"
45798
+ },
45799
+ {
45800
+ "id": "CWE-22",
45801
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
45802
+ "category": "Path/Resource"
45803
+ },
45804
+ {
45805
+ "id": "CWE-269",
45806
+ "name": "Improper Privilege Management",
45807
+ "category": "Authorization"
45808
+ },
45809
+ {
45810
+ "id": "CWE-287",
45811
+ "name": "Improper Authentication",
45812
+ "category": "Authentication"
45813
+ },
45814
+ {
45815
+ "id": "CWE-345",
45816
+ "name": "Insufficient Verification of Data Authenticity",
45817
+ "category": "Authenticity / Supply Chain"
45818
+ },
45819
+ {
45820
+ "id": "CWE-352",
45821
+ "name": "Cross-Site Request Forgery (CSRF)",
45822
+ "category": "Session"
45823
+ },
45824
+ {
45825
+ "id": "CWE-434",
45826
+ "name": "Unrestricted Upload of File with Dangerous Type",
45827
+ "category": "File Handling"
45828
+ },
45829
+ {
45830
+ "id": "CWE-494",
45831
+ "name": "Download of Code Without Integrity Check",
45832
+ "category": "Supply Chain"
45833
+ },
45834
+ {
45835
+ "id": "CWE-502",
45836
+ "name": "Deserialization of Untrusted Data",
45837
+ "category": "Serialization"
45838
+ },
45839
+ {
45840
+ "id": "CWE-732",
45841
+ "name": "Incorrect Permission Assignment for Critical Resource",
45842
+ "category": "Authorization"
45843
+ },
45844
+ {
45845
+ "id": "CWE-77",
45846
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
45847
+ "category": "Injection"
45848
+ },
45849
+ {
45850
+ "id": "CWE-78",
45851
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
45852
+ "category": "Injection"
45853
+ },
45854
+ {
45855
+ "id": "CWE-787",
45856
+ "name": "Out-of-bounds Write",
45857
+ "category": "Memory Safety"
45858
+ },
45859
+ {
45860
+ "id": "CWE-79",
45861
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
45862
+ "category": "Injection"
45863
+ },
45864
+ {
45865
+ "id": "CWE-798",
45866
+ "name": "Use of Hard-coded Credentials",
45867
+ "category": "Credentials"
45868
+ },
45869
+ {
45870
+ "id": "CWE-862",
45871
+ "name": "Missing Authorization",
45872
+ "category": "Authorization"
45873
+ },
45874
+ {
45875
+ "id": "CWE-863",
45876
+ "name": "Incorrect Authorization",
45877
+ "category": "Authorization"
45878
+ },
45879
+ {
45880
+ "id": "CWE-89",
45881
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
45882
+ "category": "Injection"
45883
+ },
45884
+ {
45885
+ "id": "CWE-918",
45886
+ "name": "Server-Side Request Forgery (SSRF)",
45887
+ "category": "Network"
45888
+ },
45889
+ {
45890
+ "id": "CWE-94",
45891
+ "name": "Improper Control of Generation of Code (Code Injection)",
45892
+ "category": "Injection"
45893
+ }
45894
+ ],
45895
+ "atlas": [
45896
+ {
45897
+ "id": "AML.T0010",
45898
+ "name": "ML Supply Chain Compromise",
45899
+ "tactic": "Initial Access"
45900
+ },
45901
+ {
45902
+ "id": "AML.T0016",
45903
+ "name": "Obtain Capabilities: Develop Capabilities",
45904
+ "tactic": "Resource Development"
45905
+ },
45906
+ {
45907
+ "id": "AML.T0017",
45908
+ "name": "Discover ML Model Ontology",
45909
+ "tactic": "Discovery"
45910
+ },
45911
+ {
45912
+ "id": "AML.T0018",
45913
+ "name": "Backdoor ML Model",
45914
+ "tactic": "Persistence"
45915
+ },
45916
+ {
45917
+ "id": "AML.T0020",
45918
+ "name": "Poison Training Data",
45919
+ "tactic": "ML Attack Staging"
45920
+ },
45921
+ {
45922
+ "id": "AML.T0043",
45923
+ "name": "Craft Adversarial Data",
45924
+ "tactic": "ML Attack Staging"
45925
+ },
45926
+ {
45927
+ "id": "AML.T0051",
45928
+ "name": "LLM Prompt Injection",
45929
+ "tactic": "Execution"
45930
+ },
45931
+ {
45932
+ "id": "AML.T0054",
45933
+ "name": "LLM Jailbreak",
45934
+ "tactic": "Defense Evasion"
45935
+ },
45936
+ {
45937
+ "id": "AML.T0096",
45938
+ "name": "AI API as Covert C2 Channel",
45939
+ "tactic": "Command and Control"
45940
+ }
45941
+ ],
45942
+ "d3fend": [
45943
+ {
45944
+ "id": "D3-CA",
45945
+ "name": "Certificate Analysis",
45946
+ "tactic": "Detect"
45947
+ },
45948
+ {
45949
+ "id": "D3-CBAN",
45950
+ "name": "Certificate-based Authentication",
45951
+ "tactic": "Harden"
45952
+ },
45953
+ {
45954
+ "id": "D3-CSPP",
45955
+ "name": "Client-server Payload Profiling",
45956
+ "tactic": "Detect"
45957
+ },
45958
+ {
45959
+ "id": "D3-DA",
45960
+ "name": "Domain Analysis",
45961
+ "tactic": "Detect"
45962
+ },
45963
+ {
45964
+ "id": "D3-EAL",
45965
+ "name": "Executable Allowlisting",
45966
+ "tactic": "Harden"
45967
+ },
45968
+ {
45969
+ "id": "D3-EHB",
45970
+ "name": "Executable Hashbased Allowlist",
45971
+ "tactic": "Harden"
45972
+ },
45973
+ {
45974
+ "id": "D3-IOPR",
45975
+ "name": "Input/Output Profiling Resource",
45976
+ "tactic": "Detect"
45977
+ },
45978
+ {
45979
+ "id": "D3-MFA",
45980
+ "name": "Multi-factor Authentication",
45981
+ "tactic": "Harden"
45982
+ },
45983
+ {
45984
+ "id": "D3-NI",
45985
+ "name": "Network Isolation",
45986
+ "tactic": "Isolate"
45987
+ },
45988
+ {
45989
+ "id": "D3-NTA",
45990
+ "name": "Network Traffic Analysis",
45991
+ "tactic": "Detect"
45992
+ },
45993
+ {
45994
+ "id": "D3-NTPM",
45995
+ "name": "Network Traffic Policy Mapping",
45996
+ "tactic": "Model"
45997
+ }
45998
+ ],
45999
+ "framework_gaps": [
46000
+ {
46001
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
46002
+ "framework": "ALL",
46003
+ "control_name": "AI Pipeline Integrity"
46004
+ },
46005
+ {
46006
+ "id": "ALL-MCP-TOOL-TRUST",
46007
+ "framework": "ALL",
46008
+ "control_name": "MCP/Agent Tool Trust Boundaries"
46009
+ },
46010
+ {
46011
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
46012
+ "framework": "ALL",
46013
+ "control_name": "Prompt Injection as Access Control Failure"
46014
+ },
46015
+ {
46016
+ "id": "CMMC-2.0-Level-2",
46017
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
46018
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
46019
+ },
46020
+ {
46021
+ "id": "FedRAMP-Rev5-Moderate",
46022
+ "framework": "FedRAMP Rev 5 Moderate",
46023
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
46024
+ },
46025
+ {
46026
+ "id": "ISO-27001-2022-A.8.16",
46027
+ "framework": "ISO/IEC 27001:2022",
46028
+ "control_name": "Monitoring activities"
46029
+ },
46030
+ {
46031
+ "id": "ISO-27001-2022-A.8.28",
46032
+ "framework": "ISO/IEC 27001:2022",
46033
+ "control_name": "Secure coding"
46034
+ },
46035
+ {
46036
+ "id": "ISO-27001-2022-A.8.30",
46037
+ "framework": "ISO/IEC 27001:2022",
46038
+ "control_name": "Outsourced development"
46039
+ },
46040
+ {
46041
+ "id": "ISO-IEC-23894-2023-clause-7",
46042
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
46043
+ "control_name": "AI risk management process"
46044
+ },
46045
+ {
46046
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
46047
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
46048
+ "control_name": "AI risk assessment"
46049
+ },
46050
+ {
46051
+ "id": "NIST-800-218-SSDF",
46052
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
46053
+ "control_name": "Secure Software Development Framework"
46054
+ },
46055
+ {
46056
+ "id": "NIST-800-53-AC-2",
46057
+ "framework": "NIST SP 800-53 Rev 5",
46058
+ "control_name": "Account Management"
46059
+ },
46060
+ {
46061
+ "id": "NIST-800-53-CM-7",
46062
+ "framework": "NIST SP 800-53 Rev 5",
46063
+ "control_name": "Least Functionality"
46064
+ },
46065
+ {
46066
+ "id": "NIST-800-53-SA-12",
46067
+ "framework": "NIST SP 800-53 Rev 5",
46068
+ "control_name": "Supply Chain Protection"
46069
+ },
46070
+ {
46071
+ "id": "NIST-800-53-SC-7",
46072
+ "framework": "NIST SP 800-53 Rev 5",
46073
+ "control_name": "Boundary Protection"
46074
+ },
46075
+ {
46076
+ "id": "NIST-800-53-SI-12",
46077
+ "framework": "NIST SP 800-53 Rev 5",
46078
+ "control_name": "Information Management and Retention"
46079
+ },
46080
+ {
46081
+ "id": "NIST-800-53-SI-3",
46082
+ "framework": "NIST SP 800-53 Rev 5",
46083
+ "control_name": "Malicious Code Protection"
46084
+ },
46085
+ {
46086
+ "id": "NIST-AI-RMF-MEASURE-2.5",
46087
+ "framework": "NIST AI RMF 1.0",
46088
+ "control_name": "AI system to human interaction evaluation"
46089
+ },
46090
+ {
46091
+ "id": "OWASP-ASVS-v5.0-V14",
46092
+ "framework": "OWASP ASVS v5.0",
46093
+ "control_name": "Configuration verification"
46094
+ },
46095
+ {
46096
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
46097
+ "framework": "OWASP Top 10 for LLM Applications 2025",
46098
+ "control_name": "Prompt Injection"
46099
+ },
46100
+ {
46101
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
46102
+ "framework": "OWASP Top 10 for LLM Applications 2025",
46103
+ "control_name": "Sensitive Information Disclosure"
46104
+ },
46105
+ {
46106
+ "id": "OWASP-LLM-Top-10-2025-LLM06",
46107
+ "framework": "OWASP Top 10 for LLM Applications 2025",
46108
+ "control_name": "Excessive Agency"
46109
+ },
46110
+ {
46111
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
46112
+ "framework": "OWASP Top 10 for LLM Applications 2025",
46113
+ "control_name": "Vector and Embedding Weaknesses"
46114
+ },
46115
+ {
46116
+ "id": "SLSA-v1.0-Build-L3",
46117
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
46118
+ "control_name": "Hardened build platform with non-falsifiable provenance"
46119
+ },
46120
+ {
46121
+ "id": "SOC2-CC6-logical-access",
46122
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
46123
+ "control_name": "Logical and Physical Access Controls"
46124
+ },
46125
+ {
46126
+ "id": "SOC2-CC7-anomaly-detection",
46127
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
46128
+ "control_name": "System Operations — Threat and Vulnerability Management"
46129
+ },
46130
+ {
46131
+ "id": "SOC2-CC9-vendor-management",
46132
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
46133
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
46134
+ },
46135
+ {
46136
+ "id": "SWIFT-CSCF-v2026-1.1",
46137
+ "framework": "SWIFT Customer Security Controls Framework v2026",
46138
+ "control_name": "SWIFT Environment Protection"
46139
+ }
46140
+ ],
46141
+ "attack_refs": [
46142
+ "T1059",
46143
+ "T1068",
46144
+ "T1071",
46145
+ "T1078",
46146
+ "T1102",
46147
+ "T1190",
46148
+ "T1195.001",
46149
+ "T1505",
46150
+ "T1530",
46151
+ "T1552",
46152
+ "T1565",
46153
+ "T1566",
46154
+ "T1566.001",
46155
+ "T1566.002",
46156
+ "T1566.003",
46157
+ "T1567",
46158
+ "T1568",
46159
+ "T1610",
46160
+ "T1611"
46161
+ ],
46162
+ "rfc_refs": [
46163
+ "RFC-6749",
46164
+ "RFC-7519",
46165
+ "RFC-8032",
46166
+ "RFC-8446",
46167
+ "RFC-8725",
46168
+ "RFC-9000",
46169
+ "RFC-9114",
46170
+ "RFC-9180",
46171
+ "RFC-9421",
46172
+ "RFC-9458",
46173
+ "RFC-9700"
46174
+ ]
46175
+ }
46176
+ },
46177
+ "CVE-2025-56520": {
46178
+ "name": "Dify Remote File Upload Server-Side Request Forgery",
46179
+ "rwep": 30,
46180
+ "cvss": 5.3,
46181
+ "cisa_kev": false,
46182
+ "epss_score": null,
46183
+ "referencing_skills": [
46184
+ "ai-attack-surface",
46185
+ "compliance-theater",
46186
+ "ai-c2-detection",
46187
+ "dlp-gap-analysis"
46188
+ ],
46189
+ "chain": {
46190
+ "cwes": [
46191
+ {
46192
+ "id": "CWE-1039",
46193
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
46194
+ "category": "AI/ML"
46195
+ },
46196
+ {
46197
+ "id": "CWE-1426",
46198
+ "name": "Improper Validation of Generative AI Output",
46199
+ "category": "AI/ML"
46200
+ },
46201
+ {
46202
+ "id": "CWE-200",
46203
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
46204
+ "category": "Information Exposure"
46205
+ },
46206
+ {
46207
+ "id": "CWE-94",
46208
+ "name": "Improper Control of Generation of Code (Code Injection)",
46209
+ "category": "Injection"
46210
+ }
46211
+ ],
46212
+ "atlas": [
46213
+ {
46214
+ "id": "AML.T0016",
46215
+ "name": "Obtain Capabilities: Develop Capabilities",
46216
+ "tactic": "Resource Development"
46217
+ },
46218
+ {
46219
+ "id": "AML.T0017",
46220
+ "name": "Discover ML Model Ontology",
46221
+ "tactic": "Discovery"
46222
+ },
46223
+ {
46224
+ "id": "AML.T0018",
46225
+ "name": "Backdoor ML Model",
46226
+ "tactic": "Persistence"
46227
+ },
46228
+ {
46229
+ "id": "AML.T0020",
46230
+ "name": "Poison Training Data",
46231
+ "tactic": "ML Attack Staging"
46232
+ },
46233
+ {
46234
+ "id": "AML.T0043",
46235
+ "name": "Craft Adversarial Data",
46236
+ "tactic": "ML Attack Staging"
46237
+ },
46238
+ {
46239
+ "id": "AML.T0051",
46240
+ "name": "LLM Prompt Injection",
46241
+ "tactic": "Execution"
46242
+ },
46243
+ {
46244
+ "id": "AML.T0054",
46245
+ "name": "LLM Jailbreak",
46246
+ "tactic": "Defense Evasion"
46247
+ },
46248
+ {
46249
+ "id": "AML.T0096",
46250
+ "name": "AI API as Covert C2 Channel",
46251
+ "tactic": "Command and Control"
46252
+ }
46253
+ ],
46254
+ "d3fend": [
46255
+ {
46256
+ "id": "D3-CA",
46257
+ "name": "Certificate Analysis",
46258
+ "tactic": "Detect"
46259
+ },
46260
+ {
46261
+ "id": "D3-CSPP",
46262
+ "name": "Client-server Payload Profiling",
46263
+ "tactic": "Detect"
46264
+ },
46265
+ {
46266
+ "id": "D3-DA",
46267
+ "name": "Domain Analysis",
46268
+ "tactic": "Detect"
46269
+ },
46270
+ {
46271
+ "id": "D3-EAL",
46272
+ "name": "Executable Allowlisting",
46273
+ "tactic": "Harden"
46274
+ },
46275
+ {
46276
+ "id": "D3-IOPR",
46277
+ "name": "Input/Output Profiling Resource",
46278
+ "tactic": "Detect"
46279
+ },
46280
+ {
46281
+ "id": "D3-NI",
46282
+ "name": "Network Isolation",
46283
+ "tactic": "Isolate"
46284
+ },
46285
+ {
46286
+ "id": "D3-NTA",
46287
+ "name": "Network Traffic Analysis",
46288
+ "tactic": "Detect"
46289
+ },
46290
+ {
46291
+ "id": "D3-NTPM",
46292
+ "name": "Network Traffic Policy Mapping",
46293
+ "tactic": "Model"
46294
+ }
46295
+ ],
46296
+ "framework_gaps": [
46297
+ {
46298
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
46299
+ "framework": "ALL",
46300
+ "control_name": "AI Pipeline Integrity"
46301
+ },
46302
+ {
46303
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
46304
+ "framework": "ALL",
46305
+ "control_name": "Prompt Injection as Access Control Failure"
46306
+ },
46307
+ {
46308
+ "id": "CMMC-2.0-Level-2",
46309
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
46310
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
46311
+ },
46312
+ {
46313
+ "id": "FedRAMP-Rev5-Moderate",
46314
+ "framework": "FedRAMP Rev 5 Moderate",
46315
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
46316
+ },
46317
+ {
46318
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
46319
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
46320
+ "control_name": "Access control standard (technical safeguards)"
46321
+ },
46322
+ {
46323
+ "id": "ISO-27001-2022-A.8.16",
46324
+ "framework": "ISO/IEC 27001:2022",
46325
+ "control_name": "Monitoring activities"
46326
+ },
46327
+ {
46328
+ "id": "ISO-27001-2022-A.8.28",
46329
+ "framework": "ISO/IEC 27001:2022",
46330
+ "control_name": "Secure coding"
46331
+ },
46332
+ {
46333
+ "id": "ISO-IEC-23894-2023-clause-7",
46334
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
46335
+ "control_name": "AI risk management process"
46336
+ },
46337
+ {
46338
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
46339
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
46340
+ "control_name": "AI risk assessment"
46341
+ },
46342
+ {
46343
+ "id": "NIST-800-53-AC-2",
46344
+ "framework": "NIST SP 800-53 Rev 5",
46345
+ "control_name": "Account Management"
46346
+ },
46347
+ {
46348
+ "id": "NIST-800-53-SC-28",
46349
+ "framework": "NIST SP 800-53 Rev 5",
46350
+ "control_name": "Protection of Information at Rest"
46351
+ },
46352
+ {
46353
+ "id": "NIST-800-53-SC-7",
46354
+ "framework": "NIST SP 800-53 Rev 5",
46355
+ "control_name": "Boundary Protection"
46356
+ },
46357
+ {
46358
+ "id": "NIST-800-53-SI-3",
46359
+ "framework": "NIST SP 800-53 Rev 5",
46360
+ "control_name": "Malicious Code Protection"
46361
+ },
46362
+ {
46363
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
46364
+ "framework": "OWASP Top 10 for LLM Applications 2025",
46365
+ "control_name": "Prompt Injection"
46366
+ },
46367
+ {
46368
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
46369
+ "framework": "OWASP Top 10 for LLM Applications 2025",
46370
+ "control_name": "Sensitive Information Disclosure"
46371
+ },
46372
+ {
46373
+ "id": "SOC2-CC6-logical-access",
46374
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
46375
+ "control_name": "Logical and Physical Access Controls"
46376
+ },
46377
+ {
46378
+ "id": "SOC2-CC7-anomaly-detection",
46379
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
46380
+ "control_name": "System Operations — Threat and Vulnerability Management"
46381
+ }
46382
+ ],
46383
+ "attack_refs": [
46384
+ "T1041",
46385
+ "T1059",
46386
+ "T1071",
46387
+ "T1102",
46388
+ "T1190",
46389
+ "T1213",
46390
+ "T1530",
46391
+ "T1566",
46392
+ "T1567",
46393
+ "T1568"
46394
+ ],
46395
+ "rfc_refs": [
46396
+ "RFC-8446",
46397
+ "RFC-9000",
46398
+ "RFC-9114",
46399
+ "RFC-9180",
46400
+ "RFC-9421",
46401
+ "RFC-9458"
46402
+ ]
46403
+ }
46404
+ },
46405
+ "CVE-2025-1796": {
46406
+ "name": "Dify Weak-PRNG Password Reset Account Takeover",
46407
+ "rwep": 44,
46408
+ "cvss": 8.8,
46409
+ "cisa_kev": false,
46410
+ "epss_score": null,
46411
+ "referencing_skills": [
46412
+ "ai-attack-surface",
46413
+ "compliance-theater"
46414
+ ],
46415
+ "chain": {
46416
+ "cwes": [
46417
+ {
46418
+ "id": "CWE-1039",
46419
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
46420
+ "category": "AI/ML"
46421
+ },
46422
+ {
46423
+ "id": "CWE-1426",
46424
+ "name": "Improper Validation of Generative AI Output",
46425
+ "category": "AI/ML"
46426
+ },
46427
+ {
46428
+ "id": "CWE-94",
46429
+ "name": "Improper Control of Generation of Code (Code Injection)",
46430
+ "category": "Injection"
46431
+ }
46432
+ ],
46433
+ "atlas": [
46434
+ {
46435
+ "id": "AML.T0016",
46436
+ "name": "Obtain Capabilities: Develop Capabilities",
46437
+ "tactic": "Resource Development"
46438
+ },
46439
+ {
46440
+ "id": "AML.T0017",
46441
+ "name": "Discover ML Model Ontology",
46442
+ "tactic": "Discovery"
46443
+ },
46444
+ {
46445
+ "id": "AML.T0018",
46446
+ "name": "Backdoor ML Model",
46447
+ "tactic": "Persistence"
46448
+ },
46449
+ {
46450
+ "id": "AML.T0020",
46451
+ "name": "Poison Training Data",
46452
+ "tactic": "ML Attack Staging"
46453
+ },
46454
+ {
46455
+ "id": "AML.T0043",
46456
+ "name": "Craft Adversarial Data",
46457
+ "tactic": "ML Attack Staging"
46458
+ },
46459
+ {
46460
+ "id": "AML.T0051",
46461
+ "name": "LLM Prompt Injection",
46462
+ "tactic": "Execution"
46463
+ },
46464
+ {
46465
+ "id": "AML.T0054",
46466
+ "name": "LLM Jailbreak",
46467
+ "tactic": "Defense Evasion"
46468
+ },
46469
+ {
46470
+ "id": "AML.T0096",
46471
+ "name": "AI API as Covert C2 Channel",
46472
+ "tactic": "Command and Control"
46473
+ }
46474
+ ],
46475
+ "d3fend": [
46476
+ {
46477
+ "id": "D3-IOPR",
46478
+ "name": "Input/Output Profiling Resource",
46479
+ "tactic": "Detect"
46480
+ },
46481
+ {
46482
+ "id": "D3-NTA",
46483
+ "name": "Network Traffic Analysis",
46484
+ "tactic": "Detect"
46485
+ }
46486
+ ],
46487
+ "framework_gaps": [
46488
+ {
46489
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
46490
+ "framework": "ALL",
46491
+ "control_name": "AI Pipeline Integrity"
46492
+ },
46493
+ {
46494
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
46495
+ "framework": "ALL",
46496
+ "control_name": "Prompt Injection as Access Control Failure"
46497
+ },
46498
+ {
46499
+ "id": "CMMC-2.0-Level-2",
46500
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
46501
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
46502
+ },
46503
+ {
46504
+ "id": "FedRAMP-Rev5-Moderate",
46505
+ "framework": "FedRAMP Rev 5 Moderate",
46506
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
46507
+ },
46508
+ {
46509
+ "id": "ISO-27001-2022-A.8.28",
46510
+ "framework": "ISO/IEC 27001:2022",
46511
+ "control_name": "Secure coding"
46512
+ },
46513
+ {
46514
+ "id": "ISO-IEC-23894-2023-clause-7",
46515
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
46516
+ "control_name": "AI risk management process"
46517
+ },
46518
+ {
46519
+ "id": "NIST-800-53-AC-2",
46520
+ "framework": "NIST SP 800-53 Rev 5",
46521
+ "control_name": "Account Management"
46522
+ },
46523
+ {
46524
+ "id": "NIST-800-53-SI-3",
46525
+ "framework": "NIST SP 800-53 Rev 5",
46526
+ "control_name": "Malicious Code Protection"
46527
+ },
46528
+ {
46529
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
46530
+ "framework": "OWASP Top 10 for LLM Applications 2025",
46531
+ "control_name": "Prompt Injection"
46532
+ },
46533
+ {
46534
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
46535
+ "framework": "OWASP Top 10 for LLM Applications 2025",
46536
+ "control_name": "Sensitive Information Disclosure"
46537
+ },
46538
+ {
46539
+ "id": "SOC2-CC6-logical-access",
46540
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
46541
+ "control_name": "Logical and Physical Access Controls"
46542
+ }
46543
+ ],
46544
+ "attack_refs": [
46545
+ "T1059",
46546
+ "T1190",
46547
+ "T1566"
46548
+ ],
46549
+ "rfc_refs": []
46550
+ }
46551
+ },
46552
+ "CVE-2024-12776": {
46553
+ "name": "Dify Unverified Password-Reset Endpoint Account Takeover",
46554
+ "rwep": 44,
46555
+ "cvss": 8.1,
46556
+ "cisa_kev": false,
46557
+ "epss_score": null,
46558
+ "referencing_skills": [
46559
+ "ai-attack-surface",
46560
+ "compliance-theater"
46561
+ ],
46562
+ "chain": {
46563
+ "cwes": [
46564
+ {
46565
+ "id": "CWE-1039",
46566
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
46567
+ "category": "AI/ML"
46568
+ },
46569
+ {
46570
+ "id": "CWE-1426",
46571
+ "name": "Improper Validation of Generative AI Output",
46572
+ "category": "AI/ML"
46573
+ },
46574
+ {
46575
+ "id": "CWE-94",
46576
+ "name": "Improper Control of Generation of Code (Code Injection)",
46577
+ "category": "Injection"
46578
+ }
46579
+ ],
46580
+ "atlas": [
46581
+ {
46582
+ "id": "AML.T0016",
46583
+ "name": "Obtain Capabilities: Develop Capabilities",
46584
+ "tactic": "Resource Development"
46585
+ },
46586
+ {
46587
+ "id": "AML.T0017",
46588
+ "name": "Discover ML Model Ontology",
46589
+ "tactic": "Discovery"
46590
+ },
46591
+ {
46592
+ "id": "AML.T0018",
46593
+ "name": "Backdoor ML Model",
46594
+ "tactic": "Persistence"
46595
+ },
46596
+ {
46597
+ "id": "AML.T0020",
46598
+ "name": "Poison Training Data",
46599
+ "tactic": "ML Attack Staging"
46600
+ },
46601
+ {
46602
+ "id": "AML.T0043",
46603
+ "name": "Craft Adversarial Data",
46604
+ "tactic": "ML Attack Staging"
46605
+ },
46606
+ {
46607
+ "id": "AML.T0051",
46608
+ "name": "LLM Prompt Injection",
46609
+ "tactic": "Execution"
46610
+ },
46611
+ {
46612
+ "id": "AML.T0054",
46613
+ "name": "LLM Jailbreak",
46614
+ "tactic": "Defense Evasion"
46615
+ },
46616
+ {
46617
+ "id": "AML.T0096",
46618
+ "name": "AI API as Covert C2 Channel",
46619
+ "tactic": "Command and Control"
46620
+ }
46621
+ ],
46622
+ "d3fend": [
46623
+ {
46624
+ "id": "D3-IOPR",
46625
+ "name": "Input/Output Profiling Resource",
46626
+ "tactic": "Detect"
46627
+ },
46628
+ {
46629
+ "id": "D3-NTA",
46630
+ "name": "Network Traffic Analysis",
46631
+ "tactic": "Detect"
46632
+ }
46633
+ ],
46634
+ "framework_gaps": [
46635
+ {
46636
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
46637
+ "framework": "ALL",
46638
+ "control_name": "AI Pipeline Integrity"
46639
+ },
46640
+ {
46641
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
46642
+ "framework": "ALL",
46643
+ "control_name": "Prompt Injection as Access Control Failure"
46644
+ },
46645
+ {
46646
+ "id": "CMMC-2.0-Level-2",
46647
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
46648
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
46649
+ },
46650
+ {
46651
+ "id": "FedRAMP-Rev5-Moderate",
46652
+ "framework": "FedRAMP Rev 5 Moderate",
46653
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
46654
+ },
46655
+ {
46656
+ "id": "ISO-27001-2022-A.8.28",
46657
+ "framework": "ISO/IEC 27001:2022",
46658
+ "control_name": "Secure coding"
46659
+ },
46660
+ {
46661
+ "id": "ISO-IEC-23894-2023-clause-7",
46662
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
46663
+ "control_name": "AI risk management process"
46664
+ },
46665
+ {
46666
+ "id": "NIST-800-53-AC-2",
46667
+ "framework": "NIST SP 800-53 Rev 5",
46668
+ "control_name": "Account Management"
46669
+ },
46670
+ {
46671
+ "id": "NIST-800-53-SI-3",
46672
+ "framework": "NIST SP 800-53 Rev 5",
46673
+ "control_name": "Malicious Code Protection"
46674
+ },
46675
+ {
46676
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
46677
+ "framework": "OWASP Top 10 for LLM Applications 2025",
46678
+ "control_name": "Prompt Injection"
46679
+ },
46680
+ {
46681
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
46682
+ "framework": "OWASP Top 10 for LLM Applications 2025",
46683
+ "control_name": "Sensitive Information Disclosure"
46684
+ },
46685
+ {
46686
+ "id": "SOC2-CC6-logical-access",
46687
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
46688
+ "control_name": "Logical and Physical Access Controls"
46689
+ }
46690
+ ],
46691
+ "attack_refs": [
46692
+ "T1059",
46693
+ "T1190",
46694
+ "T1566"
46695
+ ],
46696
+ "rfc_refs": []
46697
+ }
46698
+ },
45753
46699
  "CVE-2026-41091": {
45754
46700
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
45755
46701
  "rwep": 45,
@@ -72179,6 +73125,7 @@
72179
73125
  "CVE-2025-3248",
72180
73126
  "CVE-2025-33236",
72181
73127
  "CVE-2025-34291",
73128
+ "CVE-2025-3466",
72182
73129
  "CVE-2025-38352",
72183
73130
  "CVE-2025-43300",
72184
73131
  "CVE-2025-49596",
@@ -72420,6 +73367,7 @@
72420
73367
  "CVE-2025-1094",
72421
73368
  "CVE-2025-27520",
72422
73369
  "CVE-2025-3248",
73370
+ "CVE-2025-3466",
72423
73371
  "CVE-2025-49844",
72424
73372
  "CVE-2025-53773",
72425
73373
  "CVE-2025-6965",
@@ -72615,6 +73563,7 @@
72615
73563
  "CVE-2025-3248",
72616
73564
  "CVE-2025-33236",
72617
73565
  "CVE-2025-34291",
73566
+ "CVE-2025-3466",
72618
73567
  "CVE-2025-38352",
72619
73568
  "CVE-2025-43300",
72620
73569
  "CVE-2025-49596",
@@ -72829,6 +73778,7 @@
72829
73778
  "CVE-2025-3248",
72830
73779
  "CVE-2025-33236",
72831
73780
  "CVE-2025-34291",
73781
+ "CVE-2025-3466",
72832
73782
  "CVE-2025-38352",
72833
73783
  "CVE-2025-43300",
72834
73784
  "CVE-2025-49596",
@@ -73057,6 +74007,7 @@
73057
74007
  "CVE-2025-3248",
73058
74008
  "CVE-2025-33236",
73059
74009
  "CVE-2025-34291",
74010
+ "CVE-2025-3466",
73060
74011
  "CVE-2025-38352",
73061
74012
  "CVE-2025-43300",
73062
74013
  "CVE-2025-49596",
@@ -73357,6 +74308,7 @@
73357
74308
  "CVE-2024-11393",
73358
74309
  "CVE-2024-11394",
73359
74310
  "CVE-2024-12366",
74311
+ "CVE-2024-12776",
73360
74312
  "CVE-2024-13059",
73361
74313
  "CVE-2024-1561",
73362
74314
  "CVE-2024-21513",
@@ -73384,6 +74336,7 @@
73384
74336
  "CVE-2025-11837",
73385
74337
  "CVE-2025-1550",
73386
74338
  "CVE-2025-1753",
74339
+ "CVE-2025-1796",
73387
74340
  "CVE-2025-23254",
73388
74341
  "CVE-2025-23266",
73389
74342
  "CVE-2025-25297",
@@ -73395,10 +74348,12 @@
73395
74348
  "CVE-2025-3248",
73396
74349
  "CVE-2025-33236",
73397
74350
  "CVE-2025-34291",
74351
+ "CVE-2025-3466",
73398
74352
  "CVE-2025-49596",
73399
74353
  "CVE-2025-49844",
73400
74354
  "CVE-2025-53773",
73401
74355
  "CVE-2025-54136",
74356
+ "CVE-2025-56520",
73402
74357
  "CVE-2025-60455",
73403
74358
  "CVE-2025-64496",
73404
74359
  "CVE-2025-64513",
@@ -74162,9 +75117,11 @@
74162
75117
  "CVE-2025-30202",
74163
75118
  "CVE-2025-32444",
74164
75119
  "CVE-2025-3248",
75120
+ "CVE-2025-3466",
74165
75121
  "CVE-2025-49844",
74166
75122
  "CVE-2025-53767",
74167
75123
  "CVE-2025-53773",
75124
+ "CVE-2025-56520",
74168
75125
  "CVE-2025-6965",
74169
75126
  "CVE-2026-30615",
74170
75127
  "CVE-2026-30623",
@@ -74568,6 +75525,7 @@
74568
75525
  "CVE-2025-3248",
74569
75526
  "CVE-2025-33236",
74570
75527
  "CVE-2025-34291",
75528
+ "CVE-2025-3466",
74571
75529
  "CVE-2025-38352",
74572
75530
  "CVE-2025-43300",
74573
75531
  "CVE-2025-49596",
@@ -75221,6 +76179,7 @@
75221
76179
  "CVE-2025-3248",
75222
76180
  "CVE-2025-33236",
75223
76181
  "CVE-2025-34291",
76182
+ "CVE-2025-3466",
75224
76183
  "CVE-2025-38352",
75225
76184
  "CVE-2025-43300",
75226
76185
  "CVE-2025-49596",
@@ -75943,6 +76902,7 @@
75943
76902
  "CVE-2024-5565",
75944
76903
  "CVE-2025-27520",
75945
76904
  "CVE-2025-3248",
76905
+ "CVE-2025-3466",
75946
76906
  "CVE-2025-49844",
75947
76907
  "CVE-2025-53773",
75948
76908
  "CVE-2026-30615",
@@ -76227,6 +77187,7 @@
76227
77187
  "CVE-2025-3248",
76228
77188
  "CVE-2025-33236",
76229
77189
  "CVE-2025-34291",
77190
+ "CVE-2025-3466",
76230
77191
  "CVE-2025-38352",
76231
77192
  "CVE-2025-43300",
76232
77193
  "CVE-2025-49596",
@@ -77477,6 +78438,7 @@
77477
78438
  "CVE-2025-3248",
77478
78439
  "CVE-2025-33236",
77479
78440
  "CVE-2025-34291",
78441
+ "CVE-2025-3466",
77480
78442
  "CVE-2025-38352",
77481
78443
  "CVE-2025-43300",
77482
78444
  "CVE-2025-49596",
@@ -77724,6 +78686,7 @@
77724
78686
  "CVE-2024-5565",
77725
78687
  "CVE-2025-27520",
77726
78688
  "CVE-2025-3248",
78689
+ "CVE-2025-3466",
77727
78690
  "CVE-2025-49844",
77728
78691
  "CVE-2025-53773",
77729
78692
  "CVE-2026-30615",
@@ -77932,6 +78895,7 @@
77932
78895
  "CVE-2025-1094",
77933
78896
  "CVE-2025-27520",
77934
78897
  "CVE-2025-3248",
78898
+ "CVE-2025-3466",
77935
78899
  "CVE-2025-6965",
77936
78900
  "CVE-2026-30615",
77937
78901
  "CVE-2026-30623",
@@ -78907,6 +79871,7 @@
78907
79871
  "CVE-2025-3248",
78908
79872
  "CVE-2025-33236",
78909
79873
  "CVE-2025-34291",
79874
+ "CVE-2025-3466",
78910
79875
  "CVE-2025-38352",
78911
79876
  "CVE-2025-43300",
78912
79877
  "CVE-2025-49596",
@@ -79346,6 +80311,7 @@
79346
80311
  "CVE-2025-33236",
79347
80312
  "CVE-2025-34026",
79348
80313
  "CVE-2025-34291",
80314
+ "CVE-2025-3466",
79349
80315
  "CVE-2025-35939",
79350
80316
  "CVE-2025-37164",
79351
80317
  "CVE-2025-38352",
@@ -79862,6 +80828,7 @@
79862
80828
  "CVE-2025-3248",
79863
80829
  "CVE-2025-33236",
79864
80830
  "CVE-2025-34291",
80831
+ "CVE-2025-3466",
79865
80832
  "CVE-2025-38352",
79866
80833
  "CVE-2025-43300",
79867
80834
  "CVE-2025-49596",
@@ -80219,6 +81186,7 @@
80219
81186
  "CVE-2025-1094",
80220
81187
  "CVE-2025-27520",
80221
81188
  "CVE-2025-3248",
81189
+ "CVE-2025-3466",
80222
81190
  "CVE-2025-49844",
80223
81191
  "CVE-2025-53773",
80224
81192
  "CVE-2025-6965",
@@ -80517,6 +81485,7 @@
80517
81485
  "CVE-2025-1094",
80518
81486
  "CVE-2025-27520",
80519
81487
  "CVE-2025-3248",
81488
+ "CVE-2025-3466",
80520
81489
  "CVE-2025-53773",
80521
81490
  "CVE-2025-6965",
80522
81491
  "CVE-2026-30615",
@@ -80881,6 +81850,7 @@
80881
81850
  "CVE-2025-3248",
80882
81851
  "CVE-2025-33236",
80883
81852
  "CVE-2025-34291",
81853
+ "CVE-2025-3466",
80884
81854
  "CVE-2025-38352",
80885
81855
  "CVE-2025-43300",
80886
81856
  "CVE-2025-49596",
@@ -81206,6 +82176,7 @@
81206
82176
  "CVE-2024-11393",
81207
82177
  "CVE-2024-11394",
81208
82178
  "CVE-2024-12366",
82179
+ "CVE-2024-12776",
81209
82180
  "CVE-2024-13059",
81210
82181
  "CVE-2024-1561",
81211
82182
  "CVE-2024-21513",
@@ -81231,6 +82202,7 @@
81231
82202
  "CVE-2025-11837",
81232
82203
  "CVE-2025-1550",
81233
82204
  "CVE-2025-1753",
82205
+ "CVE-2025-1796",
81234
82206
  "CVE-2025-23254",
81235
82207
  "CVE-2025-23266",
81236
82208
  "CVE-2025-25297",
@@ -81242,9 +82214,11 @@
81242
82214
  "CVE-2025-3248",
81243
82215
  "CVE-2025-33236",
81244
82216
  "CVE-2025-34291",
82217
+ "CVE-2025-3466",
81245
82218
  "CVE-2025-49596",
81246
82219
  "CVE-2025-53773",
81247
82220
  "CVE-2025-54136",
82221
+ "CVE-2025-56520",
81248
82222
  "CVE-2025-60455",
81249
82223
  "CVE-2025-64496",
81250
82224
  "CVE-2025-64513",
@@ -81447,6 +82421,7 @@
81447
82421
  "CVE-2025-1094",
81448
82422
  "CVE-2025-27520",
81449
82423
  "CVE-2025-3248",
82424
+ "CVE-2025-3466",
81450
82425
  "CVE-2025-49844",
81451
82426
  "CVE-2025-53773",
81452
82427
  "CVE-2025-6965",
@@ -82210,6 +83185,7 @@
82210
83185
  "CVE-2025-3248",
82211
83186
  "CVE-2025-33236",
82212
83187
  "CVE-2025-34291",
83188
+ "CVE-2025-3466",
82213
83189
  "CVE-2025-38352",
82214
83190
  "CVE-2025-43300",
82215
83191
  "CVE-2025-49596",
@@ -82521,6 +83497,7 @@
82521
83497
  "CVE-2024-11393",
82522
83498
  "CVE-2024-11394",
82523
83499
  "CVE-2024-12366",
83500
+ "CVE-2024-12776",
82524
83501
  "CVE-2024-13059",
82525
83502
  "CVE-2024-1561",
82526
83503
  "CVE-2024-21513",
@@ -82549,6 +83526,7 @@
82549
83526
  "CVE-2025-14847",
82550
83527
  "CVE-2025-1550",
82551
83528
  "CVE-2025-1753",
83529
+ "CVE-2025-1796",
82552
83530
  "CVE-2025-22226",
82553
83531
  "CVE-2025-23254",
82554
83532
  "CVE-2025-23266",
@@ -82561,10 +83539,12 @@
82561
83539
  "CVE-2025-3248",
82562
83540
  "CVE-2025-33236",
82563
83541
  "CVE-2025-34291",
83542
+ "CVE-2025-3466",
82564
83543
  "CVE-2025-49596",
82565
83544
  "CVE-2025-53767",
82566
83545
  "CVE-2025-53773",
82567
83546
  "CVE-2025-54136",
83547
+ "CVE-2025-56520",
82568
83548
  "CVE-2025-60455",
82569
83549
  "CVE-2025-64496",
82570
83550
  "CVE-2025-64513",