@blamejs/exceptd-skills 0.13.123 → 0.13.124

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +329 -0
  6. package/data/atlas-ttps.json +2 -1
  7. package/data/attack-techniques.json +2 -1
  8. package/data/cve-catalog.json +101 -0
  9. package/data/cwe-catalog.json +2 -1
  10. package/data/framework-control-gaps.json +16 -8
  11. package/data/zeroday-lessons.json +50 -0
  12. package/manifest.json +44 -44
  13. package/package.json +1 -1
  14. package/sbom.cdx.json +24 -24
package/CHANGELOG.md CHANGED
@@ -1,5 +1,9 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.13.124 — 2026-05-26
4
+
5
+ CVE catalog — stable-diffusion-webui (AUTOMATIC1111). Adds **CVE-2024-31462** in the most widely deployed Stable Diffusion web UI. The Backup/Restore tab (`save_config_state` in `modules/ui_extensions.py`) builds a file path from an unvalidated user-supplied config-state name and opens it for writing, yielding a limited file write (JSON files to arbitrary locations) on Windows (CWE-22; GitHub CNA CVSS v3.1 6.3; GHSL-2024-010). The advisory tested 1.7.0, but the CVE/OSV record marks releases through 1.8.0 as affected — fixed by commit `d9708c92`, so upgrading 1.7.0 → 1.8.0 is **not** sufficient. Reuses the AI-runtime-API path-traversal validation control (NEW-CTRL-094). CVE count 416 → 417.
6
+
3
7
  ## 0.13.123 — 2026-05-26
4
8
 
5
9
  CVE catalog — n8n AI-workflow / automation platform. Adds two flaws in n8n (joining the already-catalogued CVE-2025-68613 expression-injection RCE). **CVE-2026-21858** (GitHub CNA CVSS v3.1 10.0 CRITICAL) — versions 1.65.0 to before 1.121.0 let an unauthenticated attacker access files on the underlying server through form-based actions with no path confinement (CWE-20); fixed in 1.121.0. On locally deployed instances the public exploit chains the read into host RCE — read the DB/config, forge an admin session, then run host commands via the Execute Command node — so the entry maps command-execution and valid-accounts TTPs alongside the file read. Reuses the AI-runtime-API path-traversal validation control (NEW-CTRL-094). **CVE-2025-68668** (CVSS v3.1 9.9) — the Python Code Node's Pyodide sandbox is bypassable, so an authenticated workflow editor runs code with host privileges (CWE-693 protection-mechanism failure); fixed in 2.0.0. Reuses the AI-app-builder execution-endpoint auth-and-sandbox control (NEW-CTRL-103), shared with the Dify code-node escape and Langflow/Flowise RCEs. CVE count 414 → 416.
package/data/_indexes/_meta.json CHANGED
@@ -1,21 +1,21 @@
1
1
  {
2
2
  "schema_version": "1.1.0",
3
- "generated_at": "2026-05-27T03:31:42.438Z",
3
+ "generated_at": "2026-05-27T03:55:33.784Z",
4
4
  "generator": "scripts/build-indexes.js",
5
5
  "source_count": 54,
6
6
  "source_hashes": {
7
- "manifest.json": "df4577c459275b430967fea4452b04a9e454de7c3e1c7f439bc433a3e37205d9",
8
- "data/atlas-ttps.json": "ff259e70fe63147914f3f8c9a34a15ed228c46074885541a4d891d74c0a4bebf",
9
- "data/attack-techniques.json": "4b3055b1f50c8a40cd81695d4169f669b3908006525d9201134770fa54f103cf",
10
- "data/cve-catalog.json": "995160b2f5b40b95c2dba2553b87f1415add8706f3db45070dcbb7e1694ff4c9",
11
- "data/cwe-catalog.json": "3e67b9bdfb31df7a0a46b89b3ac4972ba7b7b5e10004a8233b4fe2267022c736",
7
+ "manifest.json": "82003c5f5458a9f3646595e97348761c10578807c0f617a35cc994fe1d5ffe85",
8
+ "data/atlas-ttps.json": "2f0c5d58308248a1dcf43ede2469d507d3249acb8f93f04512b5c9b19697a62b",
9
+ "data/attack-techniques.json": "ec4132359d50c045e4b4e2218608db33324ef41f85aeb40bf61de13cf0168af7",
10
+ "data/cve-catalog.json": "ff07d91bc04ba45045caa9e3d96fdd7789fe1ab6af8858dfc4387266bb202ef4",
11
+ "data/cwe-catalog.json": "ea554587b7486e8dba49461528ef5e0445647b14e4358929f327bcef6ad5d987",
12
12
  "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
13
13
  "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
14
14
  "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
15
- "data/framework-control-gaps.json": "26961494168c99ecae72afe854b3f1d30774a37b6a31396640ca51050ae25ea8",
15
+ "data/framework-control-gaps.json": "721956b0c705fe75363ad5bc0227d70f82baf75619fe8f535850ee189e5230f3",
16
16
  "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
17
17
  "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
18
- "data/zeroday-lessons.json": "8ed90a6d21ac18940c43b64ea2a46e0006948533e59ebdfc868048679d1c4a2e",
18
+ "data/zeroday-lessons.json": "0dc49ed26af542bf74e9662095b00e9bd6de5aa7ffe497809a245f54abb1eabf",
19
19
  "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
20
20
  "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
21
21
  "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
72
72
  "dlp_refs": 0
73
73
  },
74
74
  "trigger_table_entries": 538,
75
- "chains_cve_entries": 405,
75
+ "chains_cve_entries": 406,
76
76
  "chains_cwe_entries": 172,
77
77
  "jurisdictions_indexed": 29,
78
78
  "handoff_dag_nodes": 42,
package/data/_indexes/activity-feed.json CHANGED
@@ -149,7 +149,7 @@
149
149
  "artifact": "data/cve-catalog.json",
150
150
  "path": "data/cve-catalog.json",
151
151
  "schema_version": "1.0.0",
152
- "entry_count": 416
152
+ "entry_count": 417
153
153
  },
154
154
  {
155
155
  "date": "2026-05-18",
@@ -165,7 +165,7 @@
165
165
  "artifact": "data/zeroday-lessons.json",
166
166
  "path": "data/zeroday-lessons.json",
167
167
  "schema_version": "1.1.0",
168
- "entry_count": 411
168
+ "entry_count": 412
169
169
  },
170
170
  {
171
171
  "date": "2026-05-17",
package/data/_indexes/catalog-summaries.json CHANGED
@@ -62,7 +62,7 @@
62
62
  "rebuild_after_days": 365,
63
63
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
64
64
  },
65
- "entry_count": 416,
65
+ "entry_count": 417,
66
66
  "sample_keys": [
67
67
  "CVE-2025-53773",
68
68
  "CVE-2026-30615",
@@ -238,7 +238,7 @@
238
238
  "rebuild_after_days": 365,
239
239
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
240
240
  },
241
- "entry_count": 411,
241
+ "entry_count": 412,
242
242
  "sample_keys": [
243
243
  "CVE-2026-31431",
244
244
  "CVE-2025-53773",
package/data/_indexes/chains.json CHANGED
@@ -75920,6 +75920,314 @@
75920
75920
  ]
75921
75921
  }
75922
75922
  },
75923
+ "CVE-2024-31462": {
75924
+ "name": "stable-diffusion-webui Backup/Restore Limited File Write (Path Traversal)",
75925
+ "rwep": 17,
75926
+ "cvss": 6.3,
75927
+ "cisa_kev": false,
75928
+ "epss_score": 0.00245,
75929
+ "referencing_skills": [
75930
+ "ai-attack-surface",
75931
+ "compliance-theater",
75932
+ "rag-pipeline-security",
75933
+ "threat-modeling-methodology",
75934
+ "webapp-security",
75935
+ "api-security",
75936
+ "container-runtime-security"
75937
+ ],
75938
+ "chain": {
75939
+ "cwes": [
75940
+ {
75941
+ "id": "CWE-1039",
75942
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
75943
+ "category": "AI/ML"
75944
+ },
75945
+ {
75946
+ "id": "CWE-1188",
75947
+ "name": "Initialization of a Resource with an Insecure Default",
75948
+ "category": "Configuration"
75949
+ },
75950
+ {
75951
+ "id": "CWE-1395",
75952
+ "name": "Dependency on Vulnerable Third-Party Component",
75953
+ "category": "Supply Chain"
75954
+ },
75955
+ {
75956
+ "id": "CWE-1426",
75957
+ "name": "Improper Validation of Generative AI Output",
75958
+ "category": "AI/ML"
75959
+ },
75960
+ {
75961
+ "id": "CWE-200",
75962
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
75963
+ "category": "Information Exposure"
75964
+ },
75965
+ {
75966
+ "id": "CWE-22",
75967
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
75968
+ "category": "Path/Resource"
75969
+ },
75970
+ {
75971
+ "id": "CWE-269",
75972
+ "name": "Improper Privilege Management",
75973
+ "category": "Authorization"
75974
+ },
75975
+ {
75976
+ "id": "CWE-287",
75977
+ "name": "Improper Authentication",
75978
+ "category": "Authentication"
75979
+ },
75980
+ {
75981
+ "id": "CWE-352",
75982
+ "name": "Cross-Site Request Forgery (CSRF)",
75983
+ "category": "Session"
75984
+ },
75985
+ {
75986
+ "id": "CWE-434",
75987
+ "name": "Unrestricted Upload of File with Dangerous Type",
75988
+ "category": "File Handling"
75989
+ },
75990
+ {
75991
+ "id": "CWE-502",
75992
+ "name": "Deserialization of Untrusted Data",
75993
+ "category": "Serialization"
75994
+ },
75995
+ {
75996
+ "id": "CWE-732",
75997
+ "name": "Incorrect Permission Assignment for Critical Resource",
75998
+ "category": "Authorization"
75999
+ },
76000
+ {
76001
+ "id": "CWE-77",
76002
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
76003
+ "category": "Injection"
76004
+ },
76005
+ {
76006
+ "id": "CWE-78",
76007
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
76008
+ "category": "Injection"
76009
+ },
76010
+ {
76011
+ "id": "CWE-787",
76012
+ "name": "Out-of-bounds Write",
76013
+ "category": "Memory Safety"
76014
+ },
76015
+ {
76016
+ "id": "CWE-79",
76017
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
76018
+ "category": "Injection"
76019
+ },
76020
+ {
76021
+ "id": "CWE-862",
76022
+ "name": "Missing Authorization",
76023
+ "category": "Authorization"
76024
+ },
76025
+ {
76026
+ "id": "CWE-863",
76027
+ "name": "Incorrect Authorization",
76028
+ "category": "Authorization"
76029
+ },
76030
+ {
76031
+ "id": "CWE-89",
76032
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
76033
+ "category": "Injection"
76034
+ },
76035
+ {
76036
+ "id": "CWE-918",
76037
+ "name": "Server-Side Request Forgery (SSRF)",
76038
+ "category": "Network"
76039
+ },
76040
+ {
76041
+ "id": "CWE-94",
76042
+ "name": "Improper Control of Generation of Code (Code Injection)",
76043
+ "category": "Injection"
76044
+ }
76045
+ ],
76046
+ "atlas": [
76047
+ {
76048
+ "id": "AML.T0010",
76049
+ "name": "ML Supply Chain Compromise",
76050
+ "tactic": "Initial Access"
76051
+ },
76052
+ {
76053
+ "id": "AML.T0016",
76054
+ "name": "Obtain Capabilities: Develop Capabilities",
76055
+ "tactic": "Resource Development"
76056
+ },
76057
+ {
76058
+ "id": "AML.T0017",
76059
+ "name": "Discover ML Model Ontology",
76060
+ "tactic": "Discovery"
76061
+ },
76062
+ {
76063
+ "id": "AML.T0018",
76064
+ "name": "Backdoor ML Model",
76065
+ "tactic": "Persistence"
76066
+ },
76067
+ {
76068
+ "id": "AML.T0020",
76069
+ "name": "Poison Training Data",
76070
+ "tactic": "ML Attack Staging"
76071
+ },
76072
+ {
76073
+ "id": "AML.T0043",
76074
+ "name": "Craft Adversarial Data",
76075
+ "tactic": "ML Attack Staging"
76076
+ },
76077
+ {
76078
+ "id": "AML.T0051",
76079
+ "name": "LLM Prompt Injection",
76080
+ "tactic": "Execution"
76081
+ },
76082
+ {
76083
+ "id": "AML.T0054",
76084
+ "name": "LLM Jailbreak",
76085
+ "tactic": "Defense Evasion"
76086
+ },
76087
+ {
76088
+ "id": "AML.T0096",
76089
+ "name": "AI API as Covert C2 Channel",
76090
+ "tactic": "Command and Control"
76091
+ }
76092
+ ],
76093
+ "d3fend": [
76094
+ {
76095
+ "id": "D3-CSPP",
76096
+ "name": "Client-server Payload Profiling",
76097
+ "tactic": "Detect"
76098
+ },
76099
+ {
76100
+ "id": "D3-IOPR",
76101
+ "name": "Input/Output Profiling Resource",
76102
+ "tactic": "Detect"
76103
+ },
76104
+ {
76105
+ "id": "D3-NTA",
76106
+ "name": "Network Traffic Analysis",
76107
+ "tactic": "Detect"
76108
+ }
76109
+ ],
76110
+ "framework_gaps": [
76111
+ {
76112
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
76113
+ "framework": "ALL",
76114
+ "control_name": "AI Pipeline Integrity"
76115
+ },
76116
+ {
76117
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
76118
+ "framework": "ALL",
76119
+ "control_name": "Prompt Injection as Access Control Failure"
76120
+ },
76121
+ {
76122
+ "id": "CMMC-2.0-Level-2",
76123
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
76124
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
76125
+ },
76126
+ {
76127
+ "id": "FedRAMP-Rev5-Moderate",
76128
+ "framework": "FedRAMP Rev 5 Moderate",
76129
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
76130
+ },
76131
+ {
76132
+ "id": "ISO-27001-2022-A.8.28",
76133
+ "framework": "ISO/IEC 27001:2022",
76134
+ "control_name": "Secure coding"
76135
+ },
76136
+ {
76137
+ "id": "ISO-IEC-23894-2023-clause-7",
76138
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
76139
+ "control_name": "AI risk management process"
76140
+ },
76141
+ {
76142
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
76143
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
76144
+ "control_name": "AI risk assessment"
76145
+ },
76146
+ {
76147
+ "id": "NIST-800-218-SSDF",
76148
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
76149
+ "control_name": "Secure Software Development Framework"
76150
+ },
76151
+ {
76152
+ "id": "NIST-800-53-AC-2",
76153
+ "framework": "NIST SP 800-53 Rev 5",
76154
+ "control_name": "Account Management"
76155
+ },
76156
+ {
76157
+ "id": "NIST-800-53-CM-7",
76158
+ "framework": "NIST SP 800-53 Rev 5",
76159
+ "control_name": "Least Functionality"
76160
+ },
76161
+ {
76162
+ "id": "NIST-800-53-SI-12",
76163
+ "framework": "NIST SP 800-53 Rev 5",
76164
+ "control_name": "Information Management and Retention"
76165
+ },
76166
+ {
76167
+ "id": "NIST-800-53-SI-3",
76168
+ "framework": "NIST SP 800-53 Rev 5",
76169
+ "control_name": "Malicious Code Protection"
76170
+ },
76171
+ {
76172
+ "id": "NIST-AI-RMF-MEASURE-2.5",
76173
+ "framework": "NIST AI RMF 1.0",
76174
+ "control_name": "AI system to human interaction evaluation"
76175
+ },
76176
+ {
76177
+ "id": "OWASP-ASVS-v5.0-V14",
76178
+ "framework": "OWASP ASVS v5.0",
76179
+ "control_name": "Configuration verification"
76180
+ },
76181
+ {
76182
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
76183
+ "framework": "OWASP Top 10 for LLM Applications 2025",
76184
+ "control_name": "Prompt Injection"
76185
+ },
76186
+ {
76187
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
76188
+ "framework": "OWASP Top 10 for LLM Applications 2025",
76189
+ "control_name": "Sensitive Information Disclosure"
76190
+ },
76191
+ {
76192
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
76193
+ "framework": "OWASP Top 10 for LLM Applications 2025",
76194
+ "control_name": "Vector and Embedding Weaknesses"
76195
+ },
76196
+ {
76197
+ "id": "SLSA-v1.0-Build-L3",
76198
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
76199
+ "control_name": "Hardened build platform with non-falsifiable provenance"
76200
+ },
76201
+ {
76202
+ "id": "SOC2-CC6-logical-access",
76203
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
76204
+ "control_name": "Logical and Physical Access Controls"
76205
+ }
76206
+ ],
76207
+ "attack_refs": [
76208
+ "T1059",
76209
+ "T1068",
76210
+ "T1078",
76211
+ "T1190",
76212
+ "T1505",
76213
+ "T1565",
76214
+ "T1566",
76215
+ "T1567",
76216
+ "T1610",
76217
+ "T1611"
76218
+ ],
76219
+ "rfc_refs": [
76220
+ "RFC-6749",
76221
+ "RFC-7519",
76222
+ "RFC-8032",
76223
+ "RFC-8446",
76224
+ "RFC-8725",
76225
+ "RFC-9114",
76226
+ "RFC-9421",
76227
+ "RFC-9700"
76228
+ ]
76229
+ }
76230
+ },
75923
76231
  "CWE-20": {
75924
76232
  "name": "Improper Input Validation",
75925
76233
  "category": "Validation",
@@ -76212,6 +76520,7 @@
76212
76520
  "CVE-2024-27132",
76213
76521
  "CVE-2024-2912",
76214
76522
  "CVE-2024-3094",
76523
+ "CVE-2024-31462",
76215
76524
  "CVE-2024-3154",
76216
76525
  "CVE-2024-37032",
76217
76526
  "CVE-2024-37052",
@@ -76479,6 +76788,7 @@
76479
76788
  "CVE-2024-24591",
76480
76789
  "CVE-2024-2912",
76481
76790
  "CVE-2024-3094",
76791
+ "CVE-2024-31462",
76482
76792
  "CVE-2024-3154",
76483
76793
  "CVE-2024-37052",
76484
76794
  "CVE-2024-37060",
@@ -76663,6 +76973,7 @@
76663
76973
  "CVE-2024-24591",
76664
76974
  "CVE-2024-27132",
76665
76975
  "CVE-2024-2912",
76976
+ "CVE-2024-31462",
76666
76977
  "CVE-2024-37032",
76667
76978
  "CVE-2024-37052",
76668
76979
  "CVE-2024-37060",
@@ -76884,6 +77195,7 @@
76884
77195
  "CVE-2024-24591",
76885
77196
  "CVE-2024-27132",
76886
77197
  "CVE-2024-2912",
77198
+ "CVE-2024-31462",
76887
77199
  "CVE-2024-37032",
76888
77200
  "CVE-2024-37052",
76889
77201
  "CVE-2024-37060",
@@ -77119,6 +77431,7 @@
77119
77431
  "CVE-2024-24591",
77120
77432
  "CVE-2024-27132",
77121
77433
  "CVE-2024-2912",
77434
+ "CVE-2024-31462",
77122
77435
  "CVE-2024-37032",
77123
77436
  "CVE-2024-37052",
77124
77437
  "CVE-2024-37060",
@@ -77465,6 +77778,7 @@
77465
77778
  "CVE-2024-27132",
77466
77779
  "CVE-2024-2912",
77467
77780
  "CVE-2024-3094",
77781
+ "CVE-2024-31462",
77468
77782
  "CVE-2024-3154",
77469
77783
  "CVE-2024-37032",
77470
77784
  "CVE-2024-37052",
@@ -78257,6 +78571,7 @@
78257
78571
  "CVE-2024-24591",
78258
78572
  "CVE-2024-2912",
78259
78573
  "CVE-2024-3094",
78574
+ "CVE-2024-31462",
78260
78575
  "CVE-2024-3154",
78261
78576
  "CVE-2024-37052",
78262
78577
  "CVE-2024-37060",
@@ -78664,6 +78979,7 @@
78664
78979
  "CVE-2024-27132",
78665
78980
  "CVE-2024-2912",
78666
78981
  "CVE-2024-3094",
78982
+ "CVE-2024-31462",
78667
78983
  "CVE-2024-3154",
78668
78984
  "CVE-2024-37032",
78669
78985
  "CVE-2024-37052",
@@ -79324,6 +79640,7 @@
79324
79640
  "CVE-2024-27132",
79325
79641
  "CVE-2024-2912",
79326
79642
  "CVE-2024-3094",
79643
+ "CVE-2024-31462",
79327
79644
  "CVE-2024-3154",
79328
79645
  "CVE-2024-37032",
79329
79646
  "CVE-2024-37052",
@@ -80340,6 +80657,7 @@
80340
80657
  "CVE-2024-27132",
80341
80658
  "CVE-2024-2912",
80342
80659
  "CVE-2024-3094",
80660
+ "CVE-2024-31462",
80343
80661
  "CVE-2024-3154",
80344
80662
  "CVE-2024-37032",
80345
80663
  "CVE-2024-37052",
@@ -81599,6 +81917,7 @@
81599
81917
  "CVE-2024-27132",
81600
81918
  "CVE-2024-2912",
81601
81919
  "CVE-2024-3094",
81920
+ "CVE-2024-31462",
81602
81921
  "CVE-2024-3154",
81603
81922
  "CVE-2024-37032",
81604
81923
  "CVE-2024-37052",
@@ -82082,6 +82401,7 @@
82082
82401
  "CVE-2024-24591",
82083
82402
  "CVE-2024-2912",
82084
82403
  "CVE-2024-3094",
82404
+ "CVE-2024-31462",
82085
82405
  "CVE-2024-37052",
82086
82406
  "CVE-2024-37060",
82087
82407
  "CVE-2024-5565",
@@ -83045,6 +83365,7 @@
83045
83365
  "CVE-2024-27132",
83046
83366
  "CVE-2024-2912",
83047
83367
  "CVE-2024-3094",
83368
+ "CVE-2024-31462",
83048
83369
  "CVE-2024-3154",
83049
83370
  "CVE-2024-37032",
83050
83371
  "CVE-2024-37052",
@@ -83432,6 +83753,7 @@
83432
83753
  "CVE-2024-27443",
83433
83754
  "CVE-2024-2912",
83434
83755
  "CVE-2024-3094",
83756
+ "CVE-2024-31462",
83435
83757
  "CVE-2024-3154",
83436
83758
  "CVE-2024-37032",
83437
83759
  "CVE-2024-37052",
@@ -84391,6 +84713,7 @@
84391
84713
  "CVE-2024-24591",
84392
84714
  "CVE-2024-2912",
84393
84715
  "CVE-2024-3094",
84716
+ "CVE-2024-31462",
84394
84717
  "CVE-2024-3154",
84395
84718
  "CVE-2024-37052",
84396
84719
  "CVE-2024-37060",
@@ -84697,6 +85020,7 @@
84697
85020
  "CVE-2024-24591",
84698
85021
  "CVE-2024-2912",
84699
85022
  "CVE-2024-3094",
85023
+ "CVE-2024-31462",
84700
85024
  "CVE-2024-37052",
84701
85025
  "CVE-2024-37060",
84702
85026
  "CVE-2024-5565",
@@ -85048,6 +85372,7 @@
85048
85372
  "CVE-2024-27132",
85049
85373
  "CVE-2024-2912",
85050
85374
  "CVE-2024-3094",
85375
+ "CVE-2024-31462",
85051
85376
  "CVE-2024-3154",
85052
85377
  "CVE-2024-37032",
85053
85378
  "CVE-2024-37052",
@@ -85419,6 +85744,7 @@
85419
85744
  "CVE-2024-24591",
85420
85745
  "CVE-2024-27132",
85421
85746
  "CVE-2024-2912",
85747
+ "CVE-2024-31462",
85422
85748
  "CVE-2024-37032",
85423
85749
  "CVE-2024-37052",
85424
85750
  "CVE-2024-37060",
@@ -85655,6 +85981,7 @@
85655
85981
  "CVE-2024-24591",
85656
85982
  "CVE-2024-2912",
85657
85983
  "CVE-2024-3094",
85984
+ "CVE-2024-31462",
85658
85985
  "CVE-2024-3154",
85659
85986
  "CVE-2024-37052",
85660
85987
  "CVE-2024-37060",
@@ -86406,6 +86733,7 @@
86406
86733
  "CVE-2024-27132",
86407
86734
  "CVE-2024-2912",
86408
86735
  "CVE-2024-3094",
86736
+ "CVE-2024-31462",
86409
86737
  "CVE-2024-3154",
86410
86738
  "CVE-2024-37032",
86411
86739
  "CVE-2024-37052",
@@ -86764,6 +87092,7 @@
86764
87092
  "CVE-2024-27132",
86765
87093
  "CVE-2024-2912",
86766
87094
  "CVE-2024-3094",
87095
+ "CVE-2024-31462",
86767
87096
  "CVE-2024-37032",
86768
87097
  "CVE-2024-37052",
86769
87098
  "CVE-2024-37060",
package/data/atlas-ttps.json CHANGED
@@ -1792,7 +1792,8 @@
1792
1792
  "CVE-2026-41950",
1793
1793
  "CVE-2026-45829",
1794
1794
  "CVE-2026-21858",
1795
- "CVE-2025-68668"
1795
+ "CVE-2025-68668",
1796
+ "CVE-2024-31462"
1796
1797
  ]
1797
1798
  },
1798
1799
  "AML.T0050": {
package/data/attack-techniques.json CHANGED
@@ -1112,7 +1112,8 @@
1112
1112
  "CVE-2026-22219",
1113
1113
  "CVE-2026-5760",
1114
1114
  "CVE-2026-21858",
1115
- "CVE-2025-68668"
1115
+ "CVE-2025-68668",
1116
+ "CVE-2024-31462"
1116
1117
  ],
1117
1118
  "description_full": "Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network. The weakness in the system can be a software bug, a temporary glitch, or a misconfiguration. Exploited applications are often websites/web servers, but can also include databases (like SQL), standard services (like SMB or SSH), network device administration and management protocols (like SNMP and Smart Install), and any other system with Internet-accessible open sockets.(Citation: NVD CVE-2016-6662)(Citation: CIS Multiple SMB Vulnerabilities)(Citation: US-CERT TA18-106A Network Infrastructure Devices 2018)(Citation: Cisco Blog Legacy Device Attacks)(Citation: NVD CVE-2014-7169) On ESXi infrastructure, adversaries may exploit exposed OpenSLP services; they may alternatively exploit exposed VMware vCenter servers.(Citation: Recorded Future ESXiArgs Ransomware 2023)(Citation: Ars Technica VMWare Code Execution Vulnerability 2021) Depending on the flaw being exploited, this may also involve [Exploitation for Stealth](https://attack.mitre.org/techniques/T1211) or [Exploitation for Client Execution](https://attack.mitre.org/techniques/T1203). If an application is hosted on cloud-based infrastructure and/or is containerized, then exploiting it may lead to compromise of the underlying instance or container. This can allow an adversary a path to access the cloud or container APIs (e.g., via the [Cloud Instance Metadata API](https://attack.mitre.org/techniques/T1552/005)), exploit container host access via [Escape to Host](https://attack.mitre.org/techniques/T1611), or take advantage of weak identity and access management policies. Adversaries may also exploit edge network infrastructure and related appliances, specifically targeting devices that do not support robust host-based defenses.(Citation: Mandiant Fortinet Zero Day)(Citation: Wired Russia Cyberwar) For websites and databases, the OWASP top 10 and CWE top 25 highlight the most common web-based vulnerabilities.(Citation: OWASP Top 10)(Citation: CWE top 25)",
1118
1119
  "platforms": [