@blamejs/exceptd-skills 0.13.69 → 0.13.71
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +8 -8
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +899 -0
- package/data/attack-techniques.json +12 -3
- package/data/cve-catalog.json +518 -1
- package/data/cwe-catalog.json +8 -1
- package/data/framework-control-gaps.json +21 -0
- package/data/zeroday-lessons.json +45 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +23 -23
|
@@ -16757,6 +16757,855 @@
|
|
|
16757
16757
|
]
|
|
16758
16758
|
}
|
|
16759
16759
|
},
|
|
16760
|
+
"CVE-2026-45498": {
|
|
16761
|
+
"name": "Microsoft Defender Remote Denial of Service (Antimalware Platform)",
|
|
16762
|
+
"rwep": 45,
|
|
16763
|
+
"cvss": 7.5,
|
|
16764
|
+
"cisa_kev": true,
|
|
16765
|
+
"epss_score": null,
|
|
16766
|
+
"referencing_skills": [
|
|
16767
|
+
"kernel-lpe-triage",
|
|
16768
|
+
"attack-surface-pentest",
|
|
16769
|
+
"ot-ics-security",
|
|
16770
|
+
"coordinated-vuln-disclosure",
|
|
16771
|
+
"sector-energy"
|
|
16772
|
+
],
|
|
16773
|
+
"chain": {
|
|
16774
|
+
"cwes": [
|
|
16775
|
+
{
|
|
16776
|
+
"id": "CWE-1037",
|
|
16777
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
16778
|
+
"category": "Hardware / Side Channel"
|
|
16779
|
+
},
|
|
16780
|
+
{
|
|
16781
|
+
"id": "CWE-125",
|
|
16782
|
+
"name": "Out-of-bounds Read",
|
|
16783
|
+
"category": "Memory Safety"
|
|
16784
|
+
},
|
|
16785
|
+
{
|
|
16786
|
+
"id": "CWE-1357",
|
|
16787
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
16788
|
+
"category": "Supply Chain"
|
|
16789
|
+
},
|
|
16790
|
+
{
|
|
16791
|
+
"id": "CWE-1395",
|
|
16792
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
16793
|
+
"category": "Supply Chain"
|
|
16794
|
+
},
|
|
16795
|
+
{
|
|
16796
|
+
"id": "CWE-22",
|
|
16797
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
16798
|
+
"category": "Path/Resource"
|
|
16799
|
+
},
|
|
16800
|
+
{
|
|
16801
|
+
"id": "CWE-269",
|
|
16802
|
+
"name": "Improper Privilege Management",
|
|
16803
|
+
"category": "Authorization"
|
|
16804
|
+
},
|
|
16805
|
+
{
|
|
16806
|
+
"id": "CWE-287",
|
|
16807
|
+
"name": "Improper Authentication",
|
|
16808
|
+
"category": "Authentication"
|
|
16809
|
+
},
|
|
16810
|
+
{
|
|
16811
|
+
"id": "CWE-306",
|
|
16812
|
+
"name": "Missing Authentication for Critical Function",
|
|
16813
|
+
"category": "Authentication"
|
|
16814
|
+
},
|
|
16815
|
+
{
|
|
16816
|
+
"id": "CWE-352",
|
|
16817
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
16818
|
+
"category": "Session"
|
|
16819
|
+
},
|
|
16820
|
+
{
|
|
16821
|
+
"id": "CWE-362",
|
|
16822
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
16823
|
+
"category": "Concurrency"
|
|
16824
|
+
},
|
|
16825
|
+
{
|
|
16826
|
+
"id": "CWE-416",
|
|
16827
|
+
"name": "Use After Free",
|
|
16828
|
+
"category": "Memory Safety"
|
|
16829
|
+
},
|
|
16830
|
+
{
|
|
16831
|
+
"id": "CWE-434",
|
|
16832
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
16833
|
+
"category": "File Handling"
|
|
16834
|
+
},
|
|
16835
|
+
{
|
|
16836
|
+
"id": "CWE-672",
|
|
16837
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
16838
|
+
"category": "Memory Safety"
|
|
16839
|
+
},
|
|
16840
|
+
{
|
|
16841
|
+
"id": "CWE-732",
|
|
16842
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
16843
|
+
"category": "Authorization"
|
|
16844
|
+
},
|
|
16845
|
+
{
|
|
16846
|
+
"id": "CWE-78",
|
|
16847
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
16848
|
+
"category": "Injection"
|
|
16849
|
+
},
|
|
16850
|
+
{
|
|
16851
|
+
"id": "CWE-787",
|
|
16852
|
+
"name": "Out-of-bounds Write",
|
|
16853
|
+
"category": "Memory Safety"
|
|
16854
|
+
},
|
|
16855
|
+
{
|
|
16856
|
+
"id": "CWE-79",
|
|
16857
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
16858
|
+
"category": "Injection"
|
|
16859
|
+
},
|
|
16860
|
+
{
|
|
16861
|
+
"id": "CWE-798",
|
|
16862
|
+
"name": "Use of Hard-coded Credentials",
|
|
16863
|
+
"category": "Credentials"
|
|
16864
|
+
},
|
|
16865
|
+
{
|
|
16866
|
+
"id": "CWE-89",
|
|
16867
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
16868
|
+
"category": "Injection"
|
|
16869
|
+
},
|
|
16870
|
+
{
|
|
16871
|
+
"id": "CWE-918",
|
|
16872
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
16873
|
+
"category": "Network"
|
|
16874
|
+
}
|
|
16875
|
+
],
|
|
16876
|
+
"atlas": [
|
|
16877
|
+
{
|
|
16878
|
+
"id": "AML.T0010",
|
|
16879
|
+
"name": "ML Supply Chain Compromise",
|
|
16880
|
+
"tactic": "Initial Access"
|
|
16881
|
+
},
|
|
16882
|
+
{
|
|
16883
|
+
"id": "AML.T0043",
|
|
16884
|
+
"name": "Craft Adversarial Data",
|
|
16885
|
+
"tactic": "ML Attack Staging"
|
|
16886
|
+
},
|
|
16887
|
+
{
|
|
16888
|
+
"id": "AML.T0051",
|
|
16889
|
+
"name": "LLM Prompt Injection",
|
|
16890
|
+
"tactic": "Execution"
|
|
16891
|
+
}
|
|
16892
|
+
],
|
|
16893
|
+
"d3fend": [
|
|
16894
|
+
{
|
|
16895
|
+
"id": "D3-ASLR",
|
|
16896
|
+
"name": "Address Space Layout Randomization",
|
|
16897
|
+
"tactic": "Harden"
|
|
16898
|
+
},
|
|
16899
|
+
{
|
|
16900
|
+
"id": "D3-CSPP",
|
|
16901
|
+
"name": "Client-server Payload Profiling",
|
|
16902
|
+
"tactic": "Detect"
|
|
16903
|
+
},
|
|
16904
|
+
{
|
|
16905
|
+
"id": "D3-EAL",
|
|
16906
|
+
"name": "Executable Allowlisting",
|
|
16907
|
+
"tactic": "Harden"
|
|
16908
|
+
},
|
|
16909
|
+
{
|
|
16910
|
+
"id": "D3-NTA",
|
|
16911
|
+
"name": "Network Traffic Analysis",
|
|
16912
|
+
"tactic": "Detect"
|
|
16913
|
+
},
|
|
16914
|
+
{
|
|
16915
|
+
"id": "D3-PHRA",
|
|
16916
|
+
"name": "Process Hardware Resource Access",
|
|
16917
|
+
"tactic": "Isolate"
|
|
16918
|
+
},
|
|
16919
|
+
{
|
|
16920
|
+
"id": "D3-PSEP",
|
|
16921
|
+
"name": "Process Segment Execution Prevention",
|
|
16922
|
+
"tactic": "Harden"
|
|
16923
|
+
}
|
|
16924
|
+
],
|
|
16925
|
+
"framework_gaps": [
|
|
16926
|
+
{
|
|
16927
|
+
"id": "CIS-Controls-v8-Control7",
|
|
16928
|
+
"framework": "CIS Controls v8",
|
|
16929
|
+
"control_name": "Continuous Vulnerability Management"
|
|
16930
|
+
},
|
|
16931
|
+
{
|
|
16932
|
+
"id": "IEC-62443-3-3",
|
|
16933
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
16934
|
+
"control_name": "System security requirements and security levels"
|
|
16935
|
+
},
|
|
16936
|
+
{
|
|
16937
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
16938
|
+
"framework": "ISO/IEC 27001:2022",
|
|
16939
|
+
"control_name": "Management of technical vulnerabilities"
|
|
16940
|
+
},
|
|
16941
|
+
{
|
|
16942
|
+
"id": "NERC-CIP-007-6-R4",
|
|
16943
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
16944
|
+
"control_name": "Security event monitoring"
|
|
16945
|
+
},
|
|
16946
|
+
{
|
|
16947
|
+
"id": "NIS2-Art21-patch-management",
|
|
16948
|
+
"framework": "EU NIS2 Directive",
|
|
16949
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
16950
|
+
},
|
|
16951
|
+
{
|
|
16952
|
+
"id": "NIST-800-115",
|
|
16953
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
16954
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
16955
|
+
},
|
|
16956
|
+
{
|
|
16957
|
+
"id": "NIST-800-218-SSDF",
|
|
16958
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
16959
|
+
"control_name": "Secure Software Development Framework"
|
|
16960
|
+
},
|
|
16961
|
+
{
|
|
16962
|
+
"id": "NIST-800-53-SC-8",
|
|
16963
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
16964
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
16965
|
+
},
|
|
16966
|
+
{
|
|
16967
|
+
"id": "NIST-800-53-SI-2",
|
|
16968
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
16969
|
+
"control_name": "Flaw Remediation"
|
|
16970
|
+
},
|
|
16971
|
+
{
|
|
16972
|
+
"id": "NIST-800-82r3",
|
|
16973
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
16974
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
16975
|
+
},
|
|
16976
|
+
{
|
|
16977
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
16978
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
16979
|
+
"control_name": "Web application penetration testing methodology"
|
|
16980
|
+
},
|
|
16981
|
+
{
|
|
16982
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
16983
|
+
"framework": "PCI DSS 4.0",
|
|
16984
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
16985
|
+
},
|
|
16986
|
+
{
|
|
16987
|
+
"id": "PTES-Pre-engagement",
|
|
16988
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
16989
|
+
"control_name": "Pre-engagement Interactions"
|
|
16990
|
+
},
|
|
16991
|
+
{
|
|
16992
|
+
"id": "SOC2-CC9-vendor-management",
|
|
16993
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
16994
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
16995
|
+
}
|
|
16996
|
+
],
|
|
16997
|
+
"attack_refs": [
|
|
16998
|
+
"T0855",
|
|
16999
|
+
"T0883",
|
|
17000
|
+
"T1059",
|
|
17001
|
+
"T1068",
|
|
17002
|
+
"T1078",
|
|
17003
|
+
"T1133",
|
|
17004
|
+
"T1190",
|
|
17005
|
+
"T1548.001"
|
|
17006
|
+
],
|
|
17007
|
+
"rfc_refs": [
|
|
17008
|
+
"RFC-4301",
|
|
17009
|
+
"RFC-4303",
|
|
17010
|
+
"RFC-7296"
|
|
17011
|
+
]
|
|
17012
|
+
}
|
|
17013
|
+
},
|
|
17014
|
+
"CVE-2008-4250": {
|
|
17015
|
+
"name": "Microsoft Windows Server Service RPC Buffer Overflow (MS08-067)",
|
|
17016
|
+
"rwep": 70,
|
|
17017
|
+
"cvss": 9.3,
|
|
17018
|
+
"cisa_kev": true,
|
|
17019
|
+
"epss_score": null,
|
|
17020
|
+
"referencing_skills": [
|
|
17021
|
+
"kernel-lpe-triage",
|
|
17022
|
+
"coordinated-vuln-disclosure"
|
|
17023
|
+
],
|
|
17024
|
+
"chain": {
|
|
17025
|
+
"cwes": [
|
|
17026
|
+
{
|
|
17027
|
+
"id": "CWE-125",
|
|
17028
|
+
"name": "Out-of-bounds Read",
|
|
17029
|
+
"category": "Memory Safety"
|
|
17030
|
+
},
|
|
17031
|
+
{
|
|
17032
|
+
"id": "CWE-1357",
|
|
17033
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
17034
|
+
"category": "Supply Chain"
|
|
17035
|
+
},
|
|
17036
|
+
{
|
|
17037
|
+
"id": "CWE-362",
|
|
17038
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
17039
|
+
"category": "Concurrency"
|
|
17040
|
+
},
|
|
17041
|
+
{
|
|
17042
|
+
"id": "CWE-416",
|
|
17043
|
+
"name": "Use After Free",
|
|
17044
|
+
"category": "Memory Safety"
|
|
17045
|
+
},
|
|
17046
|
+
{
|
|
17047
|
+
"id": "CWE-672",
|
|
17048
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
17049
|
+
"category": "Memory Safety"
|
|
17050
|
+
},
|
|
17051
|
+
{
|
|
17052
|
+
"id": "CWE-787",
|
|
17053
|
+
"name": "Out-of-bounds Write",
|
|
17054
|
+
"category": "Memory Safety"
|
|
17055
|
+
}
|
|
17056
|
+
],
|
|
17057
|
+
"atlas": [],
|
|
17058
|
+
"d3fend": [
|
|
17059
|
+
{
|
|
17060
|
+
"id": "D3-ASLR",
|
|
17061
|
+
"name": "Address Space Layout Randomization",
|
|
17062
|
+
"tactic": "Harden"
|
|
17063
|
+
},
|
|
17064
|
+
{
|
|
17065
|
+
"id": "D3-EAL",
|
|
17066
|
+
"name": "Executable Allowlisting",
|
|
17067
|
+
"tactic": "Harden"
|
|
17068
|
+
},
|
|
17069
|
+
{
|
|
17070
|
+
"id": "D3-PHRA",
|
|
17071
|
+
"name": "Process Hardware Resource Access",
|
|
17072
|
+
"tactic": "Isolate"
|
|
17073
|
+
},
|
|
17074
|
+
{
|
|
17075
|
+
"id": "D3-PSEP",
|
|
17076
|
+
"name": "Process Segment Execution Prevention",
|
|
17077
|
+
"tactic": "Harden"
|
|
17078
|
+
}
|
|
17079
|
+
],
|
|
17080
|
+
"framework_gaps": [
|
|
17081
|
+
{
|
|
17082
|
+
"id": "CIS-Controls-v8-Control7",
|
|
17083
|
+
"framework": "CIS Controls v8",
|
|
17084
|
+
"control_name": "Continuous Vulnerability Management"
|
|
17085
|
+
},
|
|
17086
|
+
{
|
|
17087
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
17088
|
+
"framework": "ISO/IEC 27001:2022",
|
|
17089
|
+
"control_name": "Management of technical vulnerabilities"
|
|
17090
|
+
},
|
|
17091
|
+
{
|
|
17092
|
+
"id": "NIS2-Art21-patch-management",
|
|
17093
|
+
"framework": "EU NIS2 Directive",
|
|
17094
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
17095
|
+
},
|
|
17096
|
+
{
|
|
17097
|
+
"id": "NIST-800-218-SSDF",
|
|
17098
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
17099
|
+
"control_name": "Secure Software Development Framework"
|
|
17100
|
+
},
|
|
17101
|
+
{
|
|
17102
|
+
"id": "NIST-800-53-SC-8",
|
|
17103
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17104
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
17105
|
+
},
|
|
17106
|
+
{
|
|
17107
|
+
"id": "NIST-800-53-SI-2",
|
|
17108
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17109
|
+
"control_name": "Flaw Remediation"
|
|
17110
|
+
},
|
|
17111
|
+
{
|
|
17112
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
17113
|
+
"framework": "PCI DSS 4.0",
|
|
17114
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
17115
|
+
},
|
|
17116
|
+
{
|
|
17117
|
+
"id": "SOC2-CC9-vendor-management",
|
|
17118
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
17119
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
17120
|
+
}
|
|
17121
|
+
],
|
|
17122
|
+
"attack_refs": [
|
|
17123
|
+
"T1068",
|
|
17124
|
+
"T1548.001"
|
|
17125
|
+
],
|
|
17126
|
+
"rfc_refs": [
|
|
17127
|
+
"RFC-4301",
|
|
17128
|
+
"RFC-4303",
|
|
17129
|
+
"RFC-7296"
|
|
17130
|
+
]
|
|
17131
|
+
}
|
|
17132
|
+
},
|
|
17133
|
+
"CVE-2009-1537": {
|
|
17134
|
+
"name": "Microsoft DirectShow QuickTime Parsing Memory Corruption",
|
|
17135
|
+
"rwep": 70,
|
|
17136
|
+
"cvss": 8.8,
|
|
17137
|
+
"cisa_kev": true,
|
|
17138
|
+
"epss_score": null,
|
|
17139
|
+
"referencing_skills": [
|
|
17140
|
+
"kernel-lpe-triage",
|
|
17141
|
+
"coordinated-vuln-disclosure"
|
|
17142
|
+
],
|
|
17143
|
+
"chain": {
|
|
17144
|
+
"cwes": [
|
|
17145
|
+
{
|
|
17146
|
+
"id": "CWE-125",
|
|
17147
|
+
"name": "Out-of-bounds Read",
|
|
17148
|
+
"category": "Memory Safety"
|
|
17149
|
+
},
|
|
17150
|
+
{
|
|
17151
|
+
"id": "CWE-1357",
|
|
17152
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
17153
|
+
"category": "Supply Chain"
|
|
17154
|
+
},
|
|
17155
|
+
{
|
|
17156
|
+
"id": "CWE-362",
|
|
17157
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
17158
|
+
"category": "Concurrency"
|
|
17159
|
+
},
|
|
17160
|
+
{
|
|
17161
|
+
"id": "CWE-416",
|
|
17162
|
+
"name": "Use After Free",
|
|
17163
|
+
"category": "Memory Safety"
|
|
17164
|
+
},
|
|
17165
|
+
{
|
|
17166
|
+
"id": "CWE-672",
|
|
17167
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
17168
|
+
"category": "Memory Safety"
|
|
17169
|
+
},
|
|
17170
|
+
{
|
|
17171
|
+
"id": "CWE-787",
|
|
17172
|
+
"name": "Out-of-bounds Write",
|
|
17173
|
+
"category": "Memory Safety"
|
|
17174
|
+
}
|
|
17175
|
+
],
|
|
17176
|
+
"atlas": [],
|
|
17177
|
+
"d3fend": [
|
|
17178
|
+
{
|
|
17179
|
+
"id": "D3-ASLR",
|
|
17180
|
+
"name": "Address Space Layout Randomization",
|
|
17181
|
+
"tactic": "Harden"
|
|
17182
|
+
},
|
|
17183
|
+
{
|
|
17184
|
+
"id": "D3-EAL",
|
|
17185
|
+
"name": "Executable Allowlisting",
|
|
17186
|
+
"tactic": "Harden"
|
|
17187
|
+
},
|
|
17188
|
+
{
|
|
17189
|
+
"id": "D3-PHRA",
|
|
17190
|
+
"name": "Process Hardware Resource Access",
|
|
17191
|
+
"tactic": "Isolate"
|
|
17192
|
+
},
|
|
17193
|
+
{
|
|
17194
|
+
"id": "D3-PSEP",
|
|
17195
|
+
"name": "Process Segment Execution Prevention",
|
|
17196
|
+
"tactic": "Harden"
|
|
17197
|
+
}
|
|
17198
|
+
],
|
|
17199
|
+
"framework_gaps": [
|
|
17200
|
+
{
|
|
17201
|
+
"id": "CIS-Controls-v8-Control7",
|
|
17202
|
+
"framework": "CIS Controls v8",
|
|
17203
|
+
"control_name": "Continuous Vulnerability Management"
|
|
17204
|
+
},
|
|
17205
|
+
{
|
|
17206
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
17207
|
+
"framework": "ISO/IEC 27001:2022",
|
|
17208
|
+
"control_name": "Management of technical vulnerabilities"
|
|
17209
|
+
},
|
|
17210
|
+
{
|
|
17211
|
+
"id": "NIS2-Art21-patch-management",
|
|
17212
|
+
"framework": "EU NIS2 Directive",
|
|
17213
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
17214
|
+
},
|
|
17215
|
+
{
|
|
17216
|
+
"id": "NIST-800-218-SSDF",
|
|
17217
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
17218
|
+
"control_name": "Secure Software Development Framework"
|
|
17219
|
+
},
|
|
17220
|
+
{
|
|
17221
|
+
"id": "NIST-800-53-SC-8",
|
|
17222
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17223
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
17224
|
+
},
|
|
17225
|
+
{
|
|
17226
|
+
"id": "NIST-800-53-SI-2",
|
|
17227
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17228
|
+
"control_name": "Flaw Remediation"
|
|
17229
|
+
},
|
|
17230
|
+
{
|
|
17231
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
17232
|
+
"framework": "PCI DSS 4.0",
|
|
17233
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
17234
|
+
},
|
|
17235
|
+
{
|
|
17236
|
+
"id": "SOC2-CC9-vendor-management",
|
|
17237
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
17238
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
17239
|
+
}
|
|
17240
|
+
],
|
|
17241
|
+
"attack_refs": [
|
|
17242
|
+
"T1068",
|
|
17243
|
+
"T1548.001"
|
|
17244
|
+
],
|
|
17245
|
+
"rfc_refs": [
|
|
17246
|
+
"RFC-4301",
|
|
17247
|
+
"RFC-4303",
|
|
17248
|
+
"RFC-7296"
|
|
17249
|
+
]
|
|
17250
|
+
}
|
|
17251
|
+
},
|
|
17252
|
+
"CVE-2009-3459": {
|
|
17253
|
+
"name": "Adobe Acrobat and Reader Heap-Based Buffer Overflow",
|
|
17254
|
+
"rwep": 70,
|
|
17255
|
+
"cvss": 8.8,
|
|
17256
|
+
"cisa_kev": true,
|
|
17257
|
+
"epss_score": null,
|
|
17258
|
+
"referencing_skills": [
|
|
17259
|
+
"kernel-lpe-triage",
|
|
17260
|
+
"coordinated-vuln-disclosure"
|
|
17261
|
+
],
|
|
17262
|
+
"chain": {
|
|
17263
|
+
"cwes": [
|
|
17264
|
+
{
|
|
17265
|
+
"id": "CWE-125",
|
|
17266
|
+
"name": "Out-of-bounds Read",
|
|
17267
|
+
"category": "Memory Safety"
|
|
17268
|
+
},
|
|
17269
|
+
{
|
|
17270
|
+
"id": "CWE-1357",
|
|
17271
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
17272
|
+
"category": "Supply Chain"
|
|
17273
|
+
},
|
|
17274
|
+
{
|
|
17275
|
+
"id": "CWE-362",
|
|
17276
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
17277
|
+
"category": "Concurrency"
|
|
17278
|
+
},
|
|
17279
|
+
{
|
|
17280
|
+
"id": "CWE-416",
|
|
17281
|
+
"name": "Use After Free",
|
|
17282
|
+
"category": "Memory Safety"
|
|
17283
|
+
},
|
|
17284
|
+
{
|
|
17285
|
+
"id": "CWE-672",
|
|
17286
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
17287
|
+
"category": "Memory Safety"
|
|
17288
|
+
},
|
|
17289
|
+
{
|
|
17290
|
+
"id": "CWE-787",
|
|
17291
|
+
"name": "Out-of-bounds Write",
|
|
17292
|
+
"category": "Memory Safety"
|
|
17293
|
+
}
|
|
17294
|
+
],
|
|
17295
|
+
"atlas": [],
|
|
17296
|
+
"d3fend": [
|
|
17297
|
+
{
|
|
17298
|
+
"id": "D3-ASLR",
|
|
17299
|
+
"name": "Address Space Layout Randomization",
|
|
17300
|
+
"tactic": "Harden"
|
|
17301
|
+
},
|
|
17302
|
+
{
|
|
17303
|
+
"id": "D3-EAL",
|
|
17304
|
+
"name": "Executable Allowlisting",
|
|
17305
|
+
"tactic": "Harden"
|
|
17306
|
+
},
|
|
17307
|
+
{
|
|
17308
|
+
"id": "D3-PHRA",
|
|
17309
|
+
"name": "Process Hardware Resource Access",
|
|
17310
|
+
"tactic": "Isolate"
|
|
17311
|
+
},
|
|
17312
|
+
{
|
|
17313
|
+
"id": "D3-PSEP",
|
|
17314
|
+
"name": "Process Segment Execution Prevention",
|
|
17315
|
+
"tactic": "Harden"
|
|
17316
|
+
}
|
|
17317
|
+
],
|
|
17318
|
+
"framework_gaps": [
|
|
17319
|
+
{
|
|
17320
|
+
"id": "CIS-Controls-v8-Control7",
|
|
17321
|
+
"framework": "CIS Controls v8",
|
|
17322
|
+
"control_name": "Continuous Vulnerability Management"
|
|
17323
|
+
},
|
|
17324
|
+
{
|
|
17325
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
17326
|
+
"framework": "ISO/IEC 27001:2022",
|
|
17327
|
+
"control_name": "Management of technical vulnerabilities"
|
|
17328
|
+
},
|
|
17329
|
+
{
|
|
17330
|
+
"id": "NIS2-Art21-patch-management",
|
|
17331
|
+
"framework": "EU NIS2 Directive",
|
|
17332
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
17333
|
+
},
|
|
17334
|
+
{
|
|
17335
|
+
"id": "NIST-800-218-SSDF",
|
|
17336
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
17337
|
+
"control_name": "Secure Software Development Framework"
|
|
17338
|
+
},
|
|
17339
|
+
{
|
|
17340
|
+
"id": "NIST-800-53-SC-8",
|
|
17341
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17342
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
17343
|
+
},
|
|
17344
|
+
{
|
|
17345
|
+
"id": "NIST-800-53-SI-2",
|
|
17346
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17347
|
+
"control_name": "Flaw Remediation"
|
|
17348
|
+
},
|
|
17349
|
+
{
|
|
17350
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
17351
|
+
"framework": "PCI DSS 4.0",
|
|
17352
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
17353
|
+
},
|
|
17354
|
+
{
|
|
17355
|
+
"id": "SOC2-CC9-vendor-management",
|
|
17356
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
17357
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
17358
|
+
}
|
|
17359
|
+
],
|
|
17360
|
+
"attack_refs": [
|
|
17361
|
+
"T1068",
|
|
17362
|
+
"T1548.001"
|
|
17363
|
+
],
|
|
17364
|
+
"rfc_refs": [
|
|
17365
|
+
"RFC-4301",
|
|
17366
|
+
"RFC-4303",
|
|
17367
|
+
"RFC-7296"
|
|
17368
|
+
]
|
|
17369
|
+
}
|
|
17370
|
+
},
|
|
17371
|
+
"CVE-2010-0249": {
|
|
17372
|
+
"name": "Microsoft Internet Explorer Use-After-Free (Operation Aurora)",
|
|
17373
|
+
"rwep": 70,
|
|
17374
|
+
"cvss": 8.8,
|
|
17375
|
+
"cisa_kev": true,
|
|
17376
|
+
"epss_score": null,
|
|
17377
|
+
"referencing_skills": [
|
|
17378
|
+
"kernel-lpe-triage",
|
|
17379
|
+
"coordinated-vuln-disclosure"
|
|
17380
|
+
],
|
|
17381
|
+
"chain": {
|
|
17382
|
+
"cwes": [
|
|
17383
|
+
{
|
|
17384
|
+
"id": "CWE-125",
|
|
17385
|
+
"name": "Out-of-bounds Read",
|
|
17386
|
+
"category": "Memory Safety"
|
|
17387
|
+
},
|
|
17388
|
+
{
|
|
17389
|
+
"id": "CWE-1357",
|
|
17390
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
17391
|
+
"category": "Supply Chain"
|
|
17392
|
+
},
|
|
17393
|
+
{
|
|
17394
|
+
"id": "CWE-362",
|
|
17395
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
17396
|
+
"category": "Concurrency"
|
|
17397
|
+
},
|
|
17398
|
+
{
|
|
17399
|
+
"id": "CWE-416",
|
|
17400
|
+
"name": "Use After Free",
|
|
17401
|
+
"category": "Memory Safety"
|
|
17402
|
+
},
|
|
17403
|
+
{
|
|
17404
|
+
"id": "CWE-672",
|
|
17405
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
17406
|
+
"category": "Memory Safety"
|
|
17407
|
+
},
|
|
17408
|
+
{
|
|
17409
|
+
"id": "CWE-787",
|
|
17410
|
+
"name": "Out-of-bounds Write",
|
|
17411
|
+
"category": "Memory Safety"
|
|
17412
|
+
}
|
|
17413
|
+
],
|
|
17414
|
+
"atlas": [],
|
|
17415
|
+
"d3fend": [
|
|
17416
|
+
{
|
|
17417
|
+
"id": "D3-ASLR",
|
|
17418
|
+
"name": "Address Space Layout Randomization",
|
|
17419
|
+
"tactic": "Harden"
|
|
17420
|
+
},
|
|
17421
|
+
{
|
|
17422
|
+
"id": "D3-EAL",
|
|
17423
|
+
"name": "Executable Allowlisting",
|
|
17424
|
+
"tactic": "Harden"
|
|
17425
|
+
},
|
|
17426
|
+
{
|
|
17427
|
+
"id": "D3-PHRA",
|
|
17428
|
+
"name": "Process Hardware Resource Access",
|
|
17429
|
+
"tactic": "Isolate"
|
|
17430
|
+
},
|
|
17431
|
+
{
|
|
17432
|
+
"id": "D3-PSEP",
|
|
17433
|
+
"name": "Process Segment Execution Prevention",
|
|
17434
|
+
"tactic": "Harden"
|
|
17435
|
+
}
|
|
17436
|
+
],
|
|
17437
|
+
"framework_gaps": [
|
|
17438
|
+
{
|
|
17439
|
+
"id": "CIS-Controls-v8-Control7",
|
|
17440
|
+
"framework": "CIS Controls v8",
|
|
17441
|
+
"control_name": "Continuous Vulnerability Management"
|
|
17442
|
+
},
|
|
17443
|
+
{
|
|
17444
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
17445
|
+
"framework": "ISO/IEC 27001:2022",
|
|
17446
|
+
"control_name": "Management of technical vulnerabilities"
|
|
17447
|
+
},
|
|
17448
|
+
{
|
|
17449
|
+
"id": "NIS2-Art21-patch-management",
|
|
17450
|
+
"framework": "EU NIS2 Directive",
|
|
17451
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
17452
|
+
},
|
|
17453
|
+
{
|
|
17454
|
+
"id": "NIST-800-218-SSDF",
|
|
17455
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
17456
|
+
"control_name": "Secure Software Development Framework"
|
|
17457
|
+
},
|
|
17458
|
+
{
|
|
17459
|
+
"id": "NIST-800-53-SC-8",
|
|
17460
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17461
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
17462
|
+
},
|
|
17463
|
+
{
|
|
17464
|
+
"id": "NIST-800-53-SI-2",
|
|
17465
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17466
|
+
"control_name": "Flaw Remediation"
|
|
17467
|
+
},
|
|
17468
|
+
{
|
|
17469
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
17470
|
+
"framework": "PCI DSS 4.0",
|
|
17471
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
17472
|
+
},
|
|
17473
|
+
{
|
|
17474
|
+
"id": "SOC2-CC9-vendor-management",
|
|
17475
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
17476
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
17477
|
+
}
|
|
17478
|
+
],
|
|
17479
|
+
"attack_refs": [
|
|
17480
|
+
"T1068",
|
|
17481
|
+
"T1548.001"
|
|
17482
|
+
],
|
|
17483
|
+
"rfc_refs": [
|
|
17484
|
+
"RFC-4301",
|
|
17485
|
+
"RFC-4303",
|
|
17486
|
+
"RFC-7296"
|
|
17487
|
+
]
|
|
17488
|
+
}
|
|
17489
|
+
},
|
|
17490
|
+
"CVE-2010-0806": {
|
|
17491
|
+
"name": "Microsoft Internet Explorer Use-After-Free (iepeers)",
|
|
17492
|
+
"rwep": 70,
|
|
17493
|
+
"cvss": 8.8,
|
|
17494
|
+
"cisa_kev": true,
|
|
17495
|
+
"epss_score": null,
|
|
17496
|
+
"referencing_skills": [
|
|
17497
|
+
"kernel-lpe-triage",
|
|
17498
|
+
"coordinated-vuln-disclosure"
|
|
17499
|
+
],
|
|
17500
|
+
"chain": {
|
|
17501
|
+
"cwes": [
|
|
17502
|
+
{
|
|
17503
|
+
"id": "CWE-125",
|
|
17504
|
+
"name": "Out-of-bounds Read",
|
|
17505
|
+
"category": "Memory Safety"
|
|
17506
|
+
},
|
|
17507
|
+
{
|
|
17508
|
+
"id": "CWE-1357",
|
|
17509
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
17510
|
+
"category": "Supply Chain"
|
|
17511
|
+
},
|
|
17512
|
+
{
|
|
17513
|
+
"id": "CWE-362",
|
|
17514
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
17515
|
+
"category": "Concurrency"
|
|
17516
|
+
},
|
|
17517
|
+
{
|
|
17518
|
+
"id": "CWE-416",
|
|
17519
|
+
"name": "Use After Free",
|
|
17520
|
+
"category": "Memory Safety"
|
|
17521
|
+
},
|
|
17522
|
+
{
|
|
17523
|
+
"id": "CWE-672",
|
|
17524
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
17525
|
+
"category": "Memory Safety"
|
|
17526
|
+
},
|
|
17527
|
+
{
|
|
17528
|
+
"id": "CWE-787",
|
|
17529
|
+
"name": "Out-of-bounds Write",
|
|
17530
|
+
"category": "Memory Safety"
|
|
17531
|
+
}
|
|
17532
|
+
],
|
|
17533
|
+
"atlas": [],
|
|
17534
|
+
"d3fend": [
|
|
17535
|
+
{
|
|
17536
|
+
"id": "D3-ASLR",
|
|
17537
|
+
"name": "Address Space Layout Randomization",
|
|
17538
|
+
"tactic": "Harden"
|
|
17539
|
+
},
|
|
17540
|
+
{
|
|
17541
|
+
"id": "D3-EAL",
|
|
17542
|
+
"name": "Executable Allowlisting",
|
|
17543
|
+
"tactic": "Harden"
|
|
17544
|
+
},
|
|
17545
|
+
{
|
|
17546
|
+
"id": "D3-PHRA",
|
|
17547
|
+
"name": "Process Hardware Resource Access",
|
|
17548
|
+
"tactic": "Isolate"
|
|
17549
|
+
},
|
|
17550
|
+
{
|
|
17551
|
+
"id": "D3-PSEP",
|
|
17552
|
+
"name": "Process Segment Execution Prevention",
|
|
17553
|
+
"tactic": "Harden"
|
|
17554
|
+
}
|
|
17555
|
+
],
|
|
17556
|
+
"framework_gaps": [
|
|
17557
|
+
{
|
|
17558
|
+
"id": "CIS-Controls-v8-Control7",
|
|
17559
|
+
"framework": "CIS Controls v8",
|
|
17560
|
+
"control_name": "Continuous Vulnerability Management"
|
|
17561
|
+
},
|
|
17562
|
+
{
|
|
17563
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
17564
|
+
"framework": "ISO/IEC 27001:2022",
|
|
17565
|
+
"control_name": "Management of technical vulnerabilities"
|
|
17566
|
+
},
|
|
17567
|
+
{
|
|
17568
|
+
"id": "NIS2-Art21-patch-management",
|
|
17569
|
+
"framework": "EU NIS2 Directive",
|
|
17570
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
17571
|
+
},
|
|
17572
|
+
{
|
|
17573
|
+
"id": "NIST-800-218-SSDF",
|
|
17574
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
17575
|
+
"control_name": "Secure Software Development Framework"
|
|
17576
|
+
},
|
|
17577
|
+
{
|
|
17578
|
+
"id": "NIST-800-53-SC-8",
|
|
17579
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17580
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
17581
|
+
},
|
|
17582
|
+
{
|
|
17583
|
+
"id": "NIST-800-53-SI-2",
|
|
17584
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17585
|
+
"control_name": "Flaw Remediation"
|
|
17586
|
+
},
|
|
17587
|
+
{
|
|
17588
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
17589
|
+
"framework": "PCI DSS 4.0",
|
|
17590
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
17591
|
+
},
|
|
17592
|
+
{
|
|
17593
|
+
"id": "SOC2-CC9-vendor-management",
|
|
17594
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
17595
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
17596
|
+
}
|
|
17597
|
+
],
|
|
17598
|
+
"attack_refs": [
|
|
17599
|
+
"T1068",
|
|
17600
|
+
"T1548.001"
|
|
17601
|
+
],
|
|
17602
|
+
"rfc_refs": [
|
|
17603
|
+
"RFC-4301",
|
|
17604
|
+
"RFC-4303",
|
|
17605
|
+
"RFC-7296"
|
|
17606
|
+
]
|
|
17607
|
+
}
|
|
17608
|
+
},
|
|
16760
17609
|
"CVE-2025-32432": {
|
|
16761
17610
|
"name": "Craft CMS Code Injection Vulnerability",
|
|
16762
17611
|
"rwep": 77,
|
|
@@ -41796,6 +42645,7 @@
|
|
|
41796
42645
|
"CVE-2026-41091",
|
|
41797
42646
|
"CVE-2026-42208",
|
|
41798
42647
|
"CVE-2026-45321",
|
|
42648
|
+
"CVE-2026-45498",
|
|
41799
42649
|
"CVE-2026-46300",
|
|
41800
42650
|
"CVE-2026-46333",
|
|
41801
42651
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -42138,6 +42988,7 @@
|
|
|
42138
42988
|
"CVE-2026-41091",
|
|
42139
42989
|
"CVE-2026-42208",
|
|
42140
42990
|
"CVE-2026-45321",
|
|
42991
|
+
"CVE-2026-45498",
|
|
42141
42992
|
"CVE-2026-46300",
|
|
42142
42993
|
"CVE-2026-46333",
|
|
42143
42994
|
"MAL-2026-3083",
|
|
@@ -42276,6 +43127,7 @@
|
|
|
42276
43127
|
"CVE-2026-41091",
|
|
42277
43128
|
"CVE-2026-42208",
|
|
42278
43129
|
"CVE-2026-45321",
|
|
43130
|
+
"CVE-2026-45498",
|
|
42279
43131
|
"CVE-2026-46300",
|
|
42280
43132
|
"CVE-2026-46333",
|
|
42281
43133
|
"MAL-2026-3083",
|
|
@@ -42428,6 +43280,7 @@
|
|
|
42428
43280
|
"CVE-2026-41091",
|
|
42429
43281
|
"CVE-2026-42208",
|
|
42430
43282
|
"CVE-2026-45321",
|
|
43283
|
+
"CVE-2026-45498",
|
|
42431
43284
|
"CVE-2026-46300",
|
|
42432
43285
|
"CVE-2026-46333",
|
|
42433
43286
|
"MAL-2026-3083",
|
|
@@ -42822,8 +43675,13 @@
|
|
|
42822
43675
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
42823
43676
|
"CVE-2007-0671",
|
|
42824
43677
|
"CVE-2008-0015",
|
|
43678
|
+
"CVE-2008-4250",
|
|
42825
43679
|
"CVE-2009-0238",
|
|
42826
43680
|
"CVE-2009-0556",
|
|
43681
|
+
"CVE-2009-1537",
|
|
43682
|
+
"CVE-2009-3459",
|
|
43683
|
+
"CVE-2010-0249",
|
|
43684
|
+
"CVE-2010-0806",
|
|
42827
43685
|
"CVE-2010-3765",
|
|
42828
43686
|
"CVE-2010-3962",
|
|
42829
43687
|
"CVE-2011-3402",
|
|
@@ -43090,6 +43948,7 @@
|
|
|
43090
43948
|
"CVE-2026-43284",
|
|
43091
43949
|
"CVE-2026-43500",
|
|
43092
43950
|
"CVE-2026-45321",
|
|
43951
|
+
"CVE-2026-45498",
|
|
43093
43952
|
"CVE-2026-46300",
|
|
43094
43953
|
"CVE-2026-46333",
|
|
43095
43954
|
"CVE-2026-5281",
|
|
@@ -43686,6 +44545,7 @@
|
|
|
43686
44545
|
"CVE-2026-41091",
|
|
43687
44546
|
"CVE-2026-42208",
|
|
43688
44547
|
"CVE-2026-45321",
|
|
44548
|
+
"CVE-2026-45498",
|
|
43689
44549
|
"CVE-2026-46300",
|
|
43690
44550
|
"CVE-2026-46333",
|
|
43691
44551
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -44263,6 +45123,7 @@
|
|
|
44263
45123
|
"CVE-2026-41091",
|
|
44264
45124
|
"CVE-2026-42208",
|
|
44265
45125
|
"CVE-2026-45321",
|
|
45126
|
+
"CVE-2026-45498",
|
|
44266
45127
|
"CVE-2026-46300",
|
|
44267
45128
|
"CVE-2026-46333",
|
|
44268
45129
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -44472,6 +45333,7 @@
|
|
|
44472
45333
|
"CVE-2026-39884",
|
|
44473
45334
|
"CVE-2026-41091",
|
|
44474
45335
|
"CVE-2026-45321",
|
|
45336
|
+
"CVE-2026-45498",
|
|
44475
45337
|
"CVE-2026-46300",
|
|
44476
45338
|
"CVE-2026-46333",
|
|
44477
45339
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -45119,6 +45981,7 @@
|
|
|
45119
45981
|
"CVE-2026-41091",
|
|
45120
45982
|
"CVE-2026-42208",
|
|
45121
45983
|
"CVE-2026-45321",
|
|
45984
|
+
"CVE-2026-45498",
|
|
45122
45985
|
"CVE-2026-46300",
|
|
45123
45986
|
"CVE-2026-46333",
|
|
45124
45987
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -45257,8 +46120,13 @@
|
|
|
45257
46120
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
45258
46121
|
"CVE-2007-0671",
|
|
45259
46122
|
"CVE-2008-0015",
|
|
46123
|
+
"CVE-2008-4250",
|
|
45260
46124
|
"CVE-2009-0238",
|
|
45261
46125
|
"CVE-2009-0556",
|
|
46126
|
+
"CVE-2009-1537",
|
|
46127
|
+
"CVE-2009-3459",
|
|
46128
|
+
"CVE-2010-0249",
|
|
46129
|
+
"CVE-2010-0806",
|
|
45262
46130
|
"CVE-2010-3765",
|
|
45263
46131
|
"CVE-2010-3962",
|
|
45264
46132
|
"CVE-2011-3402",
|
|
@@ -45525,6 +46393,7 @@
|
|
|
45525
46393
|
"CVE-2026-43284",
|
|
45526
46394
|
"CVE-2026-43500",
|
|
45527
46395
|
"CVE-2026-45321",
|
|
46396
|
+
"CVE-2026-45498",
|
|
45528
46397
|
"CVE-2026-46300",
|
|
45529
46398
|
"CVE-2026-46333",
|
|
45530
46399
|
"CVE-2026-5281",
|
|
@@ -45650,8 +46519,13 @@
|
|
|
45650
46519
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
45651
46520
|
"CVE-2007-0671",
|
|
45652
46521
|
"CVE-2008-0015",
|
|
46522
|
+
"CVE-2008-4250",
|
|
45653
46523
|
"CVE-2009-0238",
|
|
45654
46524
|
"CVE-2009-0556",
|
|
46525
|
+
"CVE-2009-1537",
|
|
46526
|
+
"CVE-2009-3459",
|
|
46527
|
+
"CVE-2010-0249",
|
|
46528
|
+
"CVE-2010-0806",
|
|
45655
46529
|
"CVE-2010-3765",
|
|
45656
46530
|
"CVE-2010-3962",
|
|
45657
46531
|
"CVE-2011-3402",
|
|
@@ -45918,6 +46792,7 @@
|
|
|
45918
46792
|
"CVE-2026-43284",
|
|
45919
46793
|
"CVE-2026-43500",
|
|
45920
46794
|
"CVE-2026-45321",
|
|
46795
|
+
"CVE-2026-45498",
|
|
45921
46796
|
"CVE-2026-46300",
|
|
45922
46797
|
"CVE-2026-46333",
|
|
45923
46798
|
"CVE-2026-5281",
|
|
@@ -46155,6 +47030,7 @@
|
|
|
46155
47030
|
"CVE-2026-41091",
|
|
46156
47031
|
"CVE-2026-42208",
|
|
46157
47032
|
"CVE-2026-45321",
|
|
47033
|
+
"CVE-2026-45498",
|
|
46158
47034
|
"CVE-2026-46300",
|
|
46159
47035
|
"CVE-2026-46333",
|
|
46160
47036
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -46845,8 +47721,13 @@
|
|
|
46845
47721
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
46846
47722
|
"CVE-2007-0671",
|
|
46847
47723
|
"CVE-2008-0015",
|
|
47724
|
+
"CVE-2008-4250",
|
|
46848
47725
|
"CVE-2009-0238",
|
|
46849
47726
|
"CVE-2009-0556",
|
|
47727
|
+
"CVE-2009-1537",
|
|
47728
|
+
"CVE-2009-3459",
|
|
47729
|
+
"CVE-2010-0249",
|
|
47730
|
+
"CVE-2010-0806",
|
|
46850
47731
|
"CVE-2010-3765",
|
|
46851
47732
|
"CVE-2010-3962",
|
|
46852
47733
|
"CVE-2011-3402",
|
|
@@ -47113,6 +47994,7 @@
|
|
|
47113
47994
|
"CVE-2026-43284",
|
|
47114
47995
|
"CVE-2026-43500",
|
|
47115
47996
|
"CVE-2026-45321",
|
|
47997
|
+
"CVE-2026-45498",
|
|
47116
47998
|
"CVE-2026-46300",
|
|
47117
47999
|
"CVE-2026-46333",
|
|
47118
48000
|
"CVE-2026-5281",
|
|
@@ -47414,6 +48296,7 @@
|
|
|
47414
48296
|
"CVE-2026-41091",
|
|
47415
48297
|
"CVE-2026-42208",
|
|
47416
48298
|
"CVE-2026-45321",
|
|
48299
|
+
"CVE-2026-45498",
|
|
47417
48300
|
"CVE-2026-46300",
|
|
47418
48301
|
"CVE-2026-46333",
|
|
47419
48302
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -47629,8 +48512,13 @@
|
|
|
47629
48512
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
47630
48513
|
"CVE-2007-0671",
|
|
47631
48514
|
"CVE-2008-0015",
|
|
48515
|
+
"CVE-2008-4250",
|
|
47632
48516
|
"CVE-2009-0238",
|
|
47633
48517
|
"CVE-2009-0556",
|
|
48518
|
+
"CVE-2009-1537",
|
|
48519
|
+
"CVE-2009-3459",
|
|
48520
|
+
"CVE-2010-0249",
|
|
48521
|
+
"CVE-2010-0806",
|
|
47634
48522
|
"CVE-2010-3765",
|
|
47635
48523
|
"CVE-2010-3962",
|
|
47636
48524
|
"CVE-2011-3402",
|
|
@@ -47905,6 +48793,7 @@
|
|
|
47905
48793
|
"CVE-2026-43284",
|
|
47906
48794
|
"CVE-2026-43500",
|
|
47907
48795
|
"CVE-2026-45321",
|
|
48796
|
+
"CVE-2026-45498",
|
|
47908
48797
|
"CVE-2026-46300",
|
|
47909
48798
|
"CVE-2026-46333",
|
|
47910
48799
|
"CVE-2026-5281",
|
|
@@ -48214,6 +49103,7 @@
|
|
|
48214
49103
|
"CVE-2026-39884",
|
|
48215
49104
|
"CVE-2026-41091",
|
|
48216
49105
|
"CVE-2026-45321",
|
|
49106
|
+
"CVE-2026-45498",
|
|
48217
49107
|
"CVE-2026-46300",
|
|
48218
49108
|
"CVE-2026-46333",
|
|
48219
49109
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -49130,6 +50020,7 @@
|
|
|
49130
50020
|
"CVE-2026-41091",
|
|
49131
50021
|
"CVE-2026-42208",
|
|
49132
50022
|
"CVE-2026-45321",
|
|
50023
|
+
"CVE-2026-45498",
|
|
49133
50024
|
"CVE-2026-46300",
|
|
49134
50025
|
"CVE-2026-46333",
|
|
49135
50026
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -49197,6 +50088,7 @@
|
|
|
49197
50088
|
"CVE-2026-39884",
|
|
49198
50089
|
"CVE-2026-41091",
|
|
49199
50090
|
"CVE-2026-45321",
|
|
50091
|
+
"CVE-2026-45498",
|
|
49200
50092
|
"CVE-2026-46300",
|
|
49201
50093
|
"CVE-2026-46333",
|
|
49202
50094
|
"MAL-2026-3083"
|
|
@@ -49671,8 +50563,13 @@
|
|
|
49671
50563
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
49672
50564
|
"CVE-2007-0671",
|
|
49673
50565
|
"CVE-2008-0015",
|
|
50566
|
+
"CVE-2008-4250",
|
|
49674
50567
|
"CVE-2009-0238",
|
|
49675
50568
|
"CVE-2009-0556",
|
|
50569
|
+
"CVE-2009-1537",
|
|
50570
|
+
"CVE-2009-3459",
|
|
50571
|
+
"CVE-2010-0249",
|
|
50572
|
+
"CVE-2010-0806",
|
|
49676
50573
|
"CVE-2010-3765",
|
|
49677
50574
|
"CVE-2010-3962",
|
|
49678
50575
|
"CVE-2011-3402",
|
|
@@ -49927,6 +50824,7 @@
|
|
|
49927
50824
|
"CVE-2026-41940",
|
|
49928
50825
|
"CVE-2026-42945",
|
|
49929
50826
|
"CVE-2026-45321",
|
|
50827
|
+
"CVE-2026-45498",
|
|
49930
50828
|
"CVE-2026-46300",
|
|
49931
50829
|
"CVE-2026-46333",
|
|
49932
50830
|
"CVE-2026-5281",
|
|
@@ -50167,6 +51065,7 @@
|
|
|
50167
51065
|
"CVE-2026-39884",
|
|
50168
51066
|
"CVE-2026-41091",
|
|
50169
51067
|
"CVE-2026-45321",
|
|
51068
|
+
"CVE-2026-45498",
|
|
50170
51069
|
"CVE-2026-46300",
|
|
50171
51070
|
"CVE-2026-46333",
|
|
50172
51071
|
"MAL-2026-3083",
|