@blamejs/exceptd-skills 0.13.2 → 0.13.3

package/CHANGELOG.md

@@ -1,5 +1,44 @@
 # Changelog
 
+## 0.13.3 — 2026-05-18
+
+Audit close-out continuation: the items the prior pass marked for follow-up. Workflow hardening, lint enforcement promoted from warning to hard error, two new operator-facing health checks for the Shai-Hulud lesson controls, and 4 more primary-source pollers covering kernel.org / oss-security / JFrog / CISA.
+
+### Security
+
+**`refresh.yml` split into two jobs — `refresh-data` (no write credentials) + `open-pr` (contents:write + pull-requests:write + issues:write scoped to PR creation only).** Pre-split a single `refresh` job carried write capability against the repo throughout the long-running data-parse + prefetch + apply + predeploy sequence; a compromise of any of those steps had repo-write access during the whole run. The new shape scopes write capability to the few-second PR-creation window. Data mutations flow between jobs via an upload-artifact / download-artifact bundle. The `refresh-data` checkout now uses `persist-credentials: false`.
+
+**`lib/lint-skills.js` Hard Rule #1 body-scan flipped from warning to hard error.** v0.13.2 introduced the body-scan as a warning while the 2 pre-existing violations were triaged. Both are now resolved (`CVE-2024-21762` landed in the catalog with full Hard Rule #1 fields; the placeholder `CVE-2026-21370` reference was removed from `cloud-iam-incident`). The body-scan now errors when a skill cites a CVE not in the catalog. Draft references continue to surface as warnings.
+
+### Features
+
+**`exceptd doctor --ai-config` audits AI-assistant config-file permissions.** Implements NEW-CTRL-050 from the MAL-2026-SHAI-HULUD-OSS zeroday-lessons entry. Walks `~/.claude`, `~/.cursor`, `~/.codeium`, `~/.aider`, `~/.continue` for sensitive files (`settings.json`, `mcp.json`, `*.mcp_config.json`, `api_key*`, `*.token`, `*.credentials`) and reports any not at mode 0600 on POSIX. On Windows the mode bits aren't load-bearing; each sensitive file is flagged with an info-level "manual ACL review" note. Opt-in via `--ai-config`; doesn't run as part of the default no-flag doctor pass.
+
+**`exceptd watchlist --org-scan` probes GitHub for threat-actor repo naming patterns.** Implements NEW-CTRL-052 from the MAL-2026-SHAI-HULUD-OSS zeroday-lessons entry. Queries the GitHub Search API for repos matching the canonical Shai-Hulud / TeamPCP patterns ("A Gift From TeamPCP", "Shai-Hulud", "TeamPCP") scoped to `--org <login>`. Custom patterns via repeatable `--pattern <s>`. Set `GITHUB_TOKEN` env var for private-repo coverage and higher rate limit; without it, public-repo search only.
+
+**4 more primary-source advisory pollers.** `lib/source-advisories.js` `FEEDS` grew 4 → 8:
+- `kernel-org` — torvalds/linux master commits atom feed. Catches the CVE-2026-46333 / ssh-keysign-pwn class at T+0, the moment the upstream fix lands. The v0.13.1 post-mortem identified this as the exact venue we missed.
+- `oss-security` — openwall.com `oss-security` mailing list atom feed. Coordinated-disclosure venue; many distro advisories announce CVEs here days before NVD enrichment.
+- `jfrog` — JFrog SecOps research blog feed. npm / PyPI / Maven supply-chain disclosures with CVE assignments (TanStack / Mini Shai-Hulud class).
+- `cisa-current` — CISA cybersecurity advisories feed (federal-vendor coordinated disclosures, separate from KEV which captures only exploited-in-the-wild items).
+
+### Bugs
+
+**`CVE-2024-21762` (Fortinet FortiOS SSL-VPN preauth RCE) added to catalog.** Was cited in skill prose without a backing catalog entry — surfaced by the v0.13.2 Hard Rule #1 body-scan. Full Hard Rule #1 fields (CVSS 9.8, CISA KEV 2024-02-09, public PoC, confirmed mass exploitation across multiple APT clusters, FortiOS patch versions 7.6.2 / 7.4.7 / 7.2.11 / 7.0.17 / 6.4.16). RWEP 85. Includes the 2025-04 follow-up advisory documenting symlink persistence that survives firmware patching.
+
+**`CVE-2026-21370` placeholder reference removed from `skills/cloud-iam-incident/skill.md`.** No record of CVE-2026-21370 in any source; was a class-marker parenthetical for the Azure managed-identity token-replay attack class. Rewritten as "design-class issue, not a single CVE" so the prose still accurately describes the IMDS-token-theft pattern without inventing threat intel.
+
+**12 framework-gap forward-orphan references closed.** Each pre-existing orphan got a real gap entry with theater_test per Hard Rule #6: `CIS-Kubernetes-Benchmark-4.2.13`, `CIS-Kubernetes-Benchmark-5.3`, `CIS-Controls-v8-Control6`, `ISO-27001-2022-A.5.15`, `ISO-27001-2022-A.8.13`, `NIST-800-53-IA-2`, `NIST-AI-RMF-MEASURE-2.7`, `OWASP-ML-Top-10-2023-ML06`, `NIS2-Art21-network-security`, `NIS2-Art21-business-continuity`, `PCI-DSS-4.0-5.1`, `AU-ISM-1808`. Gap catalog 130 → 142 entries; orphan count for `framework-control-gaps.json` is now 0.
+
+**2 empty-`data_deps` skills fixed.** `api-security` and `email-security-anti-phishing` previously had empty `data_deps` because the bodies referenced no catalog file by name. Each now carries 6 catalog references (atlas-ttps, attack-techniques, cwe-catalog / dlp-controls, d3fend-catalog, framework-control-gaps, rfc-references) threaded through the body in 4 new prose passages each. Every cited ID resolves to a real entry in its respective catalog. `last_threat_review` bumped to 2026-05-18.
+
+### Internal
+
+- 8 new tests in `tests/v0_13_3-fixes.test.js` covering all 5 phases.
+- Test-count baseline refreshed to match the new test surface.
+- ADVISORIES_SOURCE test-fixture extended to include the 4 new feeds.
+- `tests/source-advisories.test.js` `FEEDS: exactly N feeds` pin updated 4 → 8.
+
 ## 0.13.2 — 2026-05-18
 
 Audit close-out: the remaining v0.13 deferrals from the original 6-domain audit + the v0.13.1 post-mortem follow-ups. Patch-class — additive across CI hardening, lint enforcement, CLI UX, predeploy gates, catalog data cleanup, and skill metadata.

package/bin/exceptd.js

@@ -5205,16 +5205,24 @@ function cmdDoctor(runner, args, runOpts, pretty) {
 
   // Selective subchecks. If any of the four flags is passed, run only those.
   // If none are passed, run all four plus signing-status.
+  // v0.13.3: --ai-config audits AI-assistant config-file permissions per
+  // NEW-CTRL-050 (from the MAL-2026-SHAI-HULUD-OSS zeroday-lessons entry).
+  // It's a separate flag because the check is opt-in — most operators
+  // don't want their AI-config state probed by default.
   const onlySigs = !!args.signatures;
   const onlyCurrency = !!args.currency;
   const onlyCves = !!args.cves;
   const onlyRfcs = !!args.rfcs;
-  const anySelected = onlySigs || onlyCurrency || onlyCves || onlyRfcs;
+  const onlyAiConfig = !!args["ai-config"];
+  const anySelected = onlySigs || onlyCurrency || onlyCves || onlyRfcs || onlyAiConfig;
   const runSigs = !anySelected || onlySigs;
   const runCurrency = !anySelected || onlyCurrency;
   const runCves = !anySelected || onlyCves;
   const runRfcs = !anySelected || onlyRfcs;
   const runSigning = !anySelected;
+  // --ai-config is opt-in — never runs as part of the default no-flag
+  // doctor pass. Operators ask for it explicitly.
+  const runAiConfig = onlyAiConfig;
 
   const checks = {};
   const issues = [];
@@ -5453,6 +5461,102 @@ function cmdDoctor(runner, args, runOpts, pretty) {
     }
   }
 
+  // v0.13.3 — AI-assistant config-file permission audit per NEW-CTRL-050
+  // (from the MAL-2026-SHAI-HULUD-OSS zeroday-lessons entry). Walks
+  // ~/.claude/, ~/.cursor/, ~/.codeium/, ~/.aider/, ~/.continue/ for
+  // sensitive config files (settings.json, mcp.json, *.mcp_config.json,
+  // api_key*, *.token, *.credentials) and reports any not at mode 0600.
+  // The MAL-2026-SHAI-HULUD-OSS framework reads these files at
+  // unprivileged-process scope; tightening to 0600 forces npm/node-spawned
+  // processes that don't share UID to fail the read.
+  //
+  // Opt-in only — never runs as part of the default no-flag doctor pass.
+  // Operators request it via `exceptd doctor --ai-config`.
+  if (runAiConfig) {
+    const os = require('os');
+    const HOME = os.homedir();
+    const AI_CONFIG_DIRS = [
+      { dir: '.claude', display: '~/.claude' },
+      { dir: '.cursor', display: '~/.cursor' },
+      { dir: '.codeium', display: '~/.codeium' },
+      { dir: '.aider', display: '~/.aider' },
+      { dir: '.continue', display: '~/.continue' },
+    ];
+    // Files within those dirs that warrant the strict-mode check.
+    const SENSITIVE_PATTERNS = [
+      /^settings\.json$/,
+      /^mcp\.json$/,
+      /\.mcp_config\.json$/,
+      /^api_key/,
+      /\.token$/,
+      /\.credentials$/,
+    ];
+    const findings = [];
+    let scannedDirs = 0;
+    let scannedFiles = 0;
+    function walk(absDir, displayRoot, rel) {
+      if (!fs.existsSync(absDir)) return;
+      let entries;
+      try { entries = fs.readdirSync(absDir, { withFileTypes: true }); }
+      catch { return; }
+      for (const e of entries) {
+        const childAbs = path.join(absDir, e.name);
+        const childRel = rel ? rel + '/' + e.name : e.name;
+        if (e.isDirectory()) {
+          walk(childAbs, displayRoot, childRel);
+        } else if (e.isFile()) {
+          scannedFiles++;
+          if (!SENSITIVE_PATTERNS.some((re) => re.test(e.name))) continue;
+          let st;
+          try { st = fs.statSync(childAbs); } catch { continue; }
+          if (process.platform === 'win32') {
+            // Windows POSIX mode bits don't carry meaningful ACL info.
+            // Flag every sensitive file with a manual-review note rather
+            // than emit a noisy permission claim that's likely wrong.
+            findings.push({
+              path: `${displayRoot}/${childRel}`,
+              mode: null,
+              severity: 'info',
+              issue: 'win32_acl_check_not_implemented',
+              hint: 'On Windows the POSIX mode bits are not load-bearing. Use icacls to confirm only the current user has read access. Tracked for v0.14+.',
+            });
+            continue;
+          }
+          const mode = st.mode & 0o777;
+          if ((mode & 0o077) !== 0) {
+            findings.push({
+              path: `${displayRoot}/${childRel}`,
+              mode: '0' + mode.toString(8),
+              severity: 'warn',
+              issue: 'group_or_other_readable',
+              hint: `chmod 600 '${childAbs}'  # NEW-CTRL-050: AI-assistant configs holding MCP tokens / API keys must be 0600 to defeat unprivileged exfil`,
+            });
+          }
+        }
+      }
+    }
+    for (const d of AI_CONFIG_DIRS) {
+      const abs = path.join(HOME, d.dir);
+      if (fs.existsSync(abs)) {
+        scannedDirs++;
+        walk(abs, d.display, '');
+      }
+    }
+    const errorFindings = findings.filter((f) => f.severity === 'warn');
+    checks.ai_config = {
+      ok: errorFindings.length === 0,
+      severity: errorFindings.length > 0 ? 'warn' : 'info',
+      scanned_dirs: scannedDirs,
+      scanned_files: scannedFiles,
+      directories_inspected: AI_CONFIG_DIRS.map((d) => d.display),
+      sensitive_patterns: ['settings.json', 'mcp.json', '*.mcp_config.json', 'api_key*', '*.token', '*.credentials'],
+      findings,
+      platform: process.platform,
+      control_reference: 'NEW-CTRL-050 (MAL-2026-SHAI-HULUD-OSS lesson)',
+    };
+    if (errorFindings.length > 0) issues.push('ai_config');
+  }
+
   // Walk every check and split: errors (severity error/missing/fail) vs warnings
   // (severity warn). all_green is true ONLY when zero errors AND zero warnings.
   const warnList = [];

package/data/_indexes/_meta.json

@@ -1,21 +1,21 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-18T02:23:54.488Z",
+  "generated_at": "2026-05-18T03:04:24.499Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "fca4de497211754bbca0e04f91cbc13746bbf05a393b92062810ebf9d1a502a8",
+    "manifest.json": "b1b4b86879805e28975155d7aa29c1d1463ec266f2c98a1045d543ecf5acaa6c",
     "data/atlas-ttps.json": "2b021f47355365d1ba59078dfa582397c7a64c2b4ebea4657ea260a66b76daf6",
-    "data/attack-techniques.json": "5c992a3c2974e117ee38b62f7ead36043819880baf23863979b490f19fe5826b",
-    "data/cve-catalog.json": "8ddc5d3f9441334d544df5bc4e34846259f981d15a87dd7bed825e7f2d8b961d",
-    "data/cwe-catalog.json": "4baff0970c17224aef4606598b90d72e09da5e927ee4f46bdbf3e12b2e6247e3",
+    "data/attack-techniques.json": "76461dbec048c5e072435d57e3a04b780e3992dab9f316b1b52608e0a997e355",
+    "data/cve-catalog.json": "1d34601fbc4ff925ac38b8eb325375a32dc60ffaff31a23a5ca5f3e1524e88f8",
+    "data/cwe-catalog.json": "4a0036f9ec17af29e0df111ac77b94f8be6a52742bfd89ff3583096d23b75e35",
     "data/d3fend-catalog.json": "a1fc2827ceb344669e148d55197dbf1b0e5b20bcc618e90517639c17d67ee82d",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "003a400f5ae5b15527589571679ccdb9b3a62e60073627b5fbdeb2a9fe330a7a",
-    "data/framework-control-gaps.json": "c4b735cac63559b4dad4cccfc97dda57434de4d9bb61a712264131ec3aae8ae6",
+    "data/framework-control-gaps.json": "ce1535f13d29ab90fac99b983f38a23dd685702b3f12ac9f2371294cb9859ecf",
     "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
     "data/rfc-references.json": "e253a548c8a829d178d5aea601e268724b85c936ccbfa51c2e5d80c5f8efe2b0",
-    "data/zeroday-lessons.json": "6e503b75e52c8baea7e3ffaa872a2f7faedc36ca1cf53c8aec07e610c4c4ce07",
+    "data/zeroday-lessons.json": "1438620d2c8b0606eac4f63e620906b9ba079c57bfa7f737ceb6a50370cdc9a5",
     "skills/kernel-lpe-triage/skill.md": "ae4a0af924d0078ffc6cd051a3ef9fce75a6a3f9c0c15d1c07900ae5faf80502",
     "skills/ai-attack-surface/skill.md": "dcca7d92a1ab4d1e4c46356b614a138b1c1f79b65a6a290eccf2095d8d443993",
     "skills/mcp-agent-trust/skill.md": "6821f6d38f6e23bbed953f8f86a279597b0b95a2d0548b5383e851bca7442531",
@@ -48,15 +48,15 @@
     "skills/sector-federal-government/skill.md": "a73c3f36f23c12750d369931b7e3f884edae4a8aef35fc8690d15ef4500c4dd0",
     "skills/sector-energy/skill.md": "91f00e7a9be2608393ec8cb6d5f0c9828f81b954a12a7c9fd04bd642b9091e09",
     "skills/sector-telecom/skill.md": "59193e39c2fd73fdd7fede38a956bc730bbe4b712d7d6020788bb4d85f001ad8",
-    "skills/api-security/skill.md": "2bdfa3dbe534efa3df245e0da37998ad7ab2da4a3171d5000d3346513c10bceb",
+    "skills/api-security/skill.md": "9fc2252cbcf6162591e70d0bf5499a430b0584495ad584ce49fb7daf070d335f",
     "skills/cloud-security/skill.md": "c9fad9ed3663cf2faec74ad8f06d62eb86e6636f79933560d8c8d50e0e82d1da",
     "skills/container-runtime-security/skill.md": "605a8e8eb1af09835b967ec7179456015ec116c6b9051af3a8d225866cc2f7af",
     "skills/mlops-security/skill.md": "72429f05010accbcb191cb1544f1b88493c2f5249362846e5713ec3226b83dc2",
     "skills/incident-response-playbook/skill.md": "2017515d899c1b2bcb878bc6731e4059623ac52345b2cebbd92204583657bf60",
     "skills/ransomware-response/skill.md": "2e4fc488f86ed1ba7791ab0e7021160d8ca5ad33a02cdf92a5b916c8afecaa54",
-    "skills/email-security-anti-phishing/skill.md": "82af58b98bd808c0c6ec92554d89948378702465504db1113fc462a96366a601",
+    "skills/email-security-anti-phishing/skill.md": "250f266908f51f99a4cb3aec0d5dacfcf91fac9f3d95e5a117429a40ed2ff45a",
     "skills/age-gates-child-safety/skill.md": "51295c849bcced965b6448eb6b4bbd5caef5ba0b0cea7ce48abbacf47d331621",
-    "skills/cloud-iam-incident/skill.md": "6494ee3856edeb212e65fe5cdb208357c1a832eb8ac374b26055586bfc71f629",
+    "skills/cloud-iam-incident/skill.md": "5ec3800a0049b2123aff67bfab4ff28491a86d2daeb712283e5e88b10c3d5d7b",
     "skills/idp-incident-response/skill.md": "e67a2576e7f1c3bf89f499f5c977bc470ef29e8b3e3e45f4cb5bd45a82674282"
   },
   "skill_count": 42,
@@ -72,13 +72,13 @@
       "dlp_refs": 0
     },
     "trigger_table_entries": 538,
-    "chains_cve_entries": 34,
+    "chains_cve_entries": 35,
     "chains_cwe_entries": 55,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 42,
     "summary_cards": 42,
     "section_offsets_skills": 42,
-    "token_budget_total_approx": 403351,
+    "token_budget_total_approx": 404483,
     "recipes": 8,
     "jurisdiction_clocks": 29,
     "did_ladders": 8,

package/data/_indexes/activity-feed.json

@@ -63,7 +63,7 @@
       "artifact": "data/framework-control-gaps.json",
       "path": "data/framework-control-gaps.json",
       "schema_version": "1.0.0",
-      "entry_count": 130
+      "entry_count": 142
     },
     {
       "date": "2026-05-15",
@@ -87,7 +87,7 @@
       "artifact": "data/zeroday-lessons.json",
       "path": "data/zeroday-lessons.json",
       "schema_version": "1.1.0",
-      "entry_count": 38
+      "entry_count": 39
     },
     {
       "date": "2026-05-15",
@@ -102,7 +102,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 39
+      "entry_count": 40
     },
     {
       "date": "2026-05-13",

package/data/_indexes/catalog-summaries.json

@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 39,
+      "entry_count": 40,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -172,7 +172,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 130,
+      "entry_count": 142,
       "sample_keys": [
         "ALL-AI-PIPELINE-INTEGRITY",
         "ALL-MCP-TOOL-TRUST",
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 38,
+      "entry_count": 39,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",

package/data/_indexes/chains.json

@@ -7395,6 +7395,125 @@
       ]
     }
   },
+  "CVE-2024-21762": {
+    "name": "Fortinet FortiOS / FortiProxy SSL-VPN out-of-bounds write (sslvpnd preauth RCE)",
+    "rwep": 85,
+    "cvss": 9.8,
+    "cisa_kev": true,
+    "epss_score": null,
+    "referencing_skills": [
+      "kernel-lpe-triage",
+      "coordinated-vuln-disclosure"
+    ],
+    "chain": {
+      "cwes": [
+        {
+          "id": "CWE-125",
+          "name": "Out-of-bounds Read",
+          "category": "Memory Safety"
+        },
+        {
+          "id": "CWE-1357",
+          "name": "Reliance on Insufficiently Trustworthy Component",
+          "category": "Supply Chain"
+        },
+        {
+          "id": "CWE-362",
+          "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
+          "category": "Concurrency"
+        },
+        {
+          "id": "CWE-416",
+          "name": "Use After Free",
+          "category": "Memory Safety"
+        },
+        {
+          "id": "CWE-672",
+          "name": "Operation on a Resource after Expiration or Release",
+          "category": "Memory Safety"
+        },
+        {
+          "id": "CWE-787",
+          "name": "Out-of-bounds Write",
+          "category": "Memory Safety"
+        }
+      ],
+      "atlas": [],
+      "d3fend": [
+        {
+          "id": "D3-ASLR",
+          "name": "Address Space Layout Randomization",
+          "tactic": "Harden"
+        },
+        {
+          "id": "D3-EAL",
+          "name": "Executable Allowlisting",
+          "tactic": "Harden"
+        },
+        {
+          "id": "D3-PHRA",
+          "name": "Process Hardware Resource Access",
+          "tactic": "Isolate"
+        },
+        {
+          "id": "D3-PSEP",
+          "name": "Process Segment Execution Prevention",
+          "tactic": "Harden"
+        }
+      ],
+      "framework_gaps": [
+        {
+          "id": "CIS-Controls-v8-Control7",
+          "framework": "CIS Controls v8",
+          "control_name": "Continuous Vulnerability Management"
+        },
+        {
+          "id": "ISO-27001-2022-A.8.8",
+          "framework": "ISO/IEC 27001:2022",
+          "control_name": "Management of technical vulnerabilities"
+        },
+        {
+          "id": "NIS2-Art21-patch-management",
+          "framework": "EU NIS2 Directive",
+          "control_name": "Vulnerability handling and disclosure"
+        },
+        {
+          "id": "NIST-800-218-SSDF",
+          "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
+          "control_name": "Secure Software Development Framework"
+        },
+        {
+          "id": "NIST-800-53-SC-8",
+          "framework": "NIST SP 800-53 Rev 5",
+          "control_name": "Transmission Confidentiality and Integrity"
+        },
+        {
+          "id": "NIST-800-53-SI-2",
+          "framework": "NIST SP 800-53 Rev 5",
+          "control_name": "Flaw Remediation"
+        },
+        {
+          "id": "PCI-DSS-4.0-6.3.3",
+          "framework": "PCI DSS 4.0",
+          "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
+        },
+        {
+          "id": "SOC2-CC9-vendor-management",
+          "framework": "SOC 2 (AICPA Trust Services Criteria)",
+          "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
+        }
+      ],
+      "attack_refs": [
+        "T1068",
+        "T1548.001"
+      ],
+      "rfc_refs": [
+        "RFC-4301",
+        "RFC-4303",
+        "RFC-7296"
+      ]
+    }
+  },
   "CWE-20": {
     "name": "Improper Input Validation",
     "category": "Validation",
@@ -8648,6 +8767,7 @@
     },
     "related_cves": [
       "CVE-2023-3519",
+      "CVE-2024-21762",
       "CVE-2025-12686",
       "CVE-2025-59389",
       "CVE-2025-62847",
@@ -10763,6 +10883,7 @@
     },
     "related_cves": [
       "CVE-2023-3519",
+      "CVE-2024-21762",
       "CVE-2025-12686",
       "CVE-2025-59389",
       "CVE-2025-62847",
@@ -10900,6 +11021,7 @@
     },
     "related_cves": [
       "CVE-2023-3519",
+      "CVE-2024-21762",
       "CVE-2025-12686",
       "CVE-2025-59389",
       "CVE-2025-62847",
@@ -11820,6 +11942,7 @@
     },
     "related_cves": [
       "CVE-2023-3519",
+      "CVE-2024-21762",
       "CVE-2025-12686",
       "CVE-2025-59389",
       "CVE-2025-62847",
@@ -12336,6 +12459,7 @@
     "related_cves": [
       "CVE-2023-3519",
       "CVE-2023-43472",
+      "CVE-2024-21762",
       "CVE-2024-3094",
       "CVE-2024-3154",
       "CVE-2025-12686",
@@ -14064,6 +14188,7 @@
       ]
     },
     "related_cves": [
+      "CVE-2024-21762",
       "CVE-2024-3094",
       "CVE-2026-0300",
       "CVE-2026-30615",

package/data/_indexes/frequency.json

@@ -2521,7 +2521,11 @@
       "AU-Essential-8-MFA",
       "AU-Essential-8-Patch",
       "AU-ISM-1546",
+      "AU-ISM-1808",
       "CIS-Controls-v8-10.1",
+      "CIS-Controls-v8-Control6",
+      "CIS-Kubernetes-Benchmark-4.2.13",
+      "CIS-Kubernetes-Benchmark-5.3",
       "CIS-Kubernetes-Benchmark-5.7",
       "DORA-Art-9",
       "DORA-Art28",
@@ -2539,23 +2543,31 @@
       "HIPAA-Security-Rule-2026-NPRM-164.310",
       "HIPAA-Security-Rule-2026-NPRM-164.312",
       "HIPAA-Security-Rule-2026-NPRM-164.314",
+      "ISO-27001-2022-A.5.15",
       "ISO-27001-2022-A.5.7",
+      "ISO-27001-2022-A.8.13",
       "ISO-27001-2022-A.8.22",
       "ISO-27001-2022-A.8.7",
+      "NIS2-Art21-business-continuity",
       "NIS2-Art21-identity-management",
       "NIS2-Art21-incident-handling",
+      "NIS2-Art21-network-security",
       "NIS2-Art21-supply-chain",
       "NIS2-Art21-vulnerability-management",
       "NIST-800-218-SSDF-PW.4",
       "NIST-800-53-AC-3",
       "NIST-800-53-AC-6",
+      "NIST-800-53-IA-2",
       "NIST-800-53-SC-39",
       "NIST-800-53-SC-44",
       "NIST-800-53-SI-10",
       "NIST-800-53-SR-3",
       "NIST-AI-RMF-MAP-3.4",
+      "NIST-AI-RMF-MEASURE-2.7",
       "OWASP-LLM-Top-10-2025-LLM05",
+      "OWASP-ML-Top-10-2023-ML06",
       "OWASP-Top-10-2021-A06",
+      "PCI-DSS-4.0-5.1",
       "PCI-DSS-4.0.1-11.6.1",
       "PCI-DSS-4.0.1-12.10.7",
       "PCI-DSS-4.0.1-12.3.3",