@blamejs/exceptd-skills 0.13.121 → 0.13.123

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +1503 -1
  6. package/data/atlas-ttps.json +9 -3
  7. package/data/attack-techniques.json +16 -5
  8. package/data/cve-catalog.json +427 -2
  9. package/data/cwe-catalog.json +9 -4
  10. package/data/framework-control-gaps.json +48 -13
  11. package/data/zeroday-lessons.json +200 -0
  12. package/manifest.json +44 -44
  13. package/package.json +1 -1
  14. package/sbom.cdx.json +24 -24
package/data/_indexes/chains.json CHANGED
@@ -74506,6 +74506,1420 @@
74506
74506
  ]
74507
74507
  }
74508
74508
  },
74509
+ "CVE-2025-10164": {
74510
+ "name": "SGLang update_weights_from_tensor Unsafe Deserialization RCE",
74511
+ "rwep": 25,
74512
+ "cvss": 7.3,
74513
+ "cisa_kev": false,
74514
+ "epss_score": 0.00111,
74515
+ "referencing_skills": [
74516
+ "kernel-lpe-triage",
74517
+ "ai-attack-surface",
74518
+ "compliance-theater",
74519
+ "rag-pipeline-security",
74520
+ "threat-modeling-methodology",
74521
+ "webapp-security",
74522
+ "api-security",
74523
+ "container-runtime-security"
74524
+ ],
74525
+ "chain": {
74526
+ "cwes": [
74527
+ {
74528
+ "id": "CWE-1039",
74529
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
74530
+ "category": "AI/ML"
74531
+ },
74532
+ {
74533
+ "id": "CWE-1188",
74534
+ "name": "Initialization of a Resource with an Insecure Default",
74535
+ "category": "Configuration"
74536
+ },
74537
+ {
74538
+ "id": "CWE-125",
74539
+ "name": "Out-of-bounds Read",
74540
+ "category": "Memory Safety"
74541
+ },
74542
+ {
74543
+ "id": "CWE-1395",
74544
+ "name": "Dependency on Vulnerable Third-Party Component",
74545
+ "category": "Supply Chain"
74546
+ },
74547
+ {
74548
+ "id": "CWE-1426",
74549
+ "name": "Improper Validation of Generative AI Output",
74550
+ "category": "AI/ML"
74551
+ },
74552
+ {
74553
+ "id": "CWE-200",
74554
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
74555
+ "category": "Information Exposure"
74556
+ },
74557
+ {
74558
+ "id": "CWE-22",
74559
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
74560
+ "category": "Path/Resource"
74561
+ },
74562
+ {
74563
+ "id": "CWE-269",
74564
+ "name": "Improper Privilege Management",
74565
+ "category": "Authorization"
74566
+ },
74567
+ {
74568
+ "id": "CWE-287",
74569
+ "name": "Improper Authentication",
74570
+ "category": "Authentication"
74571
+ },
74572
+ {
74573
+ "id": "CWE-352",
74574
+ "name": "Cross-Site Request Forgery (CSRF)",
74575
+ "category": "Session"
74576
+ },
74577
+ {
74578
+ "id": "CWE-362",
74579
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
74580
+ "category": "Concurrency"
74581
+ },
74582
+ {
74583
+ "id": "CWE-416",
74584
+ "name": "Use After Free",
74585
+ "category": "Memory Safety"
74586
+ },
74587
+ {
74588
+ "id": "CWE-434",
74589
+ "name": "Unrestricted Upload of File with Dangerous Type",
74590
+ "category": "File Handling"
74591
+ },
74592
+ {
74593
+ "id": "CWE-502",
74594
+ "name": "Deserialization of Untrusted Data",
74595
+ "category": "Serialization"
74596
+ },
74597
+ {
74598
+ "id": "CWE-672",
74599
+ "name": "Operation on a Resource after Expiration or Release",
74600
+ "category": "Memory Safety"
74601
+ },
74602
+ {
74603
+ "id": "CWE-732",
74604
+ "name": "Incorrect Permission Assignment for Critical Resource",
74605
+ "category": "Authorization"
74606
+ },
74607
+ {
74608
+ "id": "CWE-77",
74609
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
74610
+ "category": "Injection"
74611
+ },
74612
+ {
74613
+ "id": "CWE-78",
74614
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
74615
+ "category": "Injection"
74616
+ },
74617
+ {
74618
+ "id": "CWE-787",
74619
+ "name": "Out-of-bounds Write",
74620
+ "category": "Memory Safety"
74621
+ },
74622
+ {
74623
+ "id": "CWE-79",
74624
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
74625
+ "category": "Injection"
74626
+ },
74627
+ {
74628
+ "id": "CWE-862",
74629
+ "name": "Missing Authorization",
74630
+ "category": "Authorization"
74631
+ },
74632
+ {
74633
+ "id": "CWE-863",
74634
+ "name": "Incorrect Authorization",
74635
+ "category": "Authorization"
74636
+ },
74637
+ {
74638
+ "id": "CWE-89",
74639
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
74640
+ "category": "Injection"
74641
+ },
74642
+ {
74643
+ "id": "CWE-918",
74644
+ "name": "Server-Side Request Forgery (SSRF)",
74645
+ "category": "Network"
74646
+ },
74647
+ {
74648
+ "id": "CWE-94",
74649
+ "name": "Improper Control of Generation of Code (Code Injection)",
74650
+ "category": "Injection"
74651
+ }
74652
+ ],
74653
+ "atlas": [
74654
+ {
74655
+ "id": "AML.T0010",
74656
+ "name": "ML Supply Chain Compromise",
74657
+ "tactic": "Initial Access"
74658
+ },
74659
+ {
74660
+ "id": "AML.T0016",
74661
+ "name": "Obtain Capabilities: Develop Capabilities",
74662
+ "tactic": "Resource Development"
74663
+ },
74664
+ {
74665
+ "id": "AML.T0017",
74666
+ "name": "Discover ML Model Ontology",
74667
+ "tactic": "Discovery"
74668
+ },
74669
+ {
74670
+ "id": "AML.T0018",
74671
+ "name": "Backdoor ML Model",
74672
+ "tactic": "Persistence"
74673
+ },
74674
+ {
74675
+ "id": "AML.T0020",
74676
+ "name": "Poison Training Data",
74677
+ "tactic": "ML Attack Staging"
74678
+ },
74679
+ {
74680
+ "id": "AML.T0043",
74681
+ "name": "Craft Adversarial Data",
74682
+ "tactic": "ML Attack Staging"
74683
+ },
74684
+ {
74685
+ "id": "AML.T0051",
74686
+ "name": "LLM Prompt Injection",
74687
+ "tactic": "Execution"
74688
+ },
74689
+ {
74690
+ "id": "AML.T0054",
74691
+ "name": "LLM Jailbreak",
74692
+ "tactic": "Defense Evasion"
74693
+ },
74694
+ {
74695
+ "id": "AML.T0096",
74696
+ "name": "AI API as Covert C2 Channel",
74697
+ "tactic": "Command and Control"
74698
+ }
74699
+ ],
74700
+ "d3fend": [
74701
+ {
74702
+ "id": "D3-ASLR",
74703
+ "name": "Address Space Layout Randomization",
74704
+ "tactic": "Harden"
74705
+ },
74706
+ {
74707
+ "id": "D3-CSPP",
74708
+ "name": "Client-server Payload Profiling",
74709
+ "tactic": "Detect"
74710
+ },
74711
+ {
74712
+ "id": "D3-EAL",
74713
+ "name": "Executable Allowlisting",
74714
+ "tactic": "Harden"
74715
+ },
74716
+ {
74717
+ "id": "D3-IOPR",
74718
+ "name": "Input/Output Profiling Resource",
74719
+ "tactic": "Detect"
74720
+ },
74721
+ {
74722
+ "id": "D3-NTA",
74723
+ "name": "Network Traffic Analysis",
74724
+ "tactic": "Detect"
74725
+ },
74726
+ {
74727
+ "id": "D3-PHRA",
74728
+ "name": "Process Hardware Resource Access",
74729
+ "tactic": "Isolate"
74730
+ },
74731
+ {
74732
+ "id": "D3-PSEP",
74733
+ "name": "Process Segment Execution Prevention",
74734
+ "tactic": "Harden"
74735
+ }
74736
+ ],
74737
+ "framework_gaps": [
74738
+ {
74739
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
74740
+ "framework": "ALL",
74741
+ "control_name": "AI Pipeline Integrity"
74742
+ },
74743
+ {
74744
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
74745
+ "framework": "ALL",
74746
+ "control_name": "Prompt Injection as Access Control Failure"
74747
+ },
74748
+ {
74749
+ "id": "CIS-Controls-v8-Control7",
74750
+ "framework": "CIS Controls v8",
74751
+ "control_name": "Continuous Vulnerability Management"
74752
+ },
74753
+ {
74754
+ "id": "CMMC-2.0-Level-2",
74755
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
74756
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
74757
+ },
74758
+ {
74759
+ "id": "FedRAMP-Rev5-Moderate",
74760
+ "framework": "FedRAMP Rev 5 Moderate",
74761
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
74762
+ },
74763
+ {
74764
+ "id": "ISO-27001-2022-A.8.28",
74765
+ "framework": "ISO/IEC 27001:2022",
74766
+ "control_name": "Secure coding"
74767
+ },
74768
+ {
74769
+ "id": "ISO-27001-2022-A.8.8",
74770
+ "framework": "ISO/IEC 27001:2022",
74771
+ "control_name": "Management of technical vulnerabilities"
74772
+ },
74773
+ {
74774
+ "id": "ISO-IEC-23894-2023-clause-7",
74775
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
74776
+ "control_name": "AI risk management process"
74777
+ },
74778
+ {
74779
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
74780
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
74781
+ "control_name": "AI risk assessment"
74782
+ },
74783
+ {
74784
+ "id": "NIS2-Art21-patch-management",
74785
+ "framework": "EU NIS2 Directive",
74786
+ "control_name": "Vulnerability handling and disclosure"
74787
+ },
74788
+ {
74789
+ "id": "NIST-800-218-SSDF",
74790
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
74791
+ "control_name": "Secure Software Development Framework"
74792
+ },
74793
+ {
74794
+ "id": "NIST-800-53-AC-2",
74795
+ "framework": "NIST SP 800-53 Rev 5",
74796
+ "control_name": "Account Management"
74797
+ },
74798
+ {
74799
+ "id": "NIST-800-53-CM-7",
74800
+ "framework": "NIST SP 800-53 Rev 5",
74801
+ "control_name": "Least Functionality"
74802
+ },
74803
+ {
74804
+ "id": "NIST-800-53-SC-8",
74805
+ "framework": "NIST SP 800-53 Rev 5",
74806
+ "control_name": "Transmission Confidentiality and Integrity"
74807
+ },
74808
+ {
74809
+ "id": "NIST-800-53-SI-12",
74810
+ "framework": "NIST SP 800-53 Rev 5",
74811
+ "control_name": "Information Management and Retention"
74812
+ },
74813
+ {
74814
+ "id": "NIST-800-53-SI-2",
74815
+ "framework": "NIST SP 800-53 Rev 5",
74816
+ "control_name": "Flaw Remediation"
74817
+ },
74818
+ {
74819
+ "id": "NIST-800-53-SI-3",
74820
+ "framework": "NIST SP 800-53 Rev 5",
74821
+ "control_name": "Malicious Code Protection"
74822
+ },
74823
+ {
74824
+ "id": "NIST-AI-RMF-MEASURE-2.5",
74825
+ "framework": "NIST AI RMF 1.0",
74826
+ "control_name": "AI system to human interaction evaluation"
74827
+ },
74828
+ {
74829
+ "id": "OWASP-ASVS-v5.0-V14",
74830
+ "framework": "OWASP ASVS v5.0",
74831
+ "control_name": "Configuration verification"
74832
+ },
74833
+ {
74834
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
74835
+ "framework": "OWASP Top 10 for LLM Applications 2025",
74836
+ "control_name": "Prompt Injection"
74837
+ },
74838
+ {
74839
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
74840
+ "framework": "OWASP Top 10 for LLM Applications 2025",
74841
+ "control_name": "Sensitive Information Disclosure"
74842
+ },
74843
+ {
74844
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
74845
+ "framework": "OWASP Top 10 for LLM Applications 2025",
74846
+ "control_name": "Vector and Embedding Weaknesses"
74847
+ },
74848
+ {
74849
+ "id": "PCI-DSS-4.0-6.3.3",
74850
+ "framework": "PCI DSS 4.0",
74851
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
74852
+ },
74853
+ {
74854
+ "id": "SLSA-v1.0-Build-L3",
74855
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
74856
+ "control_name": "Hardened build platform with non-falsifiable provenance"
74857
+ },
74858
+ {
74859
+ "id": "SOC2-CC6-logical-access",
74860
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
74861
+ "control_name": "Logical and Physical Access Controls"
74862
+ }
74863
+ ],
74864
+ "attack_refs": [
74865
+ "T1059",
74866
+ "T1068",
74867
+ "T1078",
74868
+ "T1190",
74869
+ "T1505",
74870
+ "T1548.001",
74871
+ "T1565",
74872
+ "T1566",
74873
+ "T1567",
74874
+ "T1610",
74875
+ "T1611"
74876
+ ],
74877
+ "rfc_refs": [
74878
+ "RFC-4301",
74879
+ "RFC-4303",
74880
+ "RFC-6749",
74881
+ "RFC-7296",
74882
+ "RFC-7519",
74883
+ "RFC-8032",
74884
+ "RFC-8446",
74885
+ "RFC-8725",
74886
+ "RFC-9114",
74887
+ "RFC-9421",
74888
+ "RFC-9700"
74889
+ ]
74890
+ }
74891
+ },
74892
+ "CVE-2026-5760": {
74893
+ "name": "SGLang /v1/rerank Malicious-Model Jinja2 Template-Injection RCE",
74894
+ "rwep": 29,
74895
+ "cvss": 9.8,
74896
+ "cisa_kev": false,
74897
+ "epss_score": 0.00353,
74898
+ "referencing_skills": [
74899
+ "ai-attack-surface",
74900
+ "compliance-theater",
74901
+ "rag-pipeline-security",
74902
+ "ai-c2-detection",
74903
+ "dlp-gap-analysis",
74904
+ "threat-modeling-methodology",
74905
+ "webapp-security",
74906
+ "api-security",
74907
+ "container-runtime-security"
74908
+ ],
74909
+ "chain": {
74910
+ "cwes": [
74911
+ {
74912
+ "id": "CWE-1039",
74913
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
74914
+ "category": "AI/ML"
74915
+ },
74916
+ {
74917
+ "id": "CWE-1188",
74918
+ "name": "Initialization of a Resource with an Insecure Default",
74919
+ "category": "Configuration"
74920
+ },
74921
+ {
74922
+ "id": "CWE-1395",
74923
+ "name": "Dependency on Vulnerable Third-Party Component",
74924
+ "category": "Supply Chain"
74925
+ },
74926
+ {
74927
+ "id": "CWE-1426",
74928
+ "name": "Improper Validation of Generative AI Output",
74929
+ "category": "AI/ML"
74930
+ },
74931
+ {
74932
+ "id": "CWE-200",
74933
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
74934
+ "category": "Information Exposure"
74935
+ },
74936
+ {
74937
+ "id": "CWE-22",
74938
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
74939
+ "category": "Path/Resource"
74940
+ },
74941
+ {
74942
+ "id": "CWE-269",
74943
+ "name": "Improper Privilege Management",
74944
+ "category": "Authorization"
74945
+ },
74946
+ {
74947
+ "id": "CWE-287",
74948
+ "name": "Improper Authentication",
74949
+ "category": "Authentication"
74950
+ },
74951
+ {
74952
+ "id": "CWE-352",
74953
+ "name": "Cross-Site Request Forgery (CSRF)",
74954
+ "category": "Session"
74955
+ },
74956
+ {
74957
+ "id": "CWE-434",
74958
+ "name": "Unrestricted Upload of File with Dangerous Type",
74959
+ "category": "File Handling"
74960
+ },
74961
+ {
74962
+ "id": "CWE-502",
74963
+ "name": "Deserialization of Untrusted Data",
74964
+ "category": "Serialization"
74965
+ },
74966
+ {
74967
+ "id": "CWE-732",
74968
+ "name": "Incorrect Permission Assignment for Critical Resource",
74969
+ "category": "Authorization"
74970
+ },
74971
+ {
74972
+ "id": "CWE-77",
74973
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
74974
+ "category": "Injection"
74975
+ },
74976
+ {
74977
+ "id": "CWE-78",
74978
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
74979
+ "category": "Injection"
74980
+ },
74981
+ {
74982
+ "id": "CWE-787",
74983
+ "name": "Out-of-bounds Write",
74984
+ "category": "Memory Safety"
74985
+ },
74986
+ {
74987
+ "id": "CWE-79",
74988
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
74989
+ "category": "Injection"
74990
+ },
74991
+ {
74992
+ "id": "CWE-862",
74993
+ "name": "Missing Authorization",
74994
+ "category": "Authorization"
74995
+ },
74996
+ {
74997
+ "id": "CWE-863",
74998
+ "name": "Incorrect Authorization",
74999
+ "category": "Authorization"
75000
+ },
75001
+ {
75002
+ "id": "CWE-89",
75003
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
75004
+ "category": "Injection"
75005
+ },
75006
+ {
75007
+ "id": "CWE-918",
75008
+ "name": "Server-Side Request Forgery (SSRF)",
75009
+ "category": "Network"
75010
+ },
75011
+ {
75012
+ "id": "CWE-94",
75013
+ "name": "Improper Control of Generation of Code (Code Injection)",
75014
+ "category": "Injection"
75015
+ }
75016
+ ],
75017
+ "atlas": [
75018
+ {
75019
+ "id": "AML.T0010",
75020
+ "name": "ML Supply Chain Compromise",
75021
+ "tactic": "Initial Access"
75022
+ },
75023
+ {
75024
+ "id": "AML.T0016",
75025
+ "name": "Obtain Capabilities: Develop Capabilities",
75026
+ "tactic": "Resource Development"
75027
+ },
75028
+ {
75029
+ "id": "AML.T0017",
75030
+ "name": "Discover ML Model Ontology",
75031
+ "tactic": "Discovery"
75032
+ },
75033
+ {
75034
+ "id": "AML.T0018",
75035
+ "name": "Backdoor ML Model",
75036
+ "tactic": "Persistence"
75037
+ },
75038
+ {
75039
+ "id": "AML.T0020",
75040
+ "name": "Poison Training Data",
75041
+ "tactic": "ML Attack Staging"
75042
+ },
75043
+ {
75044
+ "id": "AML.T0043",
75045
+ "name": "Craft Adversarial Data",
75046
+ "tactic": "ML Attack Staging"
75047
+ },
75048
+ {
75049
+ "id": "AML.T0051",
75050
+ "name": "LLM Prompt Injection",
75051
+ "tactic": "Execution"
75052
+ },
75053
+ {
75054
+ "id": "AML.T0054",
75055
+ "name": "LLM Jailbreak",
75056
+ "tactic": "Defense Evasion"
75057
+ },
75058
+ {
75059
+ "id": "AML.T0096",
75060
+ "name": "AI API as Covert C2 Channel",
75061
+ "tactic": "Command and Control"
75062
+ }
75063
+ ],
75064
+ "d3fend": [
75065
+ {
75066
+ "id": "D3-CA",
75067
+ "name": "Certificate Analysis",
75068
+ "tactic": "Detect"
75069
+ },
75070
+ {
75071
+ "id": "D3-CSPP",
75072
+ "name": "Client-server Payload Profiling",
75073
+ "tactic": "Detect"
75074
+ },
75075
+ {
75076
+ "id": "D3-DA",
75077
+ "name": "Domain Analysis",
75078
+ "tactic": "Detect"
75079
+ },
75080
+ {
75081
+ "id": "D3-EAL",
75082
+ "name": "Executable Allowlisting",
75083
+ "tactic": "Harden"
75084
+ },
75085
+ {
75086
+ "id": "D3-IOPR",
75087
+ "name": "Input/Output Profiling Resource",
75088
+ "tactic": "Detect"
75089
+ },
75090
+ {
75091
+ "id": "D3-NI",
75092
+ "name": "Network Isolation",
75093
+ "tactic": "Isolate"
75094
+ },
75095
+ {
75096
+ "id": "D3-NTA",
75097
+ "name": "Network Traffic Analysis",
75098
+ "tactic": "Detect"
75099
+ },
75100
+ {
75101
+ "id": "D3-NTPM",
75102
+ "name": "Network Traffic Policy Mapping",
75103
+ "tactic": "Model"
75104
+ }
75105
+ ],
75106
+ "framework_gaps": [
75107
+ {
75108
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
75109
+ "framework": "ALL",
75110
+ "control_name": "AI Pipeline Integrity"
75111
+ },
75112
+ {
75113
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
75114
+ "framework": "ALL",
75115
+ "control_name": "Prompt Injection as Access Control Failure"
75116
+ },
75117
+ {
75118
+ "id": "CMMC-2.0-Level-2",
75119
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
75120
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
75121
+ },
75122
+ {
75123
+ "id": "FedRAMP-Rev5-Moderate",
75124
+ "framework": "FedRAMP Rev 5 Moderate",
75125
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
75126
+ },
75127
+ {
75128
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
75129
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
75130
+ "control_name": "Access control standard (technical safeguards)"
75131
+ },
75132
+ {
75133
+ "id": "ISO-27001-2022-A.8.16",
75134
+ "framework": "ISO/IEC 27001:2022",
75135
+ "control_name": "Monitoring activities"
75136
+ },
75137
+ {
75138
+ "id": "ISO-27001-2022-A.8.28",
75139
+ "framework": "ISO/IEC 27001:2022",
75140
+ "control_name": "Secure coding"
75141
+ },
75142
+ {
75143
+ "id": "ISO-IEC-23894-2023-clause-7",
75144
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
75145
+ "control_name": "AI risk management process"
75146
+ },
75147
+ {
75148
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
75149
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
75150
+ "control_name": "AI risk assessment"
75151
+ },
75152
+ {
75153
+ "id": "NIST-800-218-SSDF",
75154
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
75155
+ "control_name": "Secure Software Development Framework"
75156
+ },
75157
+ {
75158
+ "id": "NIST-800-53-AC-2",
75159
+ "framework": "NIST SP 800-53 Rev 5",
75160
+ "control_name": "Account Management"
75161
+ },
75162
+ {
75163
+ "id": "NIST-800-53-CM-7",
75164
+ "framework": "NIST SP 800-53 Rev 5",
75165
+ "control_name": "Least Functionality"
75166
+ },
75167
+ {
75168
+ "id": "NIST-800-53-SC-28",
75169
+ "framework": "NIST SP 800-53 Rev 5",
75170
+ "control_name": "Protection of Information at Rest"
75171
+ },
75172
+ {
75173
+ "id": "NIST-800-53-SC-7",
75174
+ "framework": "NIST SP 800-53 Rev 5",
75175
+ "control_name": "Boundary Protection"
75176
+ },
75177
+ {
75178
+ "id": "NIST-800-53-SI-12",
75179
+ "framework": "NIST SP 800-53 Rev 5",
75180
+ "control_name": "Information Management and Retention"
75181
+ },
75182
+ {
75183
+ "id": "NIST-800-53-SI-3",
75184
+ "framework": "NIST SP 800-53 Rev 5",
75185
+ "control_name": "Malicious Code Protection"
75186
+ },
75187
+ {
75188
+ "id": "NIST-AI-RMF-MEASURE-2.5",
75189
+ "framework": "NIST AI RMF 1.0",
75190
+ "control_name": "AI system to human interaction evaluation"
75191
+ },
75192
+ {
75193
+ "id": "OWASP-ASVS-v5.0-V14",
75194
+ "framework": "OWASP ASVS v5.0",
75195
+ "control_name": "Configuration verification"
75196
+ },
75197
+ {
75198
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
75199
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75200
+ "control_name": "Prompt Injection"
75201
+ },
75202
+ {
75203
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
75204
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75205
+ "control_name": "Sensitive Information Disclosure"
75206
+ },
75207
+ {
75208
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
75209
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75210
+ "control_name": "Vector and Embedding Weaknesses"
75211
+ },
75212
+ {
75213
+ "id": "SLSA-v1.0-Build-L3",
75214
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
75215
+ "control_name": "Hardened build platform with non-falsifiable provenance"
75216
+ },
75217
+ {
75218
+ "id": "SOC2-CC6-logical-access",
75219
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
75220
+ "control_name": "Logical and Physical Access Controls"
75221
+ },
75222
+ {
75223
+ "id": "SOC2-CC7-anomaly-detection",
75224
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
75225
+ "control_name": "System Operations — Threat and Vulnerability Management"
75226
+ }
75227
+ ],
75228
+ "attack_refs": [
75229
+ "T1041",
75230
+ "T1059",
75231
+ "T1068",
75232
+ "T1071",
75233
+ "T1078",
75234
+ "T1102",
75235
+ "T1190",
75236
+ "T1213",
75237
+ "T1505",
75238
+ "T1530",
75239
+ "T1565",
75240
+ "T1566",
75241
+ "T1567",
75242
+ "T1568",
75243
+ "T1610",
75244
+ "T1611"
75245
+ ],
75246
+ "rfc_refs": [
75247
+ "RFC-6749",
75248
+ "RFC-7519",
75249
+ "RFC-8032",
75250
+ "RFC-8446",
75251
+ "RFC-8725",
75252
+ "RFC-9000",
75253
+ "RFC-9114",
75254
+ "RFC-9180",
75255
+ "RFC-9421",
75256
+ "RFC-9458",
75257
+ "RFC-9700"
75258
+ ]
75259
+ }
75260
+ },
75261
+ "CVE-2026-21858": {
75262
+ "name": "n8n Form-Based Unauthenticated Arbitrary File Access",
75263
+ "rwep": 31,
75264
+ "cvss": 10,
75265
+ "cisa_kev": false,
75266
+ "epss_score": 0.06939,
75267
+ "referencing_skills": [
75268
+ "ai-attack-surface",
75269
+ "compliance-theater",
75270
+ "rag-pipeline-security",
75271
+ "threat-modeling-methodology",
75272
+ "webapp-security",
75273
+ "api-security",
75274
+ "container-runtime-security"
75275
+ ],
75276
+ "chain": {
75277
+ "cwes": [
75278
+ {
75279
+ "id": "CWE-1039",
75280
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
75281
+ "category": "AI/ML"
75282
+ },
75283
+ {
75284
+ "id": "CWE-1188",
75285
+ "name": "Initialization of a Resource with an Insecure Default",
75286
+ "category": "Configuration"
75287
+ },
75288
+ {
75289
+ "id": "CWE-1395",
75290
+ "name": "Dependency on Vulnerable Third-Party Component",
75291
+ "category": "Supply Chain"
75292
+ },
75293
+ {
75294
+ "id": "CWE-1426",
75295
+ "name": "Improper Validation of Generative AI Output",
75296
+ "category": "AI/ML"
75297
+ },
75298
+ {
75299
+ "id": "CWE-200",
75300
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
75301
+ "category": "Information Exposure"
75302
+ },
75303
+ {
75304
+ "id": "CWE-22",
75305
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
75306
+ "category": "Path/Resource"
75307
+ },
75308
+ {
75309
+ "id": "CWE-269",
75310
+ "name": "Improper Privilege Management",
75311
+ "category": "Authorization"
75312
+ },
75313
+ {
75314
+ "id": "CWE-287",
75315
+ "name": "Improper Authentication",
75316
+ "category": "Authentication"
75317
+ },
75318
+ {
75319
+ "id": "CWE-352",
75320
+ "name": "Cross-Site Request Forgery (CSRF)",
75321
+ "category": "Session"
75322
+ },
75323
+ {
75324
+ "id": "CWE-434",
75325
+ "name": "Unrestricted Upload of File with Dangerous Type",
75326
+ "category": "File Handling"
75327
+ },
75328
+ {
75329
+ "id": "CWE-502",
75330
+ "name": "Deserialization of Untrusted Data",
75331
+ "category": "Serialization"
75332
+ },
75333
+ {
75334
+ "id": "CWE-732",
75335
+ "name": "Incorrect Permission Assignment for Critical Resource",
75336
+ "category": "Authorization"
75337
+ },
75338
+ {
75339
+ "id": "CWE-77",
75340
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
75341
+ "category": "Injection"
75342
+ },
75343
+ {
75344
+ "id": "CWE-78",
75345
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
75346
+ "category": "Injection"
75347
+ },
75348
+ {
75349
+ "id": "CWE-787",
75350
+ "name": "Out-of-bounds Write",
75351
+ "category": "Memory Safety"
75352
+ },
75353
+ {
75354
+ "id": "CWE-79",
75355
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
75356
+ "category": "Injection"
75357
+ },
75358
+ {
75359
+ "id": "CWE-862",
75360
+ "name": "Missing Authorization",
75361
+ "category": "Authorization"
75362
+ },
75363
+ {
75364
+ "id": "CWE-863",
75365
+ "name": "Incorrect Authorization",
75366
+ "category": "Authorization"
75367
+ },
75368
+ {
75369
+ "id": "CWE-89",
75370
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
75371
+ "category": "Injection"
75372
+ },
75373
+ {
75374
+ "id": "CWE-918",
75375
+ "name": "Server-Side Request Forgery (SSRF)",
75376
+ "category": "Network"
75377
+ },
75378
+ {
75379
+ "id": "CWE-94",
75380
+ "name": "Improper Control of Generation of Code (Code Injection)",
75381
+ "category": "Injection"
75382
+ }
75383
+ ],
75384
+ "atlas": [
75385
+ {
75386
+ "id": "AML.T0010",
75387
+ "name": "ML Supply Chain Compromise",
75388
+ "tactic": "Initial Access"
75389
+ },
75390
+ {
75391
+ "id": "AML.T0016",
75392
+ "name": "Obtain Capabilities: Develop Capabilities",
75393
+ "tactic": "Resource Development"
75394
+ },
75395
+ {
75396
+ "id": "AML.T0017",
75397
+ "name": "Discover ML Model Ontology",
75398
+ "tactic": "Discovery"
75399
+ },
75400
+ {
75401
+ "id": "AML.T0018",
75402
+ "name": "Backdoor ML Model",
75403
+ "tactic": "Persistence"
75404
+ },
75405
+ {
75406
+ "id": "AML.T0020",
75407
+ "name": "Poison Training Data",
75408
+ "tactic": "ML Attack Staging"
75409
+ },
75410
+ {
75411
+ "id": "AML.T0043",
75412
+ "name": "Craft Adversarial Data",
75413
+ "tactic": "ML Attack Staging"
75414
+ },
75415
+ {
75416
+ "id": "AML.T0051",
75417
+ "name": "LLM Prompt Injection",
75418
+ "tactic": "Execution"
75419
+ },
75420
+ {
75421
+ "id": "AML.T0054",
75422
+ "name": "LLM Jailbreak",
75423
+ "tactic": "Defense Evasion"
75424
+ },
75425
+ {
75426
+ "id": "AML.T0096",
75427
+ "name": "AI API as Covert C2 Channel",
75428
+ "tactic": "Command and Control"
75429
+ }
75430
+ ],
75431
+ "d3fend": [
75432
+ {
75433
+ "id": "D3-CSPP",
75434
+ "name": "Client-server Payload Profiling",
75435
+ "tactic": "Detect"
75436
+ },
75437
+ {
75438
+ "id": "D3-IOPR",
75439
+ "name": "Input/Output Profiling Resource",
75440
+ "tactic": "Detect"
75441
+ },
75442
+ {
75443
+ "id": "D3-NTA",
75444
+ "name": "Network Traffic Analysis",
75445
+ "tactic": "Detect"
75446
+ }
75447
+ ],
75448
+ "framework_gaps": [
75449
+ {
75450
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
75451
+ "framework": "ALL",
75452
+ "control_name": "AI Pipeline Integrity"
75453
+ },
75454
+ {
75455
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
75456
+ "framework": "ALL",
75457
+ "control_name": "Prompt Injection as Access Control Failure"
75458
+ },
75459
+ {
75460
+ "id": "CMMC-2.0-Level-2",
75461
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
75462
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
75463
+ },
75464
+ {
75465
+ "id": "FedRAMP-Rev5-Moderate",
75466
+ "framework": "FedRAMP Rev 5 Moderate",
75467
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
75468
+ },
75469
+ {
75470
+ "id": "ISO-27001-2022-A.8.28",
75471
+ "framework": "ISO/IEC 27001:2022",
75472
+ "control_name": "Secure coding"
75473
+ },
75474
+ {
75475
+ "id": "ISO-IEC-23894-2023-clause-7",
75476
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
75477
+ "control_name": "AI risk management process"
75478
+ },
75479
+ {
75480
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
75481
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
75482
+ "control_name": "AI risk assessment"
75483
+ },
75484
+ {
75485
+ "id": "NIST-800-218-SSDF",
75486
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
75487
+ "control_name": "Secure Software Development Framework"
75488
+ },
75489
+ {
75490
+ "id": "NIST-800-53-AC-2",
75491
+ "framework": "NIST SP 800-53 Rev 5",
75492
+ "control_name": "Account Management"
75493
+ },
75494
+ {
75495
+ "id": "NIST-800-53-CM-7",
75496
+ "framework": "NIST SP 800-53 Rev 5",
75497
+ "control_name": "Least Functionality"
75498
+ },
75499
+ {
75500
+ "id": "NIST-800-53-SI-12",
75501
+ "framework": "NIST SP 800-53 Rev 5",
75502
+ "control_name": "Information Management and Retention"
75503
+ },
75504
+ {
75505
+ "id": "NIST-800-53-SI-3",
75506
+ "framework": "NIST SP 800-53 Rev 5",
75507
+ "control_name": "Malicious Code Protection"
75508
+ },
75509
+ {
75510
+ "id": "NIST-AI-RMF-MEASURE-2.5",
75511
+ "framework": "NIST AI RMF 1.0",
75512
+ "control_name": "AI system to human interaction evaluation"
75513
+ },
75514
+ {
75515
+ "id": "OWASP-ASVS-v5.0-V14",
75516
+ "framework": "OWASP ASVS v5.0",
75517
+ "control_name": "Configuration verification"
75518
+ },
75519
+ {
75520
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
75521
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75522
+ "control_name": "Prompt Injection"
75523
+ },
75524
+ {
75525
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
75526
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75527
+ "control_name": "Sensitive Information Disclosure"
75528
+ },
75529
+ {
75530
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
75531
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75532
+ "control_name": "Vector and Embedding Weaknesses"
75533
+ },
75534
+ {
75535
+ "id": "SLSA-v1.0-Build-L3",
75536
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
75537
+ "control_name": "Hardened build platform with non-falsifiable provenance"
75538
+ },
75539
+ {
75540
+ "id": "SOC2-CC6-logical-access",
75541
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
75542
+ "control_name": "Logical and Physical Access Controls"
75543
+ }
75544
+ ],
75545
+ "attack_refs": [
75546
+ "T1059",
75547
+ "T1068",
75548
+ "T1078",
75549
+ "T1190",
75550
+ "T1505",
75551
+ "T1565",
75552
+ "T1566",
75553
+ "T1567",
75554
+ "T1610",
75555
+ "T1611"
75556
+ ],
75557
+ "rfc_refs": [
75558
+ "RFC-6749",
75559
+ "RFC-7519",
75560
+ "RFC-8032",
75561
+ "RFC-8446",
75562
+ "RFC-8725",
75563
+ "RFC-9114",
75564
+ "RFC-9421",
75565
+ "RFC-9700"
75566
+ ]
75567
+ }
75568
+ },
75569
+ "CVE-2025-68668": {
75570
+ "name": "n8n Python Code Node Pyodide Sandbox Bypass RCE",
75571
+ "rwep": 27,
75572
+ "cvss": 9.9,
75573
+ "cisa_kev": false,
75574
+ "epss_score": 0.00035,
75575
+ "referencing_skills": [
75576
+ "ai-attack-surface",
75577
+ "compliance-theater",
75578
+ "rag-pipeline-security",
75579
+ "ai-c2-detection",
75580
+ "threat-modeling-methodology",
75581
+ "webapp-security",
75582
+ "api-security",
75583
+ "container-runtime-security",
75584
+ "email-security-anti-phishing"
75585
+ ],
75586
+ "chain": {
75587
+ "cwes": [
75588
+ {
75589
+ "id": "CWE-1039",
75590
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
75591
+ "category": "AI/ML"
75592
+ },
75593
+ {
75594
+ "id": "CWE-1188",
75595
+ "name": "Initialization of a Resource with an Insecure Default",
75596
+ "category": "Configuration"
75597
+ },
75598
+ {
75599
+ "id": "CWE-1395",
75600
+ "name": "Dependency on Vulnerable Third-Party Component",
75601
+ "category": "Supply Chain"
75602
+ },
75603
+ {
75604
+ "id": "CWE-1426",
75605
+ "name": "Improper Validation of Generative AI Output",
75606
+ "category": "AI/ML"
75607
+ },
75608
+ {
75609
+ "id": "CWE-200",
75610
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
75611
+ "category": "Information Exposure"
75612
+ },
75613
+ {
75614
+ "id": "CWE-22",
75615
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
75616
+ "category": "Path/Resource"
75617
+ },
75618
+ {
75619
+ "id": "CWE-269",
75620
+ "name": "Improper Privilege Management",
75621
+ "category": "Authorization"
75622
+ },
75623
+ {
75624
+ "id": "CWE-287",
75625
+ "name": "Improper Authentication",
75626
+ "category": "Authentication"
75627
+ },
75628
+ {
75629
+ "id": "CWE-352",
75630
+ "name": "Cross-Site Request Forgery (CSRF)",
75631
+ "category": "Session"
75632
+ },
75633
+ {
75634
+ "id": "CWE-434",
75635
+ "name": "Unrestricted Upload of File with Dangerous Type",
75636
+ "category": "File Handling"
75637
+ },
75638
+ {
75639
+ "id": "CWE-502",
75640
+ "name": "Deserialization of Untrusted Data",
75641
+ "category": "Serialization"
75642
+ },
75643
+ {
75644
+ "id": "CWE-732",
75645
+ "name": "Incorrect Permission Assignment for Critical Resource",
75646
+ "category": "Authorization"
75647
+ },
75648
+ {
75649
+ "id": "CWE-77",
75650
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
75651
+ "category": "Injection"
75652
+ },
75653
+ {
75654
+ "id": "CWE-78",
75655
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
75656
+ "category": "Injection"
75657
+ },
75658
+ {
75659
+ "id": "CWE-787",
75660
+ "name": "Out-of-bounds Write",
75661
+ "category": "Memory Safety"
75662
+ },
75663
+ {
75664
+ "id": "CWE-79",
75665
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
75666
+ "category": "Injection"
75667
+ },
75668
+ {
75669
+ "id": "CWE-862",
75670
+ "name": "Missing Authorization",
75671
+ "category": "Authorization"
75672
+ },
75673
+ {
75674
+ "id": "CWE-863",
75675
+ "name": "Incorrect Authorization",
75676
+ "category": "Authorization"
75677
+ },
75678
+ {
75679
+ "id": "CWE-89",
75680
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
75681
+ "category": "Injection"
75682
+ },
75683
+ {
75684
+ "id": "CWE-918",
75685
+ "name": "Server-Side Request Forgery (SSRF)",
75686
+ "category": "Network"
75687
+ },
75688
+ {
75689
+ "id": "CWE-94",
75690
+ "name": "Improper Control of Generation of Code (Code Injection)",
75691
+ "category": "Injection"
75692
+ }
75693
+ ],
75694
+ "atlas": [
75695
+ {
75696
+ "id": "AML.T0010",
75697
+ "name": "ML Supply Chain Compromise",
75698
+ "tactic": "Initial Access"
75699
+ },
75700
+ {
75701
+ "id": "AML.T0016",
75702
+ "name": "Obtain Capabilities: Develop Capabilities",
75703
+ "tactic": "Resource Development"
75704
+ },
75705
+ {
75706
+ "id": "AML.T0017",
75707
+ "name": "Discover ML Model Ontology",
75708
+ "tactic": "Discovery"
75709
+ },
75710
+ {
75711
+ "id": "AML.T0018",
75712
+ "name": "Backdoor ML Model",
75713
+ "tactic": "Persistence"
75714
+ },
75715
+ {
75716
+ "id": "AML.T0020",
75717
+ "name": "Poison Training Data",
75718
+ "tactic": "ML Attack Staging"
75719
+ },
75720
+ {
75721
+ "id": "AML.T0043",
75722
+ "name": "Craft Adversarial Data",
75723
+ "tactic": "ML Attack Staging"
75724
+ },
75725
+ {
75726
+ "id": "AML.T0051",
75727
+ "name": "LLM Prompt Injection",
75728
+ "tactic": "Execution"
75729
+ },
75730
+ {
75731
+ "id": "AML.T0054",
75732
+ "name": "LLM Jailbreak",
75733
+ "tactic": "Defense Evasion"
75734
+ },
75735
+ {
75736
+ "id": "AML.T0096",
75737
+ "name": "AI API as Covert C2 Channel",
75738
+ "tactic": "Command and Control"
75739
+ }
75740
+ ],
75741
+ "d3fend": [
75742
+ {
75743
+ "id": "D3-CA",
75744
+ "name": "Certificate Analysis",
75745
+ "tactic": "Detect"
75746
+ },
75747
+ {
75748
+ "id": "D3-CSPP",
75749
+ "name": "Client-server Payload Profiling",
75750
+ "tactic": "Detect"
75751
+ },
75752
+ {
75753
+ "id": "D3-DA",
75754
+ "name": "Domain Analysis",
75755
+ "tactic": "Detect"
75756
+ },
75757
+ {
75758
+ "id": "D3-IOPR",
75759
+ "name": "Input/Output Profiling Resource",
75760
+ "tactic": "Detect"
75761
+ },
75762
+ {
75763
+ "id": "D3-NI",
75764
+ "name": "Network Isolation",
75765
+ "tactic": "Isolate"
75766
+ },
75767
+ {
75768
+ "id": "D3-NTA",
75769
+ "name": "Network Traffic Analysis",
75770
+ "tactic": "Detect"
75771
+ },
75772
+ {
75773
+ "id": "D3-NTPM",
75774
+ "name": "Network Traffic Policy Mapping",
75775
+ "tactic": "Model"
75776
+ }
75777
+ ],
75778
+ "framework_gaps": [
75779
+ {
75780
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
75781
+ "framework": "ALL",
75782
+ "control_name": "AI Pipeline Integrity"
75783
+ },
75784
+ {
75785
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
75786
+ "framework": "ALL",
75787
+ "control_name": "Prompt Injection as Access Control Failure"
75788
+ },
75789
+ {
75790
+ "id": "CMMC-2.0-Level-2",
75791
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
75792
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
75793
+ },
75794
+ {
75795
+ "id": "FedRAMP-Rev5-Moderate",
75796
+ "framework": "FedRAMP Rev 5 Moderate",
75797
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
75798
+ },
75799
+ {
75800
+ "id": "ISO-27001-2022-A.8.16",
75801
+ "framework": "ISO/IEC 27001:2022",
75802
+ "control_name": "Monitoring activities"
75803
+ },
75804
+ {
75805
+ "id": "ISO-27001-2022-A.8.28",
75806
+ "framework": "ISO/IEC 27001:2022",
75807
+ "control_name": "Secure coding"
75808
+ },
75809
+ {
75810
+ "id": "ISO-IEC-23894-2023-clause-7",
75811
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
75812
+ "control_name": "AI risk management process"
75813
+ },
75814
+ {
75815
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
75816
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
75817
+ "control_name": "AI risk assessment"
75818
+ },
75819
+ {
75820
+ "id": "NIST-800-218-SSDF",
75821
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
75822
+ "control_name": "Secure Software Development Framework"
75823
+ },
75824
+ {
75825
+ "id": "NIST-800-53-AC-2",
75826
+ "framework": "NIST SP 800-53 Rev 5",
75827
+ "control_name": "Account Management"
75828
+ },
75829
+ {
75830
+ "id": "NIST-800-53-CM-7",
75831
+ "framework": "NIST SP 800-53 Rev 5",
75832
+ "control_name": "Least Functionality"
75833
+ },
75834
+ {
75835
+ "id": "NIST-800-53-SC-7",
75836
+ "framework": "NIST SP 800-53 Rev 5",
75837
+ "control_name": "Boundary Protection"
75838
+ },
75839
+ {
75840
+ "id": "NIST-800-53-SI-12",
75841
+ "framework": "NIST SP 800-53 Rev 5",
75842
+ "control_name": "Information Management and Retention"
75843
+ },
75844
+ {
75845
+ "id": "NIST-800-53-SI-3",
75846
+ "framework": "NIST SP 800-53 Rev 5",
75847
+ "control_name": "Malicious Code Protection"
75848
+ },
75849
+ {
75850
+ "id": "NIST-AI-RMF-MEASURE-2.5",
75851
+ "framework": "NIST AI RMF 1.0",
75852
+ "control_name": "AI system to human interaction evaluation"
75853
+ },
75854
+ {
75855
+ "id": "OWASP-ASVS-v5.0-V14",
75856
+ "framework": "OWASP ASVS v5.0",
75857
+ "control_name": "Configuration verification"
75858
+ },
75859
+ {
75860
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
75861
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75862
+ "control_name": "Prompt Injection"
75863
+ },
75864
+ {
75865
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
75866
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75867
+ "control_name": "Sensitive Information Disclosure"
75868
+ },
75869
+ {
75870
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
75871
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75872
+ "control_name": "Vector and Embedding Weaknesses"
75873
+ },
75874
+ {
75875
+ "id": "SLSA-v1.0-Build-L3",
75876
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
75877
+ "control_name": "Hardened build platform with non-falsifiable provenance"
75878
+ },
75879
+ {
75880
+ "id": "SOC2-CC6-logical-access",
75881
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
75882
+ "control_name": "Logical and Physical Access Controls"
75883
+ },
75884
+ {
75885
+ "id": "SOC2-CC7-anomaly-detection",
75886
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
75887
+ "control_name": "System Operations — Threat and Vulnerability Management"
75888
+ }
75889
+ ],
75890
+ "attack_refs": [
75891
+ "T1059",
75892
+ "T1068",
75893
+ "T1071",
75894
+ "T1078",
75895
+ "T1102",
75896
+ "T1190",
75897
+ "T1505",
75898
+ "T1565",
75899
+ "T1566",
75900
+ "T1566.001",
75901
+ "T1566.002",
75902
+ "T1566.003",
75903
+ "T1567",
75904
+ "T1568",
75905
+ "T1610",
75906
+ "T1611"
75907
+ ],
75908
+ "rfc_refs": [
75909
+ "RFC-6749",
75910
+ "RFC-7519",
75911
+ "RFC-8032",
75912
+ "RFC-8446",
75913
+ "RFC-8725",
75914
+ "RFC-9000",
75915
+ "RFC-9114",
75916
+ "RFC-9180",
75917
+ "RFC-9421",
75918
+ "RFC-9458",
75919
+ "RFC-9700"
75920
+ ]
75921
+ }
75922
+ },
74509
75923
  "CWE-20": {
74510
75924
  "name": "Improper Input Validation",
74511
75925
  "category": "Validation",
@@ -74811,6 +76225,7 @@
74811
76225
  "CVE-2024-6587",
74812
76226
  "CVE-2024-9526",
74813
76227
  "CVE-2025-0133",
76228
+ "CVE-2025-10164",
74814
76229
  "CVE-2025-10585",
74815
76230
  "CVE-2025-1094",
74816
76231
  "CVE-2025-14174",
@@ -74838,9 +76253,11 @@
74838
76253
  "CVE-2025-64496",
74839
76254
  "CVE-2025-64513",
74840
76255
  "CVE-2025-67818",
76256
+ "CVE-2025-68668",
74841
76257
  "CVE-2025-6965",
74842
76258
  "CVE-2025-8747",
74843
76259
  "CVE-2026-0766",
76260
+ "CVE-2026-21858",
74844
76261
  "CVE-2026-22218",
74845
76262
  "CVE-2026-22252",
74846
76263
  "CVE-2026-22688",
@@ -74873,6 +76290,7 @@
74873
76290
  "CVE-2026-45829",
74874
76291
  "CVE-2026-46300",
74875
76292
  "CVE-2026-46333",
76293
+ "CVE-2026-5760",
74876
76294
  "CVE-2026-9082",
74877
76295
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
74878
76296
  "MAL-2026-3083",
@@ -75067,6 +76485,7 @@
75067
76485
  "CVE-2024-5565",
75068
76486
  "CVE-2024-9526",
75069
76487
  "CVE-2025-0133",
76488
+ "CVE-2025-10164",
75070
76489
  "CVE-2025-1094",
75071
76490
  "CVE-2025-27520",
75072
76491
  "CVE-2025-3248",
@@ -75074,7 +76493,9 @@
75074
76493
  "CVE-2025-49844",
75075
76494
  "CVE-2025-51480",
75076
76495
  "CVE-2025-53773",
76496
+ "CVE-2025-68668",
75077
76497
  "CVE-2025-6965",
76498
+ "CVE-2026-21858",
75078
76499
  "CVE-2026-22218",
75079
76500
  "CVE-2026-30615",
75080
76501
  "CVE-2026-30623",
@@ -75084,6 +76505,7 @@
75084
76505
  "CVE-2026-39884",
75085
76506
  "CVE-2026-42208",
75086
76507
  "CVE-2026-45321",
76508
+ "CVE-2026-5760",
75087
76509
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
75088
76510
  "MAL-2026-3083",
75089
76511
  "MAL-2026-NODE-IPC-STEALER"
@@ -75253,6 +76675,7 @@
75253
76675
  "CVE-2024-6587",
75254
76676
  "CVE-2024-9526",
75255
76677
  "CVE-2025-0133",
76678
+ "CVE-2025-10164",
75256
76679
  "CVE-2025-10585",
75257
76680
  "CVE-2025-1094",
75258
76681
  "CVE-2025-14174",
@@ -75278,9 +76701,11 @@
75278
76701
  "CVE-2025-64496",
75279
76702
  "CVE-2025-64513",
75280
76703
  "CVE-2025-67818",
76704
+ "CVE-2025-68668",
75281
76705
  "CVE-2025-6965",
75282
76706
  "CVE-2025-8747",
75283
76707
  "CVE-2026-0766",
76708
+ "CVE-2026-21858",
75284
76709
  "CVE-2026-22218",
75285
76710
  "CVE-2026-22252",
75286
76711
  "CVE-2026-22688",
@@ -75312,6 +76737,7 @@
75312
76737
  "CVE-2026-45829",
75313
76738
  "CVE-2026-46300",
75314
76739
  "CVE-2026-46333",
76740
+ "CVE-2026-5760",
75315
76741
  "CVE-2026-9082",
75316
76742
  "MAL-2026-3083",
75317
76743
  "MAL-2026-NODE-IPC-STEALER"
@@ -75470,6 +76896,7 @@
75470
76896
  "CVE-2024-6587",
75471
76897
  "CVE-2024-9526",
75472
76898
  "CVE-2025-0133",
76899
+ "CVE-2025-10164",
75473
76900
  "CVE-2025-10585",
75474
76901
  "CVE-2025-1094",
75475
76902
  "CVE-2025-14174",
@@ -75495,9 +76922,11 @@
75495
76922
  "CVE-2025-64496",
75496
76923
  "CVE-2025-64513",
75497
76924
  "CVE-2025-67818",
76925
+ "CVE-2025-68668",
75498
76926
  "CVE-2025-6965",
75499
76927
  "CVE-2025-8747",
75500
76928
  "CVE-2026-0766",
76929
+ "CVE-2026-21858",
75501
76930
  "CVE-2026-22218",
75502
76931
  "CVE-2026-22252",
75503
76932
  "CVE-2026-22688",
@@ -75529,6 +76958,7 @@
75529
76958
  "CVE-2026-45829",
75530
76959
  "CVE-2026-46300",
75531
76960
  "CVE-2026-46333",
76961
+ "CVE-2026-5760",
75532
76962
  "CVE-2026-9082",
75533
76963
  "MAL-2026-3083",
75534
76964
  "MAL-2026-NODE-IPC-STEALER"
@@ -75701,6 +77131,7 @@
75701
77131
  "CVE-2024-6587",
75702
77132
  "CVE-2024-9526",
75703
77133
  "CVE-2025-0133",
77134
+ "CVE-2025-10164",
75704
77135
  "CVE-2025-10585",
75705
77136
  "CVE-2025-1094",
75706
77137
  "CVE-2025-14174",
@@ -75726,9 +77157,11 @@
75726
77157
  "CVE-2025-64496",
75727
77158
  "CVE-2025-64513",
75728
77159
  "CVE-2025-67818",
77160
+ "CVE-2025-68668",
75729
77161
  "CVE-2025-6965",
75730
77162
  "CVE-2025-8747",
75731
77163
  "CVE-2026-0766",
77164
+ "CVE-2026-21858",
75732
77165
  "CVE-2026-22218",
75733
77166
  "CVE-2026-22252",
75734
77167
  "CVE-2026-22688",
@@ -75760,6 +77193,7 @@
75760
77193
  "CVE-2026-45829",
75761
77194
  "CVE-2026-46300",
75762
77195
  "CVE-2026-46333",
77196
+ "CVE-2026-5760",
75763
77197
  "CVE-2026-9082",
75764
77198
  "MAL-2026-3083",
75765
77199
  "MAL-2026-NODE-IPC-STEALER"
@@ -76044,6 +77478,7 @@
76044
77478
  "CVE-2024-6587",
76045
77479
  "CVE-2024-9526",
76046
77480
  "CVE-2025-0133",
77481
+ "CVE-2025-10164",
76047
77482
  "CVE-2025-1094",
76048
77483
  "CVE-2025-11837",
76049
77484
  "CVE-2025-1550",
@@ -76071,10 +77506,12 @@
76071
77506
  "CVE-2025-64496",
76072
77507
  "CVE-2025-64513",
76073
77508
  "CVE-2025-67818",
77509
+ "CVE-2025-68668",
76074
77510
  "CVE-2025-69286",
76075
77511
  "CVE-2025-6965",
76076
77512
  "CVE-2025-8747",
76077
77513
  "CVE-2026-0766",
77514
+ "CVE-2026-21858",
76078
77515
  "CVE-2026-22218",
76079
77516
  "CVE-2026-22219",
76080
77517
  "CVE-2026-22252",
@@ -76107,6 +77544,7 @@
76107
77544
  "CVE-2026-42208",
76108
77545
  "CVE-2026-45321",
76109
77546
  "CVE-2026-45829",
77547
+ "CVE-2026-5760",
76110
77548
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
76111
77549
  "MAL-2026-3083",
76112
77550
  "MAL-2026-NODE-IPC-STEALER"
@@ -76350,6 +77788,7 @@
76350
77788
  "CVE-2024-8068",
76351
77789
  "CVE-2024-8069",
76352
77790
  "CVE-2025-10035",
77791
+ "CVE-2025-10164",
76353
77792
  "CVE-2025-10585",
76354
77793
  "CVE-2025-1094",
76355
77794
  "CVE-2025-11371",
@@ -76827,6 +78266,7 @@
76827
78266
  "CVE-2024-5565",
76828
78267
  "CVE-2024-9526",
76829
78268
  "CVE-2025-0133",
78269
+ "CVE-2025-10164",
76830
78270
  "CVE-2025-1094",
76831
78271
  "CVE-2025-14847",
76832
78272
  "CVE-2025-22226",
@@ -76842,7 +78282,9 @@
76842
78282
  "CVE-2025-53767",
76843
78283
  "CVE-2025-53773",
76844
78284
  "CVE-2025-56520",
78285
+ "CVE-2025-68668",
76845
78286
  "CVE-2025-6965",
78287
+ "CVE-2026-21858",
76846
78288
  "CVE-2026-22218",
76847
78289
  "CVE-2026-22219",
76848
78290
  "CVE-2026-30615",
@@ -76858,6 +78300,7 @@
76858
78300
  "CVE-2026-42897",
76859
78301
  "CVE-2026-43284",
76860
78302
  "CVE-2026-45321",
78303
+ "CVE-2026-5760",
76861
78304
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
76862
78305
  "MAL-2026-3083",
76863
78306
  "MAL-2026-NODE-IPC-STEALER"
@@ -77234,6 +78677,7 @@
77234
78677
  "CVE-2024-6587",
77235
78678
  "CVE-2024-9526",
77236
78679
  "CVE-2025-0133",
78680
+ "CVE-2025-10164",
77237
78681
  "CVE-2025-10585",
77238
78682
  "CVE-2025-1094",
77239
78683
  "CVE-2025-14174",
@@ -77261,9 +78705,11 @@
77261
78705
  "CVE-2025-64496",
77262
78706
  "CVE-2025-64513",
77263
78707
  "CVE-2025-67818",
78708
+ "CVE-2025-68668",
77264
78709
  "CVE-2025-6965",
77265
78710
  "CVE-2025-8747",
77266
78711
  "CVE-2026-0766",
78712
+ "CVE-2026-21858",
77267
78713
  "CVE-2026-22218",
77268
78714
  "CVE-2026-22252",
77269
78715
  "CVE-2026-22688",
@@ -77296,6 +78742,7 @@
77296
78742
  "CVE-2026-45829",
77297
78743
  "CVE-2026-46300",
77298
78744
  "CVE-2026-46333",
78745
+ "CVE-2026-5760",
77299
78746
  "CVE-2026-9082",
77300
78747
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
77301
78748
  "MAL-2026-3083",
@@ -77890,6 +79337,7 @@
77890
79337
  "CVE-2024-6587",
77891
79338
  "CVE-2024-9526",
77892
79339
  "CVE-2025-0133",
79340
+ "CVE-2025-10164",
77893
79341
  "CVE-2025-10585",
77894
79342
  "CVE-2025-1094",
77895
79343
  "CVE-2025-14174",
@@ -77917,9 +79365,11 @@
77917
79365
  "CVE-2025-64496",
77918
79366
  "CVE-2025-64513",
77919
79367
  "CVE-2025-67818",
79368
+ "CVE-2025-68668",
77920
79369
  "CVE-2025-6965",
77921
79370
  "CVE-2025-8747",
77922
79371
  "CVE-2026-0766",
79372
+ "CVE-2026-21858",
77923
79373
  "CVE-2026-22218",
77924
79374
  "CVE-2026-22252",
77925
79375
  "CVE-2026-22688",
@@ -77952,6 +79402,7 @@
77952
79402
  "CVE-2026-45829",
77953
79403
  "CVE-2026-46300",
77954
79404
  "CVE-2026-46333",
79405
+ "CVE-2026-5760",
77955
79406
  "CVE-2026-9082",
77956
79407
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
77957
79408
  "MAL-2026-3083",
@@ -78902,6 +80353,7 @@
78902
80353
  "CVE-2024-6587",
78903
80354
  "CVE-2024-9526",
78904
80355
  "CVE-2025-0133",
80356
+ "CVE-2025-10164",
78905
80357
  "CVE-2025-10585",
78906
80358
  "CVE-2025-1094",
78907
80359
  "CVE-2025-14174",
@@ -78929,9 +80381,11 @@
78929
80381
  "CVE-2025-64496",
78930
80382
  "CVE-2025-64513",
78931
80383
  "CVE-2025-67818",
80384
+ "CVE-2025-68668",
78932
80385
  "CVE-2025-6965",
78933
80386
  "CVE-2025-8747",
78934
80387
  "CVE-2026-0766",
80388
+ "CVE-2026-21858",
78935
80389
  "CVE-2026-22218",
78936
80390
  "CVE-2026-22252",
78937
80391
  "CVE-2026-22688",
@@ -78964,6 +80418,7 @@
78964
80418
  "CVE-2026-45829",
78965
80419
  "CVE-2026-46300",
78966
80420
  "CVE-2026-46333",
80421
+ "CVE-2026-5760",
78967
80422
  "CVE-2026-9082",
78968
80423
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
78969
80424
  "MAL-2026-3083",
@@ -79208,6 +80663,7 @@
79208
80663
  "CVE-2024-8068",
79209
80664
  "CVE-2024-8069",
79210
80665
  "CVE-2025-10035",
80666
+ "CVE-2025-10164",
79211
80667
  "CVE-2025-10585",
79212
80668
  "CVE-2025-1094",
79213
80669
  "CVE-2025-11371",
@@ -79670,6 +81126,7 @@
79670
81126
  "CVE-2024-8068",
79671
81127
  "CVE-2024-8069",
79672
81128
  "CVE-2025-10035",
81129
+ "CVE-2025-10164",
79673
81130
  "CVE-2025-10585",
79674
81131
  "CVE-2025-1094",
79675
81132
  "CVE-2025-11371",
@@ -80155,6 +81612,7 @@
80155
81612
  "CVE-2024-6587",
80156
81613
  "CVE-2024-9526",
80157
81614
  "CVE-2025-0133",
81615
+ "CVE-2025-10164",
80158
81616
  "CVE-2025-10585",
80159
81617
  "CVE-2025-1094",
80160
81618
  "CVE-2025-14174",
@@ -80182,9 +81640,11 @@
80182
81640
  "CVE-2025-64496",
80183
81641
  "CVE-2025-64513",
80184
81642
  "CVE-2025-67818",
81643
+ "CVE-2025-68668",
80185
81644
  "CVE-2025-6965",
80186
81645
  "CVE-2025-8747",
80187
81646
  "CVE-2026-0766",
81647
+ "CVE-2026-21858",
80188
81648
  "CVE-2026-22218",
80189
81649
  "CVE-2026-22252",
80190
81650
  "CVE-2026-22688",
@@ -80217,6 +81677,7 @@
80217
81677
  "CVE-2026-45829",
80218
81678
  "CVE-2026-46300",
80219
81679
  "CVE-2026-46333",
81680
+ "CVE-2026-5760",
80220
81681
  "CVE-2026-9082",
80221
81682
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
80222
81683
  "MAL-2026-3083",
@@ -80626,12 +82087,15 @@
80626
82087
  "CVE-2024-5565",
80627
82088
  "CVE-2024-9526",
80628
82089
  "CVE-2025-0133",
82090
+ "CVE-2025-10164",
80629
82091
  "CVE-2025-1094",
80630
82092
  "CVE-2025-27520",
80631
82093
  "CVE-2025-3248",
80632
82094
  "CVE-2025-3466",
80633
82095
  "CVE-2025-51480",
82096
+ "CVE-2025-68668",
80634
82097
  "CVE-2025-6965",
82098
+ "CVE-2026-21858",
80635
82099
  "CVE-2026-22218",
80636
82100
  "CVE-2026-30615",
80637
82101
  "CVE-2026-30623",
@@ -80641,6 +82105,7 @@
80641
82105
  "CVE-2026-39884",
80642
82106
  "CVE-2026-42208",
80643
82107
  "CVE-2026-45321",
82108
+ "CVE-2026-5760",
80644
82109
  "MAL-2026-3083",
80645
82110
  "MAL-2026-NODE-IPC-STEALER",
80646
82111
  "MAL-2026-SHAI-HULUD-OSS"
@@ -81043,6 +82508,7 @@
81043
82508
  "CVE-2024-8068",
81044
82509
  "CVE-2024-8069",
81045
82510
  "CVE-2025-10035",
82511
+ "CVE-2025-10164",
81046
82512
  "CVE-2025-10585",
81047
82513
  "CVE-2025-1094",
81048
82514
  "CVE-2025-11371",
@@ -81592,6 +83058,7 @@
81592
83058
  "CVE-2024-6587",
81593
83059
  "CVE-2024-9526",
81594
83060
  "CVE-2025-0133",
83061
+ "CVE-2025-10164",
81595
83062
  "CVE-2025-10585",
81596
83063
  "CVE-2025-1094",
81597
83064
  "CVE-2025-14174",
@@ -81619,9 +83086,11 @@
81619
83086
  "CVE-2025-64496",
81620
83087
  "CVE-2025-64513",
81621
83088
  "CVE-2025-67818",
83089
+ "CVE-2025-68668",
81622
83090
  "CVE-2025-6965",
81623
83091
  "CVE-2025-8747",
81624
83092
  "CVE-2026-0766",
83093
+ "CVE-2026-21858",
81625
83094
  "CVE-2026-22218",
81626
83095
  "CVE-2026-22252",
81627
83096
  "CVE-2026-22688",
@@ -81654,6 +83123,7 @@
81654
83123
  "CVE-2026-45829",
81655
83124
  "CVE-2026-46300",
81656
83125
  "CVE-2026-46333",
83126
+ "CVE-2026-5760",
81657
83127
  "CVE-2026-9082",
81658
83128
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
81659
83129
  "MAL-2026-3083",
@@ -81987,6 +83457,7 @@
81987
83457
  "CVE-2024-9526",
81988
83458
  "CVE-2025-0133",
81989
83459
  "CVE-2025-10035",
83460
+ "CVE-2025-10164",
81990
83461
  "CVE-2025-10585",
81991
83462
  "CVE-2025-1094",
81992
83463
  "CVE-2025-11371",
@@ -82139,6 +83610,7 @@
82139
83610
  "CVE-2025-68461",
82140
83611
  "CVE-2025-68613",
82141
83612
  "CVE-2025-68645",
83613
+ "CVE-2025-68668",
82142
83614
  "CVE-2025-6965",
82143
83615
  "CVE-2025-7775",
82144
83616
  "CVE-2025-8088",
@@ -82172,6 +83644,7 @@
82172
83644
  "CVE-2026-21525",
82173
83645
  "CVE-2026-21533",
82174
83646
  "CVE-2026-21643",
83647
+ "CVE-2026-21858",
82175
83648
  "CVE-2026-22218",
82176
83649
  "CVE-2026-22252",
82177
83650
  "CVE-2026-22688",
@@ -82229,6 +83702,7 @@
82229
83702
  "CVE-2026-46300",
82230
83703
  "CVE-2026-46333",
82231
83704
  "CVE-2026-5281",
83705
+ "CVE-2026-5760",
82232
83706
  "CVE-2026-6973",
82233
83707
  "CVE-2026-9082",
82234
83708
  "MAL-2026-3083",
@@ -82923,6 +84397,7 @@
82923
84397
  "CVE-2024-5565",
82924
84398
  "CVE-2024-9526",
82925
84399
  "CVE-2025-0133",
84400
+ "CVE-2025-10164",
82926
84401
  "CVE-2025-1094",
82927
84402
  "CVE-2025-27520",
82928
84403
  "CVE-2025-3248",
@@ -82930,7 +84405,9 @@
82930
84405
  "CVE-2025-49844",
82931
84406
  "CVE-2025-51480",
82932
84407
  "CVE-2025-53773",
84408
+ "CVE-2025-68668",
82933
84409
  "CVE-2025-6965",
84410
+ "CVE-2026-21858",
82934
84411
  "CVE-2026-22218",
82935
84412
  "CVE-2026-30615",
82936
84413
  "CVE-2026-30623",
@@ -82940,6 +84417,7 @@
82940
84417
  "CVE-2026-39884",
82941
84418
  "CVE-2026-42208",
82942
84419
  "CVE-2026-45321",
84420
+ "CVE-2026-5760",
82943
84421
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
82944
84422
  "MAL-2026-3083",
82945
84423
  "MAL-2026-NODE-IPC-STEALER"
@@ -83224,13 +84702,16 @@
83224
84702
  "CVE-2024-5565",
83225
84703
  "CVE-2024-9526",
83226
84704
  "CVE-2025-0133",
84705
+ "CVE-2025-10164",
83227
84706
  "CVE-2025-1094",
83228
84707
  "CVE-2025-27520",
83229
84708
  "CVE-2025-3248",
83230
84709
  "CVE-2025-3466",
83231
84710
  "CVE-2025-51480",
83232
84711
  "CVE-2025-53773",
84712
+ "CVE-2025-68668",
83233
84713
  "CVE-2025-6965",
84714
+ "CVE-2026-21858",
83234
84715
  "CVE-2026-22218",
83235
84716
  "CVE-2026-30615",
83236
84717
  "CVE-2026-30623",
@@ -83240,6 +84721,7 @@
83240
84721
  "CVE-2026-39884",
83241
84722
  "CVE-2026-42208",
83242
84723
  "CVE-2026-45321",
84724
+ "CVE-2026-5760",
83243
84725
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
83244
84726
  "MAL-2026-3083",
83245
84727
  "MAL-2026-NODE-IPC-STEALER"
@@ -83579,6 +85061,7 @@
83579
85061
  "CVE-2024-6587",
83580
85062
  "CVE-2024-9526",
83581
85063
  "CVE-2025-0133",
85064
+ "CVE-2025-10164",
83582
85065
  "CVE-2025-10585",
83583
85066
  "CVE-2025-1094",
83584
85067
  "CVE-2025-14174",
@@ -83606,9 +85089,11 @@
83606
85089
  "CVE-2025-64496",
83607
85090
  "CVE-2025-64513",
83608
85091
  "CVE-2025-67818",
85092
+ "CVE-2025-68668",
83609
85093
  "CVE-2025-6965",
83610
85094
  "CVE-2025-8747",
83611
85095
  "CVE-2026-0766",
85096
+ "CVE-2026-21858",
83612
85097
  "CVE-2026-22218",
83613
85098
  "CVE-2026-22252",
83614
85099
  "CVE-2026-22688",
@@ -83641,6 +85126,7 @@
83641
85126
  "CVE-2026-45829",
83642
85127
  "CVE-2026-46300",
83643
85128
  "CVE-2026-46333",
85129
+ "CVE-2026-5760",
83644
85130
  "CVE-2026-9082",
83645
85131
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
83646
85132
  "MAL-2026-3083",
@@ -83945,6 +85431,7 @@
83945
85431
  "CVE-2024-6587",
83946
85432
  "CVE-2024-9526",
83947
85433
  "CVE-2025-0133",
85434
+ "CVE-2025-10164",
83948
85435
  "CVE-2025-1094",
83949
85436
  "CVE-2025-11837",
83950
85437
  "CVE-2025-1550",
@@ -83971,10 +85458,12 @@
83971
85458
  "CVE-2025-64496",
83972
85459
  "CVE-2025-64513",
83973
85460
  "CVE-2025-67818",
85461
+ "CVE-2025-68668",
83974
85462
  "CVE-2025-69286",
83975
85463
  "CVE-2025-6965",
83976
85464
  "CVE-2025-8747",
83977
85465
  "CVE-2026-0766",
85466
+ "CVE-2026-21858",
83978
85467
  "CVE-2026-22218",
83979
85468
  "CVE-2026-22219",
83980
85469
  "CVE-2026-22252",
@@ -84004,7 +85493,8 @@
84004
85493
  "CVE-2026-41947",
84005
85494
  "CVE-2026-41950",
84006
85495
  "CVE-2026-42208",
84007
- "CVE-2026-45829"
85496
+ "CVE-2026-45829",
85497
+ "CVE-2026-5760"
84008
85498
  ]
84009
85499
  },
84010
85500
  "CWE-1188": {
@@ -84171,6 +85661,7 @@
84171
85661
  "CVE-2024-5565",
84172
85662
  "CVE-2024-9526",
84173
85663
  "CVE-2025-0133",
85664
+ "CVE-2025-10164",
84174
85665
  "CVE-2025-1094",
84175
85666
  "CVE-2025-27520",
84176
85667
  "CVE-2025-3248",
@@ -84178,7 +85669,9 @@
84178
85669
  "CVE-2025-49844",
84179
85670
  "CVE-2025-51480",
84180
85671
  "CVE-2025-53773",
85672
+ "CVE-2025-68668",
84181
85673
  "CVE-2025-6965",
85674
+ "CVE-2026-21858",
84182
85675
  "CVE-2026-22218",
84183
85676
  "CVE-2026-30615",
84184
85677
  "CVE-2026-30623",
@@ -84188,6 +85681,7 @@
84188
85681
  "CVE-2026-39884",
84189
85682
  "CVE-2026-42208",
84190
85683
  "CVE-2026-45321",
85684
+ "CVE-2026-5760",
84191
85685
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
84192
85686
  "MAL-2026-3083",
84193
85687
  "MAL-2026-NODE-IPC-STEALER",
@@ -84925,6 +86419,7 @@
84925
86419
  "CVE-2024-6587",
84926
86420
  "CVE-2024-9526",
84927
86421
  "CVE-2025-0133",
86422
+ "CVE-2025-10164",
84928
86423
  "CVE-2025-10585",
84929
86424
  "CVE-2025-1094",
84930
86425
  "CVE-2025-14174",
@@ -84952,9 +86447,11 @@
84952
86447
  "CVE-2025-64496",
84953
86448
  "CVE-2025-64513",
84954
86449
  "CVE-2025-67818",
86450
+ "CVE-2025-68668",
84955
86451
  "CVE-2025-6965",
84956
86452
  "CVE-2025-8747",
84957
86453
  "CVE-2026-0766",
86454
+ "CVE-2026-21858",
84958
86455
  "CVE-2026-22218",
84959
86456
  "CVE-2026-22252",
84960
86457
  "CVE-2026-22688",
@@ -84986,6 +86483,7 @@
84986
86483
  "CVE-2026-45829",
84987
86484
  "CVE-2026-46300",
84988
86485
  "CVE-2026-46333",
86486
+ "CVE-2026-5760",
84989
86487
  "CVE-2026-9082",
84990
86488
  "MAL-2026-3083",
84991
86489
  "MAL-2026-NODE-IPC-STEALER",
@@ -85279,6 +86777,7 @@
85279
86777
  "CVE-2024-6587",
85280
86778
  "CVE-2024-9526",
85281
86779
  "CVE-2025-0133",
86780
+ "CVE-2025-10164",
85282
86781
  "CVE-2025-1094",
85283
86782
  "CVE-2025-11837",
85284
86783
  "CVE-2025-14847",
@@ -85308,10 +86807,12 @@
85308
86807
  "CVE-2025-64496",
85309
86808
  "CVE-2025-64513",
85310
86809
  "CVE-2025-67818",
86810
+ "CVE-2025-68668",
85311
86811
  "CVE-2025-69286",
85312
86812
  "CVE-2025-6965",
85313
86813
  "CVE-2025-8747",
85314
86814
  "CVE-2026-0766",
86815
+ "CVE-2026-21858",
85315
86816
  "CVE-2026-22218",
85316
86817
  "CVE-2026-22219",
85317
86818
  "CVE-2026-22252",
@@ -85346,6 +86847,7 @@
85346
86847
  "CVE-2026-43284",
85347
86848
  "CVE-2026-45321",
85348
86849
  "CVE-2026-45829",
86850
+ "CVE-2026-5760",
85349
86851
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
85350
86852
  "MAL-2026-3083",
85351
86853
  "MAL-2026-NODE-IPC-STEALER",