@blamejs/exceptd-skills 0.13.66 → 0.13.68

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +8 -8
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +659 -0
  6. package/data/attack-techniques.json +5 -1
  7. package/data/cve-catalog.json +236 -0
  8. package/data/cwe-catalog.json +12 -5
  9. package/data/framework-control-gaps.json +16 -1
  10. package/data/zeroday-lessons.json +90 -0
  11. package/manifest.json +44 -44
  12. package/package.json +2 -2
  13. package/sbom.cdx.json +23 -23
package/data/_indexes/chains.json CHANGED
@@ -15887,6 +15887,622 @@
15887
15887
  ]
15888
15888
  }
15889
15889
  },
15890
+ "CVE-2025-34291": {
15891
+ "name": "Langflow Account Takeover + RCE (CORS / refresh-token chain)",
15892
+ "rwep": 80,
15893
+ "cvss": 8.8,
15894
+ "cisa_kev": true,
15895
+ "epss_score": null,
15896
+ "referencing_skills": [
15897
+ "kernel-lpe-triage",
15898
+ "ai-attack-surface",
15899
+ "compliance-theater",
15900
+ "attack-surface-pentest",
15901
+ "ot-ics-security",
15902
+ "coordinated-vuln-disclosure",
15903
+ "sector-energy"
15904
+ ],
15905
+ "chain": {
15906
+ "cwes": [
15907
+ {
15908
+ "id": "CWE-1037",
15909
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
15910
+ "category": "Hardware / Side Channel"
15911
+ },
15912
+ {
15913
+ "id": "CWE-1039",
15914
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
15915
+ "category": "AI/ML"
15916
+ },
15917
+ {
15918
+ "id": "CWE-125",
15919
+ "name": "Out-of-bounds Read",
15920
+ "category": "Memory Safety"
15921
+ },
15922
+ {
15923
+ "id": "CWE-1357",
15924
+ "name": "Reliance on Insufficiently Trustworthy Component",
15925
+ "category": "Supply Chain"
15926
+ },
15927
+ {
15928
+ "id": "CWE-1395",
15929
+ "name": "Dependency on Vulnerable Third-Party Component",
15930
+ "category": "Supply Chain"
15931
+ },
15932
+ {
15933
+ "id": "CWE-1426",
15934
+ "name": "Improper Validation of Generative AI Output",
15935
+ "category": "AI/ML"
15936
+ },
15937
+ {
15938
+ "id": "CWE-22",
15939
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
15940
+ "category": "Path/Resource"
15941
+ },
15942
+ {
15943
+ "id": "CWE-269",
15944
+ "name": "Improper Privilege Management",
15945
+ "category": "Authorization"
15946
+ },
15947
+ {
15948
+ "id": "CWE-287",
15949
+ "name": "Improper Authentication",
15950
+ "category": "Authentication"
15951
+ },
15952
+ {
15953
+ "id": "CWE-306",
15954
+ "name": "Missing Authentication for Critical Function",
15955
+ "category": "Authentication"
15956
+ },
15957
+ {
15958
+ "id": "CWE-352",
15959
+ "name": "Cross-Site Request Forgery (CSRF)",
15960
+ "category": "Session"
15961
+ },
15962
+ {
15963
+ "id": "CWE-362",
15964
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
15965
+ "category": "Concurrency"
15966
+ },
15967
+ {
15968
+ "id": "CWE-416",
15969
+ "name": "Use After Free",
15970
+ "category": "Memory Safety"
15971
+ },
15972
+ {
15973
+ "id": "CWE-434",
15974
+ "name": "Unrestricted Upload of File with Dangerous Type",
15975
+ "category": "File Handling"
15976
+ },
15977
+ {
15978
+ "id": "CWE-672",
15979
+ "name": "Operation on a Resource after Expiration or Release",
15980
+ "category": "Memory Safety"
15981
+ },
15982
+ {
15983
+ "id": "CWE-732",
15984
+ "name": "Incorrect Permission Assignment for Critical Resource",
15985
+ "category": "Authorization"
15986
+ },
15987
+ {
15988
+ "id": "CWE-78",
15989
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
15990
+ "category": "Injection"
15991
+ },
15992
+ {
15993
+ "id": "CWE-787",
15994
+ "name": "Out-of-bounds Write",
15995
+ "category": "Memory Safety"
15996
+ },
15997
+ {
15998
+ "id": "CWE-79",
15999
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
16000
+ "category": "Injection"
16001
+ },
16002
+ {
16003
+ "id": "CWE-798",
16004
+ "name": "Use of Hard-coded Credentials",
16005
+ "category": "Credentials"
16006
+ },
16007
+ {
16008
+ "id": "CWE-89",
16009
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
16010
+ "category": "Injection"
16011
+ },
16012
+ {
16013
+ "id": "CWE-918",
16014
+ "name": "Server-Side Request Forgery (SSRF)",
16015
+ "category": "Network"
16016
+ },
16017
+ {
16018
+ "id": "CWE-94",
16019
+ "name": "Improper Control of Generation of Code (Code Injection)",
16020
+ "category": "Injection"
16021
+ }
16022
+ ],
16023
+ "atlas": [
16024
+ {
16025
+ "id": "AML.T0010",
16026
+ "name": "ML Supply Chain Compromise",
16027
+ "tactic": "Initial Access"
16028
+ },
16029
+ {
16030
+ "id": "AML.T0016",
16031
+ "name": "Obtain Capabilities: Develop Capabilities",
16032
+ "tactic": "Resource Development"
16033
+ },
16034
+ {
16035
+ "id": "AML.T0017",
16036
+ "name": "Discover ML Model Ontology",
16037
+ "tactic": "Discovery"
16038
+ },
16039
+ {
16040
+ "id": "AML.T0018",
16041
+ "name": "Backdoor ML Model",
16042
+ "tactic": "Persistence"
16043
+ },
16044
+ {
16045
+ "id": "AML.T0020",
16046
+ "name": "Poison Training Data",
16047
+ "tactic": "ML Attack Staging"
16048
+ },
16049
+ {
16050
+ "id": "AML.T0043",
16051
+ "name": "Craft Adversarial Data",
16052
+ "tactic": "ML Attack Staging"
16053
+ },
16054
+ {
16055
+ "id": "AML.T0051",
16056
+ "name": "LLM Prompt Injection",
16057
+ "tactic": "Execution"
16058
+ },
16059
+ {
16060
+ "id": "AML.T0054",
16061
+ "name": "LLM Jailbreak",
16062
+ "tactic": "Defense Evasion"
16063
+ },
16064
+ {
16065
+ "id": "AML.T0096",
16066
+ "name": "AI API as Covert C2 Channel",
16067
+ "tactic": "Command and Control"
16068
+ }
16069
+ ],
16070
+ "d3fend": [
16071
+ {
16072
+ "id": "D3-ASLR",
16073
+ "name": "Address Space Layout Randomization",
16074
+ "tactic": "Harden"
16075
+ },
16076
+ {
16077
+ "id": "D3-CSPP",
16078
+ "name": "Client-server Payload Profiling",
16079
+ "tactic": "Detect"
16080
+ },
16081
+ {
16082
+ "id": "D3-EAL",
16083
+ "name": "Executable Allowlisting",
16084
+ "tactic": "Harden"
16085
+ },
16086
+ {
16087
+ "id": "D3-IOPR",
16088
+ "name": "Input/Output Profiling Resource",
16089
+ "tactic": "Detect"
16090
+ },
16091
+ {
16092
+ "id": "D3-NTA",
16093
+ "name": "Network Traffic Analysis",
16094
+ "tactic": "Detect"
16095
+ },
16096
+ {
16097
+ "id": "D3-PHRA",
16098
+ "name": "Process Hardware Resource Access",
16099
+ "tactic": "Isolate"
16100
+ },
16101
+ {
16102
+ "id": "D3-PSEP",
16103
+ "name": "Process Segment Execution Prevention",
16104
+ "tactic": "Harden"
16105
+ }
16106
+ ],
16107
+ "framework_gaps": [
16108
+ {
16109
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
16110
+ "framework": "ALL",
16111
+ "control_name": "AI Pipeline Integrity"
16112
+ },
16113
+ {
16114
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
16115
+ "framework": "ALL",
16116
+ "control_name": "Prompt Injection as Access Control Failure"
16117
+ },
16118
+ {
16119
+ "id": "CIS-Controls-v8-Control7",
16120
+ "framework": "CIS Controls v8",
16121
+ "control_name": "Continuous Vulnerability Management"
16122
+ },
16123
+ {
16124
+ "id": "CMMC-2.0-Level-2",
16125
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
16126
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
16127
+ },
16128
+ {
16129
+ "id": "FedRAMP-Rev5-Moderate",
16130
+ "framework": "FedRAMP Rev 5 Moderate",
16131
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
16132
+ },
16133
+ {
16134
+ "id": "IEC-62443-3-3",
16135
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
16136
+ "control_name": "System security requirements and security levels"
16137
+ },
16138
+ {
16139
+ "id": "ISO-27001-2022-A.8.28",
16140
+ "framework": "ISO/IEC 27001:2022",
16141
+ "control_name": "Secure coding"
16142
+ },
16143
+ {
16144
+ "id": "ISO-27001-2022-A.8.8",
16145
+ "framework": "ISO/IEC 27001:2022",
16146
+ "control_name": "Management of technical vulnerabilities"
16147
+ },
16148
+ {
16149
+ "id": "ISO-IEC-23894-2023-clause-7",
16150
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
16151
+ "control_name": "AI risk management process"
16152
+ },
16153
+ {
16154
+ "id": "NERC-CIP-007-6-R4",
16155
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
16156
+ "control_name": "Security event monitoring"
16157
+ },
16158
+ {
16159
+ "id": "NIS2-Art21-patch-management",
16160
+ "framework": "EU NIS2 Directive",
16161
+ "control_name": "Vulnerability handling and disclosure"
16162
+ },
16163
+ {
16164
+ "id": "NIST-800-115",
16165
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
16166
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
16167
+ },
16168
+ {
16169
+ "id": "NIST-800-218-SSDF",
16170
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
16171
+ "control_name": "Secure Software Development Framework"
16172
+ },
16173
+ {
16174
+ "id": "NIST-800-53-AC-2",
16175
+ "framework": "NIST SP 800-53 Rev 5",
16176
+ "control_name": "Account Management"
16177
+ },
16178
+ {
16179
+ "id": "NIST-800-53-SC-8",
16180
+ "framework": "NIST SP 800-53 Rev 5",
16181
+ "control_name": "Transmission Confidentiality and Integrity"
16182
+ },
16183
+ {
16184
+ "id": "NIST-800-53-SI-2",
16185
+ "framework": "NIST SP 800-53 Rev 5",
16186
+ "control_name": "Flaw Remediation"
16187
+ },
16188
+ {
16189
+ "id": "NIST-800-53-SI-3",
16190
+ "framework": "NIST SP 800-53 Rev 5",
16191
+ "control_name": "Malicious Code Protection"
16192
+ },
16193
+ {
16194
+ "id": "NIST-800-82r3",
16195
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
16196
+ "control_name": "Guide to Operational Technology (OT) Security"
16197
+ },
16198
+ {
16199
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
16200
+ "framework": "OWASP Top 10 for LLM Applications 2025",
16201
+ "control_name": "Prompt Injection"
16202
+ },
16203
+ {
16204
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
16205
+ "framework": "OWASP Top 10 for LLM Applications 2025",
16206
+ "control_name": "Sensitive Information Disclosure"
16207
+ },
16208
+ {
16209
+ "id": "OWASP-Pen-Testing-Guide-v5",
16210
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
16211
+ "control_name": "Web application penetration testing methodology"
16212
+ },
16213
+ {
16214
+ "id": "PCI-DSS-4.0-6.3.3",
16215
+ "framework": "PCI DSS 4.0",
16216
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
16217
+ },
16218
+ {
16219
+ "id": "PTES-Pre-engagement",
16220
+ "framework": "Penetration Testing Execution Standard (PTES)",
16221
+ "control_name": "Pre-engagement Interactions"
16222
+ },
16223
+ {
16224
+ "id": "SOC2-CC6-logical-access",
16225
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
16226
+ "control_name": "Logical and Physical Access Controls"
16227
+ },
16228
+ {
16229
+ "id": "SOC2-CC9-vendor-management",
16230
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
16231
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
16232
+ }
16233
+ ],
16234
+ "attack_refs": [
16235
+ "T0855",
16236
+ "T0883",
16237
+ "T1059",
16238
+ "T1068",
16239
+ "T1078",
16240
+ "T1133",
16241
+ "T1190",
16242
+ "T1548.001",
16243
+ "T1566"
16244
+ ],
16245
+ "rfc_refs": [
16246
+ "RFC-4301",
16247
+ "RFC-4303",
16248
+ "RFC-7296"
16249
+ ]
16250
+ }
16251
+ },
16252
+ "CVE-2026-41091": {
16253
+ "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
16254
+ "rwep": 45,
16255
+ "cvss": 7.8,
16256
+ "cisa_kev": true,
16257
+ "epss_score": null,
16258
+ "referencing_skills": [
16259
+ "kernel-lpe-triage",
16260
+ "attack-surface-pentest",
16261
+ "ot-ics-security",
16262
+ "coordinated-vuln-disclosure",
16263
+ "sector-energy"
16264
+ ],
16265
+ "chain": {
16266
+ "cwes": [
16267
+ {
16268
+ "id": "CWE-1037",
16269
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
16270
+ "category": "Hardware / Side Channel"
16271
+ },
16272
+ {
16273
+ "id": "CWE-125",
16274
+ "name": "Out-of-bounds Read",
16275
+ "category": "Memory Safety"
16276
+ },
16277
+ {
16278
+ "id": "CWE-1357",
16279
+ "name": "Reliance on Insufficiently Trustworthy Component",
16280
+ "category": "Supply Chain"
16281
+ },
16282
+ {
16283
+ "id": "CWE-1395",
16284
+ "name": "Dependency on Vulnerable Third-Party Component",
16285
+ "category": "Supply Chain"
16286
+ },
16287
+ {
16288
+ "id": "CWE-22",
16289
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
16290
+ "category": "Path/Resource"
16291
+ },
16292
+ {
16293
+ "id": "CWE-269",
16294
+ "name": "Improper Privilege Management",
16295
+ "category": "Authorization"
16296
+ },
16297
+ {
16298
+ "id": "CWE-287",
16299
+ "name": "Improper Authentication",
16300
+ "category": "Authentication"
16301
+ },
16302
+ {
16303
+ "id": "CWE-306",
16304
+ "name": "Missing Authentication for Critical Function",
16305
+ "category": "Authentication"
16306
+ },
16307
+ {
16308
+ "id": "CWE-352",
16309
+ "name": "Cross-Site Request Forgery (CSRF)",
16310
+ "category": "Session"
16311
+ },
16312
+ {
16313
+ "id": "CWE-362",
16314
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
16315
+ "category": "Concurrency"
16316
+ },
16317
+ {
16318
+ "id": "CWE-416",
16319
+ "name": "Use After Free",
16320
+ "category": "Memory Safety"
16321
+ },
16322
+ {
16323
+ "id": "CWE-434",
16324
+ "name": "Unrestricted Upload of File with Dangerous Type",
16325
+ "category": "File Handling"
16326
+ },
16327
+ {
16328
+ "id": "CWE-672",
16329
+ "name": "Operation on a Resource after Expiration or Release",
16330
+ "category": "Memory Safety"
16331
+ },
16332
+ {
16333
+ "id": "CWE-732",
16334
+ "name": "Incorrect Permission Assignment for Critical Resource",
16335
+ "category": "Authorization"
16336
+ },
16337
+ {
16338
+ "id": "CWE-78",
16339
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
16340
+ "category": "Injection"
16341
+ },
16342
+ {
16343
+ "id": "CWE-787",
16344
+ "name": "Out-of-bounds Write",
16345
+ "category": "Memory Safety"
16346
+ },
16347
+ {
16348
+ "id": "CWE-79",
16349
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
16350
+ "category": "Injection"
16351
+ },
16352
+ {
16353
+ "id": "CWE-798",
16354
+ "name": "Use of Hard-coded Credentials",
16355
+ "category": "Credentials"
16356
+ },
16357
+ {
16358
+ "id": "CWE-89",
16359
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
16360
+ "category": "Injection"
16361
+ },
16362
+ {
16363
+ "id": "CWE-918",
16364
+ "name": "Server-Side Request Forgery (SSRF)",
16365
+ "category": "Network"
16366
+ }
16367
+ ],
16368
+ "atlas": [
16369
+ {
16370
+ "id": "AML.T0010",
16371
+ "name": "ML Supply Chain Compromise",
16372
+ "tactic": "Initial Access"
16373
+ },
16374
+ {
16375
+ "id": "AML.T0043",
16376
+ "name": "Craft Adversarial Data",
16377
+ "tactic": "ML Attack Staging"
16378
+ },
16379
+ {
16380
+ "id": "AML.T0051",
16381
+ "name": "LLM Prompt Injection",
16382
+ "tactic": "Execution"
16383
+ }
16384
+ ],
16385
+ "d3fend": [
16386
+ {
16387
+ "id": "D3-ASLR",
16388
+ "name": "Address Space Layout Randomization",
16389
+ "tactic": "Harden"
16390
+ },
16391
+ {
16392
+ "id": "D3-CSPP",
16393
+ "name": "Client-server Payload Profiling",
16394
+ "tactic": "Detect"
16395
+ },
16396
+ {
16397
+ "id": "D3-EAL",
16398
+ "name": "Executable Allowlisting",
16399
+ "tactic": "Harden"
16400
+ },
16401
+ {
16402
+ "id": "D3-NTA",
16403
+ "name": "Network Traffic Analysis",
16404
+ "tactic": "Detect"
16405
+ },
16406
+ {
16407
+ "id": "D3-PHRA",
16408
+ "name": "Process Hardware Resource Access",
16409
+ "tactic": "Isolate"
16410
+ },
16411
+ {
16412
+ "id": "D3-PSEP",
16413
+ "name": "Process Segment Execution Prevention",
16414
+ "tactic": "Harden"
16415
+ }
16416
+ ],
16417
+ "framework_gaps": [
16418
+ {
16419
+ "id": "CIS-Controls-v8-Control7",
16420
+ "framework": "CIS Controls v8",
16421
+ "control_name": "Continuous Vulnerability Management"
16422
+ },
16423
+ {
16424
+ "id": "IEC-62443-3-3",
16425
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
16426
+ "control_name": "System security requirements and security levels"
16427
+ },
16428
+ {
16429
+ "id": "ISO-27001-2022-A.8.8",
16430
+ "framework": "ISO/IEC 27001:2022",
16431
+ "control_name": "Management of technical vulnerabilities"
16432
+ },
16433
+ {
16434
+ "id": "NERC-CIP-007-6-R4",
16435
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
16436
+ "control_name": "Security event monitoring"
16437
+ },
16438
+ {
16439
+ "id": "NIS2-Art21-patch-management",
16440
+ "framework": "EU NIS2 Directive",
16441
+ "control_name": "Vulnerability handling and disclosure"
16442
+ },
16443
+ {
16444
+ "id": "NIST-800-115",
16445
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
16446
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
16447
+ },
16448
+ {
16449
+ "id": "NIST-800-218-SSDF",
16450
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
16451
+ "control_name": "Secure Software Development Framework"
16452
+ },
16453
+ {
16454
+ "id": "NIST-800-53-SC-8",
16455
+ "framework": "NIST SP 800-53 Rev 5",
16456
+ "control_name": "Transmission Confidentiality and Integrity"
16457
+ },
16458
+ {
16459
+ "id": "NIST-800-53-SI-2",
16460
+ "framework": "NIST SP 800-53 Rev 5",
16461
+ "control_name": "Flaw Remediation"
16462
+ },
16463
+ {
16464
+ "id": "NIST-800-82r3",
16465
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
16466
+ "control_name": "Guide to Operational Technology (OT) Security"
16467
+ },
16468
+ {
16469
+ "id": "OWASP-Pen-Testing-Guide-v5",
16470
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
16471
+ "control_name": "Web application penetration testing methodology"
16472
+ },
16473
+ {
16474
+ "id": "PCI-DSS-4.0-6.3.3",
16475
+ "framework": "PCI DSS 4.0",
16476
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
16477
+ },
16478
+ {
16479
+ "id": "PTES-Pre-engagement",
16480
+ "framework": "Penetration Testing Execution Standard (PTES)",
16481
+ "control_name": "Pre-engagement Interactions"
16482
+ },
16483
+ {
16484
+ "id": "SOC2-CC9-vendor-management",
16485
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
16486
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
16487
+ }
16488
+ ],
16489
+ "attack_refs": [
16490
+ "T0855",
16491
+ "T0883",
16492
+ "T1059",
16493
+ "T1068",
16494
+ "T1078",
16495
+ "T1133",
16496
+ "T1190",
16497
+ "T1548.001"
16498
+ ],
16499
+ "rfc_refs": [
16500
+ "RFC-4301",
16501
+ "RFC-4303",
16502
+ "RFC-7296"
16503
+ ]
16504
+ }
16505
+ },
15890
16506
  "CVE-2025-32432": {
15891
16507
  "name": "Craft CMS Code Injection Vulnerability",
15892
16508
  "rwep": 77,
@@ -40912,6 +41528,7 @@
40912
41528
  "CVE-2025-10585",
40913
41529
  "CVE-2025-1094",
40914
41530
  "CVE-2025-14174",
41531
+ "CVE-2025-34291",
40915
41532
  "CVE-2025-38352",
40916
41533
  "CVE-2025-43300",
40917
41534
  "CVE-2025-49844",
@@ -40921,6 +41538,7 @@
40921
41538
  "CVE-2026-30623",
40922
41539
  "CVE-2026-31431",
40923
41540
  "CVE-2026-39884",
41541
+ "CVE-2026-41091",
40924
41542
  "CVE-2026-42208",
40925
41543
  "CVE-2026-45321",
40926
41544
  "CVE-2026-46300",
@@ -41254,12 +41872,14 @@
41254
41872
  "CVE-2025-10585",
41255
41873
  "CVE-2025-1094",
41256
41874
  "CVE-2025-14174",
41875
+ "CVE-2025-34291",
41257
41876
  "CVE-2025-38352",
41258
41877
  "CVE-2025-43300",
41259
41878
  "CVE-2025-6965",
41260
41879
  "CVE-2026-30623",
41261
41880
  "CVE-2026-31431",
41262
41881
  "CVE-2026-39884",
41882
+ "CVE-2026-41091",
41263
41883
  "CVE-2026-42208",
41264
41884
  "CVE-2026-45321",
41265
41885
  "CVE-2026-46300",
@@ -41389,12 +42009,14 @@
41389
42009
  "CVE-2025-10585",
41390
42010
  "CVE-2025-1094",
41391
42011
  "CVE-2025-14174",
42012
+ "CVE-2025-34291",
41392
42013
  "CVE-2025-38352",
41393
42014
  "CVE-2025-43300",
41394
42015
  "CVE-2025-6965",
41395
42016
  "CVE-2026-30623",
41396
42017
  "CVE-2026-31431",
41397
42018
  "CVE-2026-39884",
42019
+ "CVE-2026-41091",
41398
42020
  "CVE-2026-42208",
41399
42021
  "CVE-2026-45321",
41400
42022
  "CVE-2026-46300",
@@ -41538,12 +42160,14 @@
41538
42160
  "CVE-2025-10585",
41539
42161
  "CVE-2025-1094",
41540
42162
  "CVE-2025-14174",
42163
+ "CVE-2025-34291",
41541
42164
  "CVE-2025-38352",
41542
42165
  "CVE-2025-43300",
41543
42166
  "CVE-2025-6965",
41544
42167
  "CVE-2026-30623",
41545
42168
  "CVE-2026-31431",
41546
42169
  "CVE-2026-39884",
42170
+ "CVE-2026-41091",
41547
42171
  "CVE-2026-42208",
41548
42172
  "CVE-2026-45321",
41549
42173
  "CVE-2026-46300",
@@ -41792,6 +42416,7 @@
41792
42416
  "CVE-2025-0133",
41793
42417
  "CVE-2025-1094",
41794
42418
  "CVE-2025-11837",
42419
+ "CVE-2025-34291",
41795
42420
  "CVE-2025-49844",
41796
42421
  "CVE-2025-53773",
41797
42422
  "CVE-2025-6965",
@@ -42064,6 +42689,7 @@
42064
42689
  "CVE-2025-33053",
42065
42690
  "CVE-2025-33073",
42066
42691
  "CVE-2025-34026",
42692
+ "CVE-2025-34291",
42067
42693
  "CVE-2025-35939",
42068
42694
  "CVE-2025-37164",
42069
42695
  "CVE-2025-38352",
@@ -42198,6 +42824,7 @@
42198
42824
  "CVE-2026-3909",
42199
42825
  "CVE-2026-3910",
42200
42826
  "CVE-2026-39884",
42827
+ "CVE-2026-41091",
42201
42828
  "CVE-2026-41940",
42202
42829
  "CVE-2026-42897",
42203
42830
  "CVE-2026-42945",
@@ -42786,6 +43413,7 @@
42786
43413
  "CVE-2025-10585",
42787
43414
  "CVE-2025-1094",
42788
43415
  "CVE-2025-14174",
43416
+ "CVE-2025-34291",
42789
43417
  "CVE-2025-38352",
42790
43418
  "CVE-2025-43300",
42791
43419
  "CVE-2025-49844",
@@ -42795,6 +43423,7 @@
42795
43423
  "CVE-2026-30623",
42796
43424
  "CVE-2026-31431",
42797
43425
  "CVE-2026-39884",
43426
+ "CVE-2026-41091",
42798
43427
  "CVE-2026-42208",
42799
43428
  "CVE-2026-45321",
42800
43429
  "CVE-2026-46300",
@@ -43360,6 +43989,7 @@
43360
43989
  "CVE-2025-10585",
43361
43990
  "CVE-2025-1094",
43362
43991
  "CVE-2025-14174",
43992
+ "CVE-2025-34291",
43363
43993
  "CVE-2025-38352",
43364
43994
  "CVE-2025-43300",
43365
43995
  "CVE-2025-49844",
@@ -43369,6 +43999,7 @@
43369
43999
  "CVE-2026-30623",
43370
44000
  "CVE-2026-31431",
43371
44001
  "CVE-2026-39884",
44002
+ "CVE-2026-41091",
43372
44003
  "CVE-2026-42208",
43373
44004
  "CVE-2026-45321",
43374
44005
  "CVE-2026-46300",
@@ -43570,12 +44201,14 @@
43570
44201
  "CVE-2025-10585",
43571
44202
  "CVE-2025-1094",
43572
44203
  "CVE-2025-14174",
44204
+ "CVE-2025-34291",
43573
44205
  "CVE-2025-38352",
43574
44206
  "CVE-2025-43300",
43575
44207
  "CVE-2025-53773",
43576
44208
  "CVE-2026-30615",
43577
44209
  "CVE-2026-31431",
43578
44210
  "CVE-2026-39884",
44211
+ "CVE-2026-41091",
43579
44212
  "CVE-2026-45321",
43580
44213
  "CVE-2026-46300",
43581
44214
  "CVE-2026-46333",
@@ -44210,6 +44843,7 @@
44210
44843
  "CVE-2025-10585",
44211
44844
  "CVE-2025-1094",
44212
44845
  "CVE-2025-14174",
44846
+ "CVE-2025-34291",
44213
44847
  "CVE-2025-38352",
44214
44848
  "CVE-2025-43300",
44215
44849
  "CVE-2025-49844",
@@ -44219,6 +44853,7 @@
44219
44853
  "CVE-2026-30623",
44220
44854
  "CVE-2026-31431",
44221
44855
  "CVE-2026-39884",
44856
+ "CVE-2026-41091",
44222
44857
  "CVE-2026-42208",
44223
44858
  "CVE-2026-45321",
44224
44859
  "CVE-2026-46300",
@@ -44484,6 +45119,7 @@
44484
45119
  "CVE-2025-33053",
44485
45120
  "CVE-2025-33073",
44486
45121
  "CVE-2025-34026",
45122
+ "CVE-2025-34291",
44487
45123
  "CVE-2025-35939",
44488
45124
  "CVE-2025-37164",
44489
45125
  "CVE-2025-38352",
@@ -44618,6 +45254,7 @@
44618
45254
  "CVE-2026-3909",
44619
45255
  "CVE-2026-3910",
44620
45256
  "CVE-2026-39884",
45257
+ "CVE-2026-41091",
44621
45258
  "CVE-2026-41940",
44622
45259
  "CVE-2026-42897",
44623
45260
  "CVE-2026-42945",
@@ -44874,6 +45511,7 @@
44874
45511
  "CVE-2025-33053",
44875
45512
  "CVE-2025-33073",
44876
45513
  "CVE-2025-34026",
45514
+ "CVE-2025-34291",
44877
45515
  "CVE-2025-35939",
44878
45516
  "CVE-2025-37164",
44879
45517
  "CVE-2025-38352",
@@ -45008,6 +45646,7 @@
45008
45646
  "CVE-2026-3909",
45009
45647
  "CVE-2026-3910",
45010
45648
  "CVE-2026-39884",
45649
+ "CVE-2026-41091",
45011
45650
  "CVE-2026-41940",
45012
45651
  "CVE-2026-42897",
45013
45652
  "CVE-2026-42945",
@@ -45237,6 +45876,7 @@
45237
45876
  "CVE-2025-10585",
45238
45877
  "CVE-2025-1094",
45239
45878
  "CVE-2025-14174",
45879
+ "CVE-2025-34291",
45240
45880
  "CVE-2025-38352",
45241
45881
  "CVE-2025-43300",
45242
45882
  "CVE-2025-49844",
@@ -45246,6 +45886,7 @@
45246
45886
  "CVE-2026-30623",
45247
45887
  "CVE-2026-31431",
45248
45888
  "CVE-2026-39884",
45889
+ "CVE-2026-41091",
45249
45890
  "CVE-2026-42208",
45250
45891
  "CVE-2026-45321",
45251
45892
  "CVE-2026-46300",
@@ -46063,6 +46704,7 @@
46063
46704
  "CVE-2025-33053",
46064
46705
  "CVE-2025-33073",
46065
46706
  "CVE-2025-34026",
46707
+ "CVE-2025-34291",
46066
46708
  "CVE-2025-35939",
46067
46709
  "CVE-2025-37164",
46068
46710
  "CVE-2025-38352",
@@ -46197,6 +46839,7 @@
46197
46839
  "CVE-2026-3909",
46198
46840
  "CVE-2026-3910",
46199
46841
  "CVE-2026-39884",
46842
+ "CVE-2026-41091",
46200
46843
  "CVE-2026-41940",
46201
46844
  "CVE-2026-42897",
46202
46845
  "CVE-2026-42945",
@@ -46490,6 +47133,7 @@
46490
47133
  "CVE-2025-10585",
46491
47134
  "CVE-2025-1094",
46492
47135
  "CVE-2025-14174",
47136
+ "CVE-2025-34291",
46493
47137
  "CVE-2025-38352",
46494
47138
  "CVE-2025-43300",
46495
47139
  "CVE-2025-49844",
@@ -46499,6 +47143,7 @@
46499
47143
  "CVE-2026-30623",
46500
47144
  "CVE-2026-31431",
46501
47145
  "CVE-2026-39884",
47146
+ "CVE-2026-41091",
46502
47147
  "CVE-2026-42208",
46503
47148
  "CVE-2026-45321",
46504
47149
  "CVE-2026-46300",
@@ -46845,6 +47490,7 @@
46845
47490
  "CVE-2025-33053",
46846
47491
  "CVE-2025-33073",
46847
47492
  "CVE-2025-34026",
47493
+ "CVE-2025-34291",
46848
47494
  "CVE-2025-35939",
46849
47495
  "CVE-2025-37164",
46850
47496
  "CVE-2025-38352",
@@ -46983,6 +47629,7 @@
46983
47629
  "CVE-2026-3909",
46984
47630
  "CVE-2026-3910",
46985
47631
  "CVE-2026-39884",
47632
+ "CVE-2026-41091",
46986
47633
  "CVE-2026-41940",
46987
47634
  "CVE-2026-42897",
46988
47635
  "CVE-2026-42945",
@@ -47287,6 +47934,7 @@
47287
47934
  "CVE-2025-10585",
47288
47935
  "CVE-2025-1094",
47289
47936
  "CVE-2025-14174",
47937
+ "CVE-2025-34291",
47290
47938
  "CVE-2025-38352",
47291
47939
  "CVE-2025-43300",
47292
47940
  "CVE-2025-49844",
@@ -47294,6 +47942,7 @@
47294
47942
  "CVE-2026-30615",
47295
47943
  "CVE-2026-31431",
47296
47944
  "CVE-2026-39884",
47945
+ "CVE-2026-41091",
47297
47946
  "CVE-2026-45321",
47298
47947
  "CVE-2026-46300",
47299
47948
  "CVE-2026-46333",
@@ -48197,6 +48846,7 @@
48197
48846
  "CVE-2025-10585",
48198
48847
  "CVE-2025-1094",
48199
48848
  "CVE-2025-14174",
48849
+ "CVE-2025-34291",
48200
48850
  "CVE-2025-38352",
48201
48851
  "CVE-2025-43300",
48202
48852
  "CVE-2025-49844",
@@ -48206,6 +48856,7 @@
48206
48856
  "CVE-2026-30623",
48207
48857
  "CVE-2026-31431",
48208
48858
  "CVE-2026-39884",
48859
+ "CVE-2026-41091",
48209
48860
  "CVE-2026-42208",
48210
48861
  "CVE-2026-45321",
48211
48862
  "CVE-2026-46300",
@@ -48267,10 +48918,12 @@
48267
48918
  "CVE-2025-10585",
48268
48919
  "CVE-2025-1094",
48269
48920
  "CVE-2025-14174",
48921
+ "CVE-2025-34291",
48270
48922
  "CVE-2025-38352",
48271
48923
  "CVE-2025-43300",
48272
48924
  "CVE-2026-31431",
48273
48925
  "CVE-2026-39884",
48926
+ "CVE-2026-41091",
48274
48927
  "CVE-2026-45321",
48275
48928
  "CVE-2026-46300",
48276
48929
  "CVE-2026-46333",
@@ -48410,6 +49063,7 @@
48410
49063
  "CVE-2025-0133",
48411
49064
  "CVE-2025-1094",
48412
49065
  "CVE-2025-11837",
49066
+ "CVE-2025-34291",
48413
49067
  "CVE-2025-53773",
48414
49068
  "CVE-2025-6965",
48415
49069
  "CVE-2026-22778",
@@ -48868,6 +49522,7 @@
48868
49522
  "CVE-2025-33053",
48869
49523
  "CVE-2025-33073",
48870
49524
  "CVE-2025-34026",
49525
+ "CVE-2025-34291",
48871
49526
  "CVE-2025-35939",
48872
49527
  "CVE-2025-37164",
48873
49528
  "CVE-2025-38352",
@@ -48995,6 +49650,7 @@
48995
49650
  "CVE-2026-35616",
48996
49651
  "CVE-2026-3909",
48997
49652
  "CVE-2026-3910",
49653
+ "CVE-2026-41091",
48998
49654
  "CVE-2026-41940",
48999
49655
  "CVE-2026-42945",
49000
49656
  "CVE-2026-45321",
@@ -49225,6 +49881,7 @@
49225
49881
  "CVE-2025-10585",
49226
49882
  "CVE-2025-1094",
49227
49883
  "CVE-2025-14174",
49884
+ "CVE-2025-34291",
49228
49885
  "CVE-2025-38352",
49229
49886
  "CVE-2025-43300",
49230
49887
  "CVE-2025-49844",
@@ -49234,6 +49891,7 @@
49234
49891
  "CVE-2026-30623",
49235
49892
  "CVE-2026-31431",
49236
49893
  "CVE-2026-39884",
49894
+ "CVE-2026-41091",
49237
49895
  "CVE-2026-45321",
49238
49896
  "CVE-2026-46300",
49239
49897
  "CVE-2026-46333",
@@ -49492,6 +50150,7 @@
49492
50150
  "CVE-2025-11837",
49493
50151
  "CVE-2025-14847",
49494
50152
  "CVE-2025-22226",
50153
+ "CVE-2025-34291",
49495
50154
  "CVE-2025-53767",
49496
50155
  "CVE-2025-53773",
49497
50156
  "CVE-2025-6965",