@blamejs/exceptd-skills 0.13.122 → 0.13.124

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +1033 -0
  6. package/data/atlas-ttps.json +4 -1
  7. package/data/attack-techniques.json +11 -4
  8. package/data/cve-catalog.json +308 -0
  9. package/data/cwe-catalog.json +6 -3
  10. package/data/framework-control-gaps.json +35 -10
  11. package/data/zeroday-lessons.json +150 -0
  12. package/manifest.json +44 -44
  13. package/package.json +1 -1
  14. package/sbom.cdx.json +24 -24
package/data/_indexes/chains.json CHANGED
@@ -75258,6 +75258,976 @@
75258
75258
  ]
75259
75259
  }
75260
75260
  },
75261
+ "CVE-2026-21858": {
75262
+ "name": "n8n Form-Based Unauthenticated Arbitrary File Access",
75263
+ "rwep": 31,
75264
+ "cvss": 10,
75265
+ "cisa_kev": false,
75266
+ "epss_score": 0.06939,
75267
+ "referencing_skills": [
75268
+ "ai-attack-surface",
75269
+ "compliance-theater",
75270
+ "rag-pipeline-security",
75271
+ "threat-modeling-methodology",
75272
+ "webapp-security",
75273
+ "api-security",
75274
+ "container-runtime-security"
75275
+ ],
75276
+ "chain": {
75277
+ "cwes": [
75278
+ {
75279
+ "id": "CWE-1039",
75280
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
75281
+ "category": "AI/ML"
75282
+ },
75283
+ {
75284
+ "id": "CWE-1188",
75285
+ "name": "Initialization of a Resource with an Insecure Default",
75286
+ "category": "Configuration"
75287
+ },
75288
+ {
75289
+ "id": "CWE-1395",
75290
+ "name": "Dependency on Vulnerable Third-Party Component",
75291
+ "category": "Supply Chain"
75292
+ },
75293
+ {
75294
+ "id": "CWE-1426",
75295
+ "name": "Improper Validation of Generative AI Output",
75296
+ "category": "AI/ML"
75297
+ },
75298
+ {
75299
+ "id": "CWE-200",
75300
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
75301
+ "category": "Information Exposure"
75302
+ },
75303
+ {
75304
+ "id": "CWE-22",
75305
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
75306
+ "category": "Path/Resource"
75307
+ },
75308
+ {
75309
+ "id": "CWE-269",
75310
+ "name": "Improper Privilege Management",
75311
+ "category": "Authorization"
75312
+ },
75313
+ {
75314
+ "id": "CWE-287",
75315
+ "name": "Improper Authentication",
75316
+ "category": "Authentication"
75317
+ },
75318
+ {
75319
+ "id": "CWE-352",
75320
+ "name": "Cross-Site Request Forgery (CSRF)",
75321
+ "category": "Session"
75322
+ },
75323
+ {
75324
+ "id": "CWE-434",
75325
+ "name": "Unrestricted Upload of File with Dangerous Type",
75326
+ "category": "File Handling"
75327
+ },
75328
+ {
75329
+ "id": "CWE-502",
75330
+ "name": "Deserialization of Untrusted Data",
75331
+ "category": "Serialization"
75332
+ },
75333
+ {
75334
+ "id": "CWE-732",
75335
+ "name": "Incorrect Permission Assignment for Critical Resource",
75336
+ "category": "Authorization"
75337
+ },
75338
+ {
75339
+ "id": "CWE-77",
75340
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
75341
+ "category": "Injection"
75342
+ },
75343
+ {
75344
+ "id": "CWE-78",
75345
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
75346
+ "category": "Injection"
75347
+ },
75348
+ {
75349
+ "id": "CWE-787",
75350
+ "name": "Out-of-bounds Write",
75351
+ "category": "Memory Safety"
75352
+ },
75353
+ {
75354
+ "id": "CWE-79",
75355
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
75356
+ "category": "Injection"
75357
+ },
75358
+ {
75359
+ "id": "CWE-862",
75360
+ "name": "Missing Authorization",
75361
+ "category": "Authorization"
75362
+ },
75363
+ {
75364
+ "id": "CWE-863",
75365
+ "name": "Incorrect Authorization",
75366
+ "category": "Authorization"
75367
+ },
75368
+ {
75369
+ "id": "CWE-89",
75370
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
75371
+ "category": "Injection"
75372
+ },
75373
+ {
75374
+ "id": "CWE-918",
75375
+ "name": "Server-Side Request Forgery (SSRF)",
75376
+ "category": "Network"
75377
+ },
75378
+ {
75379
+ "id": "CWE-94",
75380
+ "name": "Improper Control of Generation of Code (Code Injection)",
75381
+ "category": "Injection"
75382
+ }
75383
+ ],
75384
+ "atlas": [
75385
+ {
75386
+ "id": "AML.T0010",
75387
+ "name": "ML Supply Chain Compromise",
75388
+ "tactic": "Initial Access"
75389
+ },
75390
+ {
75391
+ "id": "AML.T0016",
75392
+ "name": "Obtain Capabilities: Develop Capabilities",
75393
+ "tactic": "Resource Development"
75394
+ },
75395
+ {
75396
+ "id": "AML.T0017",
75397
+ "name": "Discover ML Model Ontology",
75398
+ "tactic": "Discovery"
75399
+ },
75400
+ {
75401
+ "id": "AML.T0018",
75402
+ "name": "Backdoor ML Model",
75403
+ "tactic": "Persistence"
75404
+ },
75405
+ {
75406
+ "id": "AML.T0020",
75407
+ "name": "Poison Training Data",
75408
+ "tactic": "ML Attack Staging"
75409
+ },
75410
+ {
75411
+ "id": "AML.T0043",
75412
+ "name": "Craft Adversarial Data",
75413
+ "tactic": "ML Attack Staging"
75414
+ },
75415
+ {
75416
+ "id": "AML.T0051",
75417
+ "name": "LLM Prompt Injection",
75418
+ "tactic": "Execution"
75419
+ },
75420
+ {
75421
+ "id": "AML.T0054",
75422
+ "name": "LLM Jailbreak",
75423
+ "tactic": "Defense Evasion"
75424
+ },
75425
+ {
75426
+ "id": "AML.T0096",
75427
+ "name": "AI API as Covert C2 Channel",
75428
+ "tactic": "Command and Control"
75429
+ }
75430
+ ],
75431
+ "d3fend": [
75432
+ {
75433
+ "id": "D3-CSPP",
75434
+ "name": "Client-server Payload Profiling",
75435
+ "tactic": "Detect"
75436
+ },
75437
+ {
75438
+ "id": "D3-IOPR",
75439
+ "name": "Input/Output Profiling Resource",
75440
+ "tactic": "Detect"
75441
+ },
75442
+ {
75443
+ "id": "D3-NTA",
75444
+ "name": "Network Traffic Analysis",
75445
+ "tactic": "Detect"
75446
+ }
75447
+ ],
75448
+ "framework_gaps": [
75449
+ {
75450
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
75451
+ "framework": "ALL",
75452
+ "control_name": "AI Pipeline Integrity"
75453
+ },
75454
+ {
75455
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
75456
+ "framework": "ALL",
75457
+ "control_name": "Prompt Injection as Access Control Failure"
75458
+ },
75459
+ {
75460
+ "id": "CMMC-2.0-Level-2",
75461
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
75462
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
75463
+ },
75464
+ {
75465
+ "id": "FedRAMP-Rev5-Moderate",
75466
+ "framework": "FedRAMP Rev 5 Moderate",
75467
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
75468
+ },
75469
+ {
75470
+ "id": "ISO-27001-2022-A.8.28",
75471
+ "framework": "ISO/IEC 27001:2022",
75472
+ "control_name": "Secure coding"
75473
+ },
75474
+ {
75475
+ "id": "ISO-IEC-23894-2023-clause-7",
75476
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
75477
+ "control_name": "AI risk management process"
75478
+ },
75479
+ {
75480
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
75481
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
75482
+ "control_name": "AI risk assessment"
75483
+ },
75484
+ {
75485
+ "id": "NIST-800-218-SSDF",
75486
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
75487
+ "control_name": "Secure Software Development Framework"
75488
+ },
75489
+ {
75490
+ "id": "NIST-800-53-AC-2",
75491
+ "framework": "NIST SP 800-53 Rev 5",
75492
+ "control_name": "Account Management"
75493
+ },
75494
+ {
75495
+ "id": "NIST-800-53-CM-7",
75496
+ "framework": "NIST SP 800-53 Rev 5",
75497
+ "control_name": "Least Functionality"
75498
+ },
75499
+ {
75500
+ "id": "NIST-800-53-SI-12",
75501
+ "framework": "NIST SP 800-53 Rev 5",
75502
+ "control_name": "Information Management and Retention"
75503
+ },
75504
+ {
75505
+ "id": "NIST-800-53-SI-3",
75506
+ "framework": "NIST SP 800-53 Rev 5",
75507
+ "control_name": "Malicious Code Protection"
75508
+ },
75509
+ {
75510
+ "id": "NIST-AI-RMF-MEASURE-2.5",
75511
+ "framework": "NIST AI RMF 1.0",
75512
+ "control_name": "AI system to human interaction evaluation"
75513
+ },
75514
+ {
75515
+ "id": "OWASP-ASVS-v5.0-V14",
75516
+ "framework": "OWASP ASVS v5.0",
75517
+ "control_name": "Configuration verification"
75518
+ },
75519
+ {
75520
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
75521
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75522
+ "control_name": "Prompt Injection"
75523
+ },
75524
+ {
75525
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
75526
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75527
+ "control_name": "Sensitive Information Disclosure"
75528
+ },
75529
+ {
75530
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
75531
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75532
+ "control_name": "Vector and Embedding Weaknesses"
75533
+ },
75534
+ {
75535
+ "id": "SLSA-v1.0-Build-L3",
75536
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
75537
+ "control_name": "Hardened build platform with non-falsifiable provenance"
75538
+ },
75539
+ {
75540
+ "id": "SOC2-CC6-logical-access",
75541
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
75542
+ "control_name": "Logical and Physical Access Controls"
75543
+ }
75544
+ ],
75545
+ "attack_refs": [
75546
+ "T1059",
75547
+ "T1068",
75548
+ "T1078",
75549
+ "T1190",
75550
+ "T1505",
75551
+ "T1565",
75552
+ "T1566",
75553
+ "T1567",
75554
+ "T1610",
75555
+ "T1611"
75556
+ ],
75557
+ "rfc_refs": [
75558
+ "RFC-6749",
75559
+ "RFC-7519",
75560
+ "RFC-8032",
75561
+ "RFC-8446",
75562
+ "RFC-8725",
75563
+ "RFC-9114",
75564
+ "RFC-9421",
75565
+ "RFC-9700"
75566
+ ]
75567
+ }
75568
+ },
75569
+ "CVE-2025-68668": {
75570
+ "name": "n8n Python Code Node Pyodide Sandbox Bypass RCE",
75571
+ "rwep": 27,
75572
+ "cvss": 9.9,
75573
+ "cisa_kev": false,
75574
+ "epss_score": 0.00035,
75575
+ "referencing_skills": [
75576
+ "ai-attack-surface",
75577
+ "compliance-theater",
75578
+ "rag-pipeline-security",
75579
+ "ai-c2-detection",
75580
+ "threat-modeling-methodology",
75581
+ "webapp-security",
75582
+ "api-security",
75583
+ "container-runtime-security",
75584
+ "email-security-anti-phishing"
75585
+ ],
75586
+ "chain": {
75587
+ "cwes": [
75588
+ {
75589
+ "id": "CWE-1039",
75590
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
75591
+ "category": "AI/ML"
75592
+ },
75593
+ {
75594
+ "id": "CWE-1188",
75595
+ "name": "Initialization of a Resource with an Insecure Default",
75596
+ "category": "Configuration"
75597
+ },
75598
+ {
75599
+ "id": "CWE-1395",
75600
+ "name": "Dependency on Vulnerable Third-Party Component",
75601
+ "category": "Supply Chain"
75602
+ },
75603
+ {
75604
+ "id": "CWE-1426",
75605
+ "name": "Improper Validation of Generative AI Output",
75606
+ "category": "AI/ML"
75607
+ },
75608
+ {
75609
+ "id": "CWE-200",
75610
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
75611
+ "category": "Information Exposure"
75612
+ },
75613
+ {
75614
+ "id": "CWE-22",
75615
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
75616
+ "category": "Path/Resource"
75617
+ },
75618
+ {
75619
+ "id": "CWE-269",
75620
+ "name": "Improper Privilege Management",
75621
+ "category": "Authorization"
75622
+ },
75623
+ {
75624
+ "id": "CWE-287",
75625
+ "name": "Improper Authentication",
75626
+ "category": "Authentication"
75627
+ },
75628
+ {
75629
+ "id": "CWE-352",
75630
+ "name": "Cross-Site Request Forgery (CSRF)",
75631
+ "category": "Session"
75632
+ },
75633
+ {
75634
+ "id": "CWE-434",
75635
+ "name": "Unrestricted Upload of File with Dangerous Type",
75636
+ "category": "File Handling"
75637
+ },
75638
+ {
75639
+ "id": "CWE-502",
75640
+ "name": "Deserialization of Untrusted Data",
75641
+ "category": "Serialization"
75642
+ },
75643
+ {
75644
+ "id": "CWE-732",
75645
+ "name": "Incorrect Permission Assignment for Critical Resource",
75646
+ "category": "Authorization"
75647
+ },
75648
+ {
75649
+ "id": "CWE-77",
75650
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
75651
+ "category": "Injection"
75652
+ },
75653
+ {
75654
+ "id": "CWE-78",
75655
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
75656
+ "category": "Injection"
75657
+ },
75658
+ {
75659
+ "id": "CWE-787",
75660
+ "name": "Out-of-bounds Write",
75661
+ "category": "Memory Safety"
75662
+ },
75663
+ {
75664
+ "id": "CWE-79",
75665
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
75666
+ "category": "Injection"
75667
+ },
75668
+ {
75669
+ "id": "CWE-862",
75670
+ "name": "Missing Authorization",
75671
+ "category": "Authorization"
75672
+ },
75673
+ {
75674
+ "id": "CWE-863",
75675
+ "name": "Incorrect Authorization",
75676
+ "category": "Authorization"
75677
+ },
75678
+ {
75679
+ "id": "CWE-89",
75680
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
75681
+ "category": "Injection"
75682
+ },
75683
+ {
75684
+ "id": "CWE-918",
75685
+ "name": "Server-Side Request Forgery (SSRF)",
75686
+ "category": "Network"
75687
+ },
75688
+ {
75689
+ "id": "CWE-94",
75690
+ "name": "Improper Control of Generation of Code (Code Injection)",
75691
+ "category": "Injection"
75692
+ }
75693
+ ],
75694
+ "atlas": [
75695
+ {
75696
+ "id": "AML.T0010",
75697
+ "name": "ML Supply Chain Compromise",
75698
+ "tactic": "Initial Access"
75699
+ },
75700
+ {
75701
+ "id": "AML.T0016",
75702
+ "name": "Obtain Capabilities: Develop Capabilities",
75703
+ "tactic": "Resource Development"
75704
+ },
75705
+ {
75706
+ "id": "AML.T0017",
75707
+ "name": "Discover ML Model Ontology",
75708
+ "tactic": "Discovery"
75709
+ },
75710
+ {
75711
+ "id": "AML.T0018",
75712
+ "name": "Backdoor ML Model",
75713
+ "tactic": "Persistence"
75714
+ },
75715
+ {
75716
+ "id": "AML.T0020",
75717
+ "name": "Poison Training Data",
75718
+ "tactic": "ML Attack Staging"
75719
+ },
75720
+ {
75721
+ "id": "AML.T0043",
75722
+ "name": "Craft Adversarial Data",
75723
+ "tactic": "ML Attack Staging"
75724
+ },
75725
+ {
75726
+ "id": "AML.T0051",
75727
+ "name": "LLM Prompt Injection",
75728
+ "tactic": "Execution"
75729
+ },
75730
+ {
75731
+ "id": "AML.T0054",
75732
+ "name": "LLM Jailbreak",
75733
+ "tactic": "Defense Evasion"
75734
+ },
75735
+ {
75736
+ "id": "AML.T0096",
75737
+ "name": "AI API as Covert C2 Channel",
75738
+ "tactic": "Command and Control"
75739
+ }
75740
+ ],
75741
+ "d3fend": [
75742
+ {
75743
+ "id": "D3-CA",
75744
+ "name": "Certificate Analysis",
75745
+ "tactic": "Detect"
75746
+ },
75747
+ {
75748
+ "id": "D3-CSPP",
75749
+ "name": "Client-server Payload Profiling",
75750
+ "tactic": "Detect"
75751
+ },
75752
+ {
75753
+ "id": "D3-DA",
75754
+ "name": "Domain Analysis",
75755
+ "tactic": "Detect"
75756
+ },
75757
+ {
75758
+ "id": "D3-IOPR",
75759
+ "name": "Input/Output Profiling Resource",
75760
+ "tactic": "Detect"
75761
+ },
75762
+ {
75763
+ "id": "D3-NI",
75764
+ "name": "Network Isolation",
75765
+ "tactic": "Isolate"
75766
+ },
75767
+ {
75768
+ "id": "D3-NTA",
75769
+ "name": "Network Traffic Analysis",
75770
+ "tactic": "Detect"
75771
+ },
75772
+ {
75773
+ "id": "D3-NTPM",
75774
+ "name": "Network Traffic Policy Mapping",
75775
+ "tactic": "Model"
75776
+ }
75777
+ ],
75778
+ "framework_gaps": [
75779
+ {
75780
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
75781
+ "framework": "ALL",
75782
+ "control_name": "AI Pipeline Integrity"
75783
+ },
75784
+ {
75785
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
75786
+ "framework": "ALL",
75787
+ "control_name": "Prompt Injection as Access Control Failure"
75788
+ },
75789
+ {
75790
+ "id": "CMMC-2.0-Level-2",
75791
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
75792
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
75793
+ },
75794
+ {
75795
+ "id": "FedRAMP-Rev5-Moderate",
75796
+ "framework": "FedRAMP Rev 5 Moderate",
75797
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
75798
+ },
75799
+ {
75800
+ "id": "ISO-27001-2022-A.8.16",
75801
+ "framework": "ISO/IEC 27001:2022",
75802
+ "control_name": "Monitoring activities"
75803
+ },
75804
+ {
75805
+ "id": "ISO-27001-2022-A.8.28",
75806
+ "framework": "ISO/IEC 27001:2022",
75807
+ "control_name": "Secure coding"
75808
+ },
75809
+ {
75810
+ "id": "ISO-IEC-23894-2023-clause-7",
75811
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
75812
+ "control_name": "AI risk management process"
75813
+ },
75814
+ {
75815
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
75816
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
75817
+ "control_name": "AI risk assessment"
75818
+ },
75819
+ {
75820
+ "id": "NIST-800-218-SSDF",
75821
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
75822
+ "control_name": "Secure Software Development Framework"
75823
+ },
75824
+ {
75825
+ "id": "NIST-800-53-AC-2",
75826
+ "framework": "NIST SP 800-53 Rev 5",
75827
+ "control_name": "Account Management"
75828
+ },
75829
+ {
75830
+ "id": "NIST-800-53-CM-7",
75831
+ "framework": "NIST SP 800-53 Rev 5",
75832
+ "control_name": "Least Functionality"
75833
+ },
75834
+ {
75835
+ "id": "NIST-800-53-SC-7",
75836
+ "framework": "NIST SP 800-53 Rev 5",
75837
+ "control_name": "Boundary Protection"
75838
+ },
75839
+ {
75840
+ "id": "NIST-800-53-SI-12",
75841
+ "framework": "NIST SP 800-53 Rev 5",
75842
+ "control_name": "Information Management and Retention"
75843
+ },
75844
+ {
75845
+ "id": "NIST-800-53-SI-3",
75846
+ "framework": "NIST SP 800-53 Rev 5",
75847
+ "control_name": "Malicious Code Protection"
75848
+ },
75849
+ {
75850
+ "id": "NIST-AI-RMF-MEASURE-2.5",
75851
+ "framework": "NIST AI RMF 1.0",
75852
+ "control_name": "AI system to human interaction evaluation"
75853
+ },
75854
+ {
75855
+ "id": "OWASP-ASVS-v5.0-V14",
75856
+ "framework": "OWASP ASVS v5.0",
75857
+ "control_name": "Configuration verification"
75858
+ },
75859
+ {
75860
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
75861
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75862
+ "control_name": "Prompt Injection"
75863
+ },
75864
+ {
75865
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
75866
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75867
+ "control_name": "Sensitive Information Disclosure"
75868
+ },
75869
+ {
75870
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
75871
+ "framework": "OWASP Top 10 for LLM Applications 2025",
75872
+ "control_name": "Vector and Embedding Weaknesses"
75873
+ },
75874
+ {
75875
+ "id": "SLSA-v1.0-Build-L3",
75876
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
75877
+ "control_name": "Hardened build platform with non-falsifiable provenance"
75878
+ },
75879
+ {
75880
+ "id": "SOC2-CC6-logical-access",
75881
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
75882
+ "control_name": "Logical and Physical Access Controls"
75883
+ },
75884
+ {
75885
+ "id": "SOC2-CC7-anomaly-detection",
75886
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
75887
+ "control_name": "System Operations — Threat and Vulnerability Management"
75888
+ }
75889
+ ],
75890
+ "attack_refs": [
75891
+ "T1059",
75892
+ "T1068",
75893
+ "T1071",
75894
+ "T1078",
75895
+ "T1102",
75896
+ "T1190",
75897
+ "T1505",
75898
+ "T1565",
75899
+ "T1566",
75900
+ "T1566.001",
75901
+ "T1566.002",
75902
+ "T1566.003",
75903
+ "T1567",
75904
+ "T1568",
75905
+ "T1610",
75906
+ "T1611"
75907
+ ],
75908
+ "rfc_refs": [
75909
+ "RFC-6749",
75910
+ "RFC-7519",
75911
+ "RFC-8032",
75912
+ "RFC-8446",
75913
+ "RFC-8725",
75914
+ "RFC-9000",
75915
+ "RFC-9114",
75916
+ "RFC-9180",
75917
+ "RFC-9421",
75918
+ "RFC-9458",
75919
+ "RFC-9700"
75920
+ ]
75921
+ }
75922
+ },
75923
+ "CVE-2024-31462": {
75924
+ "name": "stable-diffusion-webui Backup/Restore Limited File Write (Path Traversal)",
75925
+ "rwep": 17,
75926
+ "cvss": 6.3,
75927
+ "cisa_kev": false,
75928
+ "epss_score": 0.00245,
75929
+ "referencing_skills": [
75930
+ "ai-attack-surface",
75931
+ "compliance-theater",
75932
+ "rag-pipeline-security",
75933
+ "threat-modeling-methodology",
75934
+ "webapp-security",
75935
+ "api-security",
75936
+ "container-runtime-security"
75937
+ ],
75938
+ "chain": {
75939
+ "cwes": [
75940
+ {
75941
+ "id": "CWE-1039",
75942
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
75943
+ "category": "AI/ML"
75944
+ },
75945
+ {
75946
+ "id": "CWE-1188",
75947
+ "name": "Initialization of a Resource with an Insecure Default",
75948
+ "category": "Configuration"
75949
+ },
75950
+ {
75951
+ "id": "CWE-1395",
75952
+ "name": "Dependency on Vulnerable Third-Party Component",
75953
+ "category": "Supply Chain"
75954
+ },
75955
+ {
75956
+ "id": "CWE-1426",
75957
+ "name": "Improper Validation of Generative AI Output",
75958
+ "category": "AI/ML"
75959
+ },
75960
+ {
75961
+ "id": "CWE-200",
75962
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
75963
+ "category": "Information Exposure"
75964
+ },
75965
+ {
75966
+ "id": "CWE-22",
75967
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
75968
+ "category": "Path/Resource"
75969
+ },
75970
+ {
75971
+ "id": "CWE-269",
75972
+ "name": "Improper Privilege Management",
75973
+ "category": "Authorization"
75974
+ },
75975
+ {
75976
+ "id": "CWE-287",
75977
+ "name": "Improper Authentication",
75978
+ "category": "Authentication"
75979
+ },
75980
+ {
75981
+ "id": "CWE-352",
75982
+ "name": "Cross-Site Request Forgery (CSRF)",
75983
+ "category": "Session"
75984
+ },
75985
+ {
75986
+ "id": "CWE-434",
75987
+ "name": "Unrestricted Upload of File with Dangerous Type",
75988
+ "category": "File Handling"
75989
+ },
75990
+ {
75991
+ "id": "CWE-502",
75992
+ "name": "Deserialization of Untrusted Data",
75993
+ "category": "Serialization"
75994
+ },
75995
+ {
75996
+ "id": "CWE-732",
75997
+ "name": "Incorrect Permission Assignment for Critical Resource",
75998
+ "category": "Authorization"
75999
+ },
76000
+ {
76001
+ "id": "CWE-77",
76002
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
76003
+ "category": "Injection"
76004
+ },
76005
+ {
76006
+ "id": "CWE-78",
76007
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
76008
+ "category": "Injection"
76009
+ },
76010
+ {
76011
+ "id": "CWE-787",
76012
+ "name": "Out-of-bounds Write",
76013
+ "category": "Memory Safety"
76014
+ },
76015
+ {
76016
+ "id": "CWE-79",
76017
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
76018
+ "category": "Injection"
76019
+ },
76020
+ {
76021
+ "id": "CWE-862",
76022
+ "name": "Missing Authorization",
76023
+ "category": "Authorization"
76024
+ },
76025
+ {
76026
+ "id": "CWE-863",
76027
+ "name": "Incorrect Authorization",
76028
+ "category": "Authorization"
76029
+ },
76030
+ {
76031
+ "id": "CWE-89",
76032
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
76033
+ "category": "Injection"
76034
+ },
76035
+ {
76036
+ "id": "CWE-918",
76037
+ "name": "Server-Side Request Forgery (SSRF)",
76038
+ "category": "Network"
76039
+ },
76040
+ {
76041
+ "id": "CWE-94",
76042
+ "name": "Improper Control of Generation of Code (Code Injection)",
76043
+ "category": "Injection"
76044
+ }
76045
+ ],
76046
+ "atlas": [
76047
+ {
76048
+ "id": "AML.T0010",
76049
+ "name": "ML Supply Chain Compromise",
76050
+ "tactic": "Initial Access"
76051
+ },
76052
+ {
76053
+ "id": "AML.T0016",
76054
+ "name": "Obtain Capabilities: Develop Capabilities",
76055
+ "tactic": "Resource Development"
76056
+ },
76057
+ {
76058
+ "id": "AML.T0017",
76059
+ "name": "Discover ML Model Ontology",
76060
+ "tactic": "Discovery"
76061
+ },
76062
+ {
76063
+ "id": "AML.T0018",
76064
+ "name": "Backdoor ML Model",
76065
+ "tactic": "Persistence"
76066
+ },
76067
+ {
76068
+ "id": "AML.T0020",
76069
+ "name": "Poison Training Data",
76070
+ "tactic": "ML Attack Staging"
76071
+ },
76072
+ {
76073
+ "id": "AML.T0043",
76074
+ "name": "Craft Adversarial Data",
76075
+ "tactic": "ML Attack Staging"
76076
+ },
76077
+ {
76078
+ "id": "AML.T0051",
76079
+ "name": "LLM Prompt Injection",
76080
+ "tactic": "Execution"
76081
+ },
76082
+ {
76083
+ "id": "AML.T0054",
76084
+ "name": "LLM Jailbreak",
76085
+ "tactic": "Defense Evasion"
76086
+ },
76087
+ {
76088
+ "id": "AML.T0096",
76089
+ "name": "AI API as Covert C2 Channel",
76090
+ "tactic": "Command and Control"
76091
+ }
76092
+ ],
76093
+ "d3fend": [
76094
+ {
76095
+ "id": "D3-CSPP",
76096
+ "name": "Client-server Payload Profiling",
76097
+ "tactic": "Detect"
76098
+ },
76099
+ {
76100
+ "id": "D3-IOPR",
76101
+ "name": "Input/Output Profiling Resource",
76102
+ "tactic": "Detect"
76103
+ },
76104
+ {
76105
+ "id": "D3-NTA",
76106
+ "name": "Network Traffic Analysis",
76107
+ "tactic": "Detect"
76108
+ }
76109
+ ],
76110
+ "framework_gaps": [
76111
+ {
76112
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
76113
+ "framework": "ALL",
76114
+ "control_name": "AI Pipeline Integrity"
76115
+ },
76116
+ {
76117
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
76118
+ "framework": "ALL",
76119
+ "control_name": "Prompt Injection as Access Control Failure"
76120
+ },
76121
+ {
76122
+ "id": "CMMC-2.0-Level-2",
76123
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
76124
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
76125
+ },
76126
+ {
76127
+ "id": "FedRAMP-Rev5-Moderate",
76128
+ "framework": "FedRAMP Rev 5 Moderate",
76129
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
76130
+ },
76131
+ {
76132
+ "id": "ISO-27001-2022-A.8.28",
76133
+ "framework": "ISO/IEC 27001:2022",
76134
+ "control_name": "Secure coding"
76135
+ },
76136
+ {
76137
+ "id": "ISO-IEC-23894-2023-clause-7",
76138
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
76139
+ "control_name": "AI risk management process"
76140
+ },
76141
+ {
76142
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
76143
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
76144
+ "control_name": "AI risk assessment"
76145
+ },
76146
+ {
76147
+ "id": "NIST-800-218-SSDF",
76148
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
76149
+ "control_name": "Secure Software Development Framework"
76150
+ },
76151
+ {
76152
+ "id": "NIST-800-53-AC-2",
76153
+ "framework": "NIST SP 800-53 Rev 5",
76154
+ "control_name": "Account Management"
76155
+ },
76156
+ {
76157
+ "id": "NIST-800-53-CM-7",
76158
+ "framework": "NIST SP 800-53 Rev 5",
76159
+ "control_name": "Least Functionality"
76160
+ },
76161
+ {
76162
+ "id": "NIST-800-53-SI-12",
76163
+ "framework": "NIST SP 800-53 Rev 5",
76164
+ "control_name": "Information Management and Retention"
76165
+ },
76166
+ {
76167
+ "id": "NIST-800-53-SI-3",
76168
+ "framework": "NIST SP 800-53 Rev 5",
76169
+ "control_name": "Malicious Code Protection"
76170
+ },
76171
+ {
76172
+ "id": "NIST-AI-RMF-MEASURE-2.5",
76173
+ "framework": "NIST AI RMF 1.0",
76174
+ "control_name": "AI system to human interaction evaluation"
76175
+ },
76176
+ {
76177
+ "id": "OWASP-ASVS-v5.0-V14",
76178
+ "framework": "OWASP ASVS v5.0",
76179
+ "control_name": "Configuration verification"
76180
+ },
76181
+ {
76182
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
76183
+ "framework": "OWASP Top 10 for LLM Applications 2025",
76184
+ "control_name": "Prompt Injection"
76185
+ },
76186
+ {
76187
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
76188
+ "framework": "OWASP Top 10 for LLM Applications 2025",
76189
+ "control_name": "Sensitive Information Disclosure"
76190
+ },
76191
+ {
76192
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
76193
+ "framework": "OWASP Top 10 for LLM Applications 2025",
76194
+ "control_name": "Vector and Embedding Weaknesses"
76195
+ },
76196
+ {
76197
+ "id": "SLSA-v1.0-Build-L3",
76198
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
76199
+ "control_name": "Hardened build platform with non-falsifiable provenance"
76200
+ },
76201
+ {
76202
+ "id": "SOC2-CC6-logical-access",
76203
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
76204
+ "control_name": "Logical and Physical Access Controls"
76205
+ }
76206
+ ],
76207
+ "attack_refs": [
76208
+ "T1059",
76209
+ "T1068",
76210
+ "T1078",
76211
+ "T1190",
76212
+ "T1505",
76213
+ "T1565",
76214
+ "T1566",
76215
+ "T1567",
76216
+ "T1610",
76217
+ "T1611"
76218
+ ],
76219
+ "rfc_refs": [
76220
+ "RFC-6749",
76221
+ "RFC-7519",
76222
+ "RFC-8032",
76223
+ "RFC-8446",
76224
+ "RFC-8725",
76225
+ "RFC-9114",
76226
+ "RFC-9421",
76227
+ "RFC-9700"
76228
+ ]
76229
+ }
76230
+ },
75261
76231
  "CWE-20": {
75262
76232
  "name": "Improper Input Validation",
75263
76233
  "category": "Validation",
@@ -75550,6 +76520,7 @@
75550
76520
  "CVE-2024-27132",
75551
76521
  "CVE-2024-2912",
75552
76522
  "CVE-2024-3094",
76523
+ "CVE-2024-31462",
75553
76524
  "CVE-2024-3154",
75554
76525
  "CVE-2024-37032",
75555
76526
  "CVE-2024-37052",
@@ -75591,9 +76562,11 @@
75591
76562
  "CVE-2025-64496",
75592
76563
  "CVE-2025-64513",
75593
76564
  "CVE-2025-67818",
76565
+ "CVE-2025-68668",
75594
76566
  "CVE-2025-6965",
75595
76567
  "CVE-2025-8747",
75596
76568
  "CVE-2026-0766",
76569
+ "CVE-2026-21858",
75597
76570
  "CVE-2026-22218",
75598
76571
  "CVE-2026-22252",
75599
76572
  "CVE-2026-22688",
@@ -75815,6 +76788,7 @@
75815
76788
  "CVE-2024-24591",
75816
76789
  "CVE-2024-2912",
75817
76790
  "CVE-2024-3094",
76791
+ "CVE-2024-31462",
75818
76792
  "CVE-2024-3154",
75819
76793
  "CVE-2024-37052",
75820
76794
  "CVE-2024-37060",
@@ -75829,7 +76803,9 @@
75829
76803
  "CVE-2025-49844",
75830
76804
  "CVE-2025-51480",
75831
76805
  "CVE-2025-53773",
76806
+ "CVE-2025-68668",
75832
76807
  "CVE-2025-6965",
76808
+ "CVE-2026-21858",
75833
76809
  "CVE-2026-22218",
75834
76810
  "CVE-2026-30615",
75835
76811
  "CVE-2026-30623",
@@ -75997,6 +76973,7 @@
75997
76973
  "CVE-2024-24591",
75998
76974
  "CVE-2024-27132",
75999
76975
  "CVE-2024-2912",
76976
+ "CVE-2024-31462",
76000
76977
  "CVE-2024-37032",
76001
76978
  "CVE-2024-37052",
76002
76979
  "CVE-2024-37060",
@@ -76035,9 +77012,11 @@
76035
77012
  "CVE-2025-64496",
76036
77013
  "CVE-2025-64513",
76037
77014
  "CVE-2025-67818",
77015
+ "CVE-2025-68668",
76038
77016
  "CVE-2025-6965",
76039
77017
  "CVE-2025-8747",
76040
77018
  "CVE-2026-0766",
77019
+ "CVE-2026-21858",
76041
77020
  "CVE-2026-22218",
76042
77021
  "CVE-2026-22252",
76043
77022
  "CVE-2026-22688",
@@ -76216,6 +77195,7 @@
76216
77195
  "CVE-2024-24591",
76217
77196
  "CVE-2024-27132",
76218
77197
  "CVE-2024-2912",
77198
+ "CVE-2024-31462",
76219
77199
  "CVE-2024-37032",
76220
77200
  "CVE-2024-37052",
76221
77201
  "CVE-2024-37060",
@@ -76254,9 +77234,11 @@
76254
77234
  "CVE-2025-64496",
76255
77235
  "CVE-2025-64513",
76256
77236
  "CVE-2025-67818",
77237
+ "CVE-2025-68668",
76257
77238
  "CVE-2025-6965",
76258
77239
  "CVE-2025-8747",
76259
77240
  "CVE-2026-0766",
77241
+ "CVE-2026-21858",
76260
77242
  "CVE-2026-22218",
76261
77243
  "CVE-2026-22252",
76262
77244
  "CVE-2026-22688",
@@ -76449,6 +77431,7 @@
76449
77431
  "CVE-2024-24591",
76450
77432
  "CVE-2024-27132",
76451
77433
  "CVE-2024-2912",
77434
+ "CVE-2024-31462",
76452
77435
  "CVE-2024-37032",
76453
77436
  "CVE-2024-37052",
76454
77437
  "CVE-2024-37060",
@@ -76487,9 +77470,11 @@
76487
77470
  "CVE-2025-64496",
76488
77471
  "CVE-2025-64513",
76489
77472
  "CVE-2025-67818",
77473
+ "CVE-2025-68668",
76490
77474
  "CVE-2025-6965",
76491
77475
  "CVE-2025-8747",
76492
77476
  "CVE-2026-0766",
77477
+ "CVE-2026-21858",
76493
77478
  "CVE-2026-22218",
76494
77479
  "CVE-2026-22252",
76495
77480
  "CVE-2026-22688",
@@ -76793,6 +77778,7 @@
76793
77778
  "CVE-2024-27132",
76794
77779
  "CVE-2024-2912",
76795
77780
  "CVE-2024-3094",
77781
+ "CVE-2024-31462",
76796
77782
  "CVE-2024-3154",
76797
77783
  "CVE-2024-37032",
76798
77784
  "CVE-2024-37052",
@@ -76834,10 +77820,12 @@
76834
77820
  "CVE-2025-64496",
76835
77821
  "CVE-2025-64513",
76836
77822
  "CVE-2025-67818",
77823
+ "CVE-2025-68668",
76837
77824
  "CVE-2025-69286",
76838
77825
  "CVE-2025-6965",
76839
77826
  "CVE-2025-8747",
76840
77827
  "CVE-2026-0766",
77828
+ "CVE-2026-21858",
76841
77829
  "CVE-2026-22218",
76842
77830
  "CVE-2026-22219",
76843
77831
  "CVE-2026-22252",
@@ -77583,6 +78571,7 @@
77583
78571
  "CVE-2024-24591",
77584
78572
  "CVE-2024-2912",
77585
78573
  "CVE-2024-3094",
78574
+ "CVE-2024-31462",
77586
78575
  "CVE-2024-3154",
77587
78576
  "CVE-2024-37052",
77588
78577
  "CVE-2024-37060",
@@ -77608,7 +78597,9 @@
77608
78597
  "CVE-2025-53767",
77609
78598
  "CVE-2025-53773",
77610
78599
  "CVE-2025-56520",
78600
+ "CVE-2025-68668",
77611
78601
  "CVE-2025-6965",
78602
+ "CVE-2026-21858",
77612
78603
  "CVE-2026-22218",
77613
78604
  "CVE-2026-22219",
77614
78605
  "CVE-2026-30615",
@@ -77988,6 +78979,7 @@
77988
78979
  "CVE-2024-27132",
77989
78980
  "CVE-2024-2912",
77990
78981
  "CVE-2024-3094",
78982
+ "CVE-2024-31462",
77991
78983
  "CVE-2024-3154",
77992
78984
  "CVE-2024-37032",
77993
78985
  "CVE-2024-37052",
@@ -78029,9 +79021,11 @@
78029
79021
  "CVE-2025-64496",
78030
79022
  "CVE-2025-64513",
78031
79023
  "CVE-2025-67818",
79024
+ "CVE-2025-68668",
78032
79025
  "CVE-2025-6965",
78033
79026
  "CVE-2025-8747",
78034
79027
  "CVE-2026-0766",
79028
+ "CVE-2026-21858",
78035
79029
  "CVE-2026-22218",
78036
79030
  "CVE-2026-22252",
78037
79031
  "CVE-2026-22688",
@@ -78646,6 +79640,7 @@
78646
79640
  "CVE-2024-27132",
78647
79641
  "CVE-2024-2912",
78648
79642
  "CVE-2024-3094",
79643
+ "CVE-2024-31462",
78649
79644
  "CVE-2024-3154",
78650
79645
  "CVE-2024-37032",
78651
79646
  "CVE-2024-37052",
@@ -78687,9 +79682,11 @@
78687
79682
  "CVE-2025-64496",
78688
79683
  "CVE-2025-64513",
78689
79684
  "CVE-2025-67818",
79685
+ "CVE-2025-68668",
78690
79686
  "CVE-2025-6965",
78691
79687
  "CVE-2025-8747",
78692
79688
  "CVE-2026-0766",
79689
+ "CVE-2026-21858",
78693
79690
  "CVE-2026-22218",
78694
79691
  "CVE-2026-22252",
78695
79692
  "CVE-2026-22688",
@@ -79660,6 +80657,7 @@
79660
80657
  "CVE-2024-27132",
79661
80658
  "CVE-2024-2912",
79662
80659
  "CVE-2024-3094",
80660
+ "CVE-2024-31462",
79663
80661
  "CVE-2024-3154",
79664
80662
  "CVE-2024-37032",
79665
80663
  "CVE-2024-37052",
@@ -79701,9 +80699,11 @@
79701
80699
  "CVE-2025-64496",
79702
80700
  "CVE-2025-64513",
79703
80701
  "CVE-2025-67818",
80702
+ "CVE-2025-68668",
79704
80703
  "CVE-2025-6965",
79705
80704
  "CVE-2025-8747",
79706
80705
  "CVE-2026-0766",
80706
+ "CVE-2026-21858",
79707
80707
  "CVE-2026-22218",
79708
80708
  "CVE-2026-22252",
79709
80709
  "CVE-2026-22688",
@@ -80917,6 +81917,7 @@
80917
81917
  "CVE-2024-27132",
80918
81918
  "CVE-2024-2912",
80919
81919
  "CVE-2024-3094",
81920
+ "CVE-2024-31462",
80920
81921
  "CVE-2024-3154",
80921
81922
  "CVE-2024-37032",
80922
81923
  "CVE-2024-37052",
@@ -80958,9 +81959,11 @@
80958
81959
  "CVE-2025-64496",
80959
81960
  "CVE-2025-64513",
80960
81961
  "CVE-2025-67818",
81962
+ "CVE-2025-68668",
80961
81963
  "CVE-2025-6965",
80962
81964
  "CVE-2025-8747",
80963
81965
  "CVE-2026-0766",
81966
+ "CVE-2026-21858",
80964
81967
  "CVE-2026-22218",
80965
81968
  "CVE-2026-22252",
80966
81969
  "CVE-2026-22688",
@@ -81398,6 +82401,7 @@
81398
82401
  "CVE-2024-24591",
81399
82402
  "CVE-2024-2912",
81400
82403
  "CVE-2024-3094",
82404
+ "CVE-2024-31462",
81401
82405
  "CVE-2024-37052",
81402
82406
  "CVE-2024-37060",
81403
82407
  "CVE-2024-5565",
@@ -81409,7 +82413,9 @@
81409
82413
  "CVE-2025-3248",
81410
82414
  "CVE-2025-3466",
81411
82415
  "CVE-2025-51480",
82416
+ "CVE-2025-68668",
81412
82417
  "CVE-2025-6965",
82418
+ "CVE-2026-21858",
81413
82419
  "CVE-2026-22218",
81414
82420
  "CVE-2026-30615",
81415
82421
  "CVE-2026-30623",
@@ -82359,6 +83365,7 @@
82359
83365
  "CVE-2024-27132",
82360
83366
  "CVE-2024-2912",
82361
83367
  "CVE-2024-3094",
83368
+ "CVE-2024-31462",
82362
83369
  "CVE-2024-3154",
82363
83370
  "CVE-2024-37032",
82364
83371
  "CVE-2024-37052",
@@ -82400,9 +83407,11 @@
82400
83407
  "CVE-2025-64496",
82401
83408
  "CVE-2025-64513",
82402
83409
  "CVE-2025-67818",
83410
+ "CVE-2025-68668",
82403
83411
  "CVE-2025-6965",
82404
83412
  "CVE-2025-8747",
82405
83413
  "CVE-2026-0766",
83414
+ "CVE-2026-21858",
82406
83415
  "CVE-2026-22218",
82407
83416
  "CVE-2026-22252",
82408
83417
  "CVE-2026-22688",
@@ -82744,6 +83753,7 @@
82744
83753
  "CVE-2024-27443",
82745
83754
  "CVE-2024-2912",
82746
83755
  "CVE-2024-3094",
83756
+ "CVE-2024-31462",
82747
83757
  "CVE-2024-3154",
82748
83758
  "CVE-2024-37032",
82749
83759
  "CVE-2024-37052",
@@ -82922,6 +83932,7 @@
82922
83932
  "CVE-2025-68461",
82923
83933
  "CVE-2025-68613",
82924
83934
  "CVE-2025-68645",
83935
+ "CVE-2025-68668",
82925
83936
  "CVE-2025-6965",
82926
83937
  "CVE-2025-7775",
82927
83938
  "CVE-2025-8088",
@@ -82955,6 +83966,7 @@
82955
83966
  "CVE-2026-21525",
82956
83967
  "CVE-2026-21533",
82957
83968
  "CVE-2026-21643",
83969
+ "CVE-2026-21858",
82958
83970
  "CVE-2026-22218",
82959
83971
  "CVE-2026-22252",
82960
83972
  "CVE-2026-22688",
@@ -83701,6 +84713,7 @@
83701
84713
  "CVE-2024-24591",
83702
84714
  "CVE-2024-2912",
83703
84715
  "CVE-2024-3094",
84716
+ "CVE-2024-31462",
83704
84717
  "CVE-2024-3154",
83705
84718
  "CVE-2024-37052",
83706
84719
  "CVE-2024-37060",
@@ -83715,7 +84728,9 @@
83715
84728
  "CVE-2025-49844",
83716
84729
  "CVE-2025-51480",
83717
84730
  "CVE-2025-53773",
84731
+ "CVE-2025-68668",
83718
84732
  "CVE-2025-6965",
84733
+ "CVE-2026-21858",
83719
84734
  "CVE-2026-22218",
83720
84735
  "CVE-2026-30615",
83721
84736
  "CVE-2026-30623",
@@ -84005,6 +85020,7 @@
84005
85020
  "CVE-2024-24591",
84006
85021
  "CVE-2024-2912",
84007
85022
  "CVE-2024-3094",
85023
+ "CVE-2024-31462",
84008
85024
  "CVE-2024-37052",
84009
85025
  "CVE-2024-37060",
84010
85026
  "CVE-2024-5565",
@@ -84017,7 +85033,9 @@
84017
85033
  "CVE-2025-3466",
84018
85034
  "CVE-2025-51480",
84019
85035
  "CVE-2025-53773",
85036
+ "CVE-2025-68668",
84020
85037
  "CVE-2025-6965",
85038
+ "CVE-2026-21858",
84021
85039
  "CVE-2026-22218",
84022
85040
  "CVE-2026-30615",
84023
85041
  "CVE-2026-30623",
@@ -84354,6 +85372,7 @@
84354
85372
  "CVE-2024-27132",
84355
85373
  "CVE-2024-2912",
84356
85374
  "CVE-2024-3094",
85375
+ "CVE-2024-31462",
84357
85376
  "CVE-2024-3154",
84358
85377
  "CVE-2024-37032",
84359
85378
  "CVE-2024-37052",
@@ -84395,9 +85414,11 @@
84395
85414
  "CVE-2025-64496",
84396
85415
  "CVE-2025-64513",
84397
85416
  "CVE-2025-67818",
85417
+ "CVE-2025-68668",
84398
85418
  "CVE-2025-6965",
84399
85419
  "CVE-2025-8747",
84400
85420
  "CVE-2026-0766",
85421
+ "CVE-2026-21858",
84401
85422
  "CVE-2026-22218",
84402
85423
  "CVE-2026-22252",
84403
85424
  "CVE-2026-22688",
@@ -84723,6 +85744,7 @@
84723
85744
  "CVE-2024-24591",
84724
85745
  "CVE-2024-27132",
84725
85746
  "CVE-2024-2912",
85747
+ "CVE-2024-31462",
84726
85748
  "CVE-2024-37032",
84727
85749
  "CVE-2024-37052",
84728
85750
  "CVE-2024-37060",
@@ -84762,10 +85784,12 @@
84762
85784
  "CVE-2025-64496",
84763
85785
  "CVE-2025-64513",
84764
85786
  "CVE-2025-67818",
85787
+ "CVE-2025-68668",
84765
85788
  "CVE-2025-69286",
84766
85789
  "CVE-2025-6965",
84767
85790
  "CVE-2025-8747",
84768
85791
  "CVE-2026-0766",
85792
+ "CVE-2026-21858",
84769
85793
  "CVE-2026-22218",
84770
85794
  "CVE-2026-22219",
84771
85795
  "CVE-2026-22252",
@@ -84957,6 +85981,7 @@
84957
85981
  "CVE-2024-24591",
84958
85982
  "CVE-2024-2912",
84959
85983
  "CVE-2024-3094",
85984
+ "CVE-2024-31462",
84960
85985
  "CVE-2024-3154",
84961
85986
  "CVE-2024-37052",
84962
85987
  "CVE-2024-37060",
@@ -84971,7 +85996,9 @@
84971
85996
  "CVE-2025-49844",
84972
85997
  "CVE-2025-51480",
84973
85998
  "CVE-2025-53773",
85999
+ "CVE-2025-68668",
84974
86000
  "CVE-2025-6965",
86001
+ "CVE-2026-21858",
84975
86002
  "CVE-2026-22218",
84976
86003
  "CVE-2026-30615",
84977
86004
  "CVE-2026-30623",
@@ -85706,6 +86733,7 @@
85706
86733
  "CVE-2024-27132",
85707
86734
  "CVE-2024-2912",
85708
86735
  "CVE-2024-3094",
86736
+ "CVE-2024-31462",
85709
86737
  "CVE-2024-3154",
85710
86738
  "CVE-2024-37032",
85711
86739
  "CVE-2024-37052",
@@ -85747,9 +86775,11 @@
85747
86775
  "CVE-2025-64496",
85748
86776
  "CVE-2025-64513",
85749
86777
  "CVE-2025-67818",
86778
+ "CVE-2025-68668",
85750
86779
  "CVE-2025-6965",
85751
86780
  "CVE-2025-8747",
85752
86781
  "CVE-2026-0766",
86782
+ "CVE-2026-21858",
85753
86783
  "CVE-2026-22218",
85754
86784
  "CVE-2026-22252",
85755
86785
  "CVE-2026-22688",
@@ -86062,6 +87092,7 @@
86062
87092
  "CVE-2024-27132",
86063
87093
  "CVE-2024-2912",
86064
87094
  "CVE-2024-3094",
87095
+ "CVE-2024-31462",
86065
87096
  "CVE-2024-37032",
86066
87097
  "CVE-2024-37052",
86067
87098
  "CVE-2024-37060",
@@ -86105,10 +87136,12 @@
86105
87136
  "CVE-2025-64496",
86106
87137
  "CVE-2025-64513",
86107
87138
  "CVE-2025-67818",
87139
+ "CVE-2025-68668",
86108
87140
  "CVE-2025-69286",
86109
87141
  "CVE-2025-6965",
86110
87142
  "CVE-2025-8747",
86111
87143
  "CVE-2026-0766",
87144
+ "CVE-2026-21858",
86112
87145
  "CVE-2026-22218",
86113
87146
  "CVE-2026-22219",
86114
87147
  "CVE-2026-22252",