@blamejs/exceptd-skills 0.13.65 → 0.13.67

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +386 -1
  6. package/data/attack-techniques.json +4 -1
  7. package/data/cve-catalog.json +124 -0
  8. package/data/cwe-catalog.json +8 -3
  9. package/data/framework-control-gaps.json +10 -1
  10. package/data/rfc-references.json +3 -3
  11. package/data/zeroday-lessons.json +45 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/CHANGELOG.md CHANGED
@@ -1,5 +1,13 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.13.67 — 2026-05-24
4
+
5
+ CVE catalog currency: adds **CVE-2025-34291**, the actively-exploited Langflow account-takeover → RCE chain (CVSS 8.8; CISA KEV 2026-05-21; in-the-wild since 2026-01-23). Langflow is a widely deployed open-source AI agent / LLM workflow platform, so this is a direct AI-tooling supply-chain exposure: overly-permissive CORS plus a CSRF-unprotected, SameSite=None token-refresh endpoint lets a malicious page a logged-in user visits steal a token pair and reach the by-design code-execution endpoint. Affects Langflow ≤ 1.6.9; the 1.7 default configuration is protected. The entry carries the full RWEP scoring (P1, score 80), CWE-346/352/942 and ATT&CK T1190/T1539/T1059 mappings, framework-gap declarations, and a matching zero-day lesson; reverse references propagate to the CWE, framework-gap, and ATT&CK catalogs. The CVE postdates the catalog's prior bulk KEV intake (KEV catalog 2026.05.15).
6
+
7
+ ## 0.13.66 — 2026-05-24
8
+
9
+ RFC reference currency. The `draft-ietf-tls-hybrid-design` entry no longer claims status-synchronization with `draft-ietf-tls-ecdhe-mlkem` — the two have diverged. Hybrid-design has been IESG-approved (draft-16) for publication as an Informational RFC and sits in the RFC Editor queue (no number assigned yet); ecdhe-mlkem remains an active Standards-Track draft. Both are referenced by pqc-first as the post-quantum TLS 1.3 migration path.
10
+
3
11
  ## 0.13.65 — 2026-05-24
4
12
 
5
13
  Standards refresh: the MITRE D3FEND and CWE pins are brought current. D3FEND moves from v1.0.0 (June 2024) to v1.3.0 (December 2025) and CWE to 4.20 (April 2026) across the catalog `_meta`, operator docs, skill bodies, and the catalog-summary index. A breaking-change audit against both releases found no renamed or deprecated identifiers among the referenced techniques and weaknesses — D3FEND v1.0→v1.3 is additive, and CWE 4.16→4.20 deprecated nothing — so no skill mapping changed. Also corrected stale catalog counts in the architecture and context docs (CWE 55→171, D3FEND 28→468) and a skill that still cited D3FEND v0.10. A new guard fails the build if any D3FEND or CWE version mention diverges from the catalog pin.
package/data/_indexes/_meta.json CHANGED
@@ -1,21 +1,21 @@
1
1
  {
2
2
  "schema_version": "1.1.0",
3
- "generated_at": "2026-05-24T18:06:30.702Z",
3
+ "generated_at": "2026-05-25T05:14:41.803Z",
4
4
  "generator": "scripts/build-indexes.js",
5
5
  "source_count": 54,
6
6
  "source_hashes": {
7
- "manifest.json": "3d668e206d800377a1ea731e226e36dd4b5aa02f4e608d07cdb87d323b5ad409",
7
+ "manifest.json": "4ba5935d868aa63e5d79c775566bf32a3a6e9afa4806fe35833e1d7e26a7cd95",
8
8
  "data/atlas-ttps.json": "019f12d24dc45ef8f5ae8812dec7c31a9506429a94751aaa559890a007ec6b22",
9
- "data/attack-techniques.json": "49b6010b317edd219def135171ea8f3b1bbf1e00e9c5a08bf7237215ff54e2c3",
10
- "data/cve-catalog.json": "a09c83af3f9679a7ea73935726a1ff9de2cab94b4ab6321fc017fc147747d7c3",
11
- "data/cwe-catalog.json": "4cb1193c4e20ddd3f480a7f421f28e3472b856b0c070761a0fe149a64c90fa8e",
9
+ "data/attack-techniques.json": "d4f212bbfce31f7aa1f27c230629eff1263e81773aad445e140e56ad5e7445e9",
10
+ "data/cve-catalog.json": "9e476360cdbf669593f3e0d1c3514d600869b3f55447951abe0094b11230b4eb",
11
+ "data/cwe-catalog.json": "ee4af0e82293ba9661945021a7fc3168e469a26849c5c4ec2509e305e0b634c9",
12
12
  "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
13
13
  "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
14
14
  "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
15
- "data/framework-control-gaps.json": "2f6147edef1cdec29ae755ec42021038145a702d908a1d5cf0a42e2484cbc786",
15
+ "data/framework-control-gaps.json": "924e8d8299fc6bdb70f25159139759253211d7b60c6539a12676c2facb920516",
16
16
  "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
17
- "data/rfc-references.json": "926ea25892e052fc6a8b9952afc1d8e2bd06c4aec223a1a7aa79ef1dfd7b7bb5",
18
- "data/zeroday-lessons.json": "7242a7349ac79a74813bf2b7486b6000c0c877e71cec17e2d68df33bc4007b93",
17
+ "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
18
+ "data/zeroday-lessons.json": "6675f2db462bb01c089fce7f047515511d325c201b290c8556d5648172bd0631",
19
19
  "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
20
20
  "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
21
21
  "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
72
72
  "dlp_refs": 0
73
73
  },
74
74
  "trigger_table_entries": 538,
75
- "chains_cve_entries": 301,
75
+ "chains_cve_entries": 302,
76
76
  "chains_cwe_entries": 171,
77
77
  "jurisdictions_indexed": 29,
78
78
  "handoff_dag_nodes": 42,
package/data/_indexes/activity-feed.json CHANGED
@@ -149,7 +149,7 @@
149
149
  "artifact": "data/cve-catalog.json",
150
150
  "path": "data/cve-catalog.json",
151
151
  "schema_version": "1.0.0",
152
- "entry_count": 312
152
+ "entry_count": 313
153
153
  },
154
154
  {
155
155
  "date": "2026-05-18",
@@ -165,7 +165,7 @@
165
165
  "artifact": "data/zeroday-lessons.json",
166
166
  "path": "data/zeroday-lessons.json",
167
167
  "schema_version": "1.1.0",
168
- "entry_count": 312
168
+ "entry_count": 313
169
169
  },
170
170
  {
171
171
  "date": "2026-05-17",
package/data/_indexes/catalog-summaries.json CHANGED
@@ -62,7 +62,7 @@
62
62
  "rebuild_after_days": 365,
63
63
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
64
64
  },
65
- "entry_count": 312,
65
+ "entry_count": 313,
66
66
  "sample_keys": [
67
67
  "CVE-2025-53773",
68
68
  "CVE-2026-30615",
@@ -238,7 +238,7 @@
238
238
  "rebuild_after_days": 365,
239
239
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
240
240
  },
241
- "entry_count": 312,
241
+ "entry_count": 313,
242
242
  "sample_keys": [
243
243
  "CVE-2026-31431",
244
244
  "CVE-2025-53773",
package/data/_indexes/chains.json CHANGED
@@ -15887,6 +15887,368 @@
15887
15887
  ]
15888
15888
  }
15889
15889
  },
15890
+ "CVE-2025-34291": {
15891
+ "name": "Langflow Account Takeover + RCE (CORS / refresh-token chain)",
15892
+ "rwep": 80,
15893
+ "cvss": 8.8,
15894
+ "cisa_kev": true,
15895
+ "epss_score": null,
15896
+ "referencing_skills": [
15897
+ "kernel-lpe-triage",
15898
+ "ai-attack-surface",
15899
+ "compliance-theater",
15900
+ "attack-surface-pentest",
15901
+ "ot-ics-security",
15902
+ "coordinated-vuln-disclosure",
15903
+ "sector-energy"
15904
+ ],
15905
+ "chain": {
15906
+ "cwes": [
15907
+ {
15908
+ "id": "CWE-1037",
15909
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
15910
+ "category": "Hardware / Side Channel"
15911
+ },
15912
+ {
15913
+ "id": "CWE-1039",
15914
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
15915
+ "category": "AI/ML"
15916
+ },
15917
+ {
15918
+ "id": "CWE-125",
15919
+ "name": "Out-of-bounds Read",
15920
+ "category": "Memory Safety"
15921
+ },
15922
+ {
15923
+ "id": "CWE-1357",
15924
+ "name": "Reliance on Insufficiently Trustworthy Component",
15925
+ "category": "Supply Chain"
15926
+ },
15927
+ {
15928
+ "id": "CWE-1395",
15929
+ "name": "Dependency on Vulnerable Third-Party Component",
15930
+ "category": "Supply Chain"
15931
+ },
15932
+ {
15933
+ "id": "CWE-1426",
15934
+ "name": "Improper Validation of Generative AI Output",
15935
+ "category": "AI/ML"
15936
+ },
15937
+ {
15938
+ "id": "CWE-22",
15939
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
15940
+ "category": "Path/Resource"
15941
+ },
15942
+ {
15943
+ "id": "CWE-269",
15944
+ "name": "Improper Privilege Management",
15945
+ "category": "Authorization"
15946
+ },
15947
+ {
15948
+ "id": "CWE-287",
15949
+ "name": "Improper Authentication",
15950
+ "category": "Authentication"
15951
+ },
15952
+ {
15953
+ "id": "CWE-306",
15954
+ "name": "Missing Authentication for Critical Function",
15955
+ "category": "Authentication"
15956
+ },
15957
+ {
15958
+ "id": "CWE-352",
15959
+ "name": "Cross-Site Request Forgery (CSRF)",
15960
+ "category": "Session"
15961
+ },
15962
+ {
15963
+ "id": "CWE-362",
15964
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
15965
+ "category": "Concurrency"
15966
+ },
15967
+ {
15968
+ "id": "CWE-416",
15969
+ "name": "Use After Free",
15970
+ "category": "Memory Safety"
15971
+ },
15972
+ {
15973
+ "id": "CWE-434",
15974
+ "name": "Unrestricted Upload of File with Dangerous Type",
15975
+ "category": "File Handling"
15976
+ },
15977
+ {
15978
+ "id": "CWE-672",
15979
+ "name": "Operation on a Resource after Expiration or Release",
15980
+ "category": "Memory Safety"
15981
+ },
15982
+ {
15983
+ "id": "CWE-732",
15984
+ "name": "Incorrect Permission Assignment for Critical Resource",
15985
+ "category": "Authorization"
15986
+ },
15987
+ {
15988
+ "id": "CWE-78",
15989
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
15990
+ "category": "Injection"
15991
+ },
15992
+ {
15993
+ "id": "CWE-787",
15994
+ "name": "Out-of-bounds Write",
15995
+ "category": "Memory Safety"
15996
+ },
15997
+ {
15998
+ "id": "CWE-79",
15999
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
16000
+ "category": "Injection"
16001
+ },
16002
+ {
16003
+ "id": "CWE-798",
16004
+ "name": "Use of Hard-coded Credentials",
16005
+ "category": "Credentials"
16006
+ },
16007
+ {
16008
+ "id": "CWE-89",
16009
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
16010
+ "category": "Injection"
16011
+ },
16012
+ {
16013
+ "id": "CWE-918",
16014
+ "name": "Server-Side Request Forgery (SSRF)",
16015
+ "category": "Network"
16016
+ },
16017
+ {
16018
+ "id": "CWE-94",
16019
+ "name": "Improper Control of Generation of Code (Code Injection)",
16020
+ "category": "Injection"
16021
+ }
16022
+ ],
16023
+ "atlas": [
16024
+ {
16025
+ "id": "AML.T0010",
16026
+ "name": "ML Supply Chain Compromise",
16027
+ "tactic": "Initial Access"
16028
+ },
16029
+ {
16030
+ "id": "AML.T0016",
16031
+ "name": "Obtain Capabilities: Develop Capabilities",
16032
+ "tactic": "Resource Development"
16033
+ },
16034
+ {
16035
+ "id": "AML.T0017",
16036
+ "name": "Discover ML Model Ontology",
16037
+ "tactic": "Discovery"
16038
+ },
16039
+ {
16040
+ "id": "AML.T0018",
16041
+ "name": "Backdoor ML Model",
16042
+ "tactic": "Persistence"
16043
+ },
16044
+ {
16045
+ "id": "AML.T0020",
16046
+ "name": "Poison Training Data",
16047
+ "tactic": "ML Attack Staging"
16048
+ },
16049
+ {
16050
+ "id": "AML.T0043",
16051
+ "name": "Craft Adversarial Data",
16052
+ "tactic": "ML Attack Staging"
16053
+ },
16054
+ {
16055
+ "id": "AML.T0051",
16056
+ "name": "LLM Prompt Injection",
16057
+ "tactic": "Execution"
16058
+ },
16059
+ {
16060
+ "id": "AML.T0054",
16061
+ "name": "LLM Jailbreak",
16062
+ "tactic": "Defense Evasion"
16063
+ },
16064
+ {
16065
+ "id": "AML.T0096",
16066
+ "name": "AI API as Covert C2 Channel",
16067
+ "tactic": "Command and Control"
16068
+ }
16069
+ ],
16070
+ "d3fend": [
16071
+ {
16072
+ "id": "D3-ASLR",
16073
+ "name": "Address Space Layout Randomization",
16074
+ "tactic": "Harden"
16075
+ },
16076
+ {
16077
+ "id": "D3-CSPP",
16078
+ "name": "Client-server Payload Profiling",
16079
+ "tactic": "Detect"
16080
+ },
16081
+ {
16082
+ "id": "D3-EAL",
16083
+ "name": "Executable Allowlisting",
16084
+ "tactic": "Harden"
16085
+ },
16086
+ {
16087
+ "id": "D3-IOPR",
16088
+ "name": "Input/Output Profiling Resource",
16089
+ "tactic": "Detect"
16090
+ },
16091
+ {
16092
+ "id": "D3-NTA",
16093
+ "name": "Network Traffic Analysis",
16094
+ "tactic": "Detect"
16095
+ },
16096
+ {
16097
+ "id": "D3-PHRA",
16098
+ "name": "Process Hardware Resource Access",
16099
+ "tactic": "Isolate"
16100
+ },
16101
+ {
16102
+ "id": "D3-PSEP",
16103
+ "name": "Process Segment Execution Prevention",
16104
+ "tactic": "Harden"
16105
+ }
16106
+ ],
16107
+ "framework_gaps": [
16108
+ {
16109
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
16110
+ "framework": "ALL",
16111
+ "control_name": "AI Pipeline Integrity"
16112
+ },
16113
+ {
16114
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
16115
+ "framework": "ALL",
16116
+ "control_name": "Prompt Injection as Access Control Failure"
16117
+ },
16118
+ {
16119
+ "id": "CIS-Controls-v8-Control7",
16120
+ "framework": "CIS Controls v8",
16121
+ "control_name": "Continuous Vulnerability Management"
16122
+ },
16123
+ {
16124
+ "id": "CMMC-2.0-Level-2",
16125
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
16126
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
16127
+ },
16128
+ {
16129
+ "id": "FedRAMP-Rev5-Moderate",
16130
+ "framework": "FedRAMP Rev 5 Moderate",
16131
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
16132
+ },
16133
+ {
16134
+ "id": "IEC-62443-3-3",
16135
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
16136
+ "control_name": "System security requirements and security levels"
16137
+ },
16138
+ {
16139
+ "id": "ISO-27001-2022-A.8.28",
16140
+ "framework": "ISO/IEC 27001:2022",
16141
+ "control_name": "Secure coding"
16142
+ },
16143
+ {
16144
+ "id": "ISO-27001-2022-A.8.8",
16145
+ "framework": "ISO/IEC 27001:2022",
16146
+ "control_name": "Management of technical vulnerabilities"
16147
+ },
16148
+ {
16149
+ "id": "ISO-IEC-23894-2023-clause-7",
16150
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
16151
+ "control_name": "AI risk management process"
16152
+ },
16153
+ {
16154
+ "id": "NERC-CIP-007-6-R4",
16155
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
16156
+ "control_name": "Security event monitoring"
16157
+ },
16158
+ {
16159
+ "id": "NIS2-Art21-patch-management",
16160
+ "framework": "EU NIS2 Directive",
16161
+ "control_name": "Vulnerability handling and disclosure"
16162
+ },
16163
+ {
16164
+ "id": "NIST-800-115",
16165
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
16166
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
16167
+ },
16168
+ {
16169
+ "id": "NIST-800-218-SSDF",
16170
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
16171
+ "control_name": "Secure Software Development Framework"
16172
+ },
16173
+ {
16174
+ "id": "NIST-800-53-AC-2",
16175
+ "framework": "NIST SP 800-53 Rev 5",
16176
+ "control_name": "Account Management"
16177
+ },
16178
+ {
16179
+ "id": "NIST-800-53-SC-8",
16180
+ "framework": "NIST SP 800-53 Rev 5",
16181
+ "control_name": "Transmission Confidentiality and Integrity"
16182
+ },
16183
+ {
16184
+ "id": "NIST-800-53-SI-2",
16185
+ "framework": "NIST SP 800-53 Rev 5",
16186
+ "control_name": "Flaw Remediation"
16187
+ },
16188
+ {
16189
+ "id": "NIST-800-53-SI-3",
16190
+ "framework": "NIST SP 800-53 Rev 5",
16191
+ "control_name": "Malicious Code Protection"
16192
+ },
16193
+ {
16194
+ "id": "NIST-800-82r3",
16195
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
16196
+ "control_name": "Guide to Operational Technology (OT) Security"
16197
+ },
16198
+ {
16199
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
16200
+ "framework": "OWASP Top 10 for LLM Applications 2025",
16201
+ "control_name": "Prompt Injection"
16202
+ },
16203
+ {
16204
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
16205
+ "framework": "OWASP Top 10 for LLM Applications 2025",
16206
+ "control_name": "Sensitive Information Disclosure"
16207
+ },
16208
+ {
16209
+ "id": "OWASP-Pen-Testing-Guide-v5",
16210
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
16211
+ "control_name": "Web application penetration testing methodology"
16212
+ },
16213
+ {
16214
+ "id": "PCI-DSS-4.0-6.3.3",
16215
+ "framework": "PCI DSS 4.0",
16216
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
16217
+ },
16218
+ {
16219
+ "id": "PTES-Pre-engagement",
16220
+ "framework": "Penetration Testing Execution Standard (PTES)",
16221
+ "control_name": "Pre-engagement Interactions"
16222
+ },
16223
+ {
16224
+ "id": "SOC2-CC6-logical-access",
16225
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
16226
+ "control_name": "Logical and Physical Access Controls"
16227
+ },
16228
+ {
16229
+ "id": "SOC2-CC9-vendor-management",
16230
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
16231
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
16232
+ }
16233
+ ],
16234
+ "attack_refs": [
16235
+ "T0855",
16236
+ "T0883",
16237
+ "T1059",
16238
+ "T1068",
16239
+ "T1078",
16240
+ "T1133",
16241
+ "T1190",
16242
+ "T1548.001",
16243
+ "T1566"
16244
+ ],
16245
+ "rfc_refs": [
16246
+ "RFC-4301",
16247
+ "RFC-4303",
16248
+ "RFC-7296"
16249
+ ]
16250
+ }
16251
+ },
15890
16252
  "CVE-2025-32432": {
15891
16253
  "name": "Craft CMS Code Injection Vulnerability",
15892
16254
  "rwep": 77,
@@ -40912,6 +41274,7 @@
40912
41274
  "CVE-2025-10585",
40913
41275
  "CVE-2025-1094",
40914
41276
  "CVE-2025-14174",
41277
+ "CVE-2025-34291",
40915
41278
  "CVE-2025-38352",
40916
41279
  "CVE-2025-43300",
40917
41280
  "CVE-2025-49844",
@@ -41254,6 +41617,7 @@
41254
41617
  "CVE-2025-10585",
41255
41618
  "CVE-2025-1094",
41256
41619
  "CVE-2025-14174",
41620
+ "CVE-2025-34291",
41257
41621
  "CVE-2025-38352",
41258
41622
  "CVE-2025-43300",
41259
41623
  "CVE-2025-6965",
@@ -41389,6 +41753,7 @@
41389
41753
  "CVE-2025-10585",
41390
41754
  "CVE-2025-1094",
41391
41755
  "CVE-2025-14174",
41756
+ "CVE-2025-34291",
41392
41757
  "CVE-2025-38352",
41393
41758
  "CVE-2025-43300",
41394
41759
  "CVE-2025-6965",
@@ -41538,6 +41903,7 @@
41538
41903
  "CVE-2025-10585",
41539
41904
  "CVE-2025-1094",
41540
41905
  "CVE-2025-14174",
41906
+ "CVE-2025-34291",
41541
41907
  "CVE-2025-38352",
41542
41908
  "CVE-2025-43300",
41543
41909
  "CVE-2025-6965",
@@ -41792,6 +42158,7 @@
41792
42158
  "CVE-2025-0133",
41793
42159
  "CVE-2025-1094",
41794
42160
  "CVE-2025-11837",
42161
+ "CVE-2025-34291",
41795
42162
  "CVE-2025-49844",
41796
42163
  "CVE-2025-53773",
41797
42164
  "CVE-2025-6965",
@@ -42064,6 +42431,7 @@
42064
42431
  "CVE-2025-33053",
42065
42432
  "CVE-2025-33073",
42066
42433
  "CVE-2025-34026",
42434
+ "CVE-2025-34291",
42067
42435
  "CVE-2025-35939",
42068
42436
  "CVE-2025-37164",
42069
42437
  "CVE-2025-38352",
@@ -42786,6 +43154,7 @@
42786
43154
  "CVE-2025-10585",
42787
43155
  "CVE-2025-1094",
42788
43156
  "CVE-2025-14174",
43157
+ "CVE-2025-34291",
42789
43158
  "CVE-2025-38352",
42790
43159
  "CVE-2025-43300",
42791
43160
  "CVE-2025-49844",
@@ -43360,6 +43729,7 @@
43360
43729
  "CVE-2025-10585",
43361
43730
  "CVE-2025-1094",
43362
43731
  "CVE-2025-14174",
43732
+ "CVE-2025-34291",
43363
43733
  "CVE-2025-38352",
43364
43734
  "CVE-2025-43300",
43365
43735
  "CVE-2025-49844",
@@ -43570,6 +43940,7 @@
43570
43940
  "CVE-2025-10585",
43571
43941
  "CVE-2025-1094",
43572
43942
  "CVE-2025-14174",
43943
+ "CVE-2025-34291",
43573
43944
  "CVE-2025-38352",
43574
43945
  "CVE-2025-43300",
43575
43946
  "CVE-2025-53773",
@@ -43668,7 +44039,7 @@
43668
44039
  {
43669
44040
  "id": "DRAFT-IETF-TLS-HYBRID-DESIGN",
43670
44041
  "title": "Hybrid key exchange in TLS 1.3",
43671
- "status": "Draft"
44042
+ "status": "Informational"
43672
44043
  },
43673
44044
  {
43674
44045
  "id": "RFC-8032",
@@ -44210,6 +44581,7 @@
44210
44581
  "CVE-2025-10585",
44211
44582
  "CVE-2025-1094",
44212
44583
  "CVE-2025-14174",
44584
+ "CVE-2025-34291",
44213
44585
  "CVE-2025-38352",
44214
44586
  "CVE-2025-43300",
44215
44587
  "CVE-2025-49844",
@@ -44484,6 +44856,7 @@
44484
44856
  "CVE-2025-33053",
44485
44857
  "CVE-2025-33073",
44486
44858
  "CVE-2025-34026",
44859
+ "CVE-2025-34291",
44487
44860
  "CVE-2025-35939",
44488
44861
  "CVE-2025-37164",
44489
44862
  "CVE-2025-38352",
@@ -44874,6 +45247,7 @@
44874
45247
  "CVE-2025-33053",
44875
45248
  "CVE-2025-33073",
44876
45249
  "CVE-2025-34026",
45250
+ "CVE-2025-34291",
44877
45251
  "CVE-2025-35939",
44878
45252
  "CVE-2025-37164",
44879
45253
  "CVE-2025-38352",
@@ -45237,6 +45611,7 @@
45237
45611
  "CVE-2025-10585",
45238
45612
  "CVE-2025-1094",
45239
45613
  "CVE-2025-14174",
45614
+ "CVE-2025-34291",
45240
45615
  "CVE-2025-38352",
45241
45616
  "CVE-2025-43300",
45242
45617
  "CVE-2025-49844",
@@ -46063,6 +46438,7 @@
46063
46438
  "CVE-2025-33053",
46064
46439
  "CVE-2025-33073",
46065
46440
  "CVE-2025-34026",
46441
+ "CVE-2025-34291",
46066
46442
  "CVE-2025-35939",
46067
46443
  "CVE-2025-37164",
46068
46444
  "CVE-2025-38352",
@@ -46490,6 +46866,7 @@
46490
46866
  "CVE-2025-10585",
46491
46867
  "CVE-2025-1094",
46492
46868
  "CVE-2025-14174",
46869
+ "CVE-2025-34291",
46493
46870
  "CVE-2025-38352",
46494
46871
  "CVE-2025-43300",
46495
46872
  "CVE-2025-49844",
@@ -46845,6 +47222,7 @@
46845
47222
  "CVE-2025-33053",
46846
47223
  "CVE-2025-33073",
46847
47224
  "CVE-2025-34026",
47225
+ "CVE-2025-34291",
46848
47226
  "CVE-2025-35939",
46849
47227
  "CVE-2025-37164",
46850
47228
  "CVE-2025-38352",
@@ -47287,6 +47665,7 @@
47287
47665
  "CVE-2025-10585",
47288
47666
  "CVE-2025-1094",
47289
47667
  "CVE-2025-14174",
47668
+ "CVE-2025-34291",
47290
47669
  "CVE-2025-38352",
47291
47670
  "CVE-2025-43300",
47292
47671
  "CVE-2025-49844",
@@ -48197,6 +48576,7 @@
48197
48576
  "CVE-2025-10585",
48198
48577
  "CVE-2025-1094",
48199
48578
  "CVE-2025-14174",
48579
+ "CVE-2025-34291",
48200
48580
  "CVE-2025-38352",
48201
48581
  "CVE-2025-43300",
48202
48582
  "CVE-2025-49844",
@@ -48267,6 +48647,7 @@
48267
48647
  "CVE-2025-10585",
48268
48648
  "CVE-2025-1094",
48269
48649
  "CVE-2025-14174",
48650
+ "CVE-2025-34291",
48270
48651
  "CVE-2025-38352",
48271
48652
  "CVE-2025-43300",
48272
48653
  "CVE-2026-31431",
@@ -48410,6 +48791,7 @@
48410
48791
  "CVE-2025-0133",
48411
48792
  "CVE-2025-1094",
48412
48793
  "CVE-2025-11837",
48794
+ "CVE-2025-34291",
48413
48795
  "CVE-2025-53773",
48414
48796
  "CVE-2025-6965",
48415
48797
  "CVE-2026-22778",
@@ -48868,6 +49250,7 @@
48868
49250
  "CVE-2025-33053",
48869
49251
  "CVE-2025-33073",
48870
49252
  "CVE-2025-34026",
49253
+ "CVE-2025-34291",
48871
49254
  "CVE-2025-35939",
48872
49255
  "CVE-2025-37164",
48873
49256
  "CVE-2025-38352",
@@ -49225,6 +49608,7 @@
49225
49608
  "CVE-2025-10585",
49226
49609
  "CVE-2025-1094",
49227
49610
  "CVE-2025-14174",
49611
+ "CVE-2025-34291",
49228
49612
  "CVE-2025-38352",
49229
49613
  "CVE-2025-43300",
49230
49614
  "CVE-2025-49844",
@@ -49492,6 +49876,7 @@
49492
49876
  "CVE-2025-11837",
49493
49877
  "CVE-2025-14847",
49494
49878
  "CVE-2025-22226",
49879
+ "CVE-2025-34291",
49495
49880
  "CVE-2025-53767",
49496
49881
  "CVE-2025-53773",
49497
49882
  "CVE-2025-6965",
package/data/attack-techniques.json CHANGED
@@ -271,6 +271,7 @@
271
271
  "cve_refs": [
272
272
  "CVE-2025-1094",
273
273
  "CVE-2025-11837",
274
+ "CVE-2025-34291",
274
275
  "CVE-2025-53773",
275
276
  "CVE-2025-55319",
276
277
  "CVE-2025-68664",
@@ -853,6 +854,7 @@
853
854
  "CVE-2025-32756",
854
855
  "CVE-2025-33053",
855
856
  "CVE-2025-33073",
857
+ "CVE-2025-34291",
856
858
  "CVE-2025-35939",
857
859
  "CVE-2025-37164",
858
860
  "CVE-2025-3935",
@@ -2507,7 +2509,8 @@
2507
2509
  "name": "Steal Web Session Cookie",
2508
2510
  "version": "v19",
2509
2511
  "cve_refs": [
2510
- "CVE-2025-0133"
2512
+ "CVE-2025-0133",
2513
+ "CVE-2025-34291"
2511
2514
  ],
2512
2515
  "description_full": "An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials. Web applications and services often use session cookies as an authentication token after a user has authenticated to a website. Cookies are often valid for an extended period of time, even if the web application is not actively used. Cookies can be found on disk, in the process memory of the browser, and in network traffic to remote systems. Additionally, other applications on the targets machine might store sensitive authentication cookies in memory (e.g. apps which authenticate to cloud services). Session cookies can be used to bypasses some multi-factor authentication protocols.(Citation: Pass The Cookie) There are several examples of malware targeting cookies from web browsers on the local system.(Citation: Kaspersky TajMahal April 2019)(Citation: Unit 42 Mac Crypto Cookies January 2019) Adversaries may also steal cookies by injecting malicious JavaScript content into websites or relying on [User Execution](https://attack.mitre.org/techniques/T1204) by tricking victims into running malicious JavaScript in their browser.(Citation: Talos Roblox Scam 2023)(Citation: Krebs Discord Bookmarks 2023) There are also open source frameworks such as `Evilginx2` and `Muraena` that can gather session cookies through a malicious proxy (e.g., [Adversary-in-the-Middle](https://attack.mitre.org/techniques/T1557)) that can be set up by an adversary and used in phishing campaigns.(Citation: Github evilginx2)(Citation: GitHub Mauraena) After an adversary acquires a valid cookie, they can then perform a [Web Session Cookie](https://attack.mitre.org/techniques/T1550/004) technique to login to the corresponding web application.",
2513
2516
  "platforms": [