@blamejs/exceptd-skills 0.13.120 → 0.13.122

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +1128 -1
  6. package/data/atlas-ttps.json +10 -3
  7. package/data/attack-techniques.json +12 -4
  8. package/data/cve-catalog.json +325 -2
  9. package/data/cwe-catalog.json +8 -4
  10. package/data/framework-control-gaps.json +36 -10
  11. package/data/zeroday-lessons.json +150 -0
  12. package/manifest.json +44 -44
  13. package/package.json +1 -1
  14. package/sbom.cdx.json +24 -24
package/data/_indexes/chains.json CHANGED
@@ -74198,6 +74198,1066 @@
74198
74198
  "rfc_refs": []
74199
74199
  }
74200
74200
  },
74201
+ "CVE-2025-51480": {
74202
+ "name": "ONNX save_external_data Path Traversal Arbitrary File Overwrite",
74203
+ "rwep": 23,
74204
+ "cvss": 8.8,
74205
+ "cisa_kev": false,
74206
+ "epss_score": 0.00366,
74207
+ "referencing_skills": [
74208
+ "ai-attack-surface",
74209
+ "compliance-theater",
74210
+ "rag-pipeline-security",
74211
+ "threat-modeling-methodology",
74212
+ "webapp-security",
74213
+ "api-security",
74214
+ "container-runtime-security"
74215
+ ],
74216
+ "chain": {
74217
+ "cwes": [
74218
+ {
74219
+ "id": "CWE-1039",
74220
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
74221
+ "category": "AI/ML"
74222
+ },
74223
+ {
74224
+ "id": "CWE-1188",
74225
+ "name": "Initialization of a Resource with an Insecure Default",
74226
+ "category": "Configuration"
74227
+ },
74228
+ {
74229
+ "id": "CWE-1395",
74230
+ "name": "Dependency on Vulnerable Third-Party Component",
74231
+ "category": "Supply Chain"
74232
+ },
74233
+ {
74234
+ "id": "CWE-1426",
74235
+ "name": "Improper Validation of Generative AI Output",
74236
+ "category": "AI/ML"
74237
+ },
74238
+ {
74239
+ "id": "CWE-200",
74240
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
74241
+ "category": "Information Exposure"
74242
+ },
74243
+ {
74244
+ "id": "CWE-22",
74245
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
74246
+ "category": "Path/Resource"
74247
+ },
74248
+ {
74249
+ "id": "CWE-269",
74250
+ "name": "Improper Privilege Management",
74251
+ "category": "Authorization"
74252
+ },
74253
+ {
74254
+ "id": "CWE-287",
74255
+ "name": "Improper Authentication",
74256
+ "category": "Authentication"
74257
+ },
74258
+ {
74259
+ "id": "CWE-352",
74260
+ "name": "Cross-Site Request Forgery (CSRF)",
74261
+ "category": "Session"
74262
+ },
74263
+ {
74264
+ "id": "CWE-434",
74265
+ "name": "Unrestricted Upload of File with Dangerous Type",
74266
+ "category": "File Handling"
74267
+ },
74268
+ {
74269
+ "id": "CWE-502",
74270
+ "name": "Deserialization of Untrusted Data",
74271
+ "category": "Serialization"
74272
+ },
74273
+ {
74274
+ "id": "CWE-732",
74275
+ "name": "Incorrect Permission Assignment for Critical Resource",
74276
+ "category": "Authorization"
74277
+ },
74278
+ {
74279
+ "id": "CWE-77",
74280
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
74281
+ "category": "Injection"
74282
+ },
74283
+ {
74284
+ "id": "CWE-78",
74285
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
74286
+ "category": "Injection"
74287
+ },
74288
+ {
74289
+ "id": "CWE-787",
74290
+ "name": "Out-of-bounds Write",
74291
+ "category": "Memory Safety"
74292
+ },
74293
+ {
74294
+ "id": "CWE-79",
74295
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
74296
+ "category": "Injection"
74297
+ },
74298
+ {
74299
+ "id": "CWE-862",
74300
+ "name": "Missing Authorization",
74301
+ "category": "Authorization"
74302
+ },
74303
+ {
74304
+ "id": "CWE-863",
74305
+ "name": "Incorrect Authorization",
74306
+ "category": "Authorization"
74307
+ },
74308
+ {
74309
+ "id": "CWE-89",
74310
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
74311
+ "category": "Injection"
74312
+ },
74313
+ {
74314
+ "id": "CWE-918",
74315
+ "name": "Server-Side Request Forgery (SSRF)",
74316
+ "category": "Network"
74317
+ },
74318
+ {
74319
+ "id": "CWE-94",
74320
+ "name": "Improper Control of Generation of Code (Code Injection)",
74321
+ "category": "Injection"
74322
+ }
74323
+ ],
74324
+ "atlas": [
74325
+ {
74326
+ "id": "AML.T0010",
74327
+ "name": "ML Supply Chain Compromise",
74328
+ "tactic": "Initial Access"
74329
+ },
74330
+ {
74331
+ "id": "AML.T0016",
74332
+ "name": "Obtain Capabilities: Develop Capabilities",
74333
+ "tactic": "Resource Development"
74334
+ },
74335
+ {
74336
+ "id": "AML.T0017",
74337
+ "name": "Discover ML Model Ontology",
74338
+ "tactic": "Discovery"
74339
+ },
74340
+ {
74341
+ "id": "AML.T0018",
74342
+ "name": "Backdoor ML Model",
74343
+ "tactic": "Persistence"
74344
+ },
74345
+ {
74346
+ "id": "AML.T0020",
74347
+ "name": "Poison Training Data",
74348
+ "tactic": "ML Attack Staging"
74349
+ },
74350
+ {
74351
+ "id": "AML.T0043",
74352
+ "name": "Craft Adversarial Data",
74353
+ "tactic": "ML Attack Staging"
74354
+ },
74355
+ {
74356
+ "id": "AML.T0051",
74357
+ "name": "LLM Prompt Injection",
74358
+ "tactic": "Execution"
74359
+ },
74360
+ {
74361
+ "id": "AML.T0054",
74362
+ "name": "LLM Jailbreak",
74363
+ "tactic": "Defense Evasion"
74364
+ },
74365
+ {
74366
+ "id": "AML.T0096",
74367
+ "name": "AI API as Covert C2 Channel",
74368
+ "tactic": "Command and Control"
74369
+ }
74370
+ ],
74371
+ "d3fend": [
74372
+ {
74373
+ "id": "D3-CSPP",
74374
+ "name": "Client-server Payload Profiling",
74375
+ "tactic": "Detect"
74376
+ },
74377
+ {
74378
+ "id": "D3-IOPR",
74379
+ "name": "Input/Output Profiling Resource",
74380
+ "tactic": "Detect"
74381
+ },
74382
+ {
74383
+ "id": "D3-NTA",
74384
+ "name": "Network Traffic Analysis",
74385
+ "tactic": "Detect"
74386
+ }
74387
+ ],
74388
+ "framework_gaps": [
74389
+ {
74390
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
74391
+ "framework": "ALL",
74392
+ "control_name": "AI Pipeline Integrity"
74393
+ },
74394
+ {
74395
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
74396
+ "framework": "ALL",
74397
+ "control_name": "Prompt Injection as Access Control Failure"
74398
+ },
74399
+ {
74400
+ "id": "CMMC-2.0-Level-2",
74401
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
74402
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
74403
+ },
74404
+ {
74405
+ "id": "FedRAMP-Rev5-Moderate",
74406
+ "framework": "FedRAMP Rev 5 Moderate",
74407
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
74408
+ },
74409
+ {
74410
+ "id": "ISO-27001-2022-A.8.28",
74411
+ "framework": "ISO/IEC 27001:2022",
74412
+ "control_name": "Secure coding"
74413
+ },
74414
+ {
74415
+ "id": "ISO-IEC-23894-2023-clause-7",
74416
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
74417
+ "control_name": "AI risk management process"
74418
+ },
74419
+ {
74420
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
74421
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
74422
+ "control_name": "AI risk assessment"
74423
+ },
74424
+ {
74425
+ "id": "NIST-800-218-SSDF",
74426
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
74427
+ "control_name": "Secure Software Development Framework"
74428
+ },
74429
+ {
74430
+ "id": "NIST-800-53-AC-2",
74431
+ "framework": "NIST SP 800-53 Rev 5",
74432
+ "control_name": "Account Management"
74433
+ },
74434
+ {
74435
+ "id": "NIST-800-53-CM-7",
74436
+ "framework": "NIST SP 800-53 Rev 5",
74437
+ "control_name": "Least Functionality"
74438
+ },
74439
+ {
74440
+ "id": "NIST-800-53-SI-12",
74441
+ "framework": "NIST SP 800-53 Rev 5",
74442
+ "control_name": "Information Management and Retention"
74443
+ },
74444
+ {
74445
+ "id": "NIST-800-53-SI-3",
74446
+ "framework": "NIST SP 800-53 Rev 5",
74447
+ "control_name": "Malicious Code Protection"
74448
+ },
74449
+ {
74450
+ "id": "NIST-AI-RMF-MEASURE-2.5",
74451
+ "framework": "NIST AI RMF 1.0",
74452
+ "control_name": "AI system to human interaction evaluation"
74453
+ },
74454
+ {
74455
+ "id": "OWASP-ASVS-v5.0-V14",
74456
+ "framework": "OWASP ASVS v5.0",
74457
+ "control_name": "Configuration verification"
74458
+ },
74459
+ {
74460
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
74461
+ "framework": "OWASP Top 10 for LLM Applications 2025",
74462
+ "control_name": "Prompt Injection"
74463
+ },
74464
+ {
74465
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
74466
+ "framework": "OWASP Top 10 for LLM Applications 2025",
74467
+ "control_name": "Sensitive Information Disclosure"
74468
+ },
74469
+ {
74470
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
74471
+ "framework": "OWASP Top 10 for LLM Applications 2025",
74472
+ "control_name": "Vector and Embedding Weaknesses"
74473
+ },
74474
+ {
74475
+ "id": "SLSA-v1.0-Build-L3",
74476
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
74477
+ "control_name": "Hardened build platform with non-falsifiable provenance"
74478
+ },
74479
+ {
74480
+ "id": "SOC2-CC6-logical-access",
74481
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
74482
+ "control_name": "Logical and Physical Access Controls"
74483
+ }
74484
+ ],
74485
+ "attack_refs": [
74486
+ "T1059",
74487
+ "T1068",
74488
+ "T1078",
74489
+ "T1190",
74490
+ "T1505",
74491
+ "T1565",
74492
+ "T1566",
74493
+ "T1567",
74494
+ "T1610",
74495
+ "T1611"
74496
+ ],
74497
+ "rfc_refs": [
74498
+ "RFC-6749",
74499
+ "RFC-7519",
74500
+ "RFC-8032",
74501
+ "RFC-8446",
74502
+ "RFC-8725",
74503
+ "RFC-9114",
74504
+ "RFC-9421",
74505
+ "RFC-9700"
74506
+ ]
74507
+ }
74508
+ },
74509
+ "CVE-2025-10164": {
74510
+ "name": "SGLang update_weights_from_tensor Unsafe Deserialization RCE",
74511
+ "rwep": 25,
74512
+ "cvss": 7.3,
74513
+ "cisa_kev": false,
74514
+ "epss_score": 0.00111,
74515
+ "referencing_skills": [
74516
+ "kernel-lpe-triage",
74517
+ "ai-attack-surface",
74518
+ "compliance-theater",
74519
+ "rag-pipeline-security",
74520
+ "threat-modeling-methodology",
74521
+ "webapp-security",
74522
+ "api-security",
74523
+ "container-runtime-security"
74524
+ ],
74525
+ "chain": {
74526
+ "cwes": [
74527
+ {
74528
+ "id": "CWE-1039",
74529
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
74530
+ "category": "AI/ML"
74531
+ },
74532
+ {
74533
+ "id": "CWE-1188",
74534
+ "name": "Initialization of a Resource with an Insecure Default",
74535
+ "category": "Configuration"
74536
+ },
74537
+ {
74538
+ "id": "CWE-125",
74539
+ "name": "Out-of-bounds Read",
74540
+ "category": "Memory Safety"
74541
+ },
74542
+ {
74543
+ "id": "CWE-1395",
74544
+ "name": "Dependency on Vulnerable Third-Party Component",
74545
+ "category": "Supply Chain"
74546
+ },
74547
+ {
74548
+ "id": "CWE-1426",
74549
+ "name": "Improper Validation of Generative AI Output",
74550
+ "category": "AI/ML"
74551
+ },
74552
+ {
74553
+ "id": "CWE-200",
74554
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
74555
+ "category": "Information Exposure"
74556
+ },
74557
+ {
74558
+ "id": "CWE-22",
74559
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
74560
+ "category": "Path/Resource"
74561
+ },
74562
+ {
74563
+ "id": "CWE-269",
74564
+ "name": "Improper Privilege Management",
74565
+ "category": "Authorization"
74566
+ },
74567
+ {
74568
+ "id": "CWE-287",
74569
+ "name": "Improper Authentication",
74570
+ "category": "Authentication"
74571
+ },
74572
+ {
74573
+ "id": "CWE-352",
74574
+ "name": "Cross-Site Request Forgery (CSRF)",
74575
+ "category": "Session"
74576
+ },
74577
+ {
74578
+ "id": "CWE-362",
74579
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
74580
+ "category": "Concurrency"
74581
+ },
74582
+ {
74583
+ "id": "CWE-416",
74584
+ "name": "Use After Free",
74585
+ "category": "Memory Safety"
74586
+ },
74587
+ {
74588
+ "id": "CWE-434",
74589
+ "name": "Unrestricted Upload of File with Dangerous Type",
74590
+ "category": "File Handling"
74591
+ },
74592
+ {
74593
+ "id": "CWE-502",
74594
+ "name": "Deserialization of Untrusted Data",
74595
+ "category": "Serialization"
74596
+ },
74597
+ {
74598
+ "id": "CWE-672",
74599
+ "name": "Operation on a Resource after Expiration or Release",
74600
+ "category": "Memory Safety"
74601
+ },
74602
+ {
74603
+ "id": "CWE-732",
74604
+ "name": "Incorrect Permission Assignment for Critical Resource",
74605
+ "category": "Authorization"
74606
+ },
74607
+ {
74608
+ "id": "CWE-77",
74609
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
74610
+ "category": "Injection"
74611
+ },
74612
+ {
74613
+ "id": "CWE-78",
74614
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
74615
+ "category": "Injection"
74616
+ },
74617
+ {
74618
+ "id": "CWE-787",
74619
+ "name": "Out-of-bounds Write",
74620
+ "category": "Memory Safety"
74621
+ },
74622
+ {
74623
+ "id": "CWE-79",
74624
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
74625
+ "category": "Injection"
74626
+ },
74627
+ {
74628
+ "id": "CWE-862",
74629
+ "name": "Missing Authorization",
74630
+ "category": "Authorization"
74631
+ },
74632
+ {
74633
+ "id": "CWE-863",
74634
+ "name": "Incorrect Authorization",
74635
+ "category": "Authorization"
74636
+ },
74637
+ {
74638
+ "id": "CWE-89",
74639
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
74640
+ "category": "Injection"
74641
+ },
74642
+ {
74643
+ "id": "CWE-918",
74644
+ "name": "Server-Side Request Forgery (SSRF)",
74645
+ "category": "Network"
74646
+ },
74647
+ {
74648
+ "id": "CWE-94",
74649
+ "name": "Improper Control of Generation of Code (Code Injection)",
74650
+ "category": "Injection"
74651
+ }
74652
+ ],
74653
+ "atlas": [
74654
+ {
74655
+ "id": "AML.T0010",
74656
+ "name": "ML Supply Chain Compromise",
74657
+ "tactic": "Initial Access"
74658
+ },
74659
+ {
74660
+ "id": "AML.T0016",
74661
+ "name": "Obtain Capabilities: Develop Capabilities",
74662
+ "tactic": "Resource Development"
74663
+ },
74664
+ {
74665
+ "id": "AML.T0017",
74666
+ "name": "Discover ML Model Ontology",
74667
+ "tactic": "Discovery"
74668
+ },
74669
+ {
74670
+ "id": "AML.T0018",
74671
+ "name": "Backdoor ML Model",
74672
+ "tactic": "Persistence"
74673
+ },
74674
+ {
74675
+ "id": "AML.T0020",
74676
+ "name": "Poison Training Data",
74677
+ "tactic": "ML Attack Staging"
74678
+ },
74679
+ {
74680
+ "id": "AML.T0043",
74681
+ "name": "Craft Adversarial Data",
74682
+ "tactic": "ML Attack Staging"
74683
+ },
74684
+ {
74685
+ "id": "AML.T0051",
74686
+ "name": "LLM Prompt Injection",
74687
+ "tactic": "Execution"
74688
+ },
74689
+ {
74690
+ "id": "AML.T0054",
74691
+ "name": "LLM Jailbreak",
74692
+ "tactic": "Defense Evasion"
74693
+ },
74694
+ {
74695
+ "id": "AML.T0096",
74696
+ "name": "AI API as Covert C2 Channel",
74697
+ "tactic": "Command and Control"
74698
+ }
74699
+ ],
74700
+ "d3fend": [
74701
+ {
74702
+ "id": "D3-ASLR",
74703
+ "name": "Address Space Layout Randomization",
74704
+ "tactic": "Harden"
74705
+ },
74706
+ {
74707
+ "id": "D3-CSPP",
74708
+ "name": "Client-server Payload Profiling",
74709
+ "tactic": "Detect"
74710
+ },
74711
+ {
74712
+ "id": "D3-EAL",
74713
+ "name": "Executable Allowlisting",
74714
+ "tactic": "Harden"
74715
+ },
74716
+ {
74717
+ "id": "D3-IOPR",
74718
+ "name": "Input/Output Profiling Resource",
74719
+ "tactic": "Detect"
74720
+ },
74721
+ {
74722
+ "id": "D3-NTA",
74723
+ "name": "Network Traffic Analysis",
74724
+ "tactic": "Detect"
74725
+ },
74726
+ {
74727
+ "id": "D3-PHRA",
74728
+ "name": "Process Hardware Resource Access",
74729
+ "tactic": "Isolate"
74730
+ },
74731
+ {
74732
+ "id": "D3-PSEP",
74733
+ "name": "Process Segment Execution Prevention",
74734
+ "tactic": "Harden"
74735
+ }
74736
+ ],
74737
+ "framework_gaps": [
74738
+ {
74739
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
74740
+ "framework": "ALL",
74741
+ "control_name": "AI Pipeline Integrity"
74742
+ },
74743
+ {
74744
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
74745
+ "framework": "ALL",
74746
+ "control_name": "Prompt Injection as Access Control Failure"
74747
+ },
74748
+ {
74749
+ "id": "CIS-Controls-v8-Control7",
74750
+ "framework": "CIS Controls v8",
74751
+ "control_name": "Continuous Vulnerability Management"
74752
+ },
74753
+ {
74754
+ "id": "CMMC-2.0-Level-2",
74755
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
74756
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
74757
+ },
74758
+ {
74759
+ "id": "FedRAMP-Rev5-Moderate",
74760
+ "framework": "FedRAMP Rev 5 Moderate",
74761
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
74762
+ },
74763
+ {
74764
+ "id": "ISO-27001-2022-A.8.28",
74765
+ "framework": "ISO/IEC 27001:2022",
74766
+ "control_name": "Secure coding"
74767
+ },
74768
+ {
74769
+ "id": "ISO-27001-2022-A.8.8",
74770
+ "framework": "ISO/IEC 27001:2022",
74771
+ "control_name": "Management of technical vulnerabilities"
74772
+ },
74773
+ {
74774
+ "id": "ISO-IEC-23894-2023-clause-7",
74775
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
74776
+ "control_name": "AI risk management process"
74777
+ },
74778
+ {
74779
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
74780
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
74781
+ "control_name": "AI risk assessment"
74782
+ },
74783
+ {
74784
+ "id": "NIS2-Art21-patch-management",
74785
+ "framework": "EU NIS2 Directive",
74786
+ "control_name": "Vulnerability handling and disclosure"
74787
+ },
74788
+ {
74789
+ "id": "NIST-800-218-SSDF",
74790
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
74791
+ "control_name": "Secure Software Development Framework"
74792
+ },
74793
+ {
74794
+ "id": "NIST-800-53-AC-2",
74795
+ "framework": "NIST SP 800-53 Rev 5",
74796
+ "control_name": "Account Management"
74797
+ },
74798
+ {
74799
+ "id": "NIST-800-53-CM-7",
74800
+ "framework": "NIST SP 800-53 Rev 5",
74801
+ "control_name": "Least Functionality"
74802
+ },
74803
+ {
74804
+ "id": "NIST-800-53-SC-8",
74805
+ "framework": "NIST SP 800-53 Rev 5",
74806
+ "control_name": "Transmission Confidentiality and Integrity"
74807
+ },
74808
+ {
74809
+ "id": "NIST-800-53-SI-12",
74810
+ "framework": "NIST SP 800-53 Rev 5",
74811
+ "control_name": "Information Management and Retention"
74812
+ },
74813
+ {
74814
+ "id": "NIST-800-53-SI-2",
74815
+ "framework": "NIST SP 800-53 Rev 5",
74816
+ "control_name": "Flaw Remediation"
74817
+ },
74818
+ {
74819
+ "id": "NIST-800-53-SI-3",
74820
+ "framework": "NIST SP 800-53 Rev 5",
74821
+ "control_name": "Malicious Code Protection"
74822
+ },
74823
+ {
74824
+ "id": "NIST-AI-RMF-MEASURE-2.5",
74825
+ "framework": "NIST AI RMF 1.0",
74826
+ "control_name": "AI system to human interaction evaluation"
74827
+ },
74828
+ {
74829
+ "id": "OWASP-ASVS-v5.0-V14",
74830
+ "framework": "OWASP ASVS v5.0",
74831
+ "control_name": "Configuration verification"
74832
+ },
74833
+ {
74834
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
74835
+ "framework": "OWASP Top 10 for LLM Applications 2025",
74836
+ "control_name": "Prompt Injection"
74837
+ },
74838
+ {
74839
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
74840
+ "framework": "OWASP Top 10 for LLM Applications 2025",
74841
+ "control_name": "Sensitive Information Disclosure"
74842
+ },
74843
+ {
74844
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
74845
+ "framework": "OWASP Top 10 for LLM Applications 2025",
74846
+ "control_name": "Vector and Embedding Weaknesses"
74847
+ },
74848
+ {
74849
+ "id": "PCI-DSS-4.0-6.3.3",
74850
+ "framework": "PCI DSS 4.0",
74851
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
74852
+ },
74853
+ {
74854
+ "id": "SLSA-v1.0-Build-L3",
74855
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
74856
+ "control_name": "Hardened build platform with non-falsifiable provenance"
74857
+ },
74858
+ {
74859
+ "id": "SOC2-CC6-logical-access",
74860
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
74861
+ "control_name": "Logical and Physical Access Controls"
74862
+ }
74863
+ ],
74864
+ "attack_refs": [
74865
+ "T1059",
74866
+ "T1068",
74867
+ "T1078",
74868
+ "T1190",
74869
+ "T1505",
74870
+ "T1548.001",
74871
+ "T1565",
74872
+ "T1566",
74873
+ "T1567",
74874
+ "T1610",
74875
+ "T1611"
74876
+ ],
74877
+ "rfc_refs": [
74878
+ "RFC-4301",
74879
+ "RFC-4303",
74880
+ "RFC-6749",
74881
+ "RFC-7296",
74882
+ "RFC-7519",
74883
+ "RFC-8032",
74884
+ "RFC-8446",
74885
+ "RFC-8725",
74886
+ "RFC-9114",
74887
+ "RFC-9421",
74888
+ "RFC-9700"
74889
+ ]
74890
+ }
74891
+ },
74892
+ "CVE-2026-5760": {
74893
+ "name": "SGLang /v1/rerank Malicious-Model Jinja2 Template-Injection RCE",
74894
+ "rwep": 29,
74895
+ "cvss": 9.8,
74896
+ "cisa_kev": false,
74897
+ "epss_score": 0.00353,
74898
+ "referencing_skills": [
74899
+ "ai-attack-surface",
74900
+ "compliance-theater",
74901
+ "rag-pipeline-security",
74902
+ "ai-c2-detection",
74903
+ "dlp-gap-analysis",
74904
+ "threat-modeling-methodology",
74905
+ "webapp-security",
74906
+ "api-security",
74907
+ "container-runtime-security"
74908
+ ],
74909
+ "chain": {
74910
+ "cwes": [
74911
+ {
74912
+ "id": "CWE-1039",
74913
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
74914
+ "category": "AI/ML"
74915
+ },
74916
+ {
74917
+ "id": "CWE-1188",
74918
+ "name": "Initialization of a Resource with an Insecure Default",
74919
+ "category": "Configuration"
74920
+ },
74921
+ {
74922
+ "id": "CWE-1395",
74923
+ "name": "Dependency on Vulnerable Third-Party Component",
74924
+ "category": "Supply Chain"
74925
+ },
74926
+ {
74927
+ "id": "CWE-1426",
74928
+ "name": "Improper Validation of Generative AI Output",
74929
+ "category": "AI/ML"
74930
+ },
74931
+ {
74932
+ "id": "CWE-200",
74933
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
74934
+ "category": "Information Exposure"
74935
+ },
74936
+ {
74937
+ "id": "CWE-22",
74938
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
74939
+ "category": "Path/Resource"
74940
+ },
74941
+ {
74942
+ "id": "CWE-269",
74943
+ "name": "Improper Privilege Management",
74944
+ "category": "Authorization"
74945
+ },
74946
+ {
74947
+ "id": "CWE-287",
74948
+ "name": "Improper Authentication",
74949
+ "category": "Authentication"
74950
+ },
74951
+ {
74952
+ "id": "CWE-352",
74953
+ "name": "Cross-Site Request Forgery (CSRF)",
74954
+ "category": "Session"
74955
+ },
74956
+ {
74957
+ "id": "CWE-434",
74958
+ "name": "Unrestricted Upload of File with Dangerous Type",
74959
+ "category": "File Handling"
74960
+ },
74961
+ {
74962
+ "id": "CWE-502",
74963
+ "name": "Deserialization of Untrusted Data",
74964
+ "category": "Serialization"
74965
+ },
74966
+ {
74967
+ "id": "CWE-732",
74968
+ "name": "Incorrect Permission Assignment for Critical Resource",
74969
+ "category": "Authorization"
74970
+ },
74971
+ {
74972
+ "id": "CWE-77",
74973
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
74974
+ "category": "Injection"
74975
+ },
74976
+ {
74977
+ "id": "CWE-78",
74978
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
74979
+ "category": "Injection"
74980
+ },
74981
+ {
74982
+ "id": "CWE-787",
74983
+ "name": "Out-of-bounds Write",
74984
+ "category": "Memory Safety"
74985
+ },
74986
+ {
74987
+ "id": "CWE-79",
74988
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
74989
+ "category": "Injection"
74990
+ },
74991
+ {
74992
+ "id": "CWE-862",
74993
+ "name": "Missing Authorization",
74994
+ "category": "Authorization"
74995
+ },
74996
+ {
74997
+ "id": "CWE-863",
74998
+ "name": "Incorrect Authorization",
74999
+ "category": "Authorization"
75000
+ },
75001
+ {
75002
+ "id": "CWE-89",
75003
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
75004
+ "category": "Injection"
75005
+ },
75006
+ {
75007
+ "id": "CWE-918",
75008
+ "name": "Server-Side Request Forgery (SSRF)",
75009
+ "category": "Network"
75010
+ },
75011
+ {
75012
+ "id": "CWE-94",
75013
+ "name": "Improper Control of Generation of Code (Code Injection)",
75014
+ "category": "Injection"
75015
+ }
75016
+ ],
75017
+ "atlas": [
75018
+ {
75019
+ "id": "AML.T0010",
75020
+ "name": "ML Supply Chain Compromise",
75021
+ "tactic": "Initial Access"
75022
+ },
75023
+ {
75024
+ "id": "AML.T0016",
75025
+ "name": "Obtain Capabilities: Develop Capabilities",
75026
+ "tactic": "Resource Development"
75027
+ },
75028
+ {
75029
+ "id": "AML.T0017",
75030
+ "name": "Discover ML Model Ontology",
75031
+ "tactic": "Discovery"
75032
+ },
75033
+ {
75034
+ "id": "AML.T0018",
75035
+ "name": "Backdoor ML Model",
75036
+ "tactic": "Persistence"
75037
+ },
75038
+ {
75039
+ "id": "AML.T0020",
75040
+ "name": "Poison Training Data",
75041
+ "tactic": "ML Attack Staging"
75042
+ },
75043
+ {
75044
+ "id": "AML.T0043",
75045
+ "name": "Craft Adversarial Data",
75046
+ "tactic": "ML Attack Staging"
75047
+ },
75048
+ {
75049
+ "id": "AML.T0051",
75050
+ "name": "LLM Prompt Injection",
75051
+ "tactic": "Execution"
75052
+ },
75053
+ {
75054
+ "id": "AML.T0054",
75055
+ "name": "LLM Jailbreak",
75056
+ "tactic": "Defense Evasion"
75057
+ },
75058
+ {
75059
+ "id": "AML.T0096",
75060
+ "name": "AI API as Covert C2 Channel",
75061
+ "tactic": "Command and Control"
75062
+ }
75063
+ ],
75064
+ "d3fend": [
75065
+ {
75066
+ "id": "D3-CA",
75067
+ "name": "Certificate Analysis",
75068
+ "tactic": "Detect"
75069
+ },
75070
+ {
75071
+ "id": "D3-CSPP",
75072
+ "name": "Client-server Payload Profiling",
75073
+ "tactic": "Detect"
75074
+ },
75075
+ {
75076
+ "id": "D3-DA",
75077
+ "name": "Domain Analysis",
75078
+ "tactic": "Detect"
75079
+ },
75080
+ {
75081
+ "id": "D3-EAL",
75082
+ "name": "Executable Allowlisting",
75083
+ "tactic": "Harden"
75084
+ },
75085
+ {
75086
+ "id": "D3-IOPR",
75087
+ "name": "Input/Output Profiling Resource",
75088
+ "tactic": "Detect"
75089
+ },
75090
+ {
75091
+ "id": "D3-NI",
75092
+ "name": "Network Isolation",
75093
+ "tactic": "Isolate"
75094
+ },
75095
+ {
75096
+ "id": "D3-NTA",
75097
+ "name": "Network Traffic Analysis",
75098
+ "tactic": "Detect"
75099
+ },
75100
+ {
75101
+ "id": "D3-NTPM",
75102
+ "name": "Network Traffic Policy Mapping",
75103
+ "tactic": "Model"
75104
+ }
75105
+ ],
75106
+ "framework_gaps": [
75107
+ {
75108
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
75109
+ "framework": "ALL",
75110
+ "control_name": "AI Pipeline Integrity"
75111
+ },
75112
+ {
75113
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
75114
+ "framework": "ALL",
75115
+ "control_name": "Prompt Injection as Access Control Failure"
75116
+ },
75117
+ {
75118
+ "id": "CMMC-2.0-Level-2",
75119
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
75120
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
75121
+ },
75122
+ {
75123
+ "id": "FedRAMP-Rev5-Moderate",
75124
+ "framework": "FedRAMP Rev 5 Moderate",
75125
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
75126
+ },
75127
+ {
75128
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
75129
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
75130
+ "control_name": "Access control standard (technical safeguards)"
75131
+ },
75132
+ {
75133
+ "id": "ISO-27001-2022-A.8.16",
75134
+ "framework": "ISO/IEC 27001:2022",
75135
+ "control_name": "Monitoring activities"
75136
+ },
75137
+ {
75138
+ "id": "ISO-27001-2022-A.8.28",
75139
+ "framework": "ISO/IEC 27001:2022",
75140
+ "control_name": "Secure coding"
75141
+ },
75142
+ {
75143
+ "id": "ISO-IEC-23894-2023-clause-7",
75144
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
75145
+ "control_name": "AI risk management process"
75146
+ },
75147
+ {
75148
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
75149
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
75150
+ "control_name": "AI risk assessment"
75151
+ },
75152
+ {
75153
+ "id": "NIST-800-218-SSDF",
75154
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
75155
+ "control_name": "Secure Software Development Framework"
75156
+ },
75157
+ {
75158
+ "id": "NIST-800-53-AC-2",
75159
+ "framework": "NIST SP 800-53 Rev 5",
75160
+ "control_name": "Account Management"
75161
+ },
75162
+ {
75163
+ "id": "NIST-800-53-CM-7",
75164
+ "framework": "NIST SP 800-53 Rev 5",
75165
+ "control_name": "Least Functionality"
75166
+ },
75167
+ {
75168
+ "id": "NIST-800-53-SC-28",
75169
+ "framework": "NIST SP 800-53 Rev 5",
75170
+ "control_name": "Protection of Information at Rest"
75171
+ },
75172
+ {
75173
+ "id": "NIST-800-53-SC-7",
75174
+ "framework": "NIST SP 800-53 Rev 5",
75175
+ "control_name": "Boundary Protection"
75176
+ },
75177
+ {
75178
+ "id": "NIST-800-53-SI-12",
75179
+ "framework": "NIST SP 800-53 Rev 5",
75180
+ "control_name": "Information Management and Retention"
75181
+ },
75182
+ {
75183
+ "id": "NIST-800-53-SI-3",
75184
+ "framework": "NIST SP 800-53 Rev 5",
75185
+ "control_name": "Malicious Code Protection"
75186
+ },
75187
+ {
75188
+ "id": "NIST-AI-RMF-MEASURE-2.5",
75189
+ "framework": "NIST AI RMF 1.0",
75190
+ "control_name": "AI system to human interaction evaluation"
75191
+ },
75192
+ {
75193
+ "id": "OWASP-ASVS-v5.0-V14",
75194
+ "framework": "OWASP ASVS v5.0",
75195
+ "control_name": "Configuration verification"
75196
+ },
75197
+ {
75198
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
75199
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75200
+ "control_name": "Prompt Injection"
75201
+ },
75202
+ {
75203
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
75204
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75205
+ "control_name": "Sensitive Information Disclosure"
75206
+ },
75207
+ {
75208
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
75209
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75210
+ "control_name": "Vector and Embedding Weaknesses"
75211
+ },
75212
+ {
75213
+ "id": "SLSA-v1.0-Build-L3",
75214
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
75215
+ "control_name": "Hardened build platform with non-falsifiable provenance"
75216
+ },
75217
+ {
75218
+ "id": "SOC2-CC6-logical-access",
75219
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
75220
+ "control_name": "Logical and Physical Access Controls"
75221
+ },
75222
+ {
75223
+ "id": "SOC2-CC7-anomaly-detection",
75224
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
75225
+ "control_name": "System Operations — Threat and Vulnerability Management"
75226
+ }
75227
+ ],
75228
+ "attack_refs": [
75229
+ "T1041",
75230
+ "T1059",
75231
+ "T1068",
75232
+ "T1071",
75233
+ "T1078",
75234
+ "T1102",
75235
+ "T1190",
75236
+ "T1213",
75237
+ "T1505",
75238
+ "T1530",
75239
+ "T1565",
75240
+ "T1566",
75241
+ "T1567",
75242
+ "T1568",
75243
+ "T1610",
75244
+ "T1611"
75245
+ ],
75246
+ "rfc_refs": [
75247
+ "RFC-6749",
75248
+ "RFC-7519",
75249
+ "RFC-8032",
75250
+ "RFC-8446",
75251
+ "RFC-8725",
75252
+ "RFC-9000",
75253
+ "RFC-9114",
75254
+ "RFC-9180",
75255
+ "RFC-9421",
75256
+ "RFC-9458",
75257
+ "RFC-9700"
75258
+ ]
75259
+ }
75260
+ },
74201
75261
  "CWE-20": {
74202
75262
  "name": "Improper Input Validation",
74203
75263
  "category": "Validation",
@@ -74503,6 +75563,7 @@
74503
75563
  "CVE-2024-6587",
74504
75564
  "CVE-2024-9526",
74505
75565
  "CVE-2025-0133",
75566
+ "CVE-2025-10164",
74506
75567
  "CVE-2025-10585",
74507
75568
  "CVE-2025-1094",
74508
75569
  "CVE-2025-14174",
@@ -74523,6 +75584,7 @@
74523
75584
  "CVE-2025-43300",
74524
75585
  "CVE-2025-49596",
74525
75586
  "CVE-2025-49844",
75587
+ "CVE-2025-51480",
74526
75588
  "CVE-2025-53773",
74527
75589
  "CVE-2025-54136",
74528
75590
  "CVE-2025-60455",
@@ -74564,6 +75626,7 @@
74564
75626
  "CVE-2026-45829",
74565
75627
  "CVE-2026-46300",
74566
75628
  "CVE-2026-46333",
75629
+ "CVE-2026-5760",
74567
75630
  "CVE-2026-9082",
74568
75631
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
74569
75632
  "MAL-2026-3083",
@@ -74758,11 +75821,13 @@
74758
75821
  "CVE-2024-5565",
74759
75822
  "CVE-2024-9526",
74760
75823
  "CVE-2025-0133",
75824
+ "CVE-2025-10164",
74761
75825
  "CVE-2025-1094",
74762
75826
  "CVE-2025-27520",
74763
75827
  "CVE-2025-3248",
74764
75828
  "CVE-2025-3466",
74765
75829
  "CVE-2025-49844",
75830
+ "CVE-2025-51480",
74766
75831
  "CVE-2025-53773",
74767
75832
  "CVE-2025-6965",
74768
75833
  "CVE-2026-22218",
@@ -74774,6 +75839,7 @@
74774
75839
  "CVE-2026-39884",
74775
75840
  "CVE-2026-42208",
74776
75841
  "CVE-2026-45321",
75842
+ "CVE-2026-5760",
74777
75843
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
74778
75844
  "MAL-2026-3083",
74779
75845
  "MAL-2026-NODE-IPC-STEALER"
@@ -74943,6 +76009,7 @@
74943
76009
  "CVE-2024-6587",
74944
76010
  "CVE-2024-9526",
74945
76011
  "CVE-2025-0133",
76012
+ "CVE-2025-10164",
74946
76013
  "CVE-2025-10585",
74947
76014
  "CVE-2025-1094",
74948
76015
  "CVE-2025-14174",
@@ -74962,6 +76029,7 @@
74962
76029
  "CVE-2025-38352",
74963
76030
  "CVE-2025-43300",
74964
76031
  "CVE-2025-49596",
76032
+ "CVE-2025-51480",
74965
76033
  "CVE-2025-54136",
74966
76034
  "CVE-2025-60455",
74967
76035
  "CVE-2025-64496",
@@ -75001,6 +76069,7 @@
75001
76069
  "CVE-2026-45829",
75002
76070
  "CVE-2026-46300",
75003
76071
  "CVE-2026-46333",
76072
+ "CVE-2026-5760",
75004
76073
  "CVE-2026-9082",
75005
76074
  "MAL-2026-3083",
75006
76075
  "MAL-2026-NODE-IPC-STEALER"
@@ -75159,6 +76228,7 @@
75159
76228
  "CVE-2024-6587",
75160
76229
  "CVE-2024-9526",
75161
76230
  "CVE-2025-0133",
76231
+ "CVE-2025-10164",
75162
76232
  "CVE-2025-10585",
75163
76233
  "CVE-2025-1094",
75164
76234
  "CVE-2025-14174",
@@ -75178,6 +76248,7 @@
75178
76248
  "CVE-2025-38352",
75179
76249
  "CVE-2025-43300",
75180
76250
  "CVE-2025-49596",
76251
+ "CVE-2025-51480",
75181
76252
  "CVE-2025-54136",
75182
76253
  "CVE-2025-60455",
75183
76254
  "CVE-2025-64496",
@@ -75217,6 +76288,7 @@
75217
76288
  "CVE-2026-45829",
75218
76289
  "CVE-2026-46300",
75219
76290
  "CVE-2026-46333",
76291
+ "CVE-2026-5760",
75220
76292
  "CVE-2026-9082",
75221
76293
  "MAL-2026-3083",
75222
76294
  "MAL-2026-NODE-IPC-STEALER"
@@ -75389,6 +76461,7 @@
75389
76461
  "CVE-2024-6587",
75390
76462
  "CVE-2024-9526",
75391
76463
  "CVE-2025-0133",
76464
+ "CVE-2025-10164",
75392
76465
  "CVE-2025-10585",
75393
76466
  "CVE-2025-1094",
75394
76467
  "CVE-2025-14174",
@@ -75408,6 +76481,7 @@
75408
76481
  "CVE-2025-38352",
75409
76482
  "CVE-2025-43300",
75410
76483
  "CVE-2025-49596",
76484
+ "CVE-2025-51480",
75411
76485
  "CVE-2025-54136",
75412
76486
  "CVE-2025-60455",
75413
76487
  "CVE-2025-64496",
@@ -75447,6 +76521,7 @@
75447
76521
  "CVE-2026-45829",
75448
76522
  "CVE-2026-46300",
75449
76523
  "CVE-2026-46333",
76524
+ "CVE-2026-5760",
75450
76525
  "CVE-2026-9082",
75451
76526
  "MAL-2026-3083",
75452
76527
  "MAL-2026-NODE-IPC-STEALER"
@@ -75731,6 +76806,7 @@
75731
76806
  "CVE-2024-6587",
75732
76807
  "CVE-2024-9526",
75733
76808
  "CVE-2025-0133",
76809
+ "CVE-2025-10164",
75734
76810
  "CVE-2025-1094",
75735
76811
  "CVE-2025-11837",
75736
76812
  "CVE-2025-1550",
@@ -75750,6 +76826,7 @@
75750
76826
  "CVE-2025-3466",
75751
76827
  "CVE-2025-49596",
75752
76828
  "CVE-2025-49844",
76829
+ "CVE-2025-51480",
75753
76830
  "CVE-2025-53773",
75754
76831
  "CVE-2025-54136",
75755
76832
  "CVE-2025-56520",
@@ -75793,6 +76870,7 @@
75793
76870
  "CVE-2026-42208",
75794
76871
  "CVE-2026-45321",
75795
76872
  "CVE-2026-45829",
76873
+ "CVE-2026-5760",
75796
76874
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
75797
76875
  "MAL-2026-3083",
75798
76876
  "MAL-2026-NODE-IPC-STEALER"
@@ -76036,6 +77114,7 @@
76036
77114
  "CVE-2024-8068",
76037
77115
  "CVE-2024-8069",
76038
77116
  "CVE-2025-10035",
77117
+ "CVE-2025-10164",
76039
77118
  "CVE-2025-10585",
76040
77119
  "CVE-2025-1094",
76041
77120
  "CVE-2025-11371",
@@ -76513,6 +77592,7 @@
76513
77592
  "CVE-2024-5565",
76514
77593
  "CVE-2024-9526",
76515
77594
  "CVE-2025-0133",
77595
+ "CVE-2025-10164",
76516
77596
  "CVE-2025-1094",
76517
77597
  "CVE-2025-14847",
76518
77598
  "CVE-2025-22226",
@@ -76524,6 +77604,7 @@
76524
77604
  "CVE-2025-3248",
76525
77605
  "CVE-2025-3466",
76526
77606
  "CVE-2025-49844",
77607
+ "CVE-2025-51480",
76527
77608
  "CVE-2025-53767",
76528
77609
  "CVE-2025-53773",
76529
77610
  "CVE-2025-56520",
@@ -76543,6 +77624,7 @@
76543
77624
  "CVE-2026-42897",
76544
77625
  "CVE-2026-43284",
76545
77626
  "CVE-2026-45321",
77627
+ "CVE-2026-5760",
76546
77628
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
76547
77629
  "MAL-2026-3083",
76548
77630
  "MAL-2026-NODE-IPC-STEALER"
@@ -76919,6 +78001,7 @@
76919
78001
  "CVE-2024-6587",
76920
78002
  "CVE-2024-9526",
76921
78003
  "CVE-2025-0133",
78004
+ "CVE-2025-10164",
76922
78005
  "CVE-2025-10585",
76923
78006
  "CVE-2025-1094",
76924
78007
  "CVE-2025-14174",
@@ -76939,6 +78022,7 @@
76939
78022
  "CVE-2025-43300",
76940
78023
  "CVE-2025-49596",
76941
78024
  "CVE-2025-49844",
78025
+ "CVE-2025-51480",
76942
78026
  "CVE-2025-53773",
76943
78027
  "CVE-2025-54136",
76944
78028
  "CVE-2025-60455",
@@ -76980,6 +78064,7 @@
76980
78064
  "CVE-2026-45829",
76981
78065
  "CVE-2026-46300",
76982
78066
  "CVE-2026-46333",
78067
+ "CVE-2026-5760",
76983
78068
  "CVE-2026-9082",
76984
78069
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
76985
78070
  "MAL-2026-3083",
@@ -77574,6 +78659,7 @@
77574
78659
  "CVE-2024-6587",
77575
78660
  "CVE-2024-9526",
77576
78661
  "CVE-2025-0133",
78662
+ "CVE-2025-10164",
77577
78663
  "CVE-2025-10585",
77578
78664
  "CVE-2025-1094",
77579
78665
  "CVE-2025-14174",
@@ -77594,6 +78680,7 @@
77594
78680
  "CVE-2025-43300",
77595
78681
  "CVE-2025-49596",
77596
78682
  "CVE-2025-49844",
78683
+ "CVE-2025-51480",
77597
78684
  "CVE-2025-53773",
77598
78685
  "CVE-2025-54136",
77599
78686
  "CVE-2025-60455",
@@ -77635,6 +78722,7 @@
77635
78722
  "CVE-2026-45829",
77636
78723
  "CVE-2026-46300",
77637
78724
  "CVE-2026-46333",
78725
+ "CVE-2026-5760",
77638
78726
  "CVE-2026-9082",
77639
78727
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
77640
78728
  "MAL-2026-3083",
@@ -78585,6 +79673,7 @@
78585
79673
  "CVE-2024-6587",
78586
79674
  "CVE-2024-9526",
78587
79675
  "CVE-2025-0133",
79676
+ "CVE-2025-10164",
78588
79677
  "CVE-2025-10585",
78589
79678
  "CVE-2025-1094",
78590
79679
  "CVE-2025-14174",
@@ -78605,6 +79694,7 @@
78605
79694
  "CVE-2025-43300",
78606
79695
  "CVE-2025-49596",
78607
79696
  "CVE-2025-49844",
79697
+ "CVE-2025-51480",
78608
79698
  "CVE-2025-53773",
78609
79699
  "CVE-2025-54136",
78610
79700
  "CVE-2025-60455",
@@ -78646,6 +79736,7 @@
78646
79736
  "CVE-2026-45829",
78647
79737
  "CVE-2026-46300",
78648
79738
  "CVE-2026-46333",
79739
+ "CVE-2026-5760",
78649
79740
  "CVE-2026-9082",
78650
79741
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
78651
79742
  "MAL-2026-3083",
@@ -78890,6 +79981,7 @@
78890
79981
  "CVE-2024-8068",
78891
79982
  "CVE-2024-8069",
78892
79983
  "CVE-2025-10035",
79984
+ "CVE-2025-10164",
78893
79985
  "CVE-2025-10585",
78894
79986
  "CVE-2025-1094",
78895
79987
  "CVE-2025-11371",
@@ -79352,6 +80444,7 @@
79352
80444
  "CVE-2024-8068",
79353
80445
  "CVE-2024-8069",
79354
80446
  "CVE-2025-10035",
80447
+ "CVE-2025-10164",
79355
80448
  "CVE-2025-10585",
79356
80449
  "CVE-2025-1094",
79357
80450
  "CVE-2025-11371",
@@ -79837,6 +80930,7 @@
79837
80930
  "CVE-2024-6587",
79838
80931
  "CVE-2024-9526",
79839
80932
  "CVE-2025-0133",
80933
+ "CVE-2025-10164",
79840
80934
  "CVE-2025-10585",
79841
80935
  "CVE-2025-1094",
79842
80936
  "CVE-2025-14174",
@@ -79857,6 +80951,7 @@
79857
80951
  "CVE-2025-43300",
79858
80952
  "CVE-2025-49596",
79859
80953
  "CVE-2025-49844",
80954
+ "CVE-2025-51480",
79860
80955
  "CVE-2025-53773",
79861
80956
  "CVE-2025-54136",
79862
80957
  "CVE-2025-60455",
@@ -79898,6 +80993,7 @@
79898
80993
  "CVE-2026-45829",
79899
80994
  "CVE-2026-46300",
79900
80995
  "CVE-2026-46333",
80996
+ "CVE-2026-5760",
79901
80997
  "CVE-2026-9082",
79902
80998
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
79903
80999
  "MAL-2026-3083",
@@ -80307,10 +81403,12 @@
80307
81403
  "CVE-2024-5565",
80308
81404
  "CVE-2024-9526",
80309
81405
  "CVE-2025-0133",
81406
+ "CVE-2025-10164",
80310
81407
  "CVE-2025-1094",
80311
81408
  "CVE-2025-27520",
80312
81409
  "CVE-2025-3248",
80313
81410
  "CVE-2025-3466",
81411
+ "CVE-2025-51480",
80314
81412
  "CVE-2025-6965",
80315
81413
  "CVE-2026-22218",
80316
81414
  "CVE-2026-30615",
@@ -80321,6 +81419,7 @@
80321
81419
  "CVE-2026-39884",
80322
81420
  "CVE-2026-42208",
80323
81421
  "CVE-2026-45321",
81422
+ "CVE-2026-5760",
80324
81423
  "MAL-2026-3083",
80325
81424
  "MAL-2026-NODE-IPC-STEALER",
80326
81425
  "MAL-2026-SHAI-HULUD-OSS"
@@ -80723,6 +81822,7 @@
80723
81822
  "CVE-2024-8068",
80724
81823
  "CVE-2024-8069",
80725
81824
  "CVE-2025-10035",
81825
+ "CVE-2025-10164",
80726
81826
  "CVE-2025-10585",
80727
81827
  "CVE-2025-1094",
80728
81828
  "CVE-2025-11371",
@@ -81272,6 +82372,7 @@
81272
82372
  "CVE-2024-6587",
81273
82373
  "CVE-2024-9526",
81274
82374
  "CVE-2025-0133",
82375
+ "CVE-2025-10164",
81275
82376
  "CVE-2025-10585",
81276
82377
  "CVE-2025-1094",
81277
82378
  "CVE-2025-14174",
@@ -81292,6 +82393,7 @@
81292
82393
  "CVE-2025-43300",
81293
82394
  "CVE-2025-49596",
81294
82395
  "CVE-2025-49844",
82396
+ "CVE-2025-51480",
81295
82397
  "CVE-2025-53773",
81296
82398
  "CVE-2025-54136",
81297
82399
  "CVE-2025-60455",
@@ -81333,6 +82435,7 @@
81333
82435
  "CVE-2026-45829",
81334
82436
  "CVE-2026-46300",
81335
82437
  "CVE-2026-46333",
82438
+ "CVE-2026-5760",
81336
82439
  "CVE-2026-9082",
81337
82440
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
81338
82441
  "MAL-2026-3083",
@@ -81666,6 +82769,7 @@
81666
82769
  "CVE-2024-9526",
81667
82770
  "CVE-2025-0133",
81668
82771
  "CVE-2025-10035",
82772
+ "CVE-2025-10164",
81669
82773
  "CVE-2025-10585",
81670
82774
  "CVE-2025-1094",
81671
82775
  "CVE-2025-11371",
@@ -81765,6 +82869,7 @@
81765
82869
  "CVE-2025-49706",
81766
82870
  "CVE-2025-49844",
81767
82871
  "CVE-2025-5086",
82872
+ "CVE-2025-51480",
81768
82873
  "CVE-2025-52691",
81769
82874
  "CVE-2025-53521",
81770
82875
  "CVE-2025-53690",
@@ -81907,6 +83012,7 @@
81907
83012
  "CVE-2026-46300",
81908
83013
  "CVE-2026-46333",
81909
83014
  "CVE-2026-5281",
83015
+ "CVE-2026-5760",
81910
83016
  "CVE-2026-6973",
81911
83017
  "CVE-2026-9082",
81912
83018
  "MAL-2026-3083",
@@ -82601,11 +83707,13 @@
82601
83707
  "CVE-2024-5565",
82602
83708
  "CVE-2024-9526",
82603
83709
  "CVE-2025-0133",
83710
+ "CVE-2025-10164",
82604
83711
  "CVE-2025-1094",
82605
83712
  "CVE-2025-27520",
82606
83713
  "CVE-2025-3248",
82607
83714
  "CVE-2025-3466",
82608
83715
  "CVE-2025-49844",
83716
+ "CVE-2025-51480",
82609
83717
  "CVE-2025-53773",
82610
83718
  "CVE-2025-6965",
82611
83719
  "CVE-2026-22218",
@@ -82617,6 +83725,7 @@
82617
83725
  "CVE-2026-39884",
82618
83726
  "CVE-2026-42208",
82619
83727
  "CVE-2026-45321",
83728
+ "CVE-2026-5760",
82620
83729
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
82621
83730
  "MAL-2026-3083",
82622
83731
  "MAL-2026-NODE-IPC-STEALER"
@@ -82901,10 +84010,12 @@
82901
84010
  "CVE-2024-5565",
82902
84011
  "CVE-2024-9526",
82903
84012
  "CVE-2025-0133",
84013
+ "CVE-2025-10164",
82904
84014
  "CVE-2025-1094",
82905
84015
  "CVE-2025-27520",
82906
84016
  "CVE-2025-3248",
82907
84017
  "CVE-2025-3466",
84018
+ "CVE-2025-51480",
82908
84019
  "CVE-2025-53773",
82909
84020
  "CVE-2025-6965",
82910
84021
  "CVE-2026-22218",
@@ -82916,6 +84027,7 @@
82916
84027
  "CVE-2026-39884",
82917
84028
  "CVE-2026-42208",
82918
84029
  "CVE-2026-45321",
84030
+ "CVE-2026-5760",
82919
84031
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
82920
84032
  "MAL-2026-3083",
82921
84033
  "MAL-2026-NODE-IPC-STEALER"
@@ -83255,6 +84367,7 @@
83255
84367
  "CVE-2024-6587",
83256
84368
  "CVE-2024-9526",
83257
84369
  "CVE-2025-0133",
84370
+ "CVE-2025-10164",
83258
84371
  "CVE-2025-10585",
83259
84372
  "CVE-2025-1094",
83260
84373
  "CVE-2025-14174",
@@ -83275,6 +84388,7 @@
83275
84388
  "CVE-2025-43300",
83276
84389
  "CVE-2025-49596",
83277
84390
  "CVE-2025-49844",
84391
+ "CVE-2025-51480",
83278
84392
  "CVE-2025-53773",
83279
84393
  "CVE-2025-54136",
83280
84394
  "CVE-2025-60455",
@@ -83316,6 +84430,7 @@
83316
84430
  "CVE-2026-45829",
83317
84431
  "CVE-2026-46300",
83318
84432
  "CVE-2026-46333",
84433
+ "CVE-2026-5760",
83319
84434
  "CVE-2026-9082",
83320
84435
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
83321
84436
  "MAL-2026-3083",
@@ -83620,6 +84735,7 @@
83620
84735
  "CVE-2024-6587",
83621
84736
  "CVE-2024-9526",
83622
84737
  "CVE-2025-0133",
84738
+ "CVE-2025-10164",
83623
84739
  "CVE-2025-1094",
83624
84740
  "CVE-2025-11837",
83625
84741
  "CVE-2025-1550",
@@ -83638,6 +84754,7 @@
83638
84754
  "CVE-2025-34291",
83639
84755
  "CVE-2025-3466",
83640
84756
  "CVE-2025-49596",
84757
+ "CVE-2025-51480",
83641
84758
  "CVE-2025-53773",
83642
84759
  "CVE-2025-54136",
83643
84760
  "CVE-2025-56520",
@@ -83678,7 +84795,8 @@
83678
84795
  "CVE-2026-41947",
83679
84796
  "CVE-2026-41950",
83680
84797
  "CVE-2026-42208",
83681
- "CVE-2026-45829"
84798
+ "CVE-2026-45829",
84799
+ "CVE-2026-5760"
83682
84800
  ]
83683
84801
  },
83684
84802
  "CWE-1188": {
@@ -83845,11 +84963,13 @@
83845
84963
  "CVE-2024-5565",
83846
84964
  "CVE-2024-9526",
83847
84965
  "CVE-2025-0133",
84966
+ "CVE-2025-10164",
83848
84967
  "CVE-2025-1094",
83849
84968
  "CVE-2025-27520",
83850
84969
  "CVE-2025-3248",
83851
84970
  "CVE-2025-3466",
83852
84971
  "CVE-2025-49844",
84972
+ "CVE-2025-51480",
83853
84973
  "CVE-2025-53773",
83854
84974
  "CVE-2025-6965",
83855
84975
  "CVE-2026-22218",
@@ -83861,6 +84981,7 @@
83861
84981
  "CVE-2026-39884",
83862
84982
  "CVE-2026-42208",
83863
84983
  "CVE-2026-45321",
84984
+ "CVE-2026-5760",
83864
84985
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
83865
84986
  "MAL-2026-3083",
83866
84987
  "MAL-2026-NODE-IPC-STEALER",
@@ -84598,6 +85719,7 @@
84598
85719
  "CVE-2024-6587",
84599
85720
  "CVE-2024-9526",
84600
85721
  "CVE-2025-0133",
85722
+ "CVE-2025-10164",
84601
85723
  "CVE-2025-10585",
84602
85724
  "CVE-2025-1094",
84603
85725
  "CVE-2025-14174",
@@ -84618,6 +85740,7 @@
84618
85740
  "CVE-2025-43300",
84619
85741
  "CVE-2025-49596",
84620
85742
  "CVE-2025-49844",
85743
+ "CVE-2025-51480",
84621
85744
  "CVE-2025-53773",
84622
85745
  "CVE-2025-54136",
84623
85746
  "CVE-2025-60455",
@@ -84658,6 +85781,7 @@
84658
85781
  "CVE-2026-45829",
84659
85782
  "CVE-2026-46300",
84660
85783
  "CVE-2026-46333",
85784
+ "CVE-2026-5760",
84661
85785
  "CVE-2026-9082",
84662
85786
  "MAL-2026-3083",
84663
85787
  "MAL-2026-NODE-IPC-STEALER",
@@ -84951,6 +86075,7 @@
84951
86075
  "CVE-2024-6587",
84952
86076
  "CVE-2024-9526",
84953
86077
  "CVE-2025-0133",
86078
+ "CVE-2025-10164",
84954
86079
  "CVE-2025-1094",
84955
86080
  "CVE-2025-11837",
84956
86081
  "CVE-2025-14847",
@@ -84971,6 +86096,7 @@
84971
86096
  "CVE-2025-34291",
84972
86097
  "CVE-2025-3466",
84973
86098
  "CVE-2025-49596",
86099
+ "CVE-2025-51480",
84974
86100
  "CVE-2025-53767",
84975
86101
  "CVE-2025-53773",
84976
86102
  "CVE-2025-54136",
@@ -85017,6 +86143,7 @@
85017
86143
  "CVE-2026-43284",
85018
86144
  "CVE-2026-45321",
85019
86145
  "CVE-2026-45829",
86146
+ "CVE-2026-5760",
85020
86147
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
85021
86148
  "MAL-2026-3083",
85022
86149
  "MAL-2026-NODE-IPC-STEALER",