@blamejs/exceptd-skills 0.13.113 → 0.13.114

package/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 0.13.114 — 2026-05-26
+
+CVE catalog — Dify password-recovery account takeover. Adds two flaws in Dify's password-reset flow, both yielding takeover of any account including administrators (CWE-640 weak password-recovery mechanism). **CVE-2025-1796** (CWE-338 / CWE-640, NVD CVSS 8.8 HIGH; huntr CNA 7.5) — reset codes are generated with a weak pseudo-random number generator (`random.randint`), so an attacker predicts the code and resets any account. **CVE-2024-12776** (CWE-287 / CWE-640, huntr CNA CVSS 8.1 HIGH; NVD classifies it CWE-305) — the `/forgot-password/resets` endpoint does not verify the reset code before allowing a reset. Neither has a fixed version published, so mitigation is generating reset tokens with a CSPRNG and verifying them server-side. Both introduce NEW-CTRL-108: an AI app's password-recovery flow must use cryptographically secure, single-use, short-lived reset tokens and verify them server-side before any reset. CVE count 402 → 404.
+
 ## 0.13.113 — 2026-05-26
 
 CVE catalog — Dify LLM app-platform. Adds two flaws in Dify, the low-code LLM application-development platform. **CVE-2025-3466** (CWE-94 / CWE-693, NVD CVSS 7.2 HIGH; huntr CNA 9.8 CRITICAL) — the code node runs user-supplied code in a sandbox, but unsanitized input lets an attacker override global functions (e.g. `parseInt`) before the sandbox restrictions are applied, escaping the sandbox and executing code with root-level access; fixed in 1.1.3. (NVD classifies it CWE-1100; the catalog maps that to the catalogued CWE-94 + CWE-693.) **CVE-2025-56520** (CWE-918, CISA-ADP CVSS 5.3 MEDIUM) — the `RemoteFileUploadApi` fetches a user-supplied URL without validating the destination, so an unauthenticated attacker reaches internal services or cloud metadata via the server; no fixed version is published, so mitigation is destination allowlisting and network isolation. The code-node RCE reuses the LLM-app-builder execution control (NEW-CTRL-103) — an app builder must initialize its sandbox before evaluating user input — and the SSRF reuses the data-pipeline SSRF control (NEW-CTRL-105). CVE count 400 → 402.

package/data/_indexes/_meta.json

@@ -1,21 +1,21 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-26T13:34:53.900Z",
+  "generated_at": "2026-05-26T16:55:23.938Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "dfa7aea948643c988c5fbff864283218e67bdc84fc30451b6f3955af8618cadb",
-    "data/atlas-ttps.json": "8d89963ab752b250c2cb4d62914d2f979e2d439d9ec8cc6a41df8aaf8bb1b1e8",
-    "data/attack-techniques.json": "b7076891a2e46ca3e1b924fcd168406eca5f63596ea4f7aa6d9e1cc373193349",
-    "data/cve-catalog.json": "fc1f2e08e45c1cafd5ef1685899469624f65f25b8904edf447c337ce1e62afbe",
-    "data/cwe-catalog.json": "634171ed522fac6838fd85fd785d67d5e9e093a28359ff2957b4ffc83a0c55c9",
+    "manifest.json": "d241dfd94764cfbd42fc25fc55dbb57e8bf98cae9494b09a3fc6b6d5c206bfd5",
+    "data/atlas-ttps.json": "fbad886119efbb01d6ae80647cb84ef8d6335b819eebb7ec650ad9819c3f6afd",
+    "data/attack-techniques.json": "b9d62387c336b73a7807d2a8bf3c8a13fa080a18b1b39fe7377db7adb1ba7546",
+    "data/cve-catalog.json": "7ebe9b305a77bfc5634a5511cf550cc4d3b91f36dcc0187042200442142d6dbb",
+    "data/cwe-catalog.json": "9a402095ba8994f0e97f11ddd94eb5b6b7ee2f370e4d82fb1d1a115271b16283",
     "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
-    "data/framework-control-gaps.json": "39d5765424c17b3702b6beecdec54e234565c844b1d60ff9eaa5bf7b1f942b67",
+    "data/framework-control-gaps.json": "afc00b1a651c4b880d9eb68ee73a0ae141551678cc6c2e20bd423294f961e630",
     "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
     "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
-    "data/zeroday-lessons.json": "bc8de69fcd81b95bd4e56ad00e351a7e27641d1bef9515995c37faf304ae11ca",
+    "data/zeroday-lessons.json": "966516c060db19606255630d59868e9a8a64c0fc09dd94d0c4ddd8a7d0e2ba48",
     "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
     "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
     "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
       "dlp_refs": 0
     },
     "trigger_table_entries": 538,
-    "chains_cve_entries": 391,
+    "chains_cve_entries": 393,
     "chains_cwe_entries": 171,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 42,

package/data/_indexes/activity-feed.json

@@ -149,7 +149,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 402
+      "entry_count": 404
     },
     {
       "date": "2026-05-18",
@@ -165,7 +165,7 @@
       "artifact": "data/zeroday-lessons.json",
       "path": "data/zeroday-lessons.json",
       "schema_version": "1.1.0",
-      "entry_count": 397
+      "entry_count": 399
     },
     {
       "date": "2026-05-17",

package/data/_indexes/catalog-summaries.json

@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 402,
+      "entry_count": 404,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 397,
+      "entry_count": 399,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",

package/data/_indexes/chains.json

@@ -46402,6 +46402,300 @@
       ]
     }
   },
+  "CVE-2025-1796": {
+    "name": "Dify Weak-PRNG Password Reset Account Takeover",
+    "rwep": 44,
+    "cvss": 8.8,
+    "cisa_kev": false,
+    "epss_score": null,
+    "referencing_skills": [
+      "ai-attack-surface",
+      "compliance-theater"
+    ],
+    "chain": {
+      "cwes": [
+        {
+          "id": "CWE-1039",
+          "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
+          "category": "AI/ML"
+        },
+        {
+          "id": "CWE-1426",
+          "name": "Improper Validation of Generative AI Output",
+          "category": "AI/ML"
+        },
+        {
+          "id": "CWE-94",
+          "name": "Improper Control of Generation of Code (Code Injection)",
+          "category": "Injection"
+        }
+      ],
+      "atlas": [
+        {
+          "id": "AML.T0016",
+          "name": "Obtain Capabilities: Develop Capabilities",
+          "tactic": "Resource Development"
+        },
+        {
+          "id": "AML.T0017",
+          "name": "Discover ML Model Ontology",
+          "tactic": "Discovery"
+        },
+        {
+          "id": "AML.T0018",
+          "name": "Backdoor ML Model",
+          "tactic": "Persistence"
+        },
+        {
+          "id": "AML.T0020",
+          "name": "Poison Training Data",
+          "tactic": "ML Attack Staging"
+        },
+        {
+          "id": "AML.T0043",
+          "name": "Craft Adversarial Data",
+          "tactic": "ML Attack Staging"
+        },
+        {
+          "id": "AML.T0051",
+          "name": "LLM Prompt Injection",
+          "tactic": "Execution"
+        },
+        {
+          "id": "AML.T0054",
+          "name": "LLM Jailbreak",
+          "tactic": "Defense Evasion"
+        },
+        {
+          "id": "AML.T0096",
+          "name": "AI API as Covert C2 Channel",
+          "tactic": "Command and Control"
+        }
+      ],
+      "d3fend": [
+        {
+          "id": "D3-IOPR",
+          "name": "Input/Output Profiling Resource",
+          "tactic": "Detect"
+        },
+        {
+          "id": "D3-NTA",
+          "name": "Network Traffic Analysis",
+          "tactic": "Detect"
+        }
+      ],
+      "framework_gaps": [
+        {
+          "id": "ALL-AI-PIPELINE-INTEGRITY",
+          "framework": "ALL",
+          "control_name": "AI Pipeline Integrity"
+        },
+        {
+          "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
+          "framework": "ALL",
+          "control_name": "Prompt Injection as Access Control Failure"
+        },
+        {
+          "id": "CMMC-2.0-Level-2",
+          "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
+          "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
+        },
+        {
+          "id": "FedRAMP-Rev5-Moderate",
+          "framework": "FedRAMP Rev 5 Moderate",
+          "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
+        },
+        {
+          "id": "ISO-27001-2022-A.8.28",
+          "framework": "ISO/IEC 27001:2022",
+          "control_name": "Secure coding"
+        },
+        {
+          "id": "ISO-IEC-23894-2023-clause-7",
+          "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
+          "control_name": "AI risk management process"
+        },
+        {
+          "id": "NIST-800-53-AC-2",
+          "framework": "NIST SP 800-53 Rev 5",
+          "control_name": "Account Management"
+        },
+        {
+          "id": "NIST-800-53-SI-3",
+          "framework": "NIST SP 800-53 Rev 5",
+          "control_name": "Malicious Code Protection"
+        },
+        {
+          "id": "OWASP-LLM-Top-10-2025-LLM01",
+          "framework": "OWASP Top 10 for LLM Applications 2025",
+          "control_name": "Prompt Injection"
+        },
+        {
+          "id": "OWASP-LLM-Top-10-2025-LLM02",
+          "framework": "OWASP Top 10 for LLM Applications 2025",
+          "control_name": "Sensitive Information Disclosure"
+        },
+        {
+          "id": "SOC2-CC6-logical-access",
+          "framework": "SOC 2 (AICPA Trust Services Criteria)",
+          "control_name": "Logical and Physical Access Controls"
+        }
+      ],
+      "attack_refs": [
+        "T1059",
+        "T1190",
+        "T1566"
+      ],
+      "rfc_refs": []
+    }
+  },
+  "CVE-2024-12776": {
+    "name": "Dify Unverified Password-Reset Endpoint Account Takeover",
+    "rwep": 44,
+    "cvss": 8.1,
+    "cisa_kev": false,
+    "epss_score": null,
+    "referencing_skills": [
+      "ai-attack-surface",
+      "compliance-theater"
+    ],
+    "chain": {
+      "cwes": [
+        {
+          "id": "CWE-1039",
+          "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
+          "category": "AI/ML"
+        },
+        {
+          "id": "CWE-1426",
+          "name": "Improper Validation of Generative AI Output",
+          "category": "AI/ML"
+        },
+        {
+          "id": "CWE-94",
+          "name": "Improper Control of Generation of Code (Code Injection)",
+          "category": "Injection"
+        }
+      ],
+      "atlas": [
+        {
+          "id": "AML.T0016",
+          "name": "Obtain Capabilities: Develop Capabilities",
+          "tactic": "Resource Development"
+        },
+        {
+          "id": "AML.T0017",
+          "name": "Discover ML Model Ontology",
+          "tactic": "Discovery"
+        },
+        {
+          "id": "AML.T0018",
+          "name": "Backdoor ML Model",
+          "tactic": "Persistence"
+        },
+        {
+          "id": "AML.T0020",
+          "name": "Poison Training Data",
+          "tactic": "ML Attack Staging"
+        },
+        {
+          "id": "AML.T0043",
+          "name": "Craft Adversarial Data",
+          "tactic": "ML Attack Staging"
+        },
+        {
+          "id": "AML.T0051",
+          "name": "LLM Prompt Injection",
+          "tactic": "Execution"
+        },
+        {
+          "id": "AML.T0054",
+          "name": "LLM Jailbreak",
+          "tactic": "Defense Evasion"
+        },
+        {
+          "id": "AML.T0096",
+          "name": "AI API as Covert C2 Channel",
+          "tactic": "Command and Control"
+        }
+      ],
+      "d3fend": [
+        {
+          "id": "D3-IOPR",
+          "name": "Input/Output Profiling Resource",
+          "tactic": "Detect"
+        },
+        {
+          "id": "D3-NTA",
+          "name": "Network Traffic Analysis",
+          "tactic": "Detect"
+        }
+      ],
+      "framework_gaps": [
+        {
+          "id": "ALL-AI-PIPELINE-INTEGRITY",
+          "framework": "ALL",
+          "control_name": "AI Pipeline Integrity"
+        },
+        {
+          "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
+          "framework": "ALL",
+          "control_name": "Prompt Injection as Access Control Failure"
+        },
+        {
+          "id": "CMMC-2.0-Level-2",
+          "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
+          "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
+        },
+        {
+          "id": "FedRAMP-Rev5-Moderate",
+          "framework": "FedRAMP Rev 5 Moderate",
+          "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
+        },
+        {
+          "id": "ISO-27001-2022-A.8.28",
+          "framework": "ISO/IEC 27001:2022",
+          "control_name": "Secure coding"
+        },
+        {
+          "id": "ISO-IEC-23894-2023-clause-7",
+          "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
+          "control_name": "AI risk management process"
+        },
+        {
+          "id": "NIST-800-53-AC-2",
+          "framework": "NIST SP 800-53 Rev 5",
+          "control_name": "Account Management"
+        },
+        {
+          "id": "NIST-800-53-SI-3",
+          "framework": "NIST SP 800-53 Rev 5",
+          "control_name": "Malicious Code Protection"
+        },
+        {
+          "id": "OWASP-LLM-Top-10-2025-LLM01",
+          "framework": "OWASP Top 10 for LLM Applications 2025",
+          "control_name": "Prompt Injection"
+        },
+        {
+          "id": "OWASP-LLM-Top-10-2025-LLM02",
+          "framework": "OWASP Top 10 for LLM Applications 2025",
+          "control_name": "Sensitive Information Disclosure"
+        },
+        {
+          "id": "SOC2-CC6-logical-access",
+          "framework": "SOC 2 (AICPA Trust Services Criteria)",
+          "control_name": "Logical and Physical Access Controls"
+        }
+      ],
+      "attack_refs": [
+        "T1059",
+        "T1190",
+        "T1566"
+      ],
+      "rfc_refs": []
+    }
+  },
   "CVE-2026-41091": {
     "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
     "rwep": 45,
@@ -74014,6 +74308,7 @@
       "CVE-2024-11393",
       "CVE-2024-11394",
       "CVE-2024-12366",
+      "CVE-2024-12776",
       "CVE-2024-13059",
       "CVE-2024-1561",
       "CVE-2024-21513",
@@ -74041,6 +74336,7 @@
       "CVE-2025-11837",
       "CVE-2025-1550",
       "CVE-2025-1753",
+      "CVE-2025-1796",
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-25297",
@@ -81880,6 +82176,7 @@
       "CVE-2024-11393",
       "CVE-2024-11394",
       "CVE-2024-12366",
+      "CVE-2024-12776",
       "CVE-2024-13059",
       "CVE-2024-1561",
       "CVE-2024-21513",
@@ -81905,6 +82202,7 @@
       "CVE-2025-11837",
       "CVE-2025-1550",
       "CVE-2025-1753",
+      "CVE-2025-1796",
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-25297",
@@ -83199,6 +83497,7 @@
       "CVE-2024-11393",
       "CVE-2024-11394",
       "CVE-2024-12366",
+      "CVE-2024-12776",
       "CVE-2024-13059",
       "CVE-2024-1561",
       "CVE-2024-21513",
@@ -83227,6 +83526,7 @@
       "CVE-2025-14847",
       "CVE-2025-1550",
       "CVE-2025-1753",
+      "CVE-2025-1796",
       "CVE-2025-22226",
       "CVE-2025-23254",
       "CVE-2025-23266",

package/data/atlas-ttps.json

@@ -1748,6 +1748,7 @@
       "CVE-2023-6021",
       "CVE-2023-6038",
       "CVE-2023-6571",
+      "CVE-2024-12776",
       "CVE-2024-13059",
       "CVE-2024-1561",
       "CVE-2024-21575",
@@ -1762,6 +1763,7 @@
       "CVE-2024-4889",
       "CVE-2024-6587",
       "CVE-2024-9526",
+      "CVE-2025-1796",
       "CVE-2025-25297",
       "CVE-2025-27520",
       "CVE-2025-30202",

package/data/attack-techniques.json

@@ -530,8 +530,10 @@
       "CVE-2023-27351",
       "CVE-2023-43791",
       "CVE-2023-50224",
+      "CVE-2024-12776",
       "CVE-2024-1709",
       "CVE-2024-54085",
+      "CVE-2025-1796",
       "CVE-2025-21085",
       "CVE-2025-2746",
       "CVE-2025-2747",
@@ -776,7 +778,8 @@
     "description": "Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.(Citation: TrendMicro Pawn Storm Dec 2020) Without knowledge of the password for an account or set of accounts, an adversary may systematically guess the password using a repetitive or iterative mechanism.(Citation: Dragos Crashoverride 2018) Brute forcing passwords can take place via interaction with a service that will check the validity of those credentials ...",
     "tactic": [
       "Credential Access"
-    ]
+    ],
+    "cve_refs": []
   },
   "T1110.001": {
     "name": "Brute Force: Password Guessing",
@@ -895,6 +898,7 @@
       "CVE-2023-6019",
       "CVE-2023-6021",
       "CVE-2023-6038",
+      "CVE-2024-12776",
       "CVE-2024-12987",
       "CVE-2024-13059",
       "CVE-2024-1561",
@@ -927,6 +931,7 @@
       "CVE-2025-14733",
       "CVE-2025-14847",
       "CVE-2025-15556",
+      "CVE-2025-1796",
       "CVE-2025-20281",
       "CVE-2025-20333",
       "CVE-2025-20337",
@@ -1269,7 +1274,8 @@
     "version": "v19",
     "cve_refs": [
       "CVE-2023-43791",
-      "CVE-2025-14174"
+      "CVE-2025-14174",
+      "CVE-2025-1796"
     ],
     "description_full": "Adversaries may exploit software vulnerabilities in an attempt to collect credentials. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Credentialing and authentication mechanisms may be targeted for exploitation by adversaries as a means to gain access to useful credentials or circumvent the process to gain authenticated access to systems. One example of this is `MS14-068`, which targets Kerberos and can be used to forge Kerberos tickets using domain user permissions.(Citation: Technet MS14-068)(Citation: ADSecurity Detecting Forged Tickets) Another example of this is replay attacks, in which the adversary intercepts data packets sent between parties and then later replays these packets. If services don't properly validate authentication requests, these replayed packets may allow an adversary to impersonate one of the parties and gain unauthorized access or privileges.(Citation: Bugcrowd Replay Attack)(Citation: Comparitech Replay Attack)(Citation: Microsoft Midnight Blizzard Replay Attack) Such exploitation has been demonstrated in cloud environments as well. For example, adversaries have exploited vulnerabilities in public cloud infrastructure that allowed for unintended authentication token creation and renewal.(Citation: Storm-0558 techniques for unauthorized email access) Exploitation for credential access may also result in Privilege Escalation depending on the process targeted or credentials obtained.",
     "platforms": [
@@ -1726,7 +1732,10 @@
     "stix_id": "attack-pattern--f4c1826f-a322-41cd-9557-562100848c84",
     "is_subtechnique": false,
     "last_verified": "2026-05-19",
-    "description": "Adversaries may modify authentication mechanisms and processes to access user credentials or enable otherwise unwarranted access to accounts."
+    "description": "Adversaries may modify authentication mechanisms and processes to access user credentials or enable otherwise unwarranted access to accounts.",
+    "cve_refs": [
+      "CVE-2024-12776"
+    ]
   },
   "T1557": {
     "name": "Adversary-in-the-Middle",