@blamejs/exceptd-skills 0.13.15 → 0.13.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +5 -2
- package/CHANGELOG.md +42 -0
- package/README.md +3 -3
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +5 -5
- package/data/_indexes/catalog-summaries.json +5 -5
- package/data/_indexes/chains.json +36194 -5006
- package/data/_indexes/frequency.json +50 -1
- package/data/attack-techniques.json +310 -1
- package/data/cve-catalog.json +26215 -4
- package/data/cwe-catalog.json +1090 -20
- package/data/framework-control-gaps.json +866 -2
- package/data/zeroday-lessons.json +10758 -0
- package/lib/cve-regression-watcher.js +218 -0
- package/lib/refresh-external.js +11 -0
- package/lib/source-advisories.js +162 -11
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +46 -31
package/data/cwe-catalog.json
CHANGED
|
@@ -48,6 +48,11 @@
|
|
|
48
48
|
],
|
|
49
49
|
"evidence_cves": [
|
|
50
50
|
"CVE-2024-3154",
|
|
51
|
+
"CVE-2025-20393",
|
|
52
|
+
"CVE-2025-54236",
|
|
53
|
+
"CVE-2025-6558",
|
|
54
|
+
"CVE-2026-32201",
|
|
55
|
+
"CVE-2026-34197",
|
|
51
56
|
"CVE-2026-6973"
|
|
52
57
|
],
|
|
53
58
|
"framework_controls_partially_addressing": [
|
|
@@ -83,7 +88,19 @@
|
|
|
83
88
|
"webapp-security"
|
|
84
89
|
],
|
|
85
90
|
"evidence_cves": [
|
|
86
|
-
"CVE-
|
|
91
|
+
"CVE-2019-5418",
|
|
92
|
+
"CVE-2021-43798",
|
|
93
|
+
"CVE-2023-38950",
|
|
94
|
+
"CVE-2023-43472",
|
|
95
|
+
"CVE-2024-0769",
|
|
96
|
+
"CVE-2024-1708",
|
|
97
|
+
"CVE-2024-57728",
|
|
98
|
+
"CVE-2024-7399",
|
|
99
|
+
"CVE-2025-2749",
|
|
100
|
+
"CVE-2025-27920",
|
|
101
|
+
"CVE-2025-4632",
|
|
102
|
+
"CVE-2025-6218",
|
|
103
|
+
"CVE-2025-8110"
|
|
87
104
|
],
|
|
88
105
|
"framework_controls_partially_addressing": [
|
|
89
106
|
"NIST-800-53-AC-3",
|
|
@@ -117,7 +134,15 @@
|
|
|
117
134
|
"webapp-security"
|
|
118
135
|
],
|
|
119
136
|
"evidence_cves": [
|
|
137
|
+
"CVE-2016-10033",
|
|
138
|
+
"CVE-2020-25079",
|
|
139
|
+
"CVE-2023-33538",
|
|
140
|
+
"CVE-2025-10035",
|
|
141
|
+
"CVE-2025-29635",
|
|
142
|
+
"CVE-2025-4008",
|
|
120
143
|
"CVE-2025-53773",
|
|
144
|
+
"CVE-2025-59689",
|
|
145
|
+
"CVE-2026-22719",
|
|
121
146
|
"MAL-2026-3083"
|
|
122
147
|
],
|
|
123
148
|
"framework_controls_partially_addressing": [
|
|
@@ -151,9 +176,21 @@
|
|
|
151
176
|
"webapp-security"
|
|
152
177
|
],
|
|
153
178
|
"evidence_cves": [
|
|
179
|
+
"CVE-2014-6278",
|
|
180
|
+
"CVE-2023-39780",
|
|
181
|
+
"CVE-2024-12987",
|
|
182
|
+
"CVE-2025-11953",
|
|
154
183
|
"CVE-2025-12686",
|
|
184
|
+
"CVE-2025-48703",
|
|
185
|
+
"CVE-2025-54948",
|
|
186
|
+
"CVE-2025-58034",
|
|
155
187
|
"CVE-2025-59389",
|
|
156
188
|
"CVE-2025-62847",
|
|
189
|
+
"CVE-2025-64328",
|
|
190
|
+
"CVE-2025-66644",
|
|
191
|
+
"CVE-2025-9377",
|
|
192
|
+
"CVE-2026-1731",
|
|
193
|
+
"CVE-2026-25108",
|
|
157
194
|
"CVE-2026-30623",
|
|
158
195
|
"CVE-2026-39987"
|
|
159
196
|
],
|
|
@@ -189,6 +226,14 @@
|
|
|
189
226
|
"webapp-security"
|
|
190
227
|
],
|
|
191
228
|
"evidence_cves": [
|
|
229
|
+
"CVE-2021-26829",
|
|
230
|
+
"CVE-2024-11182",
|
|
231
|
+
"CVE-2024-27443",
|
|
232
|
+
"CVE-2024-42009",
|
|
233
|
+
"CVE-2025-27915",
|
|
234
|
+
"CVE-2025-48700",
|
|
235
|
+
"CVE-2025-66376",
|
|
236
|
+
"CVE-2025-68461",
|
|
192
237
|
"CVE-2026-42897"
|
|
193
238
|
],
|
|
194
239
|
"framework_controls_partially_addressing": [
|
|
@@ -218,6 +263,8 @@
|
|
|
218
263
|
],
|
|
219
264
|
"skills_referencing": [],
|
|
220
265
|
"evidence_cves": [
|
|
266
|
+
"CVE-2016-10033",
|
|
267
|
+
"CVE-2026-24061",
|
|
221
268
|
"CVE-2026-30623",
|
|
222
269
|
"CVE-2026-39884"
|
|
223
270
|
],
|
|
@@ -251,6 +298,10 @@
|
|
|
251
298
|
"webapp-security"
|
|
252
299
|
],
|
|
253
300
|
"evidence_cves": [
|
|
301
|
+
"CVE-2024-43468",
|
|
302
|
+
"CVE-2025-25257",
|
|
303
|
+
"CVE-2025-57819",
|
|
304
|
+
"CVE-2026-21643",
|
|
254
305
|
"CVE-2026-42208"
|
|
255
306
|
],
|
|
256
307
|
"framework_controls_partially_addressing": [
|
|
@@ -285,8 +336,37 @@
|
|
|
285
336
|
"webapp-security"
|
|
286
337
|
],
|
|
287
338
|
"evidence_cves": [
|
|
339
|
+
"CVE-2007-0671",
|
|
340
|
+
"CVE-2008-0015",
|
|
341
|
+
"CVE-2009-0238",
|
|
342
|
+
"CVE-2009-0556",
|
|
343
|
+
"CVE-2010-3765",
|
|
344
|
+
"CVE-2010-3962",
|
|
345
|
+
"CVE-2011-3402",
|
|
346
|
+
"CVE-2013-3918",
|
|
347
|
+
"CVE-2017-1000353",
|
|
348
|
+
"CVE-2020-25078",
|
|
349
|
+
"CVE-2022-48503",
|
|
350
|
+
"CVE-2024-56145",
|
|
288
351
|
"CVE-2025-11837",
|
|
352
|
+
"CVE-2025-32432",
|
|
353
|
+
"CVE-2025-37164",
|
|
354
|
+
"CVE-2025-43200",
|
|
355
|
+
"CVE-2025-4428",
|
|
356
|
+
"CVE-2025-49704",
|
|
357
|
+
"CVE-2025-54068",
|
|
358
|
+
"CVE-2025-54253",
|
|
359
|
+
"CVE-2025-55182",
|
|
360
|
+
"CVE-2025-61882",
|
|
361
|
+
"CVE-2025-6204",
|
|
289
362
|
"CVE-2025-62848",
|
|
363
|
+
"CVE-2025-8875",
|
|
364
|
+
"CVE-2025-8876",
|
|
365
|
+
"CVE-2026-1281",
|
|
366
|
+
"CVE-2026-1340",
|
|
367
|
+
"CVE-2026-20045",
|
|
368
|
+
"CVE-2026-33017",
|
|
369
|
+
"CVE-2026-34197",
|
|
290
370
|
"CVE-2026-6973",
|
|
291
371
|
"MAL-2026-3083"
|
|
292
372
|
],
|
|
@@ -347,7 +427,13 @@
|
|
|
347
427
|
"fuzz-testing-strategy",
|
|
348
428
|
"kernel-lpe-triage"
|
|
349
429
|
],
|
|
350
|
-
"evidence_cves": [
|
|
430
|
+
"evidence_cves": [
|
|
431
|
+
"CVE-2023-36424",
|
|
432
|
+
"CVE-2025-48633",
|
|
433
|
+
"CVE-2025-5419",
|
|
434
|
+
"CVE-2025-5777",
|
|
435
|
+
"CVE-2026-3055"
|
|
436
|
+
],
|
|
351
437
|
"framework_controls_partially_addressing": [
|
|
352
438
|
"NIST-800-53-SI-10",
|
|
353
439
|
"NIST-800-53-SI-16",
|
|
@@ -382,7 +468,11 @@
|
|
|
382
468
|
"sector-healthcare",
|
|
383
469
|
"webapp-security"
|
|
384
470
|
],
|
|
385
|
-
"evidence_cves": [
|
|
471
|
+
"evidence_cves": [
|
|
472
|
+
"CVE-2025-31125",
|
|
473
|
+
"CVE-2026-20133",
|
|
474
|
+
"CVE-2026-20805"
|
|
475
|
+
],
|
|
386
476
|
"framework_controls_partially_addressing": [
|
|
387
477
|
"NIST-800-53-AC-3",
|
|
388
478
|
"NIST-800-53-SC-28",
|
|
@@ -408,7 +498,9 @@
|
|
|
408
498
|
"CAPEC-470"
|
|
409
499
|
],
|
|
410
500
|
"skills_referencing": [],
|
|
411
|
-
"evidence_cves": [
|
|
501
|
+
"evidence_cves": [
|
|
502
|
+
"CVE-2025-40602"
|
|
503
|
+
],
|
|
412
504
|
"framework_controls_partially_addressing": [
|
|
413
505
|
"NIST-800-53-AC-6",
|
|
414
506
|
"ISO-27001-2022-A.8.2",
|
|
@@ -474,7 +566,12 @@
|
|
|
474
566
|
"webapp-security"
|
|
475
567
|
],
|
|
476
568
|
"evidence_cves": [
|
|
477
|
-
"CVE-
|
|
569
|
+
"CVE-2021-43226",
|
|
570
|
+
"CVE-2024-8068",
|
|
571
|
+
"CVE-2025-48543",
|
|
572
|
+
"CVE-2025-48572",
|
|
573
|
+
"CVE-2025-62849",
|
|
574
|
+
"CVE-2026-21533"
|
|
478
575
|
],
|
|
479
576
|
"framework_controls_partially_addressing": [
|
|
480
577
|
"NIST-800-53-AC-6",
|
|
@@ -502,7 +599,13 @@
|
|
|
502
599
|
"skills_referencing": [
|
|
503
600
|
"idp-incident-response"
|
|
504
601
|
],
|
|
505
|
-
"evidence_cves": [
|
|
602
|
+
"evidence_cves": [
|
|
603
|
+
"CVE-2025-12480",
|
|
604
|
+
"CVE-2025-31125",
|
|
605
|
+
"CVE-2025-33073",
|
|
606
|
+
"CVE-2025-59230",
|
|
607
|
+
"CVE-2026-35616"
|
|
608
|
+
],
|
|
506
609
|
"framework_controls_partially_addressing": [
|
|
507
610
|
"NIST-800-53-AC-3",
|
|
508
611
|
"ISO-27001-2022-A.5.15",
|
|
@@ -545,7 +648,17 @@
|
|
|
545
648
|
"webapp-security"
|
|
546
649
|
],
|
|
547
650
|
"evidence_cves": [
|
|
651
|
+
"CVE-2015-7755",
|
|
652
|
+
"CVE-2016-7836",
|
|
653
|
+
"CVE-2017-7921",
|
|
654
|
+
"CVE-2019-19006",
|
|
548
655
|
"CVE-2020-10148",
|
|
656
|
+
"CVE-2021-32030",
|
|
657
|
+
"CVE-2023-27351",
|
|
658
|
+
"CVE-2025-32975",
|
|
659
|
+
"CVE-2025-3935",
|
|
660
|
+
"CVE-2025-49706",
|
|
661
|
+
"CVE-2026-20127",
|
|
549
662
|
"CVE-2026-20182"
|
|
550
663
|
],
|
|
551
664
|
"framework_controls_partially_addressing": [
|
|
@@ -580,8 +693,15 @@
|
|
|
580
693
|
"sector-telecom"
|
|
581
694
|
],
|
|
582
695
|
"evidence_cves": [
|
|
696
|
+
"CVE-2020-24363",
|
|
697
|
+
"CVE-2025-32433",
|
|
698
|
+
"CVE-2025-4008",
|
|
699
|
+
"CVE-2025-61757",
|
|
583
700
|
"CVE-2026-0300",
|
|
584
|
-
"CVE-2026-
|
|
701
|
+
"CVE-2026-24423",
|
|
702
|
+
"CVE-2026-33017",
|
|
703
|
+
"CVE-2026-39987",
|
|
704
|
+
"CVE-2026-41940"
|
|
585
705
|
],
|
|
586
706
|
"framework_controls_partially_addressing": [
|
|
587
707
|
"NIST-800-53-IA-2",
|
|
@@ -903,7 +1023,9 @@
|
|
|
903
1023
|
"sector-financial",
|
|
904
1024
|
"webapp-security"
|
|
905
1025
|
],
|
|
906
|
-
"evidence_cves": [
|
|
1026
|
+
"evidence_cves": [
|
|
1027
|
+
"CVE-2023-2533"
|
|
1028
|
+
],
|
|
907
1029
|
"framework_controls_partially_addressing": [
|
|
908
1030
|
"NIST-800-53-SC-23",
|
|
909
1031
|
"ISO-27001-2022-A.8.26"
|
|
@@ -964,6 +1086,8 @@
|
|
|
964
1086
|
"kernel-lpe-triage"
|
|
965
1087
|
],
|
|
966
1088
|
"evidence_cves": [
|
|
1089
|
+
"CVE-2020-17103-REREGRESSION-2026",
|
|
1090
|
+
"CVE-2025-62215",
|
|
967
1091
|
"CVE-2026-31635",
|
|
968
1092
|
"CVE-2026-33825",
|
|
969
1093
|
"CVE-2026-46333"
|
|
@@ -996,7 +1120,17 @@
|
|
|
996
1120
|
"fuzz-testing-strategy",
|
|
997
1121
|
"kernel-lpe-triage"
|
|
998
1122
|
],
|
|
999
|
-
"evidence_cves": [
|
|
1123
|
+
"evidence_cves": [
|
|
1124
|
+
"CVE-2020-9715",
|
|
1125
|
+
"CVE-2023-41974",
|
|
1126
|
+
"CVE-2023-43000",
|
|
1127
|
+
"CVE-2025-27038",
|
|
1128
|
+
"CVE-2025-32701",
|
|
1129
|
+
"CVE-2025-32709",
|
|
1130
|
+
"CVE-2025-62221",
|
|
1131
|
+
"CVE-2026-2441",
|
|
1132
|
+
"CVE-2026-5281"
|
|
1133
|
+
],
|
|
1000
1134
|
"framework_controls_partially_addressing": [
|
|
1001
1135
|
"NIST-800-53-SI-16",
|
|
1002
1136
|
"NIST-800-53-SI-2",
|
|
@@ -1022,7 +1156,9 @@
|
|
|
1022
1156
|
"CAPEC-471"
|
|
1023
1157
|
],
|
|
1024
1158
|
"skills_referencing": [],
|
|
1025
|
-
"evidence_cves": [
|
|
1159
|
+
"evidence_cves": [
|
|
1160
|
+
"CVE-2012-1854"
|
|
1161
|
+
],
|
|
1026
1162
|
"framework_controls_partially_addressing": [
|
|
1027
1163
|
"NIST-800-53-AC-6",
|
|
1028
1164
|
"ISO-27001-2022-A.8.20"
|
|
@@ -1056,7 +1192,14 @@
|
|
|
1056
1192
|
"mcp-agent-trust",
|
|
1057
1193
|
"webapp-security"
|
|
1058
1194
|
],
|
|
1059
|
-
"evidence_cves": [
|
|
1195
|
+
"evidence_cves": [
|
|
1196
|
+
"CVE-2018-4063",
|
|
1197
|
+
"CVE-2021-26828",
|
|
1198
|
+
"CVE-2024-7399",
|
|
1199
|
+
"CVE-2024-7694",
|
|
1200
|
+
"CVE-2025-2749",
|
|
1201
|
+
"CVE-2025-52691"
|
|
1202
|
+
],
|
|
1060
1203
|
"framework_controls_partially_addressing": [
|
|
1061
1204
|
"NIST-800-53-SI-3",
|
|
1062
1205
|
"NIST-800-53-SI-10",
|
|
@@ -1084,7 +1227,11 @@
|
|
|
1084
1227
|
"mcp-agent-trust",
|
|
1085
1228
|
"supply-chain-integrity"
|
|
1086
1229
|
],
|
|
1087
|
-
"evidence_cves": [
|
|
1230
|
+
"evidence_cves": [
|
|
1231
|
+
"CVE-2022-40799",
|
|
1232
|
+
"CVE-2025-15556",
|
|
1233
|
+
"CVE-2026-3502"
|
|
1234
|
+
],
|
|
1088
1235
|
"framework_controls_partially_addressing": [
|
|
1089
1236
|
"NIST-800-53-SI-7",
|
|
1090
1237
|
"NIST-800-53-SA-12",
|
|
@@ -1116,7 +1263,22 @@
|
|
|
1116
1263
|
"supply-chain-integrity",
|
|
1117
1264
|
"webapp-security"
|
|
1118
1265
|
],
|
|
1119
|
-
"evidence_cves": [
|
|
1266
|
+
"evidence_cves": [
|
|
1267
|
+
"CVE-2023-21529",
|
|
1268
|
+
"CVE-2024-8069",
|
|
1269
|
+
"CVE-2025-10035",
|
|
1270
|
+
"CVE-2025-24016",
|
|
1271
|
+
"CVE-2025-26399",
|
|
1272
|
+
"CVE-2025-40551",
|
|
1273
|
+
"CVE-2025-42999",
|
|
1274
|
+
"CVE-2025-49113",
|
|
1275
|
+
"CVE-2025-5086",
|
|
1276
|
+
"CVE-2025-53690",
|
|
1277
|
+
"CVE-2025-53770",
|
|
1278
|
+
"CVE-2025-59287",
|
|
1279
|
+
"CVE-2026-20131",
|
|
1280
|
+
"CVE-2026-20963"
|
|
1281
|
+
],
|
|
1120
1282
|
"framework_controls_partially_addressing": [
|
|
1121
1283
|
"NIST-800-53-SI-10",
|
|
1122
1284
|
"NIST-800-53-SA-12",
|
|
@@ -1145,6 +1307,9 @@
|
|
|
1145
1307
|
"skills_referencing": [],
|
|
1146
1308
|
"evidence_cves": [
|
|
1147
1309
|
"CVE-2024-3094",
|
|
1310
|
+
"CVE-2025-54313",
|
|
1311
|
+
"CVE-2025-59374",
|
|
1312
|
+
"CVE-2026-33634",
|
|
1148
1313
|
"MAL-2026-3083",
|
|
1149
1314
|
"MAL-2026-NODE-IPC-STEALER",
|
|
1150
1315
|
"MAL-2026-SHAI-HULUD-OSS",
|
|
@@ -1183,7 +1348,9 @@
|
|
|
1183
1348
|
"cloud-iam-incident",
|
|
1184
1349
|
"idp-incident-response"
|
|
1185
1350
|
],
|
|
1186
|
-
"evidence_cves": [
|
|
1351
|
+
"evidence_cves": [
|
|
1352
|
+
"CVE-2021-22681"
|
|
1353
|
+
],
|
|
1187
1354
|
"framework_controls_partially_addressing": [
|
|
1188
1355
|
"NIST-800-53-IA-5",
|
|
1189
1356
|
"ISO-27001-2022-A.5.16",
|
|
@@ -1277,7 +1444,10 @@
|
|
|
1277
1444
|
"identity-assurance",
|
|
1278
1445
|
"webapp-security"
|
|
1279
1446
|
],
|
|
1280
|
-
"evidence_cves": [
|
|
1447
|
+
"evidence_cves": [
|
|
1448
|
+
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
1449
|
+
"BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY"
|
|
1450
|
+
],
|
|
1281
1451
|
"framework_controls_partially_addressing": [
|
|
1282
1452
|
"NIST-800-53-AC-3",
|
|
1283
1453
|
"NIST-800-53-AC-6",
|
|
@@ -1369,9 +1539,17 @@
|
|
|
1369
1539
|
"kernel-lpe-triage"
|
|
1370
1540
|
],
|
|
1371
1541
|
"evidence_cves": [
|
|
1542
|
+
"CVE-2021-22555",
|
|
1372
1543
|
"CVE-2023-3519",
|
|
1373
1544
|
"CVE-2024-21762",
|
|
1545
|
+
"CVE-2024-37079",
|
|
1546
|
+
"CVE-2025-14733",
|
|
1547
|
+
"CVE-2025-21042",
|
|
1548
|
+
"CVE-2025-21043",
|
|
1549
|
+
"CVE-2025-5419",
|
|
1550
|
+
"CVE-2025-9242",
|
|
1374
1551
|
"CVE-2026-0300",
|
|
1552
|
+
"CVE-2026-3909",
|
|
1375
1553
|
"CVE-2026-42945",
|
|
1376
1554
|
"CVE-2026-43500",
|
|
1377
1555
|
"CVE-2026-46300"
|
|
@@ -1411,7 +1589,11 @@
|
|
|
1411
1589
|
"sector-energy",
|
|
1412
1590
|
"sector-financial"
|
|
1413
1591
|
],
|
|
1414
|
-
"evidence_cves": [
|
|
1592
|
+
"evidence_cves": [
|
|
1593
|
+
"CVE-2019-6693",
|
|
1594
|
+
"CVE-2025-14611",
|
|
1595
|
+
"CVE-2026-22769"
|
|
1596
|
+
],
|
|
1415
1597
|
"framework_controls_partially_addressing": [
|
|
1416
1598
|
"NIST-800-53-IA-5",
|
|
1417
1599
|
"ISO-27001-2022-A.8.5"
|
|
@@ -1439,6 +1621,7 @@
|
|
|
1439
1621
|
"supply-chain-integrity"
|
|
1440
1622
|
],
|
|
1441
1623
|
"evidence_cves": [
|
|
1624
|
+
"CVE-2025-32463",
|
|
1442
1625
|
"MAL-2026-NODE-IPC-STEALER",
|
|
1443
1626
|
"MAL-2026-SHAI-HULUD-OSS"
|
|
1444
1627
|
],
|
|
@@ -1476,7 +1659,13 @@
|
|
|
1476
1659
|
"sector-healthcare",
|
|
1477
1660
|
"webapp-security"
|
|
1478
1661
|
],
|
|
1479
|
-
"evidence_cves": [
|
|
1662
|
+
"evidence_cves": [
|
|
1663
|
+
"CVE-2023-52163",
|
|
1664
|
+
"CVE-2024-57726",
|
|
1665
|
+
"CVE-2025-20362",
|
|
1666
|
+
"CVE-2025-40602",
|
|
1667
|
+
"CVE-2025-6205"
|
|
1668
|
+
],
|
|
1480
1669
|
"framework_controls_partially_addressing": [
|
|
1481
1670
|
"NIST-800-53-AC-3",
|
|
1482
1671
|
"NIST-800-53-AC-6",
|
|
@@ -1511,7 +1700,11 @@
|
|
|
1511
1700
|
"sector-financial",
|
|
1512
1701
|
"webapp-security"
|
|
1513
1702
|
],
|
|
1514
|
-
"evidence_cves": [
|
|
1703
|
+
"evidence_cves": [
|
|
1704
|
+
"CVE-2025-21479",
|
|
1705
|
+
"CVE-2025-21480",
|
|
1706
|
+
"CVE-2025-55177"
|
|
1707
|
+
],
|
|
1515
1708
|
"framework_controls_partially_addressing": [
|
|
1516
1709
|
"NIST-800-53-AC-3",
|
|
1517
1710
|
"ISO-27001-2022-A.5.15"
|
|
@@ -1573,7 +1766,15 @@
|
|
|
1573
1766
|
"sector-telecom",
|
|
1574
1767
|
"webapp-security"
|
|
1575
1768
|
],
|
|
1576
|
-
"evidence_cves": [
|
|
1769
|
+
"evidence_cves": [
|
|
1770
|
+
"CVE-2019-9621",
|
|
1771
|
+
"CVE-2020-7796",
|
|
1772
|
+
"CVE-2021-21311",
|
|
1773
|
+
"CVE-2021-22054",
|
|
1774
|
+
"CVE-2021-22175",
|
|
1775
|
+
"CVE-2021-39935",
|
|
1776
|
+
"CVE-2025-61884"
|
|
1777
|
+
],
|
|
1577
1778
|
"framework_controls_partially_addressing": [
|
|
1578
1779
|
"NIST-800-53-SC-7",
|
|
1579
1780
|
"ISO-27001-2022-A.8.22"
|
|
@@ -1653,7 +1854,9 @@
|
|
|
1653
1854
|
"security-maturity-tiers",
|
|
1654
1855
|
"webapp-security"
|
|
1655
1856
|
],
|
|
1656
|
-
"evidence_cves": [
|
|
1857
|
+
"evidence_cves": [
|
|
1858
|
+
"CVE-2025-48927"
|
|
1859
|
+
],
|
|
1657
1860
|
"framework_controls_partially_addressing": [
|
|
1658
1861
|
"NIST-800-53-CM-6",
|
|
1659
1862
|
"ISO-27001-2022-A.8.9"
|
|
@@ -1757,5 +1960,872 @@
|
|
|
1757
1960
|
"real_requirement": "Output validation pipelines that match the action class of the output: tool-call outputs require argv allowlist plus capability scoping; code outputs require sandbox execution plus static analysis; natural-language outputs to users require PII and secret redaction. For high-impact actions, human-in-the-loop confirmation. Validation must be on the output channel, not (only) on the input.",
|
|
1758
1961
|
"lag_notes": "NIST AI RMF MEASURE 2.5 (validity and reliability) treats AI output quality as a model-evaluation problem (accuracy metrics). It does not treat malicious output (jailbroken code, exfiltration, harmful content) as a CWE class requiring output-side controls.",
|
|
1759
1962
|
"last_verified": "2026-05-11"
|
|
1963
|
+
},
|
|
1964
|
+
"CWE-264": {
|
|
1965
|
+
"id": "CWE-264",
|
|
1966
|
+
"name": "Permissions, Privileges, and Access Controls (deprecated)",
|
|
1967
|
+
"abstraction": "Category",
|
|
1968
|
+
"category": "Access Control",
|
|
1969
|
+
"description": "Weaknesses involving the management of permissions, privileges, and access controls. Deprecated as a category in CWE 4.x in favor of more specific child weaknesses (CWE-269 Improper Privilege Management, CWE-285 Improper Authorization, CWE-732 Incorrect Permission Assignment for Critical Resource). Retained for legacy CVE mapping where the upstream MITRE record still cites CWE-264 verbatim.",
|
|
1970
|
+
"top_25_rank_2024": null,
|
|
1971
|
+
"top_25_rank_2025": null,
|
|
1972
|
+
"view_memberships": [
|
|
1973
|
+
"CWE-2000"
|
|
1974
|
+
],
|
|
1975
|
+
"related_weaknesses": [
|
|
1976
|
+
"CWE-269",
|
|
1977
|
+
"CWE-285",
|
|
1978
|
+
"CWE-732"
|
|
1979
|
+
],
|
|
1980
|
+
"evidence_cves": [
|
|
1981
|
+
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
1982
|
+
"CVE-2026-31635"
|
|
1983
|
+
],
|
|
1984
|
+
"last_verified": "2026-05-18",
|
|
1985
|
+
"notes": "Added v0.13.16 to back the DirtyDecrypt (CVE-2026-31635) cwe_refs entry. MITRE deprecated this as a category in CWE 4.x but the rxgk-kernel-LPE CWE assignment in the published advisory cited CWE-264 directly, so the local catalog must accept the legacy reference."
|
|
1986
|
+
},
|
|
1987
|
+
"CWE-367": {
|
|
1988
|
+
"id": "CWE-367",
|
|
1989
|
+
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition",
|
|
1990
|
+
"abstraction": "Base",
|
|
1991
|
+
"category": "Race Condition",
|
|
1992
|
+
"description": "The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can be used to perform actions that should not be allowed by an unprivileged actor.",
|
|
1993
|
+
"top_25_rank_2024": 22,
|
|
1994
|
+
"top_25_rank_2025": 22,
|
|
1995
|
+
"view_memberships": [
|
|
1996
|
+
"CWE-1000",
|
|
1997
|
+
"CWE-1003",
|
|
1998
|
+
"CWE-2000"
|
|
1999
|
+
],
|
|
2000
|
+
"related_weaknesses": [
|
|
2001
|
+
"CWE-362",
|
|
2002
|
+
"CWE-363",
|
|
2003
|
+
"CWE-826"
|
|
2004
|
+
],
|
|
2005
|
+
"evidence_cves": [
|
|
2006
|
+
"CVE-2020-17103-REREGRESSION-2026"
|
|
2007
|
+
],
|
|
2008
|
+
"last_verified": "2026-05-18",
|
|
2009
|
+
"notes": "Added v0.13.17 to back the MiniPlasma cldflt.sys re-regression entry. CWE-367 is the standard MITRE classification for TOCTOU races; the cldflt.sys HsmOsBlockPlaceholderAccess primitive validates a placeholder file's accessibility once, then is racing against a junction / symlink swap before the kernel acts on the cached decision."
|
|
2010
|
+
},
|
|
2011
|
+
"CWE-1390": {
|
|
2012
|
+
"id": "CWE-1390",
|
|
2013
|
+
"name": "Weak Authentication",
|
|
2014
|
+
"abstraction": "Class",
|
|
2015
|
+
"category": "Authentication",
|
|
2016
|
+
"description": "The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claim of identity is correct. As a result, an attacker may bypass authentication and gain access to restricted functionality or sensitive data.",
|
|
2017
|
+
"top_25_rank_2024": null,
|
|
2018
|
+
"top_25_rank_2025": null,
|
|
2019
|
+
"view_memberships": [
|
|
2020
|
+
"CWE-1000",
|
|
2021
|
+
"CWE-2000"
|
|
2022
|
+
],
|
|
2023
|
+
"related_weaknesses": [
|
|
2024
|
+
"CWE-287",
|
|
2025
|
+
"CWE-1391",
|
|
2026
|
+
"CWE-1392"
|
|
2027
|
+
],
|
|
2028
|
+
"evidence_cves": [
|
|
2029
|
+
"BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY"
|
|
2030
|
+
],
|
|
2031
|
+
"last_verified": "2026-05-18",
|
|
2032
|
+
"notes": "Added v0.13.17 to back the YellowKey BitLocker TPM-only bypass entry. CWE-1390 captures the structural weakness of TPM-only BitLocker — the TPM unseals the VMK based on platform-state attestation alone, with no user-authentication component, so a boot-flow bypass can inherit the unsealed key without ever proving identity."
|
|
2033
|
+
},
|
|
2034
|
+
"CWE-693": {
|
|
2035
|
+
"id": "CWE-693",
|
|
2036
|
+
"name": "Protection Mechanism Failure",
|
|
2037
|
+
"abstraction": "Pillar",
|
|
2038
|
+
"category": "Protection Mechanism",
|
|
2039
|
+
"description": "The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. This pillar weakness is the parent class for failures of security controls (AV, EDR, sandbox, sandboxing, access enforcement, audit logging) where the control exists but is bypassed, disabled, or insufficiently configured to defend against the directed attack class.",
|
|
2040
|
+
"top_25_rank_2024": null,
|
|
2041
|
+
"top_25_rank_2025": null,
|
|
2042
|
+
"view_memberships": [
|
|
2043
|
+
"CWE-1000",
|
|
2044
|
+
"CWE-2000"
|
|
2045
|
+
],
|
|
2046
|
+
"related_weaknesses": [
|
|
2047
|
+
"CWE-732",
|
|
2048
|
+
"CWE-757",
|
|
2049
|
+
"CWE-778"
|
|
2050
|
+
],
|
|
2051
|
+
"evidence_cves": [
|
|
2052
|
+
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
2053
|
+
"CVE-2025-40536",
|
|
2054
|
+
"CVE-2026-21510",
|
|
2055
|
+
"CVE-2026-21513"
|
|
2056
|
+
],
|
|
2057
|
+
"last_verified": "2026-05-18",
|
|
2058
|
+
"notes": "Added v0.13.17 to back the UnDefend Defender update-disruption entry. CWE-693 is the canonical parent for failures-of-protection-mechanism — Defender continues running but its update mechanism has been corrupted, so the AV protection-mechanism fails silently while the host still passes 'is Defender running?' health checks."
|
|
2059
|
+
},
|
|
2060
|
+
"CWE-23": {
|
|
2061
|
+
"id": "CWE-23",
|
|
2062
|
+
"name": "Relative Path Traversal",
|
|
2063
|
+
"abstraction": "Base",
|
|
2064
|
+
"category": "Path Traversal",
|
|
2065
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/23.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2066
|
+
"top_25_rank_2024": null,
|
|
2067
|
+
"top_25_rank_2025": null,
|
|
2068
|
+
"view_memberships": [
|
|
2069
|
+
"CWE-1000",
|
|
2070
|
+
"CWE-2000"
|
|
2071
|
+
],
|
|
2072
|
+
"related_weaknesses": [],
|
|
2073
|
+
"evidence_cves": [
|
|
2074
|
+
"CVE-2024-27199",
|
|
2075
|
+
"CVE-2025-64446"
|
|
2076
|
+
],
|
|
2077
|
+
"last_verified": "2026-05-18",
|
|
2078
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2079
|
+
},
|
|
2080
|
+
"CWE-25": {
|
|
2081
|
+
"id": "CWE-25",
|
|
2082
|
+
"name": "Path Traversal: '/../filedir'",
|
|
2083
|
+
"abstraction": "Variant",
|
|
2084
|
+
"category": "Path Traversal",
|
|
2085
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/25.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2086
|
+
"top_25_rank_2024": null,
|
|
2087
|
+
"top_25_rank_2025": null,
|
|
2088
|
+
"view_memberships": [
|
|
2089
|
+
"CWE-1000",
|
|
2090
|
+
"CWE-2000"
|
|
2091
|
+
],
|
|
2092
|
+
"related_weaknesses": [],
|
|
2093
|
+
"evidence_cves": [
|
|
2094
|
+
"CVE-2022-20775"
|
|
2095
|
+
],
|
|
2096
|
+
"last_verified": "2026-05-18",
|
|
2097
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2098
|
+
},
|
|
2099
|
+
"CWE-59": {
|
|
2100
|
+
"id": "CWE-59",
|
|
2101
|
+
"name": "Improper Link Resolution Before File Access ('Link Following')",
|
|
2102
|
+
"abstraction": "Base",
|
|
2103
|
+
"category": "Path Traversal",
|
|
2104
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/59.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2105
|
+
"top_25_rank_2024": null,
|
|
2106
|
+
"top_25_rank_2025": null,
|
|
2107
|
+
"view_memberships": [
|
|
2108
|
+
"CWE-1000",
|
|
2109
|
+
"CWE-2000"
|
|
2110
|
+
],
|
|
2111
|
+
"related_weaknesses": [],
|
|
2112
|
+
"evidence_cves": [
|
|
2113
|
+
"CVE-2025-48384",
|
|
2114
|
+
"CVE-2025-60710"
|
|
2115
|
+
],
|
|
2116
|
+
"last_verified": "2026-05-18",
|
|
2117
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2118
|
+
},
|
|
2119
|
+
"CWE-95": {
|
|
2120
|
+
"id": "CWE-95",
|
|
2121
|
+
"name": "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')",
|
|
2122
|
+
"abstraction": "Variant",
|
|
2123
|
+
"category": "Injection",
|
|
2124
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/95.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2125
|
+
"top_25_rank_2024": null,
|
|
2126
|
+
"top_25_rank_2025": null,
|
|
2127
|
+
"view_memberships": [
|
|
2128
|
+
"CWE-1000",
|
|
2129
|
+
"CWE-2000"
|
|
2130
|
+
],
|
|
2131
|
+
"related_weaknesses": [],
|
|
2132
|
+
"evidence_cves": [
|
|
2133
|
+
"CVE-2025-24893",
|
|
2134
|
+
"CVE-2026-33017"
|
|
2135
|
+
],
|
|
2136
|
+
"last_verified": "2026-05-18",
|
|
2137
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2138
|
+
},
|
|
2139
|
+
"CWE-98": {
|
|
2140
|
+
"id": "CWE-98",
|
|
2141
|
+
"name": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')",
|
|
2142
|
+
"abstraction": "Variant",
|
|
2143
|
+
"category": "Injection",
|
|
2144
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/98.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2145
|
+
"top_25_rank_2024": null,
|
|
2146
|
+
"top_25_rank_2025": null,
|
|
2147
|
+
"view_memberships": [
|
|
2148
|
+
"CWE-1000",
|
|
2149
|
+
"CWE-2000"
|
|
2150
|
+
],
|
|
2151
|
+
"related_weaknesses": [],
|
|
2152
|
+
"evidence_cves": [
|
|
2153
|
+
"CVE-2025-68645"
|
|
2154
|
+
],
|
|
2155
|
+
"last_verified": "2026-05-18",
|
|
2156
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2157
|
+
},
|
|
2158
|
+
"CWE-119": {
|
|
2159
|
+
"id": "CWE-119",
|
|
2160
|
+
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
|
|
2161
|
+
"abstraction": "Class",
|
|
2162
|
+
"category": "Memory Safety",
|
|
2163
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/119.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2164
|
+
"top_25_rank_2024": null,
|
|
2165
|
+
"top_25_rank_2025": null,
|
|
2166
|
+
"view_memberships": [
|
|
2167
|
+
"CWE-1000",
|
|
2168
|
+
"CWE-2000"
|
|
2169
|
+
],
|
|
2170
|
+
"related_weaknesses": [],
|
|
2171
|
+
"evidence_cves": [
|
|
2172
|
+
"CVE-2014-3931",
|
|
2173
|
+
"CVE-2025-31277",
|
|
2174
|
+
"CVE-2025-6543",
|
|
2175
|
+
"CVE-2025-7775",
|
|
2176
|
+
"CVE-2026-20700",
|
|
2177
|
+
"CVE-2026-3910"
|
|
2178
|
+
],
|
|
2179
|
+
"last_verified": "2026-05-18",
|
|
2180
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2181
|
+
},
|
|
2182
|
+
"CWE-120": {
|
|
2183
|
+
"id": "CWE-120",
|
|
2184
|
+
"name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
|
|
2185
|
+
"abstraction": "Base",
|
|
2186
|
+
"category": "Memory Safety",
|
|
2187
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/120.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2188
|
+
"top_25_rank_2024": null,
|
|
2189
|
+
"top_25_rank_2025": null,
|
|
2190
|
+
"view_memberships": [
|
|
2191
|
+
"CWE-1000",
|
|
2192
|
+
"CWE-2000"
|
|
2193
|
+
],
|
|
2194
|
+
"related_weaknesses": [],
|
|
2195
|
+
"evidence_cves": [
|
|
2196
|
+
"CVE-2022-37055",
|
|
2197
|
+
"CVE-2025-20333",
|
|
2198
|
+
"CVE-2025-43520"
|
|
2199
|
+
],
|
|
2200
|
+
"last_verified": "2026-05-18",
|
|
2201
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2202
|
+
},
|
|
2203
|
+
"CWE-121": {
|
|
2204
|
+
"id": "CWE-121",
|
|
2205
|
+
"name": "Stack-based Buffer Overflow",
|
|
2206
|
+
"abstraction": "Variant",
|
|
2207
|
+
"category": "Memory Safety",
|
|
2208
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/121.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2209
|
+
"top_25_rank_2024": null,
|
|
2210
|
+
"top_25_rank_2025": null,
|
|
2211
|
+
"view_memberships": [
|
|
2212
|
+
"CWE-1000",
|
|
2213
|
+
"CWE-2000"
|
|
2214
|
+
],
|
|
2215
|
+
"related_weaknesses": [],
|
|
2216
|
+
"evidence_cves": [
|
|
2217
|
+
"CVE-2025-20352",
|
|
2218
|
+
"CVE-2025-53521"
|
|
2219
|
+
],
|
|
2220
|
+
"last_verified": "2026-05-18",
|
|
2221
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2222
|
+
},
|
|
2223
|
+
"CWE-190": {
|
|
2224
|
+
"id": "CWE-190",
|
|
2225
|
+
"name": "Integer Overflow or Wraparound",
|
|
2226
|
+
"abstraction": "Class",
|
|
2227
|
+
"category": "Numeric Errors",
|
|
2228
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/190.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2229
|
+
"top_25_rank_2024": null,
|
|
2230
|
+
"top_25_rank_2025": null,
|
|
2231
|
+
"view_memberships": [
|
|
2232
|
+
"CWE-1000",
|
|
2233
|
+
"CWE-2000"
|
|
2234
|
+
],
|
|
2235
|
+
"related_weaknesses": [],
|
|
2236
|
+
"evidence_cves": [
|
|
2237
|
+
"CVE-2018-14634",
|
|
2238
|
+
"CVE-2021-30952",
|
|
2239
|
+
"CVE-2026-21385"
|
|
2240
|
+
],
|
|
2241
|
+
"last_verified": "2026-05-18",
|
|
2242
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2243
|
+
},
|
|
2244
|
+
"CWE-209": {
|
|
2245
|
+
"id": "CWE-209",
|
|
2246
|
+
"name": "Generation of Error Message Containing Sensitive Information",
|
|
2247
|
+
"abstraction": "Base",
|
|
2248
|
+
"category": "Information Disclosure",
|
|
2249
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/209.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2250
|
+
"top_25_rank_2024": null,
|
|
2251
|
+
"top_25_rank_2025": null,
|
|
2252
|
+
"view_memberships": [
|
|
2253
|
+
"CWE-1000",
|
|
2254
|
+
"CWE-2000"
|
|
2255
|
+
],
|
|
2256
|
+
"related_weaknesses": [],
|
|
2257
|
+
"evidence_cves": [
|
|
2258
|
+
"CVE-2025-47813"
|
|
2259
|
+
],
|
|
2260
|
+
"last_verified": "2026-05-18",
|
|
2261
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2262
|
+
},
|
|
2263
|
+
"CWE-257": {
|
|
2264
|
+
"id": "CWE-257",
|
|
2265
|
+
"name": "Storing Passwords in a Recoverable Format",
|
|
2266
|
+
"abstraction": "Base",
|
|
2267
|
+
"category": "Credentials Management",
|
|
2268
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/257.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2269
|
+
"top_25_rank_2024": null,
|
|
2270
|
+
"top_25_rank_2025": null,
|
|
2271
|
+
"view_memberships": [
|
|
2272
|
+
"CWE-1000",
|
|
2273
|
+
"CWE-2000"
|
|
2274
|
+
],
|
|
2275
|
+
"related_weaknesses": [],
|
|
2276
|
+
"evidence_cves": [
|
|
2277
|
+
"CVE-2026-20128"
|
|
2278
|
+
],
|
|
2279
|
+
"last_verified": "2026-05-18",
|
|
2280
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2281
|
+
},
|
|
2282
|
+
"CWE-267": {
|
|
2283
|
+
"id": "CWE-267",
|
|
2284
|
+
"name": "Privilege Defined With Unsafe Actions",
|
|
2285
|
+
"abstraction": "Base",
|
|
2286
|
+
"category": "Access Control",
|
|
2287
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/267.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2288
|
+
"top_25_rank_2024": null,
|
|
2289
|
+
"top_25_rank_2025": null,
|
|
2290
|
+
"view_memberships": [
|
|
2291
|
+
"CWE-1000",
|
|
2292
|
+
"CWE-2000"
|
|
2293
|
+
],
|
|
2294
|
+
"related_weaknesses": [],
|
|
2295
|
+
"evidence_cves": [
|
|
2296
|
+
"CVE-2025-41244"
|
|
2297
|
+
],
|
|
2298
|
+
"last_verified": "2026-05-18",
|
|
2299
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2300
|
+
},
|
|
2301
|
+
"CWE-282": {
|
|
2302
|
+
"id": "CWE-282",
|
|
2303
|
+
"name": "Improper Ownership Management",
|
|
2304
|
+
"abstraction": "Class",
|
|
2305
|
+
"category": "Access Control",
|
|
2306
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/282.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2307
|
+
"top_25_rank_2024": null,
|
|
2308
|
+
"top_25_rank_2025": null,
|
|
2309
|
+
"view_memberships": [
|
|
2310
|
+
"CWE-1000",
|
|
2311
|
+
"CWE-2000"
|
|
2312
|
+
],
|
|
2313
|
+
"related_weaknesses": [],
|
|
2314
|
+
"evidence_cves": [
|
|
2315
|
+
"CVE-2022-20775",
|
|
2316
|
+
"CVE-2023-0386"
|
|
2317
|
+
],
|
|
2318
|
+
"last_verified": "2026-05-18",
|
|
2319
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2320
|
+
},
|
|
2321
|
+
"CWE-288": {
|
|
2322
|
+
"id": "CWE-288",
|
|
2323
|
+
"name": "Authentication Bypass Using an Alternate Path or Channel",
|
|
2324
|
+
"abstraction": "Base",
|
|
2325
|
+
"category": "Authentication",
|
|
2326
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/288.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2327
|
+
"top_25_rank_2024": null,
|
|
2328
|
+
"top_25_rank_2025": null,
|
|
2329
|
+
"view_memberships": [
|
|
2330
|
+
"CWE-1000",
|
|
2331
|
+
"CWE-2000"
|
|
2332
|
+
],
|
|
2333
|
+
"related_weaknesses": [],
|
|
2334
|
+
"evidence_cves": [
|
|
2335
|
+
"CVE-2025-2746",
|
|
2336
|
+
"CVE-2025-2747",
|
|
2337
|
+
"CVE-2025-34026",
|
|
2338
|
+
"CVE-2025-4427",
|
|
2339
|
+
"CVE-2025-57819",
|
|
2340
|
+
"CVE-2026-1603",
|
|
2341
|
+
"CVE-2026-23760",
|
|
2342
|
+
"CVE-2026-24858"
|
|
2343
|
+
],
|
|
2344
|
+
"last_verified": "2026-05-18",
|
|
2345
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2346
|
+
},
|
|
2347
|
+
"CWE-324": {
|
|
2348
|
+
"id": "CWE-324",
|
|
2349
|
+
"name": "Use of a Key Past its Expiration Date",
|
|
2350
|
+
"abstraction": "Variant",
|
|
2351
|
+
"category": "Cryptography",
|
|
2352
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/324.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2353
|
+
"top_25_rank_2024": null,
|
|
2354
|
+
"top_25_rank_2025": null,
|
|
2355
|
+
"view_memberships": [
|
|
2356
|
+
"CWE-1000",
|
|
2357
|
+
"CWE-2000"
|
|
2358
|
+
],
|
|
2359
|
+
"related_weaknesses": [],
|
|
2360
|
+
"evidence_cves": [
|
|
2361
|
+
"CVE-2025-47827"
|
|
2362
|
+
],
|
|
2363
|
+
"last_verified": "2026-05-18",
|
|
2364
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2365
|
+
},
|
|
2366
|
+
"CWE-347": {
|
|
2367
|
+
"id": "CWE-347",
|
|
2368
|
+
"name": "Improper Verification of Cryptographic Signature",
|
|
2369
|
+
"abstraction": "Base",
|
|
2370
|
+
"category": "Cryptography",
|
|
2371
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/347.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2372
|
+
"top_25_rank_2024": null,
|
|
2373
|
+
"top_25_rank_2025": null,
|
|
2374
|
+
"view_memberships": [
|
|
2375
|
+
"CWE-1000",
|
|
2376
|
+
"CWE-2000"
|
|
2377
|
+
],
|
|
2378
|
+
"related_weaknesses": [],
|
|
2379
|
+
"evidence_cves": [
|
|
2380
|
+
"CVE-2025-59718"
|
|
2381
|
+
],
|
|
2382
|
+
"last_verified": "2026-05-18",
|
|
2383
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2384
|
+
},
|
|
2385
|
+
"CWE-476": {
|
|
2386
|
+
"id": "CWE-476",
|
|
2387
|
+
"name": "NULL Pointer Dereference",
|
|
2388
|
+
"abstraction": "Base",
|
|
2389
|
+
"category": "Memory Safety",
|
|
2390
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/476.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2391
|
+
"top_25_rank_2024": null,
|
|
2392
|
+
"top_25_rank_2025": null,
|
|
2393
|
+
"view_memberships": [
|
|
2394
|
+
"CWE-1000",
|
|
2395
|
+
"CWE-2000"
|
|
2396
|
+
],
|
|
2397
|
+
"related_weaknesses": [],
|
|
2398
|
+
"evidence_cves": [
|
|
2399
|
+
"CVE-2026-21525"
|
|
2400
|
+
],
|
|
2401
|
+
"last_verified": "2026-05-18",
|
|
2402
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2403
|
+
},
|
|
2404
|
+
"CWE-552": {
|
|
2405
|
+
"id": "CWE-552",
|
|
2406
|
+
"name": "Files or Directories Accessible to External Parties",
|
|
2407
|
+
"abstraction": "Class",
|
|
2408
|
+
"category": "Access Control",
|
|
2409
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/552.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2410
|
+
"top_25_rank_2024": null,
|
|
2411
|
+
"top_25_rank_2025": null,
|
|
2412
|
+
"view_memberships": [
|
|
2413
|
+
"CWE-1000",
|
|
2414
|
+
"CWE-2000"
|
|
2415
|
+
],
|
|
2416
|
+
"related_weaknesses": [],
|
|
2417
|
+
"evidence_cves": [
|
|
2418
|
+
"CVE-2025-11371"
|
|
2419
|
+
],
|
|
2420
|
+
"last_verified": "2026-05-18",
|
|
2421
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2422
|
+
},
|
|
2423
|
+
"CWE-611": {
|
|
2424
|
+
"id": "CWE-611",
|
|
2425
|
+
"name": "Improper Restriction of XML External Entity Reference",
|
|
2426
|
+
"abstraction": "Base",
|
|
2427
|
+
"category": "XML / Injection",
|
|
2428
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/611.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2429
|
+
"top_25_rank_2024": null,
|
|
2430
|
+
"top_25_rank_2025": null,
|
|
2431
|
+
"view_memberships": [
|
|
2432
|
+
"CWE-1000",
|
|
2433
|
+
"CWE-2000"
|
|
2434
|
+
],
|
|
2435
|
+
"related_weaknesses": [],
|
|
2436
|
+
"evidence_cves": [
|
|
2437
|
+
"CVE-2025-2775",
|
|
2438
|
+
"CVE-2025-2776",
|
|
2439
|
+
"CVE-2025-58360"
|
|
2440
|
+
],
|
|
2441
|
+
"last_verified": "2026-05-18",
|
|
2442
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2443
|
+
},
|
|
2444
|
+
"CWE-648": {
|
|
2445
|
+
"id": "CWE-648",
|
|
2446
|
+
"name": "Incorrect Use of Privileged APIs",
|
|
2447
|
+
"abstraction": "Base",
|
|
2448
|
+
"category": "Access Control",
|
|
2449
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/648.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2450
|
+
"top_25_rank_2024": null,
|
|
2451
|
+
"top_25_rank_2025": null,
|
|
2452
|
+
"view_memberships": [
|
|
2453
|
+
"CWE-1000",
|
|
2454
|
+
"CWE-2000"
|
|
2455
|
+
],
|
|
2456
|
+
"related_weaknesses": [],
|
|
2457
|
+
"evidence_cves": [
|
|
2458
|
+
"CVE-2026-20122"
|
|
2459
|
+
],
|
|
2460
|
+
"last_verified": "2026-05-18",
|
|
2461
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2462
|
+
},
|
|
2463
|
+
"CWE-667": {
|
|
2464
|
+
"id": "CWE-667",
|
|
2465
|
+
"name": "Improper Locking",
|
|
2466
|
+
"abstraction": "Class",
|
|
2467
|
+
"category": "Concurrency",
|
|
2468
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/667.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2469
|
+
"top_25_rank_2024": null,
|
|
2470
|
+
"top_25_rank_2025": null,
|
|
2471
|
+
"view_memberships": [
|
|
2472
|
+
"CWE-1000",
|
|
2473
|
+
"CWE-2000"
|
|
2474
|
+
],
|
|
2475
|
+
"related_weaknesses": [],
|
|
2476
|
+
"evidence_cves": [
|
|
2477
|
+
"CVE-2025-43510"
|
|
2478
|
+
],
|
|
2479
|
+
"last_verified": "2026-05-18",
|
|
2480
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2481
|
+
},
|
|
2482
|
+
"CWE-807": {
|
|
2483
|
+
"id": "CWE-807",
|
|
2484
|
+
"name": "Reliance on Untrusted Inputs in a Security Decision",
|
|
2485
|
+
"abstraction": "Class",
|
|
2486
|
+
"category": "Authorization",
|
|
2487
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/807.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2488
|
+
"top_25_rank_2024": null,
|
|
2489
|
+
"top_25_rank_2025": null,
|
|
2490
|
+
"view_memberships": [
|
|
2491
|
+
"CWE-1000",
|
|
2492
|
+
"CWE-2000"
|
|
2493
|
+
],
|
|
2494
|
+
"related_weaknesses": [],
|
|
2495
|
+
"evidence_cves": [
|
|
2496
|
+
"CVE-2019-9621",
|
|
2497
|
+
"CVE-2026-21509",
|
|
2498
|
+
"CVE-2026-21514"
|
|
2499
|
+
],
|
|
2500
|
+
"last_verified": "2026-05-18",
|
|
2501
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2502
|
+
},
|
|
2503
|
+
"CWE-822": {
|
|
2504
|
+
"id": "CWE-822",
|
|
2505
|
+
"name": "Untrusted Pointer Dereference",
|
|
2506
|
+
"abstraction": "Base",
|
|
2507
|
+
"category": "Memory Safety",
|
|
2508
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/822.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2509
|
+
"top_25_rank_2024": null,
|
|
2510
|
+
"top_25_rank_2025": null,
|
|
2511
|
+
"view_memberships": [
|
|
2512
|
+
"CWE-1000",
|
|
2513
|
+
"CWE-2000"
|
|
2514
|
+
],
|
|
2515
|
+
"related_weaknesses": [],
|
|
2516
|
+
"evidence_cves": [
|
|
2517
|
+
"CVE-2025-24990"
|
|
2518
|
+
],
|
|
2519
|
+
"last_verified": "2026-05-18",
|
|
2520
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2521
|
+
},
|
|
2522
|
+
"CWE-843": {
|
|
2523
|
+
"id": "CWE-843",
|
|
2524
|
+
"name": "Access of Resource Using Incompatible Type ('Type Confusion')",
|
|
2525
|
+
"abstraction": "Base",
|
|
2526
|
+
"category": "Memory Safety",
|
|
2527
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/843.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2528
|
+
"top_25_rank_2024": null,
|
|
2529
|
+
"top_25_rank_2025": null,
|
|
2530
|
+
"view_memberships": [
|
|
2531
|
+
"CWE-1000",
|
|
2532
|
+
"CWE-2000"
|
|
2533
|
+
],
|
|
2534
|
+
"related_weaknesses": [],
|
|
2535
|
+
"evidence_cves": [
|
|
2536
|
+
"CVE-2025-13223",
|
|
2537
|
+
"CVE-2025-30397",
|
|
2538
|
+
"CVE-2025-6554",
|
|
2539
|
+
"CVE-2026-21519"
|
|
2540
|
+
],
|
|
2541
|
+
"last_verified": "2026-05-18",
|
|
2542
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2543
|
+
},
|
|
2544
|
+
"CWE-913": {
|
|
2545
|
+
"id": "CWE-913",
|
|
2546
|
+
"name": "Improper Control of Dynamically-Managed Code Resources",
|
|
2547
|
+
"abstraction": "Class",
|
|
2548
|
+
"category": "Code Injection",
|
|
2549
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/913.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2550
|
+
"top_25_rank_2024": null,
|
|
2551
|
+
"top_25_rank_2025": null,
|
|
2552
|
+
"view_memberships": [
|
|
2553
|
+
"CWE-1000",
|
|
2554
|
+
"CWE-2000"
|
|
2555
|
+
],
|
|
2556
|
+
"related_weaknesses": [],
|
|
2557
|
+
"evidence_cves": [
|
|
2558
|
+
"CVE-2025-68613"
|
|
2559
|
+
],
|
|
2560
|
+
"last_verified": "2026-05-18",
|
|
2561
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2562
|
+
},
|
|
2563
|
+
"CWE-940": {
|
|
2564
|
+
"id": "CWE-940",
|
|
2565
|
+
"name": "Improper Verification of Source of a Communication Channel",
|
|
2566
|
+
"abstraction": "Class",
|
|
2567
|
+
"category": "Authentication",
|
|
2568
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/940.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2569
|
+
"top_25_rank_2024": null,
|
|
2570
|
+
"top_25_rank_2025": null,
|
|
2571
|
+
"view_memberships": [
|
|
2572
|
+
"CWE-1000",
|
|
2573
|
+
"CWE-2000"
|
|
2574
|
+
],
|
|
2575
|
+
"related_weaknesses": [],
|
|
2576
|
+
"evidence_cves": [
|
|
2577
|
+
"CVE-2025-61932"
|
|
2578
|
+
],
|
|
2579
|
+
"last_verified": "2026-05-18",
|
|
2580
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2581
|
+
},
|
|
2582
|
+
"CWE-1321": {
|
|
2583
|
+
"id": "CWE-1321",
|
|
2584
|
+
"name": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')",
|
|
2585
|
+
"abstraction": "Base",
|
|
2586
|
+
"category": "Injection",
|
|
2587
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/1321.html. Added v0.13.17 to back KEV bulk-imported cwe_refs.",
|
|
2588
|
+
"top_25_rank_2024": null,
|
|
2589
|
+
"top_25_rank_2025": null,
|
|
2590
|
+
"view_memberships": [
|
|
2591
|
+
"CWE-1000",
|
|
2592
|
+
"CWE-2000"
|
|
2593
|
+
],
|
|
2594
|
+
"related_weaknesses": [],
|
|
2595
|
+
"evidence_cves": [
|
|
2596
|
+
"CVE-2026-34621"
|
|
2597
|
+
],
|
|
2598
|
+
"last_verified": "2026-05-18",
|
|
2599
|
+
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2600
|
+
},
|
|
2601
|
+
"CWE-35": {
|
|
2602
|
+
"id": "CWE-35",
|
|
2603
|
+
"name": "Path Traversal: '.../...//'",
|
|
2604
|
+
"abstraction": "Variant",
|
|
2605
|
+
"category": "Path Traversal",
|
|
2606
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/35.html. Added v0.13.17 round-2 to back KEV bulk-imported cwe_refs.",
|
|
2607
|
+
"top_25_rank_2024": null,
|
|
2608
|
+
"top_25_rank_2025": null,
|
|
2609
|
+
"view_memberships": [
|
|
2610
|
+
"CWE-1000",
|
|
2611
|
+
"CWE-2000"
|
|
2612
|
+
],
|
|
2613
|
+
"related_weaknesses": [],
|
|
2614
|
+
"evidence_cves": [
|
|
2615
|
+
"CVE-2025-8088"
|
|
2616
|
+
],
|
|
2617
|
+
"last_verified": "2026-05-18",
|
|
2618
|
+
"notes": "Added v0.13.17 KEV bulk-import round 2."
|
|
2619
|
+
},
|
|
2620
|
+
"CWE-73": {
|
|
2621
|
+
"id": "CWE-73",
|
|
2622
|
+
"name": "External Control of File Name or Path",
|
|
2623
|
+
"abstraction": "Base",
|
|
2624
|
+
"category": "Path Traversal",
|
|
2625
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/73.html. Added v0.13.17 round-2 to back KEV bulk-imported cwe_refs.",
|
|
2626
|
+
"top_25_rank_2024": null,
|
|
2627
|
+
"top_25_rank_2025": null,
|
|
2628
|
+
"view_memberships": [
|
|
2629
|
+
"CWE-1000",
|
|
2630
|
+
"CWE-2000"
|
|
2631
|
+
],
|
|
2632
|
+
"related_weaknesses": [],
|
|
2633
|
+
"evidence_cves": [
|
|
2634
|
+
"CVE-2025-33053"
|
|
2635
|
+
],
|
|
2636
|
+
"last_verified": "2026-05-18",
|
|
2637
|
+
"notes": "Added v0.13.17 KEV bulk-import round 2."
|
|
2638
|
+
},
|
|
2639
|
+
"CWE-74": {
|
|
2640
|
+
"id": "CWE-74",
|
|
2641
|
+
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
|
|
2642
|
+
"abstraction": "Class",
|
|
2643
|
+
"category": "Injection",
|
|
2644
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/74.html. Added v0.13.17 round-2 to back KEV bulk-imported cwe_refs.",
|
|
2645
|
+
"top_25_rank_2024": null,
|
|
2646
|
+
"top_25_rank_2025": null,
|
|
2647
|
+
"view_memberships": [
|
|
2648
|
+
"CWE-1000",
|
|
2649
|
+
"CWE-2000"
|
|
2650
|
+
],
|
|
2651
|
+
"related_weaknesses": [],
|
|
2652
|
+
"evidence_cves": [
|
|
2653
|
+
"CVE-2025-20281",
|
|
2654
|
+
"CVE-2025-20337"
|
|
2655
|
+
],
|
|
2656
|
+
"last_verified": "2026-05-18",
|
|
2657
|
+
"notes": "Added v0.13.17 KEV bulk-import round 2."
|
|
2658
|
+
},
|
|
2659
|
+
"CWE-122": {
|
|
2660
|
+
"id": "CWE-122",
|
|
2661
|
+
"name": "Heap-based Buffer Overflow",
|
|
2662
|
+
"abstraction": "Variant",
|
|
2663
|
+
"category": "Memory Safety",
|
|
2664
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/122.html. Added v0.13.17 round-2 to back KEV bulk-imported cwe_refs.",
|
|
2665
|
+
"top_25_rank_2024": null,
|
|
2666
|
+
"top_25_rank_2025": null,
|
|
2667
|
+
"view_memberships": [
|
|
2668
|
+
"CWE-1000",
|
|
2669
|
+
"CWE-2000"
|
|
2670
|
+
],
|
|
2671
|
+
"related_weaknesses": [],
|
|
2672
|
+
"evidence_cves": [
|
|
2673
|
+
"CVE-2025-32706"
|
|
2674
|
+
],
|
|
2675
|
+
"last_verified": "2026-05-18",
|
|
2676
|
+
"notes": "Added v0.13.17 KEV bulk-import round 2."
|
|
2677
|
+
},
|
|
2678
|
+
"CWE-124": {
|
|
2679
|
+
"id": "CWE-124",
|
|
2680
|
+
"name": "Buffer Underwrite ('Buffer Underflow')",
|
|
2681
|
+
"abstraction": "Variant",
|
|
2682
|
+
"category": "Memory Safety",
|
|
2683
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/124.html. Added v0.13.17 round-2 to back KEV bulk-imported cwe_refs.",
|
|
2684
|
+
"top_25_rank_2024": null,
|
|
2685
|
+
"top_25_rank_2025": null,
|
|
2686
|
+
"view_memberships": [
|
|
2687
|
+
"CWE-1000",
|
|
2688
|
+
"CWE-2000"
|
|
2689
|
+
],
|
|
2690
|
+
"related_weaknesses": [],
|
|
2691
|
+
"evidence_cves": [
|
|
2692
|
+
"CVE-2025-32756"
|
|
2693
|
+
],
|
|
2694
|
+
"last_verified": "2026-05-18",
|
|
2695
|
+
"notes": "Added v0.13.17 KEV bulk-import round 2."
|
|
2696
|
+
},
|
|
2697
|
+
"CWE-158": {
|
|
2698
|
+
"id": "CWE-158",
|
|
2699
|
+
"name": "Improper Neutralization of Null Byte or NUL Character",
|
|
2700
|
+
"abstraction": "Base",
|
|
2701
|
+
"category": "Injection",
|
|
2702
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/158.html. Added v0.13.17 round-2 to back KEV bulk-imported cwe_refs.",
|
|
2703
|
+
"top_25_rank_2024": null,
|
|
2704
|
+
"top_25_rank_2025": null,
|
|
2705
|
+
"view_memberships": [
|
|
2706
|
+
"CWE-1000",
|
|
2707
|
+
"CWE-2000"
|
|
2708
|
+
],
|
|
2709
|
+
"related_weaknesses": [],
|
|
2710
|
+
"evidence_cves": [
|
|
2711
|
+
"CVE-2025-47812"
|
|
2712
|
+
],
|
|
2713
|
+
"last_verified": "2026-05-18",
|
|
2714
|
+
"notes": "Added v0.13.17 KEV bulk-import round 2."
|
|
2715
|
+
},
|
|
2716
|
+
"CWE-290": {
|
|
2717
|
+
"id": "CWE-290",
|
|
2718
|
+
"name": "Authentication Bypass by Spoofing",
|
|
2719
|
+
"abstraction": "Base",
|
|
2720
|
+
"category": "Authentication",
|
|
2721
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/290.html. Added v0.13.17 round-2 to back KEV bulk-imported cwe_refs.",
|
|
2722
|
+
"top_25_rank_2024": null,
|
|
2723
|
+
"top_25_rank_2025": null,
|
|
2724
|
+
"view_memberships": [
|
|
2725
|
+
"CWE-1000",
|
|
2726
|
+
"CWE-2000"
|
|
2727
|
+
],
|
|
2728
|
+
"related_weaknesses": [],
|
|
2729
|
+
"evidence_cves": [
|
|
2730
|
+
"CVE-2023-50224",
|
|
2731
|
+
"CVE-2024-54085"
|
|
2732
|
+
],
|
|
2733
|
+
"last_verified": "2026-05-18",
|
|
2734
|
+
"notes": "Added v0.13.17 KEV bulk-import round 2."
|
|
2735
|
+
},
|
|
2736
|
+
"CWE-399": {
|
|
2737
|
+
"id": "CWE-399",
|
|
2738
|
+
"name": "Resource Management Errors (deprecated category)",
|
|
2739
|
+
"abstraction": "Category",
|
|
2740
|
+
"category": "Resource Management",
|
|
2741
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/399.html. Added v0.13.17 round-2 to back KEV bulk-imported cwe_refs.",
|
|
2742
|
+
"top_25_rank_2024": null,
|
|
2743
|
+
"top_25_rank_2025": null,
|
|
2744
|
+
"view_memberships": [
|
|
2745
|
+
"CWE-1000",
|
|
2746
|
+
"CWE-2000"
|
|
2747
|
+
],
|
|
2748
|
+
"related_weaknesses": [],
|
|
2749
|
+
"evidence_cves": [
|
|
2750
|
+
"CVE-2013-3893"
|
|
2751
|
+
],
|
|
2752
|
+
"last_verified": "2026-05-18",
|
|
2753
|
+
"notes": "Added v0.13.17 KEV bulk-import round 2."
|
|
2754
|
+
},
|
|
2755
|
+
"CWE-420": {
|
|
2756
|
+
"id": "CWE-420",
|
|
2757
|
+
"name": "Unprotected Alternate Channel",
|
|
2758
|
+
"abstraction": "Base",
|
|
2759
|
+
"category": "Authentication",
|
|
2760
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/420.html. Added v0.13.17 round-2 to back KEV bulk-imported cwe_refs.",
|
|
2761
|
+
"top_25_rank_2024": null,
|
|
2762
|
+
"top_25_rank_2025": null,
|
|
2763
|
+
"view_memberships": [
|
|
2764
|
+
"CWE-1000",
|
|
2765
|
+
"CWE-2000"
|
|
2766
|
+
],
|
|
2767
|
+
"related_weaknesses": [],
|
|
2768
|
+
"evidence_cves": [
|
|
2769
|
+
"CVE-2025-54309"
|
|
2770
|
+
],
|
|
2771
|
+
"last_verified": "2026-05-18",
|
|
2772
|
+
"notes": "Added v0.13.17 KEV bulk-import round 2."
|
|
2773
|
+
},
|
|
2774
|
+
"CWE-436": {
|
|
2775
|
+
"id": "CWE-436",
|
|
2776
|
+
"name": "Interpretation Conflict",
|
|
2777
|
+
"abstraction": "Class",
|
|
2778
|
+
"category": "Protocol Errors",
|
|
2779
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/436.html. Added v0.13.17 round-2 to back KEV bulk-imported cwe_refs.",
|
|
2780
|
+
"top_25_rank_2024": null,
|
|
2781
|
+
"top_25_rank_2025": null,
|
|
2782
|
+
"view_memberships": [
|
|
2783
|
+
"CWE-1000",
|
|
2784
|
+
"CWE-2000"
|
|
2785
|
+
],
|
|
2786
|
+
"related_weaknesses": [],
|
|
2787
|
+
"evidence_cves": [
|
|
2788
|
+
"CVE-2025-48384"
|
|
2789
|
+
],
|
|
2790
|
+
"last_verified": "2026-05-18",
|
|
2791
|
+
"notes": "Added v0.13.17 KEV bulk-import round 2."
|
|
2792
|
+
},
|
|
2793
|
+
"CWE-472": {
|
|
2794
|
+
"id": "CWE-472",
|
|
2795
|
+
"name": "External Control of Assumed-Immutable Web Parameter",
|
|
2796
|
+
"abstraction": "Base",
|
|
2797
|
+
"category": "Authorization",
|
|
2798
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/472.html. Added v0.13.17 round-2 to back KEV bulk-imported cwe_refs.",
|
|
2799
|
+
"top_25_rank_2024": null,
|
|
2800
|
+
"top_25_rank_2025": null,
|
|
2801
|
+
"view_memberships": [
|
|
2802
|
+
"CWE-1000",
|
|
2803
|
+
"CWE-2000"
|
|
2804
|
+
],
|
|
2805
|
+
"related_weaknesses": [],
|
|
2806
|
+
"evidence_cves": [
|
|
2807
|
+
"CVE-2025-35939"
|
|
2808
|
+
],
|
|
2809
|
+
"last_verified": "2026-05-18",
|
|
2810
|
+
"notes": "Added v0.13.17 KEV bulk-import round 2."
|
|
2811
|
+
},
|
|
2812
|
+
"CWE-528": {
|
|
2813
|
+
"id": "CWE-528",
|
|
2814
|
+
"name": "Exposure of Core Dump File to an Unauthorized Control Sphere",
|
|
2815
|
+
"abstraction": "Variant",
|
|
2816
|
+
"category": "Information Disclosure",
|
|
2817
|
+
"description": "MITRE-canonical CWE entry; full text at https://cwe.mitre.org/data/definitions/528.html. Added v0.13.17 round-2 to back KEV bulk-imported cwe_refs.",
|
|
2818
|
+
"top_25_rank_2024": null,
|
|
2819
|
+
"top_25_rank_2025": null,
|
|
2820
|
+
"view_memberships": [
|
|
2821
|
+
"CWE-1000",
|
|
2822
|
+
"CWE-2000"
|
|
2823
|
+
],
|
|
2824
|
+
"related_weaknesses": [],
|
|
2825
|
+
"evidence_cves": [
|
|
2826
|
+
"CVE-2025-48928"
|
|
2827
|
+
],
|
|
2828
|
+
"last_verified": "2026-05-18",
|
|
2829
|
+
"notes": "Added v0.13.17 KEV bulk-import round 2."
|
|
1760
2830
|
}
|
|
1761
2831
|
}
|