@blamejs/exceptd-skills 0.13.70 → 0.13.71

package/data/cve-catalog.json

@@ -55,7 +55,7 @@
     "ai_discovery_methodology": {
       "field_added": "2026-05-15",
       "agents_md_target": "Hard Rule #7 — '41% of 2025 zero-days were AI-discovered'. Catalog target rate floor: 0.40.",
-      "current_rate": 0.038,
+      "current_rate": 0.037,
       "current_floor_enforced_by_test": 0.03,
       "ladder_to_target": [
         0.03,
@@ -9810,6 +9810,411 @@
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "Microsoft Defender contains an uncontrolled-resource-consumption flaw allowing a remote, unauthenticated denial of service that disables endpoint protection."
   },
+  "CVE-2008-4250": {
+    "name": "Microsoft Windows Server Service RPC Buffer Overflow (MS08-067)",
+    "type": "RCE",
+    "cvss_score": 9.3,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "Operator estimate for a legacy CVE re-listed to CISA KEV on 2026-05-20 (CVSSv2 was 10.0). Refine via `exceptd refresh --advisory CVE-2008-4250 --apply`.",
+    "cisa_kev": true,
+    "cisa_kev_date": "2026-05-20",
+    "cisa_kev_due_date": "2026-06-03",
+    "poc_available": true,
+    "poc_description": "Long-public, weaponized RCE (Metasploit ms08_067_netapi; the Conficker worm and later Stuxnet used it). Re-listed to KEV for renewed exploitation against unpatched / legacy Windows hosts.",
+    "ai_discovered": false,
+    "ai_discovery_source": "unknown",
+    "ai_discovery_notes": "Legacy CVE (2008); no AI-discovery provenance.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "Legacy weaponization (worm/exploit-kit era); not AI-assisted.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "CISA KEV re-listing 2026-05-20 attests renewed active exploitation, typically against unpatched / end-of-life Windows in OT and legacy enterprise environments.",
+    "affected": "Microsoft Windows (Server service) — legacy supported builds of the MS08-067 era; see Microsoft MS08-067 for affected versions.",
+    "affected_versions": [
+      "Microsoft Windows 2000 / XP / Server 2003 / Vista / Server 2008 (per MS08-067)"
+    ],
+    "vector": "A crafted RPC request to the Windows Server service triggers a buffer overflow allowing unauthenticated remote code execution — wormable. The canonical legacy network RCE.",
+    "complexity": "low",
+    "complexity_notes": "Unauthenticated, network-reachable, reliable public exploit. The patch has existed since 2008; exposure is purely unpatched / legacy systems.",
+    "patch_available": true,
+    "patch_required_reboot": true,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Microsoft patch MS08-067 (2008); requires reboot. No live-patch primitive.",
+    "vendor_update_paths": [
+      "Apply MS08-067; decommission or isolate any remaining unpatched / end-of-life Windows hosts."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "An 18-year-old patched CVE re-appearing on KEV exposes the gap between 'patch released' and 'patch deployed' across legacy/OT estates; SI-2's flaw-remediation SLA assumes assets are in the managed patch program at all.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely covers end-of-life assets that no longer receive routine scanning; a KEV re-listing of a legacy RCE is the signal that those assets are being hunted.",
+      "NIST-800-53-AC-6": "Least-privilege presumes a working boundary; an unauthenticated wormable RCE on a reachable legacy host has none."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1210"
+    ],
+    "rwep_score": 70,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 15,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 5
+    },
+    "rwep_notes": "P1 — KEV-listed, weaponized, confirmed exploitation. blast_radius=15 reflects that exposure is constrained to unpatched / legacy estates rather than the full modern Windows population. Draft (KEV-gap-fill) pending per-CVE enrichment.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this KEV-gap-fill draft.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2008-4250",
+    "cwe_refs": [
+      "CWE-119"
+    ],
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://nvd.nist.gov/vuln/detail/CVE-2008-4250"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "CISA KEV",
+        "advisory_id": "CVE-2008-4250",
+        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+        "severity": "critical",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manual KEV-gap-fill: legacy CVE re-listed to CISA KEV 2026-05-20 (renewed exploitation against unpatched / legacy Windows). Draft pending enrichment; postdates the v0.13.17 bulk intake (KEV catalog 2026.05.15).",
+    "_auto_imported": true,
+    "_intake_method": "manual-kev-gap-fill-2026-05-20",
+    "_kev_short_description": "Microsoft Windows Server service contains a buffer overflow allowing unauthenticated wormable remote code execution (MS08-067)."
+  },
+  "CVE-2009-1537": {
+    "name": "Microsoft DirectShow QuickTime Parsing Memory Corruption",
+    "type": "RCE",
+    "cvss_score": 8.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+    "cvss_note": "Operator estimate for a legacy CVE re-listed to CISA KEV 2026-05-20. Refine via `exceptd refresh --advisory CVE-2009-1537 --apply`.",
+    "cisa_kev": true,
+    "cisa_kev_date": "2026-05-20",
+    "cisa_kev_due_date": "2026-06-03",
+    "poc_available": true,
+    "poc_description": "Public client-side exploit (malicious media file) from the MS09-028 era; re-listed for renewed exploitation on legacy systems.",
+    "ai_discovered": false,
+    "ai_discovery_source": "unknown",
+    "ai_discovery_notes": "Legacy CVE (2009); no AI-discovery provenance.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "Legacy weaponization; not AI-assisted.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "CISA KEV re-listing 2026-05-20 attests renewed active exploitation against legacy systems.",
+    "affected": "Microsoft DirectX / DirectShow (QuickTime content parsing) on legacy Windows — see MS09-028.",
+    "affected_versions": [
+      "Microsoft Windows 2000 / XP / Server 2003 DirectX (per MS09-028)"
+    ],
+    "vector": "Parsing a maliciously crafted QuickTime media file in Microsoft DirectShow corrupts memory (NULL-byte overwrite class), allowing remote code execution when a user opens the file.",
+    "complexity": "low",
+    "complexity_notes": "Client-side: requires the victim to open crafted media. Public exploit; patch since 2009.",
+    "patch_available": true,
+    "patch_required_reboot": true,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Microsoft patch MS09-028 (2009); requires reboot.",
+    "vendor_update_paths": [
+      "Apply MS09-028; decommission or isolate unpatched / end-of-life Windows hosts."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Re-listing of a legacy patched client-side RCE exposes the patch-deployment gap on legacy endpoints.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely scans end-of-life client systems where this remains exploitable.",
+      "NIST-800-53-AC-6": "Client-side RCE runs with the victim user's privileges; least-privilege limits but does not prevent it."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1203"
+    ],
+    "rwep_score": 70,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 15,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 5
+    },
+    "rwep_notes": "P1 — KEV-listed legacy client-side RCE; blast_radius=15 (legacy-constrained). Draft (KEV-gap-fill).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this KEV-gap-fill draft.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2009-1537",
+    "cwe_refs": [
+      "CWE-787"
+    ],
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://nvd.nist.gov/vuln/detail/CVE-2009-1537"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "CISA KEV",
+        "advisory_id": "CVE-2009-1537",
+        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+        "severity": "high",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manual KEV-gap-fill: legacy CVE re-listed to CISA KEV 2026-05-20. Draft pending enrichment.",
+    "_auto_imported": true,
+    "_intake_method": "manual-kev-gap-fill-2026-05-20",
+    "_kev_short_description": "Microsoft DirectShow QuickTime parsing memory corruption allowing remote code execution via a crafted media file."
+  },
+  "CVE-2009-3459": {
+    "name": "Adobe Acrobat and Reader Heap-Based Buffer Overflow",
+    "type": "RCE",
+    "cvss_score": 8.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+    "cvss_note": "Operator estimate for a legacy CVE re-listed to CISA KEV 2026-05-20. Refine via `exceptd refresh --advisory CVE-2009-3459 --apply`.",
+    "cisa_kev": true,
+    "cisa_kev_date": "2026-05-20",
+    "cisa_kev_due_date": "2026-06-03",
+    "poc_available": true,
+    "poc_description": "Public client-side exploit (malicious PDF) from the 2009 Adobe Acrobat/Reader era; re-listed for renewed exploitation on unpatched readers.",
+    "ai_discovered": false,
+    "ai_discovery_source": "unknown",
+    "ai_discovery_notes": "Legacy CVE (2009); no AI-discovery provenance.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "Legacy weaponization; not AI-assisted.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "CISA KEV re-listing 2026-05-20 attests renewed active exploitation against unpatched Acrobat/Reader installs.",
+    "affected": "Adobe Acrobat and Reader (2009-era versions) — see Adobe APSB09-15.",
+    "affected_versions": [
+      "Adobe Acrobat / Reader 9.x and earlier (per APSB09-15)"
+    ],
+    "vector": "A crafted PDF triggers a heap-based buffer overflow in Adobe Acrobat/Reader, allowing remote code execution when the document is opened.",
+    "complexity": "low",
+    "complexity_notes": "Client-side: requires opening a malicious PDF. Public exploit; patch since 2009.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Adobe patch APSB09-15 (2009); application update.",
+    "vendor_update_paths": [
+      "Update Adobe Acrobat / Reader to a supported version; remove end-of-life installs."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Re-listing of a legacy document-handler RCE exposes the patch-deployment gap for client applications on unmanaged endpoints.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management often omits third-party desktop apps (PDF readers) on legacy endpoints.",
+      "NIST-800-53-AC-6": "Document-handler RCE runs with the opening user's privileges."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1203"
+    ],
+    "rwep_score": 70,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 15,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 5
+    },
+    "rwep_notes": "P1 — KEV-listed legacy client-side RCE; blast_radius=15 (legacy-constrained). Draft (KEV-gap-fill).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this KEV-gap-fill draft.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2009-3459",
+    "cwe_refs": [
+      "CWE-122"
+    ],
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://nvd.nist.gov/vuln/detail/CVE-2009-3459"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "CISA KEV",
+        "advisory_id": "CVE-2009-3459",
+        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+        "severity": "high",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manual KEV-gap-fill: legacy CVE re-listed to CISA KEV 2026-05-20. Draft pending enrichment.",
+    "_auto_imported": true,
+    "_intake_method": "manual-kev-gap-fill-2026-05-20",
+    "_kev_short_description": "Adobe Acrobat and Reader heap-based buffer overflow allowing remote code execution via a crafted PDF."
+  },
+  "CVE-2010-0249": {
+    "name": "Microsoft Internet Explorer Use-After-Free (Operation Aurora)",
+    "type": "RCE",
+    "cvss_score": 8.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+    "cvss_note": "Operator estimate for a legacy CVE re-listed to CISA KEV 2026-05-20. The Operation Aurora IE 0-day (2010). Refine via `exceptd refresh --advisory CVE-2010-0249 --apply`.",
+    "cisa_kev": true,
+    "cisa_kev_date": "2026-05-20",
+    "cisa_kev_due_date": "2026-06-03",
+    "poc_available": true,
+    "poc_description": "Public, weaponized (Metasploit ie_aurora) — the original Operation Aurora intrusion set used it against Google and others in 2010. Re-listed for renewed exploitation against legacy IE.",
+    "ai_discovered": false,
+    "ai_discovery_source": "unknown",
+    "ai_discovery_notes": "Legacy CVE (2010); no AI-discovery provenance.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "Legacy nation-state weaponization (Aurora); not AI-assisted.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "CISA KEV re-listing 2026-05-20 attests renewed active exploitation against legacy Internet Explorer installs.",
+    "affected": "Microsoft Internet Explorer 6/7/8 (per MS10-002).",
+    "affected_versions": [
+      "Microsoft Internet Explorer 6 / 7 / 8 (per MS10-002)"
+    ],
+    "vector": "A use-after-free in Internet Explorer's HTML rendering allows remote code execution when the victim visits a crafted page — the technique used in the 2010 Operation Aurora campaign.",
+    "complexity": "low",
+    "complexity_notes": "Client-side drive-by: visiting a crafted page. Public weaponized exploit; patch since 2010.",
+    "patch_available": true,
+    "patch_required_reboot": true,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Microsoft patch MS10-002 (2010); requires reboot.",
+    "vendor_update_paths": [
+      "Apply MS10-002; decommission legacy Internet Explorer / end-of-life Windows."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Re-listing of the Aurora IE 0-day exposes the gap for legacy browsers still reachable in OT / kiosk / legacy estates.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely tracks end-of-life browsers that remain in use on legacy systems.",
+      "NIST-800-53-AC-6": "Browser RCE runs with the victim user's privileges; an Aurora-class chain then pivots."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1203"
+    ],
+    "rwep_score": 70,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 15,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 5
+    },
+    "rwep_notes": "P1 — KEV-listed, historically nation-state-weaponized (Aurora) client-side RCE; blast_radius=15 (legacy-constrained). Draft (KEV-gap-fill).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this KEV-gap-fill draft.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2010-0249",
+    "cwe_refs": [
+      "CWE-416"
+    ],
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://nvd.nist.gov/vuln/detail/CVE-2010-0249"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "CISA KEV",
+        "advisory_id": "CVE-2010-0249",
+        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+        "severity": "high",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manual KEV-gap-fill: legacy CVE (Operation Aurora) re-listed to CISA KEV 2026-05-20. Draft pending enrichment.",
+    "_auto_imported": true,
+    "_intake_method": "manual-kev-gap-fill-2026-05-20",
+    "_kev_short_description": "Microsoft Internet Explorer use-after-free allowing remote code execution via a crafted web page (Operation Aurora)."
+  },
+  "CVE-2010-0806": {
+    "name": "Microsoft Internet Explorer Use-After-Free (iepeers)",
+    "type": "RCE",
+    "cvss_score": 8.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+    "cvss_note": "Operator estimate for a legacy CVE re-listed to CISA KEV 2026-05-20. Refine via `exceptd refresh --advisory CVE-2010-0806 --apply`.",
+    "cisa_kev": true,
+    "cisa_kev_date": "2026-05-20",
+    "cisa_kev_due_date": "2026-06-03",
+    "poc_available": true,
+    "poc_description": "Public, weaponized (Metasploit ie_iepeers_pointer) — exploited in the wild in 2010. Re-listed for renewed exploitation against legacy IE.",
+    "ai_discovered": false,
+    "ai_discovery_source": "unknown",
+    "ai_discovery_notes": "Legacy CVE (2010); no AI-discovery provenance.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "Legacy weaponization; not AI-assisted.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "CISA KEV re-listing 2026-05-20 attests renewed active exploitation against legacy Internet Explorer installs.",
+    "affected": "Microsoft Internet Explorer 6/7 (per MS10-018).",
+    "affected_versions": [
+      "Microsoft Internet Explorer 6 / 7 (per MS10-018)"
+    ],
+    "vector": "A use-after-free in Internet Explorer's iepeers.dll allows remote code execution when the victim visits a crafted page.",
+    "complexity": "low",
+    "complexity_notes": "Client-side drive-by. Public weaponized exploit; patch since 2010.",
+    "patch_available": true,
+    "patch_required_reboot": true,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Microsoft patch MS10-018 (2010); requires reboot.",
+    "vendor_update_paths": [
+      "Apply MS10-018; decommission legacy Internet Explorer / end-of-life Windows."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Re-listing of a legacy IE 0-day exposes the patch-deployment gap for end-of-life browsers in legacy estates.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely tracks end-of-life browsers still in use.",
+      "NIST-800-53-AC-6": "Browser RCE runs with the victim user's privileges."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1203"
+    ],
+    "rwep_score": 70,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 15,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 5
+    },
+    "rwep_notes": "P1 — KEV-listed legacy client-side RCE; blast_radius=15 (legacy-constrained). Draft (KEV-gap-fill).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this KEV-gap-fill draft.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2010-0806",
+    "cwe_refs": [
+      "CWE-416"
+    ],
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://nvd.nist.gov/vuln/detail/CVE-2010-0806"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "CISA KEV",
+        "advisory_id": "CVE-2010-0806",
+        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+        "severity": "high",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manual KEV-gap-fill: legacy CVE re-listed to CISA KEV 2026-05-20. Draft pending enrichment.",
+    "_auto_imported": true,
+    "_intake_method": "manual-kev-gap-fill-2026-05-20",
+    "_kev_short_description": "Microsoft Internet Explorer iepeers.dll use-after-free allowing remote code execution via a crafted web page."
+  },
   "CVE-2025-32432": {
     "name": "Craft CMS Code Injection Vulnerability",
     "type": "RCE",

package/data/cwe-catalog.json

@@ -1131,6 +1131,8 @@
       "kernel-lpe-triage"
     ],
     "evidence_cves": [
+      "CVE-2010-0249",
+      "CVE-2010-0806",
       "CVE-2020-9715",
       "CVE-2023-41974",
       "CVE-2023-43000",
@@ -1554,6 +1556,7 @@
       "kernel-lpe-triage"
     ],
     "evidence_cves": [
+      "CVE-2009-1537",
       "CVE-2021-22555",
       "CVE-2023-3519",
       "CVE-2024-21762",
@@ -2210,6 +2213,7 @@
     ],
     "related_weaknesses": [],
     "evidence_cves": [
+      "CVE-2008-4250",
       "CVE-2014-3931",
       "CVE-2025-14174",
       "CVE-2025-31277",
@@ -2716,6 +2720,7 @@
     ],
     "related_weaknesses": [],
     "evidence_cves": [
+      "CVE-2009-3459",
       "CVE-2025-32706",
       "CVE-2026-22778"
     ],

package/data/framework-control-gaps.json

@@ -1272,8 +1272,13 @@
       "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
       "CVE-2007-0671",
       "CVE-2008-0015",
+      "CVE-2008-4250",
       "CVE-2009-0238",
       "CVE-2009-0556",
+      "CVE-2009-1537",
+      "CVE-2009-3459",
+      "CVE-2010-0249",
+      "CVE-2010-0806",
       "CVE-2010-3765",
       "CVE-2010-3962",
       "CVE-2011-3402",
@@ -2191,8 +2196,13 @@
       "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
       "CVE-2007-0671",
       "CVE-2008-0015",
+      "CVE-2008-4250",
       "CVE-2009-0238",
       "CVE-2009-0556",
+      "CVE-2009-1537",
+      "CVE-2009-3459",
+      "CVE-2010-0249",
+      "CVE-2010-0806",
       "CVE-2010-3765",
       "CVE-2010-3962",
       "CVE-2011-3402",
@@ -4817,8 +4827,13 @@
       "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
       "CVE-2007-0671",
       "CVE-2008-0015",
+      "CVE-2008-4250",
       "CVE-2009-0238",
       "CVE-2009-0556",
+      "CVE-2009-1537",
+      "CVE-2009-3459",
+      "CVE-2010-0249",
+      "CVE-2010-0806",
       "CVE-2010-3765",
       "CVE-2010-3962",
       "CVE-2011-3402",