@blamejs/exceptd-skills 0.13.67 → 0.13.69

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +8 -8
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +548 -0
  6. package/data/attack-techniques.json +9 -2
  7. package/data/cve-catalog.json +223 -0
  8. package/data/cwe-catalog.json +8 -4
  9. package/data/framework-control-gaps.json +12 -0
  10. package/data/zeroday-lessons.json +90 -0
  11. package/manifest.json +44 -44
  12. package/package.json +2 -2
  13. package/sbom.cdx.json +23 -23
package/CHANGELOG.md CHANGED
@@ -1,5 +1,13 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.13.69 — 2026-05-24
4
+
5
+ CVE catalog currency: adds **CVE-2026-34926**, the actively-exploited Trend Micro Apex One directory traversal (CVSS 6.7; CISA KEV 2026-05-21, due 2026-06-04). A relative path traversal (CWE-23) on the on-premise management server lets an attacker who already holds server admin credentials modify a key table and inject malicious code that the server deploys to every managed agent — a fleet-wide push through the security tool's own trusted deployment channel (Scope:Changed). Fixed in Apex One on-premise 14.0.0.17079 / SaaS 14.0.20731. The entry carries RWEP scoring (P2, 52, computed via lib/scoring.js — PR:H/AC:H gate it below an unauthenticated RCE), CWE-23/22 and ATT&CK T1072/T1083 mappings, global-first framework-gap declarations, behavioral IoCs, and a zero-day lesson whose new control (NEW-CTRL-078) makes the endpoint-management deployment channel an integrity-monitored control plane. Postdates the catalog's prior bulk KEV intake (KEV catalog 2026.05.15).
6
+
7
+ ## 0.13.68 — 2026-05-24
8
+
9
+ CVE catalog currency: adds **CVE-2026-41091**, the actively-exploited Microsoft Defender link-following local privilege escalation (CVSS 7.8; CISA KEV 2026-05-20, due 2026-06-03). The Malware Protection Engine runs as SYSTEM and improperly resolves links before accessing files (CWE-59), so a local low-privileged attacker who plants a symlink/junction can elevate to SYSTEM — the AV/EDR agent itself is the privileged confused deputy. Fixed in engine build 1.1.26040.8 (auto-update, no reboot); managed environments that pin or delay engine updates are the exposed population. The entry carries full RWEP scoring (P2, 55), CWE-59/269 and ATT&CK T1068 mappings, global-first framework-gap declarations, behavioral IoCs, and a matching zero-day lesson whose new control requirement (NEW-CTRL-077) makes the security agent's own engine-build currency an audited target. Postdates the catalog's prior bulk KEV intake (KEV catalog 2026.05.15).
10
+
3
11
  ## 0.13.67 — 2026-05-24
4
12
 
5
13
  CVE catalog currency: adds **CVE-2025-34291**, the actively-exploited Langflow account-takeover → RCE chain (CVSS 8.8; CISA KEV 2026-05-21; in-the-wild since 2026-01-23). Langflow is a widely deployed open-source AI agent / LLM workflow platform, so this is a direct AI-tooling supply-chain exposure: overly-permissive CORS plus a CSRF-unprotected, SameSite=None token-refresh endpoint lets a malicious page a logged-in user visits steal a token pair and reach the by-design code-execution endpoint. Affects Langflow ≤ 1.6.9; the 1.7 default configuration is protected. The entry carries the full RWEP scoring (P1, score 80), CWE-346/352/942 and ATT&CK T1190/T1539/T1059 mappings, framework-gap declarations, and a matching zero-day lesson; reverse references propagate to the CWE, framework-gap, and ATT&CK catalogs. The CVE postdates the catalog's prior bulk KEV intake (KEV catalog 2026.05.15).
package/data/_indexes/_meta.json CHANGED
@@ -1,21 +1,21 @@
1
1
  {
2
2
  "schema_version": "1.1.0",
3
- "generated_at": "2026-05-25T05:14:41.803Z",
3
+ "generated_at": "2026-05-25T06:06:07.403Z",
4
4
  "generator": "scripts/build-indexes.js",
5
5
  "source_count": 54,
6
6
  "source_hashes": {
7
- "manifest.json": "4ba5935d868aa63e5d79c775566bf32a3a6e9afa4806fe35833e1d7e26a7cd95",
7
+ "manifest.json": "57d3b2ca1e729f2486752235575cbb98c8255f532a5dce65cdcfdb69b4447d59",
8
8
  "data/atlas-ttps.json": "019f12d24dc45ef8f5ae8812dec7c31a9506429a94751aaa559890a007ec6b22",
9
- "data/attack-techniques.json": "d4f212bbfce31f7aa1f27c230629eff1263e81773aad445e140e56ad5e7445e9",
10
- "data/cve-catalog.json": "9e476360cdbf669593f3e0d1c3514d600869b3f55447951abe0094b11230b4eb",
11
- "data/cwe-catalog.json": "ee4af0e82293ba9661945021a7fc3168e469a26849c5c4ec2509e305e0b634c9",
9
+ "data/attack-techniques.json": "b47836e9a4707ce79c35cbe58a5bdb8d0d7b8e6d94e489c17c93c465844f02ee",
10
+ "data/cve-catalog.json": "2bb2cda179aac7e1d8e16beeefef545eaabbb828ab1ee8fca80d285f248b15cf",
11
+ "data/cwe-catalog.json": "641910cd99496ed3743b4b74ecf152bd67c2cc982c4dc90b22fe204973f33cfa",
12
12
  "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
13
13
  "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
14
14
  "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
15
- "data/framework-control-gaps.json": "924e8d8299fc6bdb70f25159139759253211d7b60c6539a12676c2facb920516",
15
+ "data/framework-control-gaps.json": "5f71b6dc8f07264de30b5fc58229e4796bae90ce696f491c661499d53d4ac5b9",
16
16
  "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
17
17
  "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
18
- "data/zeroday-lessons.json": "6675f2db462bb01c089fce7f047515511d325c201b290c8556d5648172bd0631",
18
+ "data/zeroday-lessons.json": "ef83f6d0844eaa5b6fd7a2b12cc24d64dfdea8d269537d766cc0e1870162a9f9",
19
19
  "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
20
20
  "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
21
21
  "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
72
72
  "dlp_refs": 0
73
73
  },
74
74
  "trigger_table_entries": 538,
75
- "chains_cve_entries": 302,
75
+ "chains_cve_entries": 304,
76
76
  "chains_cwe_entries": 171,
77
77
  "jurisdictions_indexed": 29,
78
78
  "handoff_dag_nodes": 42,
package/data/_indexes/activity-feed.json CHANGED
@@ -149,7 +149,7 @@
149
149
  "artifact": "data/cve-catalog.json",
150
150
  "path": "data/cve-catalog.json",
151
151
  "schema_version": "1.0.0",
152
- "entry_count": 313
152
+ "entry_count": 315
153
153
  },
154
154
  {
155
155
  "date": "2026-05-18",
@@ -165,7 +165,7 @@
165
165
  "artifact": "data/zeroday-lessons.json",
166
166
  "path": "data/zeroday-lessons.json",
167
167
  "schema_version": "1.1.0",
168
- "entry_count": 313
168
+ "entry_count": 315
169
169
  },
170
170
  {
171
171
  "date": "2026-05-17",
package/data/_indexes/catalog-summaries.json CHANGED
@@ -62,7 +62,7 @@
62
62
  "rebuild_after_days": 365,
63
63
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
64
64
  },
65
- "entry_count": 313,
65
+ "entry_count": 315,
66
66
  "sample_keys": [
67
67
  "CVE-2025-53773",
68
68
  "CVE-2026-30615",
@@ -238,7 +238,7 @@
238
238
  "rebuild_after_days": 365,
239
239
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
240
240
  },
241
- "entry_count": 313,
241
+ "entry_count": 315,
242
242
  "sample_keys": [
243
243
  "CVE-2026-31431",
244
244
  "CVE-2025-53773",