npm - @blamejs/exceptd-skills - Versions diffs - 0.13.15 → 0.13.17 - Mend

@blamejs/exceptd-skills 0.13.15 → 0.13.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/AGENTS.md +5 -2
package/CHANGELOG.md +42 -0
package/README.md +3 -3
package/data/_indexes/_meta.json +9 -9
package/data/_indexes/activity-feed.json +5 -5
package/data/_indexes/catalog-summaries.json +5 -5
package/data/_indexes/chains.json +36194 -5006
package/data/_indexes/frequency.json +50 -1
package/data/attack-techniques.json +310 -1
package/data/cve-catalog.json +26215 -4
package/data/cwe-catalog.json +1090 -20
package/data/framework-control-gaps.json +866 -2
package/data/zeroday-lessons.json +10758 -0
package/lib/cve-regression-watcher.js +218 -0
package/lib/refresh-external.js +11 -0
package/lib/source-advisories.js +162 -11
package/manifest.json +44 -44
package/package.json +2 -2
package/sbom.cdx.json +46 -31

package/data/framework-control-gaps.json CHANGED Viewed

@@ -1213,20 +1213,262 @@
     "status": "open",
     "opened_date": "2026-03-15",
     "evidence_cves": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
+      "CVE-2007-0671",
+      "CVE-2008-0015",
+      "CVE-2009-0238",
+      "CVE-2009-0556",
+      "CVE-2010-3765",
+      "CVE-2010-3962",
+      "CVE-2011-3402",
+      "CVE-2012-1854",
+      "CVE-2013-3893",
+      "CVE-2013-3918",
+      "CVE-2014-3931",
+      "CVE-2014-6278",
+      "CVE-2015-7755",
+      "CVE-2016-10033",
+      "CVE-2016-7836",
+      "CVE-2017-1000353",
+      "CVE-2017-7921",
+      "CVE-2018-14634",
+      "CVE-2018-4063",
+      "CVE-2019-19006",
+      "CVE-2019-5418",
+      "CVE-2019-6693",
+      "CVE-2019-9621",
+      "CVE-2020-17103-REREGRESSION-2026",
+      "CVE-2020-24363",
+      "CVE-2020-25078",
+      "CVE-2020-25079",
+      "CVE-2020-7796",
+      "CVE-2020-9715",
+      "CVE-2021-21311",
+      "CVE-2021-22054",
+      "CVE-2021-22175",
+      "CVE-2021-22555",
+      "CVE-2021-22681",
+      "CVE-2021-26828",
+      "CVE-2021-26829",
+      "CVE-2021-30952",
+      "CVE-2021-32030",
+      "CVE-2021-39935",
+      "CVE-2021-43226",
+      "CVE-2021-43798",
+      "CVE-2022-20775",
+      "CVE-2022-37055",
+      "CVE-2022-40799",
+      "CVE-2022-48503",
+      "CVE-2023-0386",
+      "CVE-2023-21529",
+      "CVE-2023-2533",
+      "CVE-2023-27351",
+      "CVE-2023-33538",
+      "CVE-2023-36424",
+      "CVE-2023-38950",
+      "CVE-2023-39780",
+      "CVE-2023-41974",
+      "CVE-2023-43000",
+      "CVE-2023-50224",
+      "CVE-2023-52163",
+      "CVE-2024-0769",
+      "CVE-2024-11182",
+      "CVE-2024-12987",
+      "CVE-2024-1708",
       "CVE-2024-21762",
+      "CVE-2024-27199",
+      "CVE-2024-27443",
+      "CVE-2024-37079",
+      "CVE-2024-42009",
+      "CVE-2024-43468",
+      "CVE-2024-54085",
+      "CVE-2024-56145",
+      "CVE-2024-57726",
+      "CVE-2024-57728",
+      "CVE-2024-7399",
+      "CVE-2024-7694",
+      "CVE-2024-8068",
+      "CVE-2024-8069",
+      "CVE-2025-10035",
       "CVE-2025-10585",
+      "CVE-2025-11371",
+      "CVE-2025-11953",
+      "CVE-2025-12480",
+      "CVE-2025-13223",
       "CVE-2025-14174",
+      "CVE-2025-14611",
+      "CVE-2025-14733",
+      "CVE-2025-15556",
+      "CVE-2025-20281",
+      "CVE-2025-20333",
+      "CVE-2025-20337",
+      "CVE-2025-20352",
+      "CVE-2025-20362",
+      "CVE-2025-20393",
+      "CVE-2025-21042",
+      "CVE-2025-21043",
+      "CVE-2025-21479",
+      "CVE-2025-21480",
+      "CVE-2025-24016",
       "CVE-2025-24201",
+      "CVE-2025-24893",
+      "CVE-2025-24990",
+      "CVE-2025-25257",
+      "CVE-2025-26399",
+      "CVE-2025-27038",
+      "CVE-2025-2746",
+      "CVE-2025-2747",
+      "CVE-2025-2749",
+      "CVE-2025-2775",
+      "CVE-2025-2776",
+      "CVE-2025-27915",
+      "CVE-2025-27920",
+      "CVE-2025-29635",
+      "CVE-2025-30397",
+      "CVE-2025-31125",
+      "CVE-2025-31277",
+      "CVE-2025-32432",
+      "CVE-2025-32433",
+      "CVE-2025-32463",
+      "CVE-2025-32701",
+      "CVE-2025-32706",
+      "CVE-2025-32709",
+      "CVE-2025-32756",
+      "CVE-2025-32975",
+      "CVE-2025-33053",
+      "CVE-2025-33073",
+      "CVE-2025-34026",
+      "CVE-2025-35939",
+      "CVE-2025-37164",
       "CVE-2025-38352",
+      "CVE-2025-3935",
+      "CVE-2025-4008",
+      "CVE-2025-40536",
+      "CVE-2025-40551",
+      "CVE-2025-40602",
+      "CVE-2025-41244",
+      "CVE-2025-42999",
+      "CVE-2025-43200",
       "CVE-2025-43300",
+      "CVE-2025-43510",
+      "CVE-2025-43520",
       "CVE-2025-43529",
+      "CVE-2025-4427",
+      "CVE-2025-4428",
+      "CVE-2025-4632",
+      "CVE-2025-47812",
+      "CVE-2025-47813",
+      "CVE-2025-47827",
+      "CVE-2025-48384",
+      "CVE-2025-48543",
+      "CVE-2025-48572",
+      "CVE-2025-48633",
+      "CVE-2025-48700",
+      "CVE-2025-48703",
+      "CVE-2025-48927",
+      "CVE-2025-48928",
+      "CVE-2025-49113",
       "CVE-2025-4919",
+      "CVE-2025-49704",
+      "CVE-2025-49706",
+      "CVE-2025-5086",
+      "CVE-2025-52691",
+      "CVE-2025-53521",
+      "CVE-2025-53690",
+      "CVE-2025-53770",
+      "CVE-2025-54068",
+      "CVE-2025-5419",
+      "CVE-2025-54236",
+      "CVE-2025-54253",
+      "CVE-2025-54309",
+      "CVE-2025-54313",
+      "CVE-2025-54948",
+      "CVE-2025-55177",
+      "CVE-2025-55182",
+      "CVE-2025-5777",
+      "CVE-2025-57819",
+      "CVE-2025-58034",
+      "CVE-2025-58360",
+      "CVE-2025-59230",
+      "CVE-2025-59287",
+      "CVE-2025-59374",
+      "CVE-2025-59689",
+      "CVE-2025-59718",
+      "CVE-2025-60710",
+      "CVE-2025-61757",
+      "CVE-2025-61882",
+      "CVE-2025-61884",
+      "CVE-2025-61932",
+      "CVE-2025-6204",
+      "CVE-2025-6205",
+      "CVE-2025-6218",
+      "CVE-2025-62215",
+      "CVE-2025-62221",
+      "CVE-2025-64328",
+      "CVE-2025-64446",
+      "CVE-2025-6543",
+      "CVE-2025-6554",
+      "CVE-2025-6558",
+      "CVE-2025-66376",
+      "CVE-2025-66644",
+      "CVE-2025-68461",
+      "CVE-2025-68613",
+      "CVE-2025-68645",
+      "CVE-2025-7775",
+      "CVE-2025-8088",
+      "CVE-2025-8110",
+      "CVE-2025-8875",
+      "CVE-2025-8876",
+      "CVE-2025-9242",
+      "CVE-2025-9377",
       "CVE-2026-0300",
+      "CVE-2026-1281",
+      "CVE-2026-1340",
+      "CVE-2026-1603",
+      "CVE-2026-1731",
+      "CVE-2026-20045",
+      "CVE-2026-20122",
+      "CVE-2026-20127",
+      "CVE-2026-20128",
+      "CVE-2026-20131",
+      "CVE-2026-20133",
+      "CVE-2026-20700",
+      "CVE-2026-20805",
+      "CVE-2026-20963",
+      "CVE-2026-21385",
+      "CVE-2026-21509",
+      "CVE-2026-21510",
+      "CVE-2026-21513",
+      "CVE-2026-21514",
+      "CVE-2026-21519",
+      "CVE-2026-21525",
+      "CVE-2026-21533",
+      "CVE-2026-21643",
+      "CVE-2026-22719",
+      "CVE-2026-22769",
+      "CVE-2026-23760",
+      "CVE-2026-24061",
+      "CVE-2026-2441",
+      "CVE-2026-24423",
+      "CVE-2026-24858",
+      "CVE-2026-25108",
+      "CVE-2026-3055",
       "CVE-2026-31431",
       "CVE-2026-31635",
+      "CVE-2026-32201",
+      "CVE-2026-33017",
+      "CVE-2026-33634",
+      "CVE-2026-34197",
+      "CVE-2026-34621",
+      "CVE-2026-3502",
+      "CVE-2026-35616",
+      "CVE-2026-3909",
+      "CVE-2026-3910",
+      "CVE-2026-41940",
       "CVE-2026-42945",
       "CVE-2026-46300",
-      "CVE-2026-46333"
+      "CVE-2026-46333",
+      "CVE-2026-5281"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -1663,6 +1905,7 @@
     "status": "open",
     "opened_date": "2026-04-01",
     "evidence_cves": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
       "CVE-2025-14847",
       "CVE-2025-22226",
       "CVE-2026-43284"
@@ -1870,31 +2113,273 @@
     "status": "open",
     "opened_date": "2026-03-15",
     "evidence_cves": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
+      "CVE-2007-0671",
+      "CVE-2008-0015",
+      "CVE-2009-0238",
+      "CVE-2009-0556",
+      "CVE-2010-3765",
+      "CVE-2010-3962",
+      "CVE-2011-3402",
+      "CVE-2012-1854",
+      "CVE-2013-3893",
+      "CVE-2013-3918",
+      "CVE-2014-3931",
+      "CVE-2014-6278",
+      "CVE-2015-7755",
+      "CVE-2016-10033",
+      "CVE-2016-7836",
+      "CVE-2017-1000353",
+      "CVE-2017-7921",
+      "CVE-2018-14634",
+      "CVE-2018-4063",
+      "CVE-2019-19006",
+      "CVE-2019-5418",
+      "CVE-2019-6693",
+      "CVE-2019-9621",
+      "CVE-2020-17103-REREGRESSION-2026",
+      "CVE-2020-24363",
+      "CVE-2020-25078",
+      "CVE-2020-25079",
+      "CVE-2020-7796",
+      "CVE-2020-9715",
+      "CVE-2021-21311",
+      "CVE-2021-22054",
+      "CVE-2021-22175",
+      "CVE-2021-22555",
+      "CVE-2021-22681",
+      "CVE-2021-26828",
+      "CVE-2021-26829",
+      "CVE-2021-30952",
+      "CVE-2021-32030",
+      "CVE-2021-39935",
+      "CVE-2021-43226",
+      "CVE-2021-43798",
+      "CVE-2022-20775",
+      "CVE-2022-37055",
+      "CVE-2022-40799",
+      "CVE-2022-48503",
+      "CVE-2023-0386",
+      "CVE-2023-21529",
+      "CVE-2023-2533",
+      "CVE-2023-27351",
+      "CVE-2023-33538",
       "CVE-2023-3519",
+      "CVE-2023-36424",
+      "CVE-2023-38950",
+      "CVE-2023-39780",
+      "CVE-2023-41974",
+      "CVE-2023-43000",
+      "CVE-2023-50224",
+      "CVE-2023-52163",
+      "CVE-2024-0769",
+      "CVE-2024-11182",
+      "CVE-2024-12987",
+      "CVE-2024-1708",
       "CVE-2024-21762",
+      "CVE-2024-27199",
+      "CVE-2024-27443",
+      "CVE-2024-37079",
+      "CVE-2024-42009",
+      "CVE-2024-43468",
+      "CVE-2024-54085",
+      "CVE-2024-56145",
+      "CVE-2024-57726",
+      "CVE-2024-57728",
+      "CVE-2024-7399",
+      "CVE-2024-7694",
+      "CVE-2024-8068",
+      "CVE-2024-8069",
+      "CVE-2025-10035",
       "CVE-2025-10585",
+      "CVE-2025-11371",
+      "CVE-2025-11953",
+      "CVE-2025-12480",
       "CVE-2025-12686",
+      "CVE-2025-13223",
       "CVE-2025-14174",
+      "CVE-2025-14611",
+      "CVE-2025-14733",
+      "CVE-2025-15556",
+      "CVE-2025-20281",
+      "CVE-2025-20333",
+      "CVE-2025-20337",
+      "CVE-2025-20352",
+      "CVE-2025-20362",
+      "CVE-2025-20393",
+      "CVE-2025-21042",
+      "CVE-2025-21043",
+      "CVE-2025-21479",
+      "CVE-2025-21480",
+      "CVE-2025-24016",
       "CVE-2025-24201",
+      "CVE-2025-24893",
+      "CVE-2025-24990",
+      "CVE-2025-25257",
+      "CVE-2025-26399",
+      "CVE-2025-27038",
+      "CVE-2025-2746",
+      "CVE-2025-2747",
+      "CVE-2025-2749",
+      "CVE-2025-2775",
+      "CVE-2025-2776",
+      "CVE-2025-27915",
+      "CVE-2025-27920",
+      "CVE-2025-29635",
+      "CVE-2025-30397",
+      "CVE-2025-31125",
+      "CVE-2025-31277",
+      "CVE-2025-32432",
+      "CVE-2025-32433",
+      "CVE-2025-32463",
+      "CVE-2025-32701",
+      "CVE-2025-32706",
+      "CVE-2025-32709",
+      "CVE-2025-32756",
+      "CVE-2025-32975",
+      "CVE-2025-33053",
+      "CVE-2025-33073",
+      "CVE-2025-34026",
+      "CVE-2025-35939",
+      "CVE-2025-37164",
       "CVE-2025-38352",
+      "CVE-2025-3935",
+      "CVE-2025-4008",
+      "CVE-2025-40536",
+      "CVE-2025-40551",
+      "CVE-2025-40602",
+      "CVE-2025-41244",
+      "CVE-2025-42999",
+      "CVE-2025-43200",
       "CVE-2025-43300",
+      "CVE-2025-43510",
+      "CVE-2025-43520",
       "CVE-2025-43529",
+      "CVE-2025-4427",
+      "CVE-2025-4428",
+      "CVE-2025-4632",
+      "CVE-2025-47812",
+      "CVE-2025-47813",
+      "CVE-2025-47827",
+      "CVE-2025-48384",
+      "CVE-2025-48543",
+      "CVE-2025-48572",
+      "CVE-2025-48633",
+      "CVE-2025-48700",
+      "CVE-2025-48703",
+      "CVE-2025-48927",
+      "CVE-2025-48928",
+      "CVE-2025-49113",
       "CVE-2025-4919",
+      "CVE-2025-49704",
+      "CVE-2025-49706",
+      "CVE-2025-5086",
+      "CVE-2025-52691",
+      "CVE-2025-53521",
+      "CVE-2025-53690",
+      "CVE-2025-53770",
+      "CVE-2025-54068",
+      "CVE-2025-5419",
+      "CVE-2025-54236",
+      "CVE-2025-54253",
+      "CVE-2025-54309",
+      "CVE-2025-54313",
+      "CVE-2025-54948",
+      "CVE-2025-55177",
+      "CVE-2025-55182",
+      "CVE-2025-5777",
+      "CVE-2025-57819",
+      "CVE-2025-58034",
+      "CVE-2025-58360",
+      "CVE-2025-59230",
+      "CVE-2025-59287",
+      "CVE-2025-59374",
       "CVE-2025-59389",
+      "CVE-2025-59689",
+      "CVE-2025-59718",
+      "CVE-2025-60710",
+      "CVE-2025-61757",
+      "CVE-2025-61882",
+      "CVE-2025-61884",
+      "CVE-2025-61932",
+      "CVE-2025-6204",
+      "CVE-2025-6205",
+      "CVE-2025-6218",
+      "CVE-2025-62215",
+      "CVE-2025-62221",
       "CVE-2025-62847",
       "CVE-2025-62848",
       "CVE-2025-62849",
+      "CVE-2025-64328",
+      "CVE-2025-64446",
+      "CVE-2025-6543",
+      "CVE-2025-6554",
+      "CVE-2025-6558",
+      "CVE-2025-66376",
+      "CVE-2025-66644",
+      "CVE-2025-68461",
+      "CVE-2025-68613",
+      "CVE-2025-68645",
+      "CVE-2025-7775",
+      "CVE-2025-8088",
+      "CVE-2025-8110",
+      "CVE-2025-8875",
+      "CVE-2025-8876",
+      "CVE-2025-9242",
+      "CVE-2025-9377",
       "CVE-2026-0300",
+      "CVE-2026-1281",
+      "CVE-2026-1340",
+      "CVE-2026-1603",
+      "CVE-2026-1731",
+      "CVE-2026-20045",
+      "CVE-2026-20122",
+      "CVE-2026-20127",
+      "CVE-2026-20128",
+      "CVE-2026-20131",
+      "CVE-2026-20133",
+      "CVE-2026-20700",
+      "CVE-2026-20805",
+      "CVE-2026-20963",
+      "CVE-2026-21385",
+      "CVE-2026-21509",
+      "CVE-2026-21510",
+      "CVE-2026-21513",
+      "CVE-2026-21514",
+      "CVE-2026-21519",
+      "CVE-2026-21525",
+      "CVE-2026-21533",
+      "CVE-2026-21643",
+      "CVE-2026-22719",
+      "CVE-2026-22769",
+      "CVE-2026-23760",
+      "CVE-2026-24061",
+      "CVE-2026-2441",
+      "CVE-2026-24423",
+      "CVE-2026-24858",
+      "CVE-2026-25108",
+      "CVE-2026-3055",
       "CVE-2026-31431",
       "CVE-2026-31635",
+      "CVE-2026-32201",
       "CVE-2026-32202",
+      "CVE-2026-33017",
+      "CVE-2026-33634",
       "CVE-2026-33825",
+      "CVE-2026-34197",
+      "CVE-2026-34621",
+      "CVE-2026-3502",
+      "CVE-2026-35616",
+      "CVE-2026-3909",
+      "CVE-2026-3910",
+      "CVE-2026-41940",
       "CVE-2026-42897",
       "CVE-2026-42945",
       "CVE-2026-43284",
       "CVE-2026-43500",
       "CVE-2026-46300",
       "CVE-2026-46333",
+      "CVE-2026-5281",
       "CVE-2026-6973"
     ],
     "atlas_refs": [],
@@ -1926,6 +2411,7 @@
     "status": "open",
     "opened_date": "2026-02-01",
     "evidence_cves": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
       "CVE-2025-11837",
       "CVE-2026-22778",
       "CVE-2026-32202",
@@ -4141,9 +4627,187 @@
     "status": "open",
     "opened_date": "2026-05-15",
     "evidence_cves": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
+      "CVE-2007-0671",
+      "CVE-2008-0015",
+      "CVE-2009-0238",
+      "CVE-2009-0556",
+      "CVE-2010-3765",
+      "CVE-2010-3962",
+      "CVE-2011-3402",
+      "CVE-2012-1854",
+      "CVE-2013-3893",
+      "CVE-2013-3918",
+      "CVE-2014-6278",
+      "CVE-2015-7755",
+      "CVE-2016-10033",
+      "CVE-2016-7836",
+      "CVE-2017-1000353",
+      "CVE-2017-7921",
+      "CVE-2018-4063",
+      "CVE-2019-19006",
+      "CVE-2019-6693",
+      "CVE-2020-24363",
+      "CVE-2020-25078",
+      "CVE-2020-25079",
+      "CVE-2021-22681",
+      "CVE-2021-26828",
+      "CVE-2021-32030",
+      "CVE-2022-37055",
+      "CVE-2022-40799",
+      "CVE-2022-48503",
+      "CVE-2023-0386",
+      "CVE-2023-21529",
+      "CVE-2023-2533",
+      "CVE-2023-27351",
+      "CVE-2023-33538",
+      "CVE-2023-39780",
+      "CVE-2023-50224",
+      "CVE-2023-52163",
+      "CVE-2024-12987",
+      "CVE-2024-37079",
+      "CVE-2024-43468",
+      "CVE-2024-54085",
+      "CVE-2024-56145",
+      "CVE-2024-57726",
+      "CVE-2024-7694",
+      "CVE-2024-8069",
+      "CVE-2025-10035",
       "CVE-2025-10725",
+      "CVE-2025-11371",
+      "CVE-2025-11953",
+      "CVE-2025-12480",
+      "CVE-2025-13223",
+      "CVE-2025-14611",
+      "CVE-2025-14733",
+      "CVE-2025-15556",
+      "CVE-2025-20281",
+      "CVE-2025-20333",
+      "CVE-2025-20337",
+      "CVE-2025-20352",
+      "CVE-2025-20362",
+      "CVE-2025-20393",
+      "CVE-2025-21042",
+      "CVE-2025-21043",
+      "CVE-2025-24016",
+      "CVE-2025-24893",
+      "CVE-2025-25257",
+      "CVE-2025-26399",
+      "CVE-2025-2746",
+      "CVE-2025-2747",
+      "CVE-2025-2775",
+      "CVE-2025-2776",
+      "CVE-2025-29635",
+      "CVE-2025-30397",
+      "CVE-2025-31125",
+      "CVE-2025-32432",
+      "CVE-2025-32433",
+      "CVE-2025-32463",
+      "CVE-2025-32706",
+      "CVE-2025-32756",
+      "CVE-2025-32975",
+      "CVE-2025-33053",
+      "CVE-2025-33073",
+      "CVE-2025-34026",
+      "CVE-2025-35939",
+      "CVE-2025-37164",
+      "CVE-2025-3935",
+      "CVE-2025-4008",
+      "CVE-2025-40536",
+      "CVE-2025-40551",
+      "CVE-2025-41244",
+      "CVE-2025-42999",
+      "CVE-2025-43200",
+      "CVE-2025-43510",
+      "CVE-2025-43520",
+      "CVE-2025-4427",
+      "CVE-2025-4428",
+      "CVE-2025-47812",
+      "CVE-2025-47827",
+      "CVE-2025-48384",
+      "CVE-2025-48703",
+      "CVE-2025-48927",
+      "CVE-2025-48928",
+      "CVE-2025-49113",
+      "CVE-2025-49704",
+      "CVE-2025-49706",
+      "CVE-2025-5086",
+      "CVE-2025-52691",
+      "CVE-2025-53521",
+      "CVE-2025-53690",
+      "CVE-2025-53770",
+      "CVE-2025-54068",
+      "CVE-2025-54236",
+      "CVE-2025-54253",
+      "CVE-2025-54309",
+      "CVE-2025-54313",
+      "CVE-2025-54948",
+      "CVE-2025-55177",
+      "CVE-2025-55182",
       "CVE-2025-55241",
+      "CVE-2025-57819",
+      "CVE-2025-58034",
+      "CVE-2025-58360",
+      "CVE-2025-59230",
+      "CVE-2025-59287",
+      "CVE-2025-59374",
+      "CVE-2025-59689",
+      "CVE-2025-59718",
+      "CVE-2025-61757",
+      "CVE-2025-61882",
+      "CVE-2025-61932",
+      "CVE-2025-6204",
+      "CVE-2025-6205",
+      "CVE-2025-62221",
+      "CVE-2025-64328",
+      "CVE-2025-6554",
+      "CVE-2025-6558",
+      "CVE-2025-66644",
+      "CVE-2025-68613",
+      "CVE-2025-68645",
+      "CVE-2025-7775",
+      "CVE-2025-8875",
+      "CVE-2025-8876",
+      "CVE-2025-9242",
+      "CVE-2025-9377",
+      "CVE-2026-1281",
+      "CVE-2026-1340",
+      "CVE-2026-1603",
+      "CVE-2026-1731",
+      "CVE-2026-20045",
+      "CVE-2026-20122",
+      "CVE-2026-20127",
+      "CVE-2026-20128",
+      "CVE-2026-20131",
+      "CVE-2026-20133",
+      "CVE-2026-20700",
+      "CVE-2026-20963",
+      "CVE-2026-21509",
+      "CVE-2026-21510",
+      "CVE-2026-21513",
+      "CVE-2026-21514",
+      "CVE-2026-21519",
+      "CVE-2026-21525",
+      "CVE-2026-21533",
+      "CVE-2026-21643",
+      "CVE-2026-22719",
+      "CVE-2026-22769",
+      "CVE-2026-23760",
+      "CVE-2026-24061",
+      "CVE-2026-24423",
+      "CVE-2026-24858",
+      "CVE-2026-25108",
+      "CVE-2026-32201",
+      "CVE-2026-33017",
+      "CVE-2026-33634",
       "CVE-2026-33825",
+      "CVE-2026-34197",
+      "CVE-2026-34621",
+      "CVE-2026-3502",
+      "CVE-2026-35616",
+      "CVE-2026-3909",
+      "CVE-2026-3910",
+      "CVE-2026-41940",
       "CVE-2026-6973"
     ],
     "atlas_refs": [],
@@ -4210,6 +4874,7 @@
     "status": "open",
     "opened_date": "2026-05-15",
     "evidence_cves": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
       "CVE-2025-11837",
       "CVE-2026-32202",
       "CVE-2026-33825",
@@ -4280,8 +4945,30 @@
     "status": "open",
     "opened_date": "2026-05-15",
     "evidence_cves": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
+      "CVE-2019-6693",
+      "CVE-2023-21529",
+      "CVE-2023-27351",
+      "CVE-2024-1708",
+      "CVE-2024-27199",
+      "CVE-2024-57726",
+      "CVE-2024-57728",
+      "CVE-2025-10035",
+      "CVE-2025-49704",
+      "CVE-2025-49706",
+      "CVE-2025-52691",
+      "CVE-2025-53770",
+      "CVE-2025-55182",
+      "CVE-2025-5777",
+      "CVE-2025-61882",
+      "CVE-2025-61884",
+      "CVE-2026-1731",
+      "CVE-2026-20131",
+      "CVE-2026-23760",
+      "CVE-2026-24423",
       "CVE-2026-32202",
-      "CVE-2026-33825"
+      "CVE-2026-33825",
+      "CVE-2026-41940"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -5181,6 +5868,7 @@
     "status": "open",
     "opened_at": "2026-05-18",
     "evidence_cves": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
       "CVE-2025-14847"
     ],
     "theater_test": {
@@ -6051,5 +6739,181 @@
       ],
       "verdict_when_failed": "compliance-theater"
     }
+  },
+  "NIST-800-53-CM-3": {
+    "framework": "NIST SP 800-53 Rev 5",
+    "control_id": "CM-3",
+    "control_name": "Configuration Change Control",
+    "designed_for": "Operator-driven configuration changes — formal review, test, approval, and documentation of configuration modifications under the organization's CM program. Anticipates regressions arising from operator action.",
+    "misses": [
+      "Silent vendor regression of previously-fixed CVEs where the vendor reintroduces a defect into shipping product without operator action or notification (MiniPlasma class — CVE-2020-17103 reverted into 2026 Patch Tuesday cumulative builds with no advisory)",
+      "Change-control assumes regressions are detectable via the operator's own change-management process; vendor-side regressions appear as a clean install that nonetheless restores a previously-fixed primitive",
+      "No surfacing mechanism for the 'fix-shipped-then-silently-reverted' state"
+    ],
+    "real_requirement": "Pair CM-3 with a CVE-regression-watcher (NEW-CTRL-074) that cross-checks researcher PoC announcements against the historical CVE catalog. When a researcher republishes a working PoC against an old CVE ID, flag for triage even when the vendor declines to issue a new ID.",
+    "status": "open",
+    "opened_date": "2026-05-18",
+    "evidence_cves": [
+      "CVE-2020-17103-REREGRESSION-2026"
+    ],
+    "theater_test": {
+      "claim": "Configuration-change control prevents unauthorized configuration drift per NIST 800-53 CM-3.",
+      "test": "Pull the configuration-change-control evidence pack. Confirm the change-management process names 'silent vendor regression of previously-fixed CVE' as a tracked change class. Test: subscribe to the CVE-regression-watcher (NEW-CTRL-074) output for a single audit cycle and confirm at least one historical-CVE candidate is triaged. Theater verdict if CM-3 evidence references only operator-driven changes with no mechanism for surfacing vendor-side regressions.",
+      "evidence_required": [
+        "CM-3 process document",
+        "CVE-regression-watcher integration with change-control intake",
+        "triage log showing at least one historical-CVE candidate evaluation"
+      ],
+      "verdict_when_failed": "compliance-theater"
+    }
+  },
+  "NIST-800-53-MP-7": {
+    "framework": "NIST SP 800-53 Rev 5",
+    "control_id": "MP-7",
+    "control_name": "Media Use",
+    "designed_for": "Restricting and monitoring use of removable media (USB drives, optical media, external hard drives) on organizational systems. Treats encryption-at-rest as the primary technical control for stolen-device confidentiality.",
+    "misses": [
+      "BitLocker TPM-only protector bypasses (YellowKey class) — the default Windows BitLocker configuration unseals the VMK based on platform-state attestation alone, with no user-authentication component, so a boot-flow bypass can inherit the unsealed key without ever proving identity",
+      "MP-7 silently passes for organizations relying on default BitLocker configurations because 'encryption is enabled' is the audit check, not 'encryption authentication is bound to the user'"
+    ],
+    "real_requirement": "Enforce TPM+PIN protector via GPO ('Require additional authentication at startup' → 'Allow startup PIN with TPM') so the unsealing step requires user-supplied PIN that a boot-flow bypass cannot inherit. Track configuration via Intune compliance / SCCM inventory and alert on regressions to TPM-only.",
+    "status": "open",
+    "opened_date": "2026-05-18",
+    "evidence_cves": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY"
+    ],
+    "theater_test": {
+      "claim": "Storage-media confidentiality controls defeat stolen-device confidentiality breach per NIST 800-53 MP-7.",
+      "test": "Sample 20 in-scope laptops and pull manage-bde -status. Confirm 'Key Protectors' lists TPM AND PIN (or TPM AND USB key, or Numerical Password as recovery). Theater verdict if the sample is dominated by TPM-only protector and the audit treats 'BitLocker enabled' as sufficient evidence without examining protector class.",
+      "evidence_required": [
+        "MP-7 BitLocker configuration policy",
+        "Intune / SCCM compliance report showing protector-class distribution",
+        "GPO 'Require additional authentication at startup' setting"
+      ],
+      "verdict_when_failed": "compliance-theater"
+    }
+  },
+  "ISO-27001-2022-A.7.10": {
+    "framework": "ISO/IEC 27001:2022",
+    "control_id": "A.7.10",
+    "control_name": "Storage media",
+    "designed_for": "Storage-media handling controls; treats full-disk encryption as the technical safeguard against device-loss confidentiality breach.",
+    "misses": [
+      "Default Windows BitLocker TPM-only protector silently violates the A.7.10 storage-media confidentiality assumption when a boot-flow bypass (YellowKey class) inherits the TPM-unsealed VMK without authentication"
+    ],
+    "real_requirement": "TPM+PIN BitLocker protector or equivalent strong pre-boot authentication; audit compliance via independent control-plane (Intune / SCCM), not local Get-BitLockerVolume output (which reports 'enabled' regardless of protector class).",
+    "status": "open",
+    "opened_date": "2026-05-18",
+    "evidence_cves": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY"
+    ],
+    "theater_test": {
+      "claim": "Storage-media controls protect data confidentiality per ISO/IEC 27001:2022 A.7.10.",
+      "test": "Same evidence-shape as NIST-800-53-MP-7. Confirm BitLocker protector class is documented per device class. Theater verdict if the SoA (Statement of Applicability) cites 'full-disk encryption' without naming the protector class that binds the key to user authentication.",
+      "evidence_required": [
+        "A.7.10 SoA entry",
+        "device-class encryption-protector matrix",
+        "evidence of independent verification (not just local Get-BitLockerVolume)"
+      ],
+      "verdict_when_failed": "compliance-theater"
+    }
+  },
+  "EU-GDPR-Art.32-1(a)": {
+    "framework": "EU GDPR",
+    "control_id": "Art.32(1)(a)",
+    "control_name": "Pseudonymisation and encryption of personal data",
+    "designed_for": "Article 32 lists pseudonymisation + encryption as appropriate technical and organisational measures for personal-data protection. Encryption-at-rest is the canonical implementation for stolen-device scenarios.",
+    "misses": [
+      "If the default Windows BitLocker posture is breakable by a thief with physical access (YellowKey class), organisations relying on encryption-at-rest as their GDPR Art.32 control face an open-finding state without realising it — the disk reports encrypted, but the encryption does not defeat the threat the control was meant to mitigate"
+    ],
+    "real_requirement": "Document the BitLocker protector class (TPM-only vs TPM+PIN) in the Art.32 evidence pack. TPM-only without compensating controls is insufficient for personal-data confidentiality on portable devices; bind the encryption to user authentication.",
+    "status": "open",
+    "opened_date": "2026-05-18",
+    "evidence_cves": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY"
+    ],
+    "theater_test": {
+      "claim": "Encryption-at-rest is an appropriate technical measure for personal-data protection per GDPR Art.32(1)(a).",
+      "test": "Pull the Art.32 technical-measure documentation. Confirm it names the protector class for any BitLocker / FileVault / LUKS deployment used to safeguard personal data on portable devices. Theater verdict if the documentation cites 'devices are encrypted' without documenting protector class or pre-boot authentication binding.",
+      "evidence_required": [
+        "Art.32 technical-measure register",
+        "device-class protector inventory",
+        "evidence that encryption is bound to user authentication (TPM+PIN or equivalent)"
+      ],
+      "verdict_when_failed": "compliance-theater"
+    }
+  },
+  "NIS2-Art21-vulnerability-handling": {
+    "framework": "EU NIS2 Directive",
+    "control_id": "Art.21",
+    "control_name": "Cybersecurity risk-management measures (vulnerability handling and disclosure)",
+    "designed_for": "NIS2 vulnerability handling assumes forward-only vulnerability flow — disclose, patch, notify per the directive's timelines.",
+    "misses": [
+      "Historical CVE silently re-broken in current shipping product (MiniPlasma — CVE-2020-17103 re-regressed without new ID) has no NIS2 notification trigger until re-disclosed under a new ID. Essential / Important entities receive no advisory channel for the 'silent regression of fixed CVE' class.",
+      "The 24-hour early-warning + 72-hour incident-notification clocks anchor on vendor disclosure, not on researcher PoC publication against an unpatched primitive"
+    ],
+    "real_requirement": "Treat researcher PoC publication against a historical CVE that demonstrably reproduces on current product as a Significant Incident under Art.23(4) — the regression watcher (NEW-CTRL-074) provides the surfacing channel.",
+    "status": "open",
+    "opened_date": "2026-05-18",
+    "evidence_cves": [
+      "CVE-2019-6693",
+      "CVE-2020-17103-REREGRESSION-2026",
+      "CVE-2023-21529",
+      "CVE-2023-27351",
+      "CVE-2024-1708",
+      "CVE-2024-27199",
+      "CVE-2024-57726",
+      "CVE-2024-57728",
+      "CVE-2025-10035",
+      "CVE-2025-49704",
+      "CVE-2025-49706",
+      "CVE-2025-52691",
+      "CVE-2025-53770",
+      "CVE-2025-55182",
+      "CVE-2025-5777",
+      "CVE-2025-61882",
+      "CVE-2025-61884",
+      "CVE-2026-1731",
+      "CVE-2026-20131",
+      "CVE-2026-23760",
+      "CVE-2026-24423",
+      "CVE-2026-41940"
+    ],
+    "theater_test": {
+      "claim": "Vulnerability handling and disclosure procedures align with NIS2 Art.21 obligations.",
+      "test": "Confirm the vulnerability-handling SOP includes a surfacing channel for historical-CVE regression events (researcher PoC against an old CVE that reproduces on current product). Test: present a synthetic regression case (e.g. the CVE-2020-17103-REREGRESSION-2026 entry) and confirm the SOP routes it to the Art.23 incident-classification gate within 24h. Theater verdict if the SOP only triggers on new CVE IDs.",
+      "evidence_required": [
+        "vulnerability-handling SOP",
+        "incident-classification matrix referencing regression class",
+        "subscription to NEW-CTRL-074 regression-watcher output"
+      ],
+      "verdict_when_failed": "compliance-theater"
+    }
+  },
+  "NIST-800-53-SI-4": {
+    "framework": "NIST SP 800-53 Rev 5",
+    "control_id": "SI-4",
+    "control_name": "System Monitoring",
+    "designed_for": "Monitoring information systems for attacks, indicators of compromise, unauthorized access, and security-control effectiveness. Assumes monitoring controls remain effective at their stated function.",
+    "misses": [
+      "AV / EDR agents whose update channel has been silently corrupted (UnDefend class) continue to report healthy via the agent's own status output while the protection-mechanism is degraded — SI-4 monitoring controls that check 'is Defender running?' return green while the agent is operationally blind",
+      "Independent verification of monitoring-control currency is not part of the standard SI-4 control language; operators routinely rely on the agent's self-reported status"
+    ],
+    "real_requirement": "Cross-check AV/EDR signature + platform timestamps against an independent control plane (Defender for Endpoint cloud telemetry, Intune compliance, SCCM inventory) and alert on drift > 7 days. NEW-CTRL-075 (AV-AGENT-CURRENCY-CROSS-VERIFICATION) provides the operational pattern.",
+    "status": "open",
+    "opened_date": "2026-05-18",
+    "evidence_cves": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND"
+    ],
+    "theater_test": {
+      "claim": "System monitoring effectively detects compromise and security-control degradation per NIST 800-53 SI-4.",
+      "test": "Pull the AV/EDR monitoring documentation. Confirm currency verification uses an independent control plane (Defender for Endpoint cloud telemetry, Intune compliance, SCCM inventory) and alerts on signature/platform drift > 7 days. Theater verdict if the only currency check is the agent's own Get-MpComputerStatus / equivalent self-report.",
+      "evidence_required": [
+        "SI-4 monitoring runbook",
+        "independent control-plane query (cloud-telemetry / Intune / SCCM)",
+        "alert configuration: signature/platform drift > 7 days"
+      ],
+      "verdict_when_failed": "compliance-theater"
+    }
   }
 }