@blamejs/exceptd-skills 0.13.118 → 0.13.120

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +8 -8
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +577 -0
  6. package/data/attack-techniques.json +10 -4
  7. package/data/cve-catalog.json +308 -0
  8. package/data/cwe-catalog.json +6 -3
  9. package/data/framework-control-gaps.json +37 -15
  10. package/data/zeroday-lessons.json +160 -0
  11. package/manifest.json +44 -44
  12. package/package.json +1 -1
  13. package/sbom.cdx.json +22 -22
package/data/_indexes/chains.json CHANGED
@@ -73646,6 +73646,558 @@
73646
73646
  "rfc_refs": []
73647
73647
  }
73648
73648
  },
73649
+ "CVE-2026-22218": {
73650
+ "name": "Chainlit /project/element Arbitrary File Read",
73651
+ "rwep": 19,
73652
+ "cvss": 7.1,
73653
+ "cisa_kev": false,
73654
+ "epss_score": 0.00044,
73655
+ "referencing_skills": [
73656
+ "ai-attack-surface",
73657
+ "compliance-theater",
73658
+ "rag-pipeline-security",
73659
+ "threat-modeling-methodology",
73660
+ "webapp-security",
73661
+ "api-security",
73662
+ "container-runtime-security"
73663
+ ],
73664
+ "chain": {
73665
+ "cwes": [
73666
+ {
73667
+ "id": "CWE-1039",
73668
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
73669
+ "category": "AI/ML"
73670
+ },
73671
+ {
73672
+ "id": "CWE-1188",
73673
+ "name": "Initialization of a Resource with an Insecure Default",
73674
+ "category": "Configuration"
73675
+ },
73676
+ {
73677
+ "id": "CWE-1395",
73678
+ "name": "Dependency on Vulnerable Third-Party Component",
73679
+ "category": "Supply Chain"
73680
+ },
73681
+ {
73682
+ "id": "CWE-1426",
73683
+ "name": "Improper Validation of Generative AI Output",
73684
+ "category": "AI/ML"
73685
+ },
73686
+ {
73687
+ "id": "CWE-200",
73688
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
73689
+ "category": "Information Exposure"
73690
+ },
73691
+ {
73692
+ "id": "CWE-22",
73693
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
73694
+ "category": "Path/Resource"
73695
+ },
73696
+ {
73697
+ "id": "CWE-269",
73698
+ "name": "Improper Privilege Management",
73699
+ "category": "Authorization"
73700
+ },
73701
+ {
73702
+ "id": "CWE-287",
73703
+ "name": "Improper Authentication",
73704
+ "category": "Authentication"
73705
+ },
73706
+ {
73707
+ "id": "CWE-352",
73708
+ "name": "Cross-Site Request Forgery (CSRF)",
73709
+ "category": "Session"
73710
+ },
73711
+ {
73712
+ "id": "CWE-434",
73713
+ "name": "Unrestricted Upload of File with Dangerous Type",
73714
+ "category": "File Handling"
73715
+ },
73716
+ {
73717
+ "id": "CWE-502",
73718
+ "name": "Deserialization of Untrusted Data",
73719
+ "category": "Serialization"
73720
+ },
73721
+ {
73722
+ "id": "CWE-732",
73723
+ "name": "Incorrect Permission Assignment for Critical Resource",
73724
+ "category": "Authorization"
73725
+ },
73726
+ {
73727
+ "id": "CWE-77",
73728
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
73729
+ "category": "Injection"
73730
+ },
73731
+ {
73732
+ "id": "CWE-78",
73733
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
73734
+ "category": "Injection"
73735
+ },
73736
+ {
73737
+ "id": "CWE-787",
73738
+ "name": "Out-of-bounds Write",
73739
+ "category": "Memory Safety"
73740
+ },
73741
+ {
73742
+ "id": "CWE-79",
73743
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
73744
+ "category": "Injection"
73745
+ },
73746
+ {
73747
+ "id": "CWE-862",
73748
+ "name": "Missing Authorization",
73749
+ "category": "Authorization"
73750
+ },
73751
+ {
73752
+ "id": "CWE-863",
73753
+ "name": "Incorrect Authorization",
73754
+ "category": "Authorization"
73755
+ },
73756
+ {
73757
+ "id": "CWE-89",
73758
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
73759
+ "category": "Injection"
73760
+ },
73761
+ {
73762
+ "id": "CWE-918",
73763
+ "name": "Server-Side Request Forgery (SSRF)",
73764
+ "category": "Network"
73765
+ },
73766
+ {
73767
+ "id": "CWE-94",
73768
+ "name": "Improper Control of Generation of Code (Code Injection)",
73769
+ "category": "Injection"
73770
+ }
73771
+ ],
73772
+ "atlas": [
73773
+ {
73774
+ "id": "AML.T0010",
73775
+ "name": "ML Supply Chain Compromise",
73776
+ "tactic": "Initial Access"
73777
+ },
73778
+ {
73779
+ "id": "AML.T0016",
73780
+ "name": "Obtain Capabilities: Develop Capabilities",
73781
+ "tactic": "Resource Development"
73782
+ },
73783
+ {
73784
+ "id": "AML.T0017",
73785
+ "name": "Discover ML Model Ontology",
73786
+ "tactic": "Discovery"
73787
+ },
73788
+ {
73789
+ "id": "AML.T0018",
73790
+ "name": "Backdoor ML Model",
73791
+ "tactic": "Persistence"
73792
+ },
73793
+ {
73794
+ "id": "AML.T0020",
73795
+ "name": "Poison Training Data",
73796
+ "tactic": "ML Attack Staging"
73797
+ },
73798
+ {
73799
+ "id": "AML.T0043",
73800
+ "name": "Craft Adversarial Data",
73801
+ "tactic": "ML Attack Staging"
73802
+ },
73803
+ {
73804
+ "id": "AML.T0051",
73805
+ "name": "LLM Prompt Injection",
73806
+ "tactic": "Execution"
73807
+ },
73808
+ {
73809
+ "id": "AML.T0054",
73810
+ "name": "LLM Jailbreak",
73811
+ "tactic": "Defense Evasion"
73812
+ },
73813
+ {
73814
+ "id": "AML.T0096",
73815
+ "name": "AI API as Covert C2 Channel",
73816
+ "tactic": "Command and Control"
73817
+ }
73818
+ ],
73819
+ "d3fend": [
73820
+ {
73821
+ "id": "D3-CSPP",
73822
+ "name": "Client-server Payload Profiling",
73823
+ "tactic": "Detect"
73824
+ },
73825
+ {
73826
+ "id": "D3-IOPR",
73827
+ "name": "Input/Output Profiling Resource",
73828
+ "tactic": "Detect"
73829
+ },
73830
+ {
73831
+ "id": "D3-NTA",
73832
+ "name": "Network Traffic Analysis",
73833
+ "tactic": "Detect"
73834
+ }
73835
+ ],
73836
+ "framework_gaps": [
73837
+ {
73838
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
73839
+ "framework": "ALL",
73840
+ "control_name": "AI Pipeline Integrity"
73841
+ },
73842
+ {
73843
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
73844
+ "framework": "ALL",
73845
+ "control_name": "Prompt Injection as Access Control Failure"
73846
+ },
73847
+ {
73848
+ "id": "CMMC-2.0-Level-2",
73849
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
73850
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
73851
+ },
73852
+ {
73853
+ "id": "FedRAMP-Rev5-Moderate",
73854
+ "framework": "FedRAMP Rev 5 Moderate",
73855
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
73856
+ },
73857
+ {
73858
+ "id": "ISO-27001-2022-A.8.28",
73859
+ "framework": "ISO/IEC 27001:2022",
73860
+ "control_name": "Secure coding"
73861
+ },
73862
+ {
73863
+ "id": "ISO-IEC-23894-2023-clause-7",
73864
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
73865
+ "control_name": "AI risk management process"
73866
+ },
73867
+ {
73868
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
73869
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
73870
+ "control_name": "AI risk assessment"
73871
+ },
73872
+ {
73873
+ "id": "NIST-800-218-SSDF",
73874
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
73875
+ "control_name": "Secure Software Development Framework"
73876
+ },
73877
+ {
73878
+ "id": "NIST-800-53-AC-2",
73879
+ "framework": "NIST SP 800-53 Rev 5",
73880
+ "control_name": "Account Management"
73881
+ },
73882
+ {
73883
+ "id": "NIST-800-53-CM-7",
73884
+ "framework": "NIST SP 800-53 Rev 5",
73885
+ "control_name": "Least Functionality"
73886
+ },
73887
+ {
73888
+ "id": "NIST-800-53-SI-12",
73889
+ "framework": "NIST SP 800-53 Rev 5",
73890
+ "control_name": "Information Management and Retention"
73891
+ },
73892
+ {
73893
+ "id": "NIST-800-53-SI-3",
73894
+ "framework": "NIST SP 800-53 Rev 5",
73895
+ "control_name": "Malicious Code Protection"
73896
+ },
73897
+ {
73898
+ "id": "NIST-AI-RMF-MEASURE-2.5",
73899
+ "framework": "NIST AI RMF 1.0",
73900
+ "control_name": "AI system to human interaction evaluation"
73901
+ },
73902
+ {
73903
+ "id": "OWASP-ASVS-v5.0-V14",
73904
+ "framework": "OWASP ASVS v5.0",
73905
+ "control_name": "Configuration verification"
73906
+ },
73907
+ {
73908
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
73909
+ "framework": "OWASP Top 10 for LLM Applications 2025",
73910
+ "control_name": "Prompt Injection"
73911
+ },
73912
+ {
73913
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
73914
+ "framework": "OWASP Top 10 for LLM Applications 2025",
73915
+ "control_name": "Sensitive Information Disclosure"
73916
+ },
73917
+ {
73918
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
73919
+ "framework": "OWASP Top 10 for LLM Applications 2025",
73920
+ "control_name": "Vector and Embedding Weaknesses"
73921
+ },
73922
+ {
73923
+ "id": "SLSA-v1.0-Build-L3",
73924
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
73925
+ "control_name": "Hardened build platform with non-falsifiable provenance"
73926
+ },
73927
+ {
73928
+ "id": "SOC2-CC6-logical-access",
73929
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
73930
+ "control_name": "Logical and Physical Access Controls"
73931
+ }
73932
+ ],
73933
+ "attack_refs": [
73934
+ "T1059",
73935
+ "T1068",
73936
+ "T1078",
73937
+ "T1190",
73938
+ "T1505",
73939
+ "T1565",
73940
+ "T1566",
73941
+ "T1567",
73942
+ "T1610",
73943
+ "T1611"
73944
+ ],
73945
+ "rfc_refs": [
73946
+ "RFC-6749",
73947
+ "RFC-7519",
73948
+ "RFC-8032",
73949
+ "RFC-8446",
73950
+ "RFC-8725",
73951
+ "RFC-9114",
73952
+ "RFC-9421",
73953
+ "RFC-9700"
73954
+ ]
73955
+ }
73956
+ },
73957
+ "CVE-2026-22219": {
73958
+ "name": "Chainlit /project/element SQLAlchemy-Backend Server-Side Request Forgery",
73959
+ "rwep": 23,
73960
+ "cvss": 8.3,
73961
+ "cisa_kev": false,
73962
+ "epss_score": 0.00052,
73963
+ "referencing_skills": [
73964
+ "ai-attack-surface",
73965
+ "compliance-theater",
73966
+ "ai-c2-detection",
73967
+ "dlp-gap-analysis"
73968
+ ],
73969
+ "chain": {
73970
+ "cwes": [
73971
+ {
73972
+ "id": "CWE-1039",
73973
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
73974
+ "category": "AI/ML"
73975
+ },
73976
+ {
73977
+ "id": "CWE-1426",
73978
+ "name": "Improper Validation of Generative AI Output",
73979
+ "category": "AI/ML"
73980
+ },
73981
+ {
73982
+ "id": "CWE-200",
73983
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
73984
+ "category": "Information Exposure"
73985
+ },
73986
+ {
73987
+ "id": "CWE-94",
73988
+ "name": "Improper Control of Generation of Code (Code Injection)",
73989
+ "category": "Injection"
73990
+ }
73991
+ ],
73992
+ "atlas": [
73993
+ {
73994
+ "id": "AML.T0016",
73995
+ "name": "Obtain Capabilities: Develop Capabilities",
73996
+ "tactic": "Resource Development"
73997
+ },
73998
+ {
73999
+ "id": "AML.T0017",
74000
+ "name": "Discover ML Model Ontology",
74001
+ "tactic": "Discovery"
74002
+ },
74003
+ {
74004
+ "id": "AML.T0018",
74005
+ "name": "Backdoor ML Model",
74006
+ "tactic": "Persistence"
74007
+ },
74008
+ {
74009
+ "id": "AML.T0020",
74010
+ "name": "Poison Training Data",
74011
+ "tactic": "ML Attack Staging"
74012
+ },
74013
+ {
74014
+ "id": "AML.T0043",
74015
+ "name": "Craft Adversarial Data",
74016
+ "tactic": "ML Attack Staging"
74017
+ },
74018
+ {
74019
+ "id": "AML.T0051",
74020
+ "name": "LLM Prompt Injection",
74021
+ "tactic": "Execution"
74022
+ },
74023
+ {
74024
+ "id": "AML.T0054",
74025
+ "name": "LLM Jailbreak",
74026
+ "tactic": "Defense Evasion"
74027
+ },
74028
+ {
74029
+ "id": "AML.T0096",
74030
+ "name": "AI API as Covert C2 Channel",
74031
+ "tactic": "Command and Control"
74032
+ }
74033
+ ],
74034
+ "d3fend": [
74035
+ {
74036
+ "id": "D3-CA",
74037
+ "name": "Certificate Analysis",
74038
+ "tactic": "Detect"
74039
+ },
74040
+ {
74041
+ "id": "D3-CSPP",
74042
+ "name": "Client-server Payload Profiling",
74043
+ "tactic": "Detect"
74044
+ },
74045
+ {
74046
+ "id": "D3-DA",
74047
+ "name": "Domain Analysis",
74048
+ "tactic": "Detect"
74049
+ },
74050
+ {
74051
+ "id": "D3-EAL",
74052
+ "name": "Executable Allowlisting",
74053
+ "tactic": "Harden"
74054
+ },
74055
+ {
74056
+ "id": "D3-IOPR",
74057
+ "name": "Input/Output Profiling Resource",
74058
+ "tactic": "Detect"
74059
+ },
74060
+ {
74061
+ "id": "D3-NI",
74062
+ "name": "Network Isolation",
74063
+ "tactic": "Isolate"
74064
+ },
74065
+ {
74066
+ "id": "D3-NTA",
74067
+ "name": "Network Traffic Analysis",
74068
+ "tactic": "Detect"
74069
+ },
74070
+ {
74071
+ "id": "D3-NTPM",
74072
+ "name": "Network Traffic Policy Mapping",
74073
+ "tactic": "Model"
74074
+ }
74075
+ ],
74076
+ "framework_gaps": [
74077
+ {
74078
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
74079
+ "framework": "ALL",
74080
+ "control_name": "AI Pipeline Integrity"
74081
+ },
74082
+ {
74083
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
74084
+ "framework": "ALL",
74085
+ "control_name": "Prompt Injection as Access Control Failure"
74086
+ },
74087
+ {
74088
+ "id": "CMMC-2.0-Level-2",
74089
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
74090
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
74091
+ },
74092
+ {
74093
+ "id": "FedRAMP-Rev5-Moderate",
74094
+ "framework": "FedRAMP Rev 5 Moderate",
74095
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
74096
+ },
74097
+ {
74098
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
74099
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
74100
+ "control_name": "Access control standard (technical safeguards)"
74101
+ },
74102
+ {
74103
+ "id": "ISO-27001-2022-A.8.16",
74104
+ "framework": "ISO/IEC 27001:2022",
74105
+ "control_name": "Monitoring activities"
74106
+ },
74107
+ {
74108
+ "id": "ISO-27001-2022-A.8.28",
74109
+ "framework": "ISO/IEC 27001:2022",
74110
+ "control_name": "Secure coding"
74111
+ },
74112
+ {
74113
+ "id": "ISO-IEC-23894-2023-clause-7",
74114
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
74115
+ "control_name": "AI risk management process"
74116
+ },
74117
+ {
74118
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
74119
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
74120
+ "control_name": "AI risk assessment"
74121
+ },
74122
+ {
74123
+ "id": "NIST-800-53-AC-2",
74124
+ "framework": "NIST SP 800-53 Rev 5",
74125
+ "control_name": "Account Management"
74126
+ },
74127
+ {
74128
+ "id": "NIST-800-53-SC-28",
74129
+ "framework": "NIST SP 800-53 Rev 5",
74130
+ "control_name": "Protection of Information at Rest"
74131
+ },
74132
+ {
74133
+ "id": "NIST-800-53-SC-7",
74134
+ "framework": "NIST SP 800-53 Rev 5",
74135
+ "control_name": "Boundary Protection"
74136
+ },
74137
+ {
74138
+ "id": "NIST-800-53-SI-3",
74139
+ "framework": "NIST SP 800-53 Rev 5",
74140
+ "control_name": "Malicious Code Protection"
74141
+ },
74142
+ {
74143
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
74144
+ "framework": "OWASP Top 10 for LLM Applications 2025",
74145
+ "control_name": "Prompt Injection"
74146
+ },
74147
+ {
74148
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
74149
+ "framework": "OWASP Top 10 for LLM Applications 2025",
74150
+ "control_name": "Sensitive Information Disclosure"
74151
+ },
74152
+ {
74153
+ "id": "SOC2-CC6-logical-access",
74154
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
74155
+ "control_name": "Logical and Physical Access Controls"
74156
+ },
74157
+ {
74158
+ "id": "SOC2-CC7-anomaly-detection",
74159
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
74160
+ "control_name": "System Operations — Threat and Vulnerability Management"
74161
+ }
74162
+ ],
74163
+ "attack_refs": [
74164
+ "T1041",
74165
+ "T1059",
74166
+ "T1071",
74167
+ "T1102",
74168
+ "T1190",
74169
+ "T1213",
74170
+ "T1530",
74171
+ "T1566",
74172
+ "T1567",
74173
+ "T1568"
74174
+ ],
74175
+ "rfc_refs": [
74176
+ "RFC-8446",
74177
+ "RFC-9000",
74178
+ "RFC-9114",
74179
+ "RFC-9180",
74180
+ "RFC-9421",
74181
+ "RFC-9458"
74182
+ ]
74183
+ }
74184
+ },
74185
+ "CVE-2025-68665": {
74186
+ "name": "LangChain JS toJSON() 'lc'-Key Serialization Injection",
74187
+ "rwep": 25,
74188
+ "cvss": 8.6,
74189
+ "cisa_kev": false,
74190
+ "epss_score": 0.00066,
74191
+ "referencing_skills": [],
74192
+ "chain": {
74193
+ "cwes": [],
74194
+ "atlas": [],
74195
+ "d3fend": [],
74196
+ "framework_gaps": [],
74197
+ "attack_refs": [],
74198
+ "rfc_refs": []
74199
+ }
74200
+ },
73649
74201
  "CWE-20": {
73650
74202
  "name": "Improper Input Validation",
73651
74203
  "category": "Validation",
@@ -73980,6 +74532,7 @@
73980
74532
  "CVE-2025-6965",
73981
74533
  "CVE-2025-8747",
73982
74534
  "CVE-2026-0766",
74535
+ "CVE-2026-22218",
73983
74536
  "CVE-2026-22252",
73984
74537
  "CVE-2026-22688",
73985
74538
  "CVE-2026-24206",
@@ -74212,6 +74765,7 @@
74212
74765
  "CVE-2025-49844",
74213
74766
  "CVE-2025-53773",
74214
74767
  "CVE-2025-6965",
74768
+ "CVE-2026-22218",
74215
74769
  "CVE-2026-30615",
74216
74770
  "CVE-2026-30623",
74217
74771
  "CVE-2026-31229",
@@ -74416,6 +74970,7 @@
74416
74970
  "CVE-2025-6965",
74417
74971
  "CVE-2025-8747",
74418
74972
  "CVE-2026-0766",
74973
+ "CVE-2026-22218",
74419
74974
  "CVE-2026-22252",
74420
74975
  "CVE-2026-22688",
74421
74976
  "CVE-2026-24206",
@@ -74631,6 +75186,7 @@
74631
75186
  "CVE-2025-6965",
74632
75187
  "CVE-2025-8747",
74633
75188
  "CVE-2026-0766",
75189
+ "CVE-2026-22218",
74634
75190
  "CVE-2026-22252",
74635
75191
  "CVE-2026-22688",
74636
75192
  "CVE-2026-24206",
@@ -74860,6 +75416,7 @@
74860
75416
  "CVE-2025-6965",
74861
75417
  "CVE-2025-8747",
74862
75418
  "CVE-2026-0766",
75419
+ "CVE-2026-22218",
74863
75420
  "CVE-2026-22252",
74864
75421
  "CVE-2026-22688",
74865
75422
  "CVE-2026-24206",
@@ -75204,6 +75761,8 @@
75204
75761
  "CVE-2025-6965",
75205
75762
  "CVE-2025-8747",
75206
75763
  "CVE-2026-0766",
75764
+ "CVE-2026-22218",
75765
+ "CVE-2026-22219",
75207
75766
  "CVE-2026-22252",
75208
75767
  "CVE-2026-22688",
75209
75768
  "CVE-2026-22778",
@@ -75969,6 +76528,8 @@
75969
76528
  "CVE-2025-53773",
75970
76529
  "CVE-2025-56520",
75971
76530
  "CVE-2025-6965",
76531
+ "CVE-2026-22218",
76532
+ "CVE-2026-22219",
75972
76533
  "CVE-2026-30615",
75973
76534
  "CVE-2026-30623",
75974
76535
  "CVE-2026-31229",
@@ -76387,6 +76948,7 @@
76387
76948
  "CVE-2025-6965",
76388
76949
  "CVE-2025-8747",
76389
76950
  "CVE-2026-0766",
76951
+ "CVE-2026-22218",
76390
76952
  "CVE-2026-22252",
76391
76953
  "CVE-2026-22688",
76392
76954
  "CVE-2026-24206",
@@ -77041,6 +77603,7 @@
77041
77603
  "CVE-2025-6965",
77042
77604
  "CVE-2025-8747",
77043
77605
  "CVE-2026-0766",
77606
+ "CVE-2026-22218",
77044
77607
  "CVE-2026-22252",
77045
77608
  "CVE-2026-22688",
77046
77609
  "CVE-2026-24206",
@@ -78051,6 +78614,7 @@
78051
78614
  "CVE-2025-6965",
78052
78615
  "CVE-2025-8747",
78053
78616
  "CVE-2026-0766",
78617
+ "CVE-2026-22218",
78054
78618
  "CVE-2026-22252",
78055
78619
  "CVE-2026-22688",
78056
78620
  "CVE-2026-24206",
@@ -79302,6 +79866,7 @@
79302
79866
  "CVE-2025-6965",
79303
79867
  "CVE-2025-8747",
79304
79868
  "CVE-2026-0766",
79869
+ "CVE-2026-22218",
79305
79870
  "CVE-2026-22252",
79306
79871
  "CVE-2026-22688",
79307
79872
  "CVE-2026-24206",
@@ -79747,6 +80312,7 @@
79747
80312
  "CVE-2025-3248",
79748
80313
  "CVE-2025-3466",
79749
80314
  "CVE-2025-6965",
80315
+ "CVE-2026-22218",
79750
80316
  "CVE-2026-30615",
79751
80317
  "CVE-2026-30623",
79752
80318
  "CVE-2026-31229",
@@ -80735,6 +81301,7 @@
80735
81301
  "CVE-2025-6965",
80736
81302
  "CVE-2025-8747",
80737
81303
  "CVE-2026-0766",
81304
+ "CVE-2026-22218",
80738
81305
  "CVE-2026-22252",
80739
81306
  "CVE-2026-22688",
80740
81307
  "CVE-2026-24206",
@@ -81283,6 +81850,7 @@
81283
81850
  "CVE-2026-21525",
81284
81851
  "CVE-2026-21533",
81285
81852
  "CVE-2026-21643",
81853
+ "CVE-2026-22218",
81286
81854
  "CVE-2026-22252",
81287
81855
  "CVE-2026-22688",
81288
81856
  "CVE-2026-22719",
@@ -82040,6 +82608,7 @@
82040
82608
  "CVE-2025-49844",
82041
82609
  "CVE-2025-53773",
82042
82610
  "CVE-2025-6965",
82611
+ "CVE-2026-22218",
82043
82612
  "CVE-2026-30615",
82044
82613
  "CVE-2026-30623",
82045
82614
  "CVE-2026-31229",
@@ -82338,6 +82907,7 @@
82338
82907
  "CVE-2025-3466",
82339
82908
  "CVE-2025-53773",
82340
82909
  "CVE-2025-6965",
82910
+ "CVE-2026-22218",
82341
82911
  "CVE-2026-30615",
82342
82912
  "CVE-2026-30623",
82343
82913
  "CVE-2026-31229",
@@ -82714,6 +83284,7 @@
82714
83284
  "CVE-2025-6965",
82715
83285
  "CVE-2025-8747",
82716
83286
  "CVE-2026-0766",
83287
+ "CVE-2026-22218",
82717
83288
  "CVE-2026-22252",
82718
83289
  "CVE-2026-22688",
82719
83290
  "CVE-2026-24206",
@@ -83078,6 +83649,8 @@
83078
83649
  "CVE-2025-6965",
83079
83650
  "CVE-2025-8747",
83080
83651
  "CVE-2026-0766",
83652
+ "CVE-2026-22218",
83653
+ "CVE-2026-22219",
83081
83654
  "CVE-2026-22252",
83082
83655
  "CVE-2026-22688",
83083
83656
  "CVE-2026-22778",
@@ -83279,6 +83852,7 @@
83279
83852
  "CVE-2025-49844",
83280
83853
  "CVE-2025-53773",
83281
83854
  "CVE-2025-6965",
83855
+ "CVE-2026-22218",
83282
83856
  "CVE-2026-30615",
83283
83857
  "CVE-2026-30623",
83284
83858
  "CVE-2026-31229",
@@ -84053,6 +84627,7 @@
84053
84627
  "CVE-2025-6965",
84054
84628
  "CVE-2025-8747",
84055
84629
  "CVE-2026-0766",
84630
+ "CVE-2026-22218",
84056
84631
  "CVE-2026-22252",
84057
84632
  "CVE-2026-22688",
84058
84633
  "CVE-2026-24206",
@@ -84408,6 +84983,8 @@
84408
84983
  "CVE-2025-6965",
84409
84984
  "CVE-2025-8747",
84410
84985
  "CVE-2026-0766",
84986
+ "CVE-2026-22218",
84987
+ "CVE-2026-22219",
84411
84988
  "CVE-2026-22252",
84412
84989
  "CVE-2026-22688",
84413
84990
  "CVE-2026-22778",