@blamejs/exceptd-skills 0.13.72 → 0.13.73

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/data/_indexes/_meta.json +8 -8
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +385 -0
  6. package/data/attack-techniques.json +2 -0
  7. package/data/cve-catalog.json +106 -0
  8. package/data/cwe-catalog.json +5 -2
  9. package/data/framework-control-gaps.json +8 -1
  10. package/data/zeroday-lessons.json +50 -0
  11. package/manifest.json +44 -44
  12. package/package.json +2 -2
  13. package/sbom.cdx.json +23 -23
package/CHANGELOG.md CHANGED
@@ -1,5 +1,9 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.13.73 — 2026-05-25
4
+
5
+ CVE catalog — MCP toolchain: adds **CVE-2025-49596**, the remote code execution in Anthropic's official MCP Inspector. The Inspector client and proxy have no authentication between them, so an unauthenticated request that reaches the browser-reachable proxy (loopback / 0.0.0.0) launches MCP commands over stdio — a malicious web page a developer visits drives it cross-origin (the 0.0.0.0-day / DNS-rebinding class), yielding RCE on the developer's machine. CWE-306; GitHub CNA CVSS v4.0 9.4 (NVD has not assessed v3.1; the catalog records a conservative v3.1 estimate of 8.3); fixed in `@modelcontextprotocol/inspector` 0.14.1. The framework-gap notes name the real exposure: MCP — the connective tissue of the agent ecosystem — concentrates RCE risk in its toolchain, which sits outside the managed vulnerability program on developer workstations. RWEP P3 (30): not KEV, no confirmed in-the-wild exploitation, patched at disclosure. CWE-306/352/346 + ATT&CK T1190/T1059, global-first framework gaps, behavioral IoCs, and a zero-day lesson whose new control (NEW-CTRL-081) requires locally-bound AI/MCP dev services to authenticate and origin-validate rather than trust loopback reachability. CVE count 322 → 323.
6
+
3
7
  ## 0.13.72 — 2026-05-25
4
8
 
5
9
  CVE catalog — AI-framework threat intel: adds **CVE-2026-25592**, the Microsoft Semantic Kernel prompt-injection-to-RCE (CVSS 9.9 critical; Microsoft-disclosed 2026-05-07; fixed in Microsoft.SemanticKernel.Plugins.Core 1.71.0). A path traversal (CWE-22) in the `SessionsPythonPlugin` allows arbitrary file write; because the plugin runs inside a tool-wired agent, an injected prompt (ATLAS AML.T0051) drives the write to host code execution — a single prompt was shown launching calc.exe on the agent host. This is the catalog's core thesis made concrete: once an agent can reach a file-writing or code-running tool, prompt injection is a remote-code-execution primitive, not a content-safety nuisance. The RWEP score is deliberately P3 (30) despite the 9.9 CVSS — it is not KEV-listed, has no confirmed in-the-wild exploitation, and shipped with a patch (Hard Rule #3: real-world-exploit priority over CVSS). The entry carries CWE-22/94 + ATLAS AML.T0051 + ATT&CK T1059/T1203 mappings, global-first framework gaps including the prompt-injection access-control gap, behavioral IoCs, and a zero-day lesson whose new control (NEW-CTRL-080) requires sandboxing the AI agent's tool-execution boundary. CVE count 321 → 322.
package/data/_indexes/_meta.json CHANGED
@@ -1,21 +1,21 @@
1
1
  {
2
2
  "schema_version": "1.1.0",
3
- "generated_at": "2026-05-25T12:59:54.071Z",
3
+ "generated_at": "2026-05-25T13:30:00.326Z",
4
4
  "generator": "scripts/build-indexes.js",
5
5
  "source_count": 54,
6
6
  "source_hashes": {
7
- "manifest.json": "cf386c69d7e2cae5a1acb841b7fd5b71abe24c402742fccbad3698ad21c0cf13",
7
+ "manifest.json": "20fd726ecbe98bda6e3d898f27b0d6bc1b93c9d083c1029af01b5c328d980c3a",
8
8
  "data/atlas-ttps.json": "eb47b6ad6b38e9a785a36769897adc8987fbc27a4b0b77ea4bed9c6d2aba0f3c",
9
- "data/attack-techniques.json": "d722164514d749b1f33d8585085896358791f54f17c1bb99363a1920ab7a75e6",
10
- "data/cve-catalog.json": "07c035c69875f30af633ab21d9e0c78bf641d27f5391d22b252772a906a8bca8",
11
- "data/cwe-catalog.json": "b50b4abc33f7436f1d0e06c77b03a7c5768146976984e2f7966d6a7c1017038a",
9
+ "data/attack-techniques.json": "7ab814c8fefab193b9a42ec7f9b62148401824cb127d62bd5a326660837a0e29",
10
+ "data/cve-catalog.json": "16e879393e25197612d4b349b69ce6862e5230f50b7cba263bc19ed3de5dbe50",
11
+ "data/cwe-catalog.json": "a90fcc2780afa8a3dbec6faed95aec7021bb6cf270136fdc3867030f5dedb38a",
12
12
  "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
13
13
  "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
14
14
  "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
15
- "data/framework-control-gaps.json": "db8b48b090617a028598f5e467ccc638ad5b8ca3baef3087bd999a68c79282c5",
15
+ "data/framework-control-gaps.json": "4d6c6c85503e0565a0ed7c0dbf665861ba799251f569ba879c20741e0f1afc83",
16
16
  "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
17
17
  "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
18
- "data/zeroday-lessons.json": "6e5f485e9cb275ab64beb28842606b5610e88b898a778ac24d860497c72f074b",
18
+ "data/zeroday-lessons.json": "ac2ac160bfc823b2657e40e3996ca469ff214d1f91d38512b4d297e5c35eedb0",
19
19
  "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
20
20
  "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
21
21
  "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
72
72
  "dlp_refs": 0
73
73
  },
74
74
  "trigger_table_entries": 538,
75
- "chains_cve_entries": 311,
75
+ "chains_cve_entries": 312,
76
76
  "chains_cwe_entries": 171,
77
77
  "jurisdictions_indexed": 29,
78
78
  "handoff_dag_nodes": 42,
package/data/_indexes/activity-feed.json CHANGED
@@ -149,7 +149,7 @@
149
149
  "artifact": "data/cve-catalog.json",
150
150
  "path": "data/cve-catalog.json",
151
151
  "schema_version": "1.0.0",
152
- "entry_count": 322
152
+ "entry_count": 323
153
153
  },
154
154
  {
155
155
  "date": "2026-05-18",
@@ -165,7 +165,7 @@
165
165
  "artifact": "data/zeroday-lessons.json",
166
166
  "path": "data/zeroday-lessons.json",
167
167
  "schema_version": "1.1.0",
168
- "entry_count": 317
168
+ "entry_count": 318
169
169
  },
170
170
  {
171
171
  "date": "2026-05-17",
package/data/_indexes/catalog-summaries.json CHANGED
@@ -62,7 +62,7 @@
62
62
  "rebuild_after_days": 365,
63
63
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
64
64
  },
65
- "entry_count": 322,
65
+ "entry_count": 323,
66
66
  "sample_keys": [
67
67
  "CVE-2025-53773",
68
68
  "CVE-2026-30615",
@@ -238,7 +238,7 @@
238
238
  "rebuild_after_days": 365,
239
239
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
240
240
  },
241
- "entry_count": 317,
241
+ "entry_count": 318,
242
242
  "sample_keys": [
243
243
  "CVE-2026-31431",
244
244
  "CVE-2025-53773",
package/data/_indexes/chains.json CHANGED
@@ -16611,6 +16611,368 @@
16611
16611
  ]
16612
16612
  }
16613
16613
  },
16614
+ "CVE-2025-49596": {
16615
+ "name": "MCP Inspector Missing Authentication — Unauthenticated RCE via the Inspector Proxy",
16616
+ "rwep": 30,
16617
+ "cvss": 8.3,
16618
+ "cisa_kev": false,
16619
+ "epss_score": null,
16620
+ "referencing_skills": [
16621
+ "kernel-lpe-triage",
16622
+ "ai-attack-surface",
16623
+ "compliance-theater",
16624
+ "attack-surface-pentest",
16625
+ "ot-ics-security",
16626
+ "coordinated-vuln-disclosure",
16627
+ "sector-energy"
16628
+ ],
16629
+ "chain": {
16630
+ "cwes": [
16631
+ {
16632
+ "id": "CWE-1037",
16633
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
16634
+ "category": "Hardware / Side Channel"
16635
+ },
16636
+ {
16637
+ "id": "CWE-1039",
16638
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
16639
+ "category": "AI/ML"
16640
+ },
16641
+ {
16642
+ "id": "CWE-125",
16643
+ "name": "Out-of-bounds Read",
16644
+ "category": "Memory Safety"
16645
+ },
16646
+ {
16647
+ "id": "CWE-1357",
16648
+ "name": "Reliance on Insufficiently Trustworthy Component",
16649
+ "category": "Supply Chain"
16650
+ },
16651
+ {
16652
+ "id": "CWE-1395",
16653
+ "name": "Dependency on Vulnerable Third-Party Component",
16654
+ "category": "Supply Chain"
16655
+ },
16656
+ {
16657
+ "id": "CWE-1426",
16658
+ "name": "Improper Validation of Generative AI Output",
16659
+ "category": "AI/ML"
16660
+ },
16661
+ {
16662
+ "id": "CWE-22",
16663
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
16664
+ "category": "Path/Resource"
16665
+ },
16666
+ {
16667
+ "id": "CWE-269",
16668
+ "name": "Improper Privilege Management",
16669
+ "category": "Authorization"
16670
+ },
16671
+ {
16672
+ "id": "CWE-287",
16673
+ "name": "Improper Authentication",
16674
+ "category": "Authentication"
16675
+ },
16676
+ {
16677
+ "id": "CWE-306",
16678
+ "name": "Missing Authentication for Critical Function",
16679
+ "category": "Authentication"
16680
+ },
16681
+ {
16682
+ "id": "CWE-352",
16683
+ "name": "Cross-Site Request Forgery (CSRF)",
16684
+ "category": "Session"
16685
+ },
16686
+ {
16687
+ "id": "CWE-362",
16688
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
16689
+ "category": "Concurrency"
16690
+ },
16691
+ {
16692
+ "id": "CWE-416",
16693
+ "name": "Use After Free",
16694
+ "category": "Memory Safety"
16695
+ },
16696
+ {
16697
+ "id": "CWE-434",
16698
+ "name": "Unrestricted Upload of File with Dangerous Type",
16699
+ "category": "File Handling"
16700
+ },
16701
+ {
16702
+ "id": "CWE-672",
16703
+ "name": "Operation on a Resource after Expiration or Release",
16704
+ "category": "Memory Safety"
16705
+ },
16706
+ {
16707
+ "id": "CWE-732",
16708
+ "name": "Incorrect Permission Assignment for Critical Resource",
16709
+ "category": "Authorization"
16710
+ },
16711
+ {
16712
+ "id": "CWE-78",
16713
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
16714
+ "category": "Injection"
16715
+ },
16716
+ {
16717
+ "id": "CWE-787",
16718
+ "name": "Out-of-bounds Write",
16719
+ "category": "Memory Safety"
16720
+ },
16721
+ {
16722
+ "id": "CWE-79",
16723
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
16724
+ "category": "Injection"
16725
+ },
16726
+ {
16727
+ "id": "CWE-798",
16728
+ "name": "Use of Hard-coded Credentials",
16729
+ "category": "Credentials"
16730
+ },
16731
+ {
16732
+ "id": "CWE-89",
16733
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
16734
+ "category": "Injection"
16735
+ },
16736
+ {
16737
+ "id": "CWE-918",
16738
+ "name": "Server-Side Request Forgery (SSRF)",
16739
+ "category": "Network"
16740
+ },
16741
+ {
16742
+ "id": "CWE-94",
16743
+ "name": "Improper Control of Generation of Code (Code Injection)",
16744
+ "category": "Injection"
16745
+ }
16746
+ ],
16747
+ "atlas": [
16748
+ {
16749
+ "id": "AML.T0010",
16750
+ "name": "ML Supply Chain Compromise",
16751
+ "tactic": "Initial Access"
16752
+ },
16753
+ {
16754
+ "id": "AML.T0016",
16755
+ "name": "Obtain Capabilities: Develop Capabilities",
16756
+ "tactic": "Resource Development"
16757
+ },
16758
+ {
16759
+ "id": "AML.T0017",
16760
+ "name": "Discover ML Model Ontology",
16761
+ "tactic": "Discovery"
16762
+ },
16763
+ {
16764
+ "id": "AML.T0018",
16765
+ "name": "Backdoor ML Model",
16766
+ "tactic": "Persistence"
16767
+ },
16768
+ {
16769
+ "id": "AML.T0020",
16770
+ "name": "Poison Training Data",
16771
+ "tactic": "ML Attack Staging"
16772
+ },
16773
+ {
16774
+ "id": "AML.T0043",
16775
+ "name": "Craft Adversarial Data",
16776
+ "tactic": "ML Attack Staging"
16777
+ },
16778
+ {
16779
+ "id": "AML.T0051",
16780
+ "name": "LLM Prompt Injection",
16781
+ "tactic": "Execution"
16782
+ },
16783
+ {
16784
+ "id": "AML.T0054",
16785
+ "name": "LLM Jailbreak",
16786
+ "tactic": "Defense Evasion"
16787
+ },
16788
+ {
16789
+ "id": "AML.T0096",
16790
+ "name": "AI API as Covert C2 Channel",
16791
+ "tactic": "Command and Control"
16792
+ }
16793
+ ],
16794
+ "d3fend": [
16795
+ {
16796
+ "id": "D3-ASLR",
16797
+ "name": "Address Space Layout Randomization",
16798
+ "tactic": "Harden"
16799
+ },
16800
+ {
16801
+ "id": "D3-CSPP",
16802
+ "name": "Client-server Payload Profiling",
16803
+ "tactic": "Detect"
16804
+ },
16805
+ {
16806
+ "id": "D3-EAL",
16807
+ "name": "Executable Allowlisting",
16808
+ "tactic": "Harden"
16809
+ },
16810
+ {
16811
+ "id": "D3-IOPR",
16812
+ "name": "Input/Output Profiling Resource",
16813
+ "tactic": "Detect"
16814
+ },
16815
+ {
16816
+ "id": "D3-NTA",
16817
+ "name": "Network Traffic Analysis",
16818
+ "tactic": "Detect"
16819
+ },
16820
+ {
16821
+ "id": "D3-PHRA",
16822
+ "name": "Process Hardware Resource Access",
16823
+ "tactic": "Isolate"
16824
+ },
16825
+ {
16826
+ "id": "D3-PSEP",
16827
+ "name": "Process Segment Execution Prevention",
16828
+ "tactic": "Harden"
16829
+ }
16830
+ ],
16831
+ "framework_gaps": [
16832
+ {
16833
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
16834
+ "framework": "ALL",
16835
+ "control_name": "AI Pipeline Integrity"
16836
+ },
16837
+ {
16838
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
16839
+ "framework": "ALL",
16840
+ "control_name": "Prompt Injection as Access Control Failure"
16841
+ },
16842
+ {
16843
+ "id": "CIS-Controls-v8-Control7",
16844
+ "framework": "CIS Controls v8",
16845
+ "control_name": "Continuous Vulnerability Management"
16846
+ },
16847
+ {
16848
+ "id": "CMMC-2.0-Level-2",
16849
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
16850
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
16851
+ },
16852
+ {
16853
+ "id": "FedRAMP-Rev5-Moderate",
16854
+ "framework": "FedRAMP Rev 5 Moderate",
16855
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
16856
+ },
16857
+ {
16858
+ "id": "IEC-62443-3-3",
16859
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
16860
+ "control_name": "System security requirements and security levels"
16861
+ },
16862
+ {
16863
+ "id": "ISO-27001-2022-A.8.28",
16864
+ "framework": "ISO/IEC 27001:2022",
16865
+ "control_name": "Secure coding"
16866
+ },
16867
+ {
16868
+ "id": "ISO-27001-2022-A.8.8",
16869
+ "framework": "ISO/IEC 27001:2022",
16870
+ "control_name": "Management of technical vulnerabilities"
16871
+ },
16872
+ {
16873
+ "id": "ISO-IEC-23894-2023-clause-7",
16874
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
16875
+ "control_name": "AI risk management process"
16876
+ },
16877
+ {
16878
+ "id": "NERC-CIP-007-6-R4",
16879
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
16880
+ "control_name": "Security event monitoring"
16881
+ },
16882
+ {
16883
+ "id": "NIS2-Art21-patch-management",
16884
+ "framework": "EU NIS2 Directive",
16885
+ "control_name": "Vulnerability handling and disclosure"
16886
+ },
16887
+ {
16888
+ "id": "NIST-800-115",
16889
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
16890
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
16891
+ },
16892
+ {
16893
+ "id": "NIST-800-218-SSDF",
16894
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
16895
+ "control_name": "Secure Software Development Framework"
16896
+ },
16897
+ {
16898
+ "id": "NIST-800-53-AC-2",
16899
+ "framework": "NIST SP 800-53 Rev 5",
16900
+ "control_name": "Account Management"
16901
+ },
16902
+ {
16903
+ "id": "NIST-800-53-SC-8",
16904
+ "framework": "NIST SP 800-53 Rev 5",
16905
+ "control_name": "Transmission Confidentiality and Integrity"
16906
+ },
16907
+ {
16908
+ "id": "NIST-800-53-SI-2",
16909
+ "framework": "NIST SP 800-53 Rev 5",
16910
+ "control_name": "Flaw Remediation"
16911
+ },
16912
+ {
16913
+ "id": "NIST-800-53-SI-3",
16914
+ "framework": "NIST SP 800-53 Rev 5",
16915
+ "control_name": "Malicious Code Protection"
16916
+ },
16917
+ {
16918
+ "id": "NIST-800-82r3",
16919
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
16920
+ "control_name": "Guide to Operational Technology (OT) Security"
16921
+ },
16922
+ {
16923
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
16924
+ "framework": "OWASP Top 10 for LLM Applications 2025",
16925
+ "control_name": "Prompt Injection"
16926
+ },
16927
+ {
16928
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
16929
+ "framework": "OWASP Top 10 for LLM Applications 2025",
16930
+ "control_name": "Sensitive Information Disclosure"
16931
+ },
16932
+ {
16933
+ "id": "OWASP-Pen-Testing-Guide-v5",
16934
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
16935
+ "control_name": "Web application penetration testing methodology"
16936
+ },
16937
+ {
16938
+ "id": "PCI-DSS-4.0-6.3.3",
16939
+ "framework": "PCI DSS 4.0",
16940
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
16941
+ },
16942
+ {
16943
+ "id": "PTES-Pre-engagement",
16944
+ "framework": "Penetration Testing Execution Standard (PTES)",
16945
+ "control_name": "Pre-engagement Interactions"
16946
+ },
16947
+ {
16948
+ "id": "SOC2-CC6-logical-access",
16949
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
16950
+ "control_name": "Logical and Physical Access Controls"
16951
+ },
16952
+ {
16953
+ "id": "SOC2-CC9-vendor-management",
16954
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
16955
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
16956
+ }
16957
+ ],
16958
+ "attack_refs": [
16959
+ "T0855",
16960
+ "T0883",
16961
+ "T1059",
16962
+ "T1068",
16963
+ "T1078",
16964
+ "T1133",
16965
+ "T1190",
16966
+ "T1548.001",
16967
+ "T1566"
16968
+ ],
16969
+ "rfc_refs": [
16970
+ "RFC-4301",
16971
+ "RFC-4303",
16972
+ "RFC-7296"
16973
+ ]
16974
+ }
16975
+ },
16614
16976
  "CVE-2026-41091": {
16615
16977
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
16616
16978
  "rwep": 45,
@@ -42996,6 +43358,7 @@
42996
43358
  "CVE-2025-34291",
42997
43359
  "CVE-2025-38352",
42998
43360
  "CVE-2025-43300",
43361
+ "CVE-2025-49596",
42999
43362
  "CVE-2025-49844",
43000
43363
  "CVE-2025-53773",
43001
43364
  "CVE-2025-6965",
@@ -43343,6 +43706,7 @@
43343
43706
  "CVE-2025-34291",
43344
43707
  "CVE-2025-38352",
43345
43708
  "CVE-2025-43300",
43709
+ "CVE-2025-49596",
43346
43710
  "CVE-2025-6965",
43347
43711
  "CVE-2026-25592",
43348
43712
  "CVE-2026-30623",
@@ -43483,6 +43847,7 @@
43483
43847
  "CVE-2025-34291",
43484
43848
  "CVE-2025-38352",
43485
43849
  "CVE-2025-43300",
43850
+ "CVE-2025-49596",
43486
43851
  "CVE-2025-6965",
43487
43852
  "CVE-2026-25592",
43488
43853
  "CVE-2026-30623",
@@ -43637,6 +44002,7 @@
43637
44002
  "CVE-2025-34291",
43638
44003
  "CVE-2025-38352",
43639
44004
  "CVE-2025-43300",
44005
+ "CVE-2025-49596",
43640
44006
  "CVE-2025-6965",
43641
44007
  "CVE-2026-25592",
43642
44008
  "CVE-2026-30623",
@@ -43894,6 +44260,7 @@
43894
44260
  "CVE-2025-1094",
43895
44261
  "CVE-2025-11837",
43896
44262
  "CVE-2025-34291",
44263
+ "CVE-2025-49596",
43897
44264
  "CVE-2025-49844",
43898
44265
  "CVE-2025-53773",
43899
44266
  "CVE-2025-6965",
@@ -44204,6 +44571,7 @@
44204
44571
  "CVE-2025-48928",
44205
44572
  "CVE-2025-49113",
44206
44573
  "CVE-2025-4919",
44574
+ "CVE-2025-49596",
44207
44575
  "CVE-2025-49704",
44208
44576
  "CVE-2025-49706",
44209
44577
  "CVE-2025-49844",
@@ -44902,6 +45270,7 @@
44902
45270
  "CVE-2025-34291",
44903
45271
  "CVE-2025-38352",
44904
45272
  "CVE-2025-43300",
45273
+ "CVE-2025-49596",
44905
45274
  "CVE-2025-49844",
44906
45275
  "CVE-2025-53773",
44907
45276
  "CVE-2025-6965",
@@ -45481,6 +45850,7 @@
45481
45850
  "CVE-2025-34291",
45482
45851
  "CVE-2025-38352",
45483
45852
  "CVE-2025-43300",
45853
+ "CVE-2025-49596",
45484
45854
  "CVE-2025-49844",
45485
45855
  "CVE-2025-53773",
45486
45856
  "CVE-2025-6965",
@@ -45696,6 +46066,7 @@
45696
46066
  "CVE-2025-34291",
45697
46067
  "CVE-2025-38352",
45698
46068
  "CVE-2025-43300",
46069
+ "CVE-2025-49596",
45699
46070
  "CVE-2025-53773",
45700
46071
  "CVE-2026-25592",
45701
46072
  "CVE-2026-30615",
@@ -46341,6 +46712,7 @@
46341
46712
  "CVE-2025-34291",
46342
46713
  "CVE-2025-38352",
46343
46714
  "CVE-2025-43300",
46715
+ "CVE-2025-49596",
46344
46716
  "CVE-2025-49844",
46345
46717
  "CVE-2025-53773",
46346
46718
  "CVE-2025-6965",
@@ -46654,6 +47026,7 @@
46654
47026
  "CVE-2025-48928",
46655
47027
  "CVE-2025-49113",
46656
47028
  "CVE-2025-4919",
47029
+ "CVE-2025-49596",
46657
47030
  "CVE-2025-49704",
46658
47031
  "CVE-2025-49706",
46659
47032
  "CVE-2025-49844",
@@ -47054,6 +47427,7 @@
47054
47427
  "CVE-2025-48928",
47055
47428
  "CVE-2025-49113",
47056
47429
  "CVE-2025-4919",
47430
+ "CVE-2025-49596",
47057
47431
  "CVE-2025-49704",
47058
47432
  "CVE-2025-49706",
47059
47433
  "CVE-2025-49844",
@@ -47393,6 +47767,7 @@
47393
47767
  "CVE-2025-34291",
47394
47768
  "CVE-2025-38352",
47395
47769
  "CVE-2025-43300",
47770
+ "CVE-2025-49596",
47396
47771
  "CVE-2025-49844",
47397
47772
  "CVE-2025-53773",
47398
47773
  "CVE-2025-6965",
@@ -48258,6 +48633,7 @@
48258
48633
  "CVE-2025-48928",
48259
48634
  "CVE-2025-49113",
48260
48635
  "CVE-2025-4919",
48636
+ "CVE-2025-49596",
48261
48637
  "CVE-2025-49704",
48262
48638
  "CVE-2025-49706",
48263
48639
  "CVE-2025-49844",
@@ -48661,6 +49037,7 @@
48661
49037
  "CVE-2025-34291",
48662
49038
  "CVE-2025-38352",
48663
49039
  "CVE-2025-43300",
49040
+ "CVE-2025-49596",
48664
49041
  "CVE-2025-49844",
48665
49042
  "CVE-2025-53773",
48666
49043
  "CVE-2025-6965",
@@ -49055,6 +49432,7 @@
49055
49432
  "CVE-2025-48928",
49056
49433
  "CVE-2025-49113",
49057
49434
  "CVE-2025-4919",
49435
+ "CVE-2025-49596",
49058
49436
  "CVE-2025-49704",
49059
49437
  "CVE-2025-49706",
49060
49438
  "CVE-2025-49844",
@@ -49473,6 +49851,7 @@
49473
49851
  "CVE-2025-34291",
49474
49852
  "CVE-2025-38352",
49475
49853
  "CVE-2025-43300",
49854
+ "CVE-2025-49596",
49476
49855
  "CVE-2025-49844",
49477
49856
  "CVE-2025-53773",
49478
49857
  "CVE-2026-25592",
@@ -50388,6 +50767,7 @@
50388
50767
  "CVE-2025-34291",
50389
50768
  "CVE-2025-38352",
50390
50769
  "CVE-2025-43300",
50770
+ "CVE-2025-49596",
50391
50771
  "CVE-2025-49844",
50392
50772
  "CVE-2025-53773",
50393
50773
  "CVE-2025-6965",
@@ -50463,6 +50843,7 @@
50463
50843
  "CVE-2025-34291",
50464
50844
  "CVE-2025-38352",
50465
50845
  "CVE-2025-43300",
50846
+ "CVE-2025-49596",
50466
50847
  "CVE-2026-25592",
50467
50848
  "CVE-2026-31431",
50468
50849
  "CVE-2026-34926",
@@ -50609,6 +50990,7 @@
50609
50990
  "CVE-2025-1094",
50610
50991
  "CVE-2025-11837",
50611
50992
  "CVE-2025-34291",
50993
+ "CVE-2025-49596",
50612
50994
  "CVE-2025-53773",
50613
50995
  "CVE-2025-6965",
50614
50996
  "CVE-2026-22778",
@@ -51105,6 +51487,7 @@
51105
51487
  "CVE-2025-48928",
51106
51488
  "CVE-2025-49113",
51107
51489
  "CVE-2025-4919",
51490
+ "CVE-2025-49596",
51108
51491
  "CVE-2025-49704",
51109
51492
  "CVE-2025-49706",
51110
51493
  "CVE-2025-5086",
@@ -51438,6 +51821,7 @@
51438
51821
  "CVE-2025-34291",
51439
51822
  "CVE-2025-38352",
51440
51823
  "CVE-2025-43300",
51824
+ "CVE-2025-49596",
51441
51825
  "CVE-2025-49844",
51442
51826
  "CVE-2025-53773",
51443
51827
  "CVE-2025-6965",
@@ -51708,6 +52092,7 @@
51708
52092
  "CVE-2025-14847",
51709
52093
  "CVE-2025-22226",
51710
52094
  "CVE-2025-34291",
52095
+ "CVE-2025-49596",
51711
52096
  "CVE-2025-53767",
51712
52097
  "CVE-2025-53773",
51713
52098
  "CVE-2025-6965",
package/data/attack-techniques.json CHANGED
@@ -272,6 +272,7 @@
272
272
  "CVE-2025-1094",
273
273
  "CVE-2025-11837",
274
274
  "CVE-2025-34291",
275
+ "CVE-2025-49596",
275
276
  "CVE-2025-53773",
276
277
  "CVE-2025-55319",
277
278
  "CVE-2025-68664",
@@ -877,6 +878,7 @@
877
878
  "CVE-2025-48927",
878
879
  "CVE-2025-48928",
879
880
  "CVE-2025-49113",
881
+ "CVE-2025-49596",
880
882
  "CVE-2025-49704",
881
883
  "CVE-2025-49844",
882
884
  "CVE-2025-5086",