@blamejs/exceptd-skills 0.13.73 → 0.13.75
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +1155 -0
- package/data/atlas-ttps.json +8 -2
- package/data/attack-techniques.json +8 -0
- package/data/cve-catalog.json +312 -0
- package/data/cwe-catalog.json +8 -1
- package/data/framework-control-gaps.json +22 -1
- package/data/zeroday-lessons.json +150 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
|
@@ -16973,6 +16973,1092 @@
|
|
|
16973
16973
|
]
|
|
16974
16974
|
}
|
|
16975
16975
|
},
|
|
16976
|
+
"CVE-2025-54136": {
|
|
16977
|
+
"name": "Cursor MCPoison — Persistent RCE via Modified Already-Trusted MCP Config",
|
|
16978
|
+
"rwep": 30,
|
|
16979
|
+
"cvss": 8.8,
|
|
16980
|
+
"cisa_kev": false,
|
|
16981
|
+
"epss_score": null,
|
|
16982
|
+
"referencing_skills": [
|
|
16983
|
+
"kernel-lpe-triage",
|
|
16984
|
+
"ai-attack-surface",
|
|
16985
|
+
"compliance-theater",
|
|
16986
|
+
"attack-surface-pentest",
|
|
16987
|
+
"ot-ics-security",
|
|
16988
|
+
"coordinated-vuln-disclosure",
|
|
16989
|
+
"sector-energy"
|
|
16990
|
+
],
|
|
16991
|
+
"chain": {
|
|
16992
|
+
"cwes": [
|
|
16993
|
+
{
|
|
16994
|
+
"id": "CWE-1037",
|
|
16995
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
16996
|
+
"category": "Hardware / Side Channel"
|
|
16997
|
+
},
|
|
16998
|
+
{
|
|
16999
|
+
"id": "CWE-1039",
|
|
17000
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
17001
|
+
"category": "AI/ML"
|
|
17002
|
+
},
|
|
17003
|
+
{
|
|
17004
|
+
"id": "CWE-125",
|
|
17005
|
+
"name": "Out-of-bounds Read",
|
|
17006
|
+
"category": "Memory Safety"
|
|
17007
|
+
},
|
|
17008
|
+
{
|
|
17009
|
+
"id": "CWE-1357",
|
|
17010
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
17011
|
+
"category": "Supply Chain"
|
|
17012
|
+
},
|
|
17013
|
+
{
|
|
17014
|
+
"id": "CWE-1395",
|
|
17015
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
17016
|
+
"category": "Supply Chain"
|
|
17017
|
+
},
|
|
17018
|
+
{
|
|
17019
|
+
"id": "CWE-1426",
|
|
17020
|
+
"name": "Improper Validation of Generative AI Output",
|
|
17021
|
+
"category": "AI/ML"
|
|
17022
|
+
},
|
|
17023
|
+
{
|
|
17024
|
+
"id": "CWE-22",
|
|
17025
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
17026
|
+
"category": "Path/Resource"
|
|
17027
|
+
},
|
|
17028
|
+
{
|
|
17029
|
+
"id": "CWE-269",
|
|
17030
|
+
"name": "Improper Privilege Management",
|
|
17031
|
+
"category": "Authorization"
|
|
17032
|
+
},
|
|
17033
|
+
{
|
|
17034
|
+
"id": "CWE-287",
|
|
17035
|
+
"name": "Improper Authentication",
|
|
17036
|
+
"category": "Authentication"
|
|
17037
|
+
},
|
|
17038
|
+
{
|
|
17039
|
+
"id": "CWE-306",
|
|
17040
|
+
"name": "Missing Authentication for Critical Function",
|
|
17041
|
+
"category": "Authentication"
|
|
17042
|
+
},
|
|
17043
|
+
{
|
|
17044
|
+
"id": "CWE-352",
|
|
17045
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
17046
|
+
"category": "Session"
|
|
17047
|
+
},
|
|
17048
|
+
{
|
|
17049
|
+
"id": "CWE-362",
|
|
17050
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
17051
|
+
"category": "Concurrency"
|
|
17052
|
+
},
|
|
17053
|
+
{
|
|
17054
|
+
"id": "CWE-416",
|
|
17055
|
+
"name": "Use After Free",
|
|
17056
|
+
"category": "Memory Safety"
|
|
17057
|
+
},
|
|
17058
|
+
{
|
|
17059
|
+
"id": "CWE-434",
|
|
17060
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
17061
|
+
"category": "File Handling"
|
|
17062
|
+
},
|
|
17063
|
+
{
|
|
17064
|
+
"id": "CWE-672",
|
|
17065
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
17066
|
+
"category": "Memory Safety"
|
|
17067
|
+
},
|
|
17068
|
+
{
|
|
17069
|
+
"id": "CWE-732",
|
|
17070
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
17071
|
+
"category": "Authorization"
|
|
17072
|
+
},
|
|
17073
|
+
{
|
|
17074
|
+
"id": "CWE-78",
|
|
17075
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
17076
|
+
"category": "Injection"
|
|
17077
|
+
},
|
|
17078
|
+
{
|
|
17079
|
+
"id": "CWE-787",
|
|
17080
|
+
"name": "Out-of-bounds Write",
|
|
17081
|
+
"category": "Memory Safety"
|
|
17082
|
+
},
|
|
17083
|
+
{
|
|
17084
|
+
"id": "CWE-79",
|
|
17085
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
17086
|
+
"category": "Injection"
|
|
17087
|
+
},
|
|
17088
|
+
{
|
|
17089
|
+
"id": "CWE-798",
|
|
17090
|
+
"name": "Use of Hard-coded Credentials",
|
|
17091
|
+
"category": "Credentials"
|
|
17092
|
+
},
|
|
17093
|
+
{
|
|
17094
|
+
"id": "CWE-89",
|
|
17095
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
17096
|
+
"category": "Injection"
|
|
17097
|
+
},
|
|
17098
|
+
{
|
|
17099
|
+
"id": "CWE-918",
|
|
17100
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
17101
|
+
"category": "Network"
|
|
17102
|
+
},
|
|
17103
|
+
{
|
|
17104
|
+
"id": "CWE-94",
|
|
17105
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
17106
|
+
"category": "Injection"
|
|
17107
|
+
}
|
|
17108
|
+
],
|
|
17109
|
+
"atlas": [
|
|
17110
|
+
{
|
|
17111
|
+
"id": "AML.T0010",
|
|
17112
|
+
"name": "ML Supply Chain Compromise",
|
|
17113
|
+
"tactic": "Initial Access"
|
|
17114
|
+
},
|
|
17115
|
+
{
|
|
17116
|
+
"id": "AML.T0016",
|
|
17117
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
17118
|
+
"tactic": "Resource Development"
|
|
17119
|
+
},
|
|
17120
|
+
{
|
|
17121
|
+
"id": "AML.T0017",
|
|
17122
|
+
"name": "Discover ML Model Ontology",
|
|
17123
|
+
"tactic": "Discovery"
|
|
17124
|
+
},
|
|
17125
|
+
{
|
|
17126
|
+
"id": "AML.T0018",
|
|
17127
|
+
"name": "Backdoor ML Model",
|
|
17128
|
+
"tactic": "Persistence"
|
|
17129
|
+
},
|
|
17130
|
+
{
|
|
17131
|
+
"id": "AML.T0020",
|
|
17132
|
+
"name": "Poison Training Data",
|
|
17133
|
+
"tactic": "ML Attack Staging"
|
|
17134
|
+
},
|
|
17135
|
+
{
|
|
17136
|
+
"id": "AML.T0043",
|
|
17137
|
+
"name": "Craft Adversarial Data",
|
|
17138
|
+
"tactic": "ML Attack Staging"
|
|
17139
|
+
},
|
|
17140
|
+
{
|
|
17141
|
+
"id": "AML.T0051",
|
|
17142
|
+
"name": "LLM Prompt Injection",
|
|
17143
|
+
"tactic": "Execution"
|
|
17144
|
+
},
|
|
17145
|
+
{
|
|
17146
|
+
"id": "AML.T0054",
|
|
17147
|
+
"name": "LLM Jailbreak",
|
|
17148
|
+
"tactic": "Defense Evasion"
|
|
17149
|
+
},
|
|
17150
|
+
{
|
|
17151
|
+
"id": "AML.T0096",
|
|
17152
|
+
"name": "AI API as Covert C2 Channel",
|
|
17153
|
+
"tactic": "Command and Control"
|
|
17154
|
+
}
|
|
17155
|
+
],
|
|
17156
|
+
"d3fend": [
|
|
17157
|
+
{
|
|
17158
|
+
"id": "D3-ASLR",
|
|
17159
|
+
"name": "Address Space Layout Randomization",
|
|
17160
|
+
"tactic": "Harden"
|
|
17161
|
+
},
|
|
17162
|
+
{
|
|
17163
|
+
"id": "D3-CSPP",
|
|
17164
|
+
"name": "Client-server Payload Profiling",
|
|
17165
|
+
"tactic": "Detect"
|
|
17166
|
+
},
|
|
17167
|
+
{
|
|
17168
|
+
"id": "D3-EAL",
|
|
17169
|
+
"name": "Executable Allowlisting",
|
|
17170
|
+
"tactic": "Harden"
|
|
17171
|
+
},
|
|
17172
|
+
{
|
|
17173
|
+
"id": "D3-IOPR",
|
|
17174
|
+
"name": "Input/Output Profiling Resource",
|
|
17175
|
+
"tactic": "Detect"
|
|
17176
|
+
},
|
|
17177
|
+
{
|
|
17178
|
+
"id": "D3-NTA",
|
|
17179
|
+
"name": "Network Traffic Analysis",
|
|
17180
|
+
"tactic": "Detect"
|
|
17181
|
+
},
|
|
17182
|
+
{
|
|
17183
|
+
"id": "D3-PHRA",
|
|
17184
|
+
"name": "Process Hardware Resource Access",
|
|
17185
|
+
"tactic": "Isolate"
|
|
17186
|
+
},
|
|
17187
|
+
{
|
|
17188
|
+
"id": "D3-PSEP",
|
|
17189
|
+
"name": "Process Segment Execution Prevention",
|
|
17190
|
+
"tactic": "Harden"
|
|
17191
|
+
}
|
|
17192
|
+
],
|
|
17193
|
+
"framework_gaps": [
|
|
17194
|
+
{
|
|
17195
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
17196
|
+
"framework": "ALL",
|
|
17197
|
+
"control_name": "AI Pipeline Integrity"
|
|
17198
|
+
},
|
|
17199
|
+
{
|
|
17200
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
17201
|
+
"framework": "ALL",
|
|
17202
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
17203
|
+
},
|
|
17204
|
+
{
|
|
17205
|
+
"id": "CIS-Controls-v8-Control7",
|
|
17206
|
+
"framework": "CIS Controls v8",
|
|
17207
|
+
"control_name": "Continuous Vulnerability Management"
|
|
17208
|
+
},
|
|
17209
|
+
{
|
|
17210
|
+
"id": "CMMC-2.0-Level-2",
|
|
17211
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
17212
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
17213
|
+
},
|
|
17214
|
+
{
|
|
17215
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
17216
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
17217
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
17218
|
+
},
|
|
17219
|
+
{
|
|
17220
|
+
"id": "IEC-62443-3-3",
|
|
17221
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
17222
|
+
"control_name": "System security requirements and security levels"
|
|
17223
|
+
},
|
|
17224
|
+
{
|
|
17225
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
17226
|
+
"framework": "ISO/IEC 27001:2022",
|
|
17227
|
+
"control_name": "Secure coding"
|
|
17228
|
+
},
|
|
17229
|
+
{
|
|
17230
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
17231
|
+
"framework": "ISO/IEC 27001:2022",
|
|
17232
|
+
"control_name": "Management of technical vulnerabilities"
|
|
17233
|
+
},
|
|
17234
|
+
{
|
|
17235
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
17236
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
17237
|
+
"control_name": "AI risk management process"
|
|
17238
|
+
},
|
|
17239
|
+
{
|
|
17240
|
+
"id": "NERC-CIP-007-6-R4",
|
|
17241
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
17242
|
+
"control_name": "Security event monitoring"
|
|
17243
|
+
},
|
|
17244
|
+
{
|
|
17245
|
+
"id": "NIS2-Art21-patch-management",
|
|
17246
|
+
"framework": "EU NIS2 Directive",
|
|
17247
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
17248
|
+
},
|
|
17249
|
+
{
|
|
17250
|
+
"id": "NIST-800-115",
|
|
17251
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
17252
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
17253
|
+
},
|
|
17254
|
+
{
|
|
17255
|
+
"id": "NIST-800-218-SSDF",
|
|
17256
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
17257
|
+
"control_name": "Secure Software Development Framework"
|
|
17258
|
+
},
|
|
17259
|
+
{
|
|
17260
|
+
"id": "NIST-800-53-AC-2",
|
|
17261
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17262
|
+
"control_name": "Account Management"
|
|
17263
|
+
},
|
|
17264
|
+
{
|
|
17265
|
+
"id": "NIST-800-53-SC-8",
|
|
17266
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17267
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
17268
|
+
},
|
|
17269
|
+
{
|
|
17270
|
+
"id": "NIST-800-53-SI-2",
|
|
17271
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17272
|
+
"control_name": "Flaw Remediation"
|
|
17273
|
+
},
|
|
17274
|
+
{
|
|
17275
|
+
"id": "NIST-800-53-SI-3",
|
|
17276
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17277
|
+
"control_name": "Malicious Code Protection"
|
|
17278
|
+
},
|
|
17279
|
+
{
|
|
17280
|
+
"id": "NIST-800-82r3",
|
|
17281
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
17282
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
17283
|
+
},
|
|
17284
|
+
{
|
|
17285
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
17286
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
17287
|
+
"control_name": "Prompt Injection"
|
|
17288
|
+
},
|
|
17289
|
+
{
|
|
17290
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
17291
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
17292
|
+
"control_name": "Sensitive Information Disclosure"
|
|
17293
|
+
},
|
|
17294
|
+
{
|
|
17295
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
17296
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
17297
|
+
"control_name": "Web application penetration testing methodology"
|
|
17298
|
+
},
|
|
17299
|
+
{
|
|
17300
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
17301
|
+
"framework": "PCI DSS 4.0",
|
|
17302
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
17303
|
+
},
|
|
17304
|
+
{
|
|
17305
|
+
"id": "PTES-Pre-engagement",
|
|
17306
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
17307
|
+
"control_name": "Pre-engagement Interactions"
|
|
17308
|
+
},
|
|
17309
|
+
{
|
|
17310
|
+
"id": "SOC2-CC6-logical-access",
|
|
17311
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
17312
|
+
"control_name": "Logical and Physical Access Controls"
|
|
17313
|
+
},
|
|
17314
|
+
{
|
|
17315
|
+
"id": "SOC2-CC9-vendor-management",
|
|
17316
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
17317
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
17318
|
+
}
|
|
17319
|
+
],
|
|
17320
|
+
"attack_refs": [
|
|
17321
|
+
"T0855",
|
|
17322
|
+
"T0883",
|
|
17323
|
+
"T1059",
|
|
17324
|
+
"T1068",
|
|
17325
|
+
"T1078",
|
|
17326
|
+
"T1133",
|
|
17327
|
+
"T1190",
|
|
17328
|
+
"T1548.001",
|
|
17329
|
+
"T1566"
|
|
17330
|
+
],
|
|
17331
|
+
"rfc_refs": [
|
|
17332
|
+
"RFC-4301",
|
|
17333
|
+
"RFC-4303",
|
|
17334
|
+
"RFC-7296"
|
|
17335
|
+
]
|
|
17336
|
+
}
|
|
17337
|
+
},
|
|
17338
|
+
"CVE-2026-22252": {
|
|
17339
|
+
"name": "LibreChat MCP stdio Transport — Authenticated Arbitrary Command Execution as Root",
|
|
17340
|
+
"rwep": 30,
|
|
17341
|
+
"cvss": 9.9,
|
|
17342
|
+
"cisa_kev": false,
|
|
17343
|
+
"epss_score": null,
|
|
17344
|
+
"referencing_skills": [
|
|
17345
|
+
"kernel-lpe-triage",
|
|
17346
|
+
"ai-attack-surface",
|
|
17347
|
+
"compliance-theater",
|
|
17348
|
+
"attack-surface-pentest",
|
|
17349
|
+
"ot-ics-security",
|
|
17350
|
+
"coordinated-vuln-disclosure",
|
|
17351
|
+
"sector-energy"
|
|
17352
|
+
],
|
|
17353
|
+
"chain": {
|
|
17354
|
+
"cwes": [
|
|
17355
|
+
{
|
|
17356
|
+
"id": "CWE-1037",
|
|
17357
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
17358
|
+
"category": "Hardware / Side Channel"
|
|
17359
|
+
},
|
|
17360
|
+
{
|
|
17361
|
+
"id": "CWE-1039",
|
|
17362
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
17363
|
+
"category": "AI/ML"
|
|
17364
|
+
},
|
|
17365
|
+
{
|
|
17366
|
+
"id": "CWE-125",
|
|
17367
|
+
"name": "Out-of-bounds Read",
|
|
17368
|
+
"category": "Memory Safety"
|
|
17369
|
+
},
|
|
17370
|
+
{
|
|
17371
|
+
"id": "CWE-1357",
|
|
17372
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
17373
|
+
"category": "Supply Chain"
|
|
17374
|
+
},
|
|
17375
|
+
{
|
|
17376
|
+
"id": "CWE-1395",
|
|
17377
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
17378
|
+
"category": "Supply Chain"
|
|
17379
|
+
},
|
|
17380
|
+
{
|
|
17381
|
+
"id": "CWE-1426",
|
|
17382
|
+
"name": "Improper Validation of Generative AI Output",
|
|
17383
|
+
"category": "AI/ML"
|
|
17384
|
+
},
|
|
17385
|
+
{
|
|
17386
|
+
"id": "CWE-22",
|
|
17387
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
17388
|
+
"category": "Path/Resource"
|
|
17389
|
+
},
|
|
17390
|
+
{
|
|
17391
|
+
"id": "CWE-269",
|
|
17392
|
+
"name": "Improper Privilege Management",
|
|
17393
|
+
"category": "Authorization"
|
|
17394
|
+
},
|
|
17395
|
+
{
|
|
17396
|
+
"id": "CWE-287",
|
|
17397
|
+
"name": "Improper Authentication",
|
|
17398
|
+
"category": "Authentication"
|
|
17399
|
+
},
|
|
17400
|
+
{
|
|
17401
|
+
"id": "CWE-306",
|
|
17402
|
+
"name": "Missing Authentication for Critical Function",
|
|
17403
|
+
"category": "Authentication"
|
|
17404
|
+
},
|
|
17405
|
+
{
|
|
17406
|
+
"id": "CWE-352",
|
|
17407
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
17408
|
+
"category": "Session"
|
|
17409
|
+
},
|
|
17410
|
+
{
|
|
17411
|
+
"id": "CWE-362",
|
|
17412
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
17413
|
+
"category": "Concurrency"
|
|
17414
|
+
},
|
|
17415
|
+
{
|
|
17416
|
+
"id": "CWE-416",
|
|
17417
|
+
"name": "Use After Free",
|
|
17418
|
+
"category": "Memory Safety"
|
|
17419
|
+
},
|
|
17420
|
+
{
|
|
17421
|
+
"id": "CWE-434",
|
|
17422
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
17423
|
+
"category": "File Handling"
|
|
17424
|
+
},
|
|
17425
|
+
{
|
|
17426
|
+
"id": "CWE-672",
|
|
17427
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
17428
|
+
"category": "Memory Safety"
|
|
17429
|
+
},
|
|
17430
|
+
{
|
|
17431
|
+
"id": "CWE-732",
|
|
17432
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
17433
|
+
"category": "Authorization"
|
|
17434
|
+
},
|
|
17435
|
+
{
|
|
17436
|
+
"id": "CWE-78",
|
|
17437
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
17438
|
+
"category": "Injection"
|
|
17439
|
+
},
|
|
17440
|
+
{
|
|
17441
|
+
"id": "CWE-787",
|
|
17442
|
+
"name": "Out-of-bounds Write",
|
|
17443
|
+
"category": "Memory Safety"
|
|
17444
|
+
},
|
|
17445
|
+
{
|
|
17446
|
+
"id": "CWE-79",
|
|
17447
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
17448
|
+
"category": "Injection"
|
|
17449
|
+
},
|
|
17450
|
+
{
|
|
17451
|
+
"id": "CWE-798",
|
|
17452
|
+
"name": "Use of Hard-coded Credentials",
|
|
17453
|
+
"category": "Credentials"
|
|
17454
|
+
},
|
|
17455
|
+
{
|
|
17456
|
+
"id": "CWE-89",
|
|
17457
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
17458
|
+
"category": "Injection"
|
|
17459
|
+
},
|
|
17460
|
+
{
|
|
17461
|
+
"id": "CWE-918",
|
|
17462
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
17463
|
+
"category": "Network"
|
|
17464
|
+
},
|
|
17465
|
+
{
|
|
17466
|
+
"id": "CWE-94",
|
|
17467
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
17468
|
+
"category": "Injection"
|
|
17469
|
+
}
|
|
17470
|
+
],
|
|
17471
|
+
"atlas": [
|
|
17472
|
+
{
|
|
17473
|
+
"id": "AML.T0010",
|
|
17474
|
+
"name": "ML Supply Chain Compromise",
|
|
17475
|
+
"tactic": "Initial Access"
|
|
17476
|
+
},
|
|
17477
|
+
{
|
|
17478
|
+
"id": "AML.T0016",
|
|
17479
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
17480
|
+
"tactic": "Resource Development"
|
|
17481
|
+
},
|
|
17482
|
+
{
|
|
17483
|
+
"id": "AML.T0017",
|
|
17484
|
+
"name": "Discover ML Model Ontology",
|
|
17485
|
+
"tactic": "Discovery"
|
|
17486
|
+
},
|
|
17487
|
+
{
|
|
17488
|
+
"id": "AML.T0018",
|
|
17489
|
+
"name": "Backdoor ML Model",
|
|
17490
|
+
"tactic": "Persistence"
|
|
17491
|
+
},
|
|
17492
|
+
{
|
|
17493
|
+
"id": "AML.T0020",
|
|
17494
|
+
"name": "Poison Training Data",
|
|
17495
|
+
"tactic": "ML Attack Staging"
|
|
17496
|
+
},
|
|
17497
|
+
{
|
|
17498
|
+
"id": "AML.T0043",
|
|
17499
|
+
"name": "Craft Adversarial Data",
|
|
17500
|
+
"tactic": "ML Attack Staging"
|
|
17501
|
+
},
|
|
17502
|
+
{
|
|
17503
|
+
"id": "AML.T0051",
|
|
17504
|
+
"name": "LLM Prompt Injection",
|
|
17505
|
+
"tactic": "Execution"
|
|
17506
|
+
},
|
|
17507
|
+
{
|
|
17508
|
+
"id": "AML.T0054",
|
|
17509
|
+
"name": "LLM Jailbreak",
|
|
17510
|
+
"tactic": "Defense Evasion"
|
|
17511
|
+
},
|
|
17512
|
+
{
|
|
17513
|
+
"id": "AML.T0096",
|
|
17514
|
+
"name": "AI API as Covert C2 Channel",
|
|
17515
|
+
"tactic": "Command and Control"
|
|
17516
|
+
}
|
|
17517
|
+
],
|
|
17518
|
+
"d3fend": [
|
|
17519
|
+
{
|
|
17520
|
+
"id": "D3-ASLR",
|
|
17521
|
+
"name": "Address Space Layout Randomization",
|
|
17522
|
+
"tactic": "Harden"
|
|
17523
|
+
},
|
|
17524
|
+
{
|
|
17525
|
+
"id": "D3-CSPP",
|
|
17526
|
+
"name": "Client-server Payload Profiling",
|
|
17527
|
+
"tactic": "Detect"
|
|
17528
|
+
},
|
|
17529
|
+
{
|
|
17530
|
+
"id": "D3-EAL",
|
|
17531
|
+
"name": "Executable Allowlisting",
|
|
17532
|
+
"tactic": "Harden"
|
|
17533
|
+
},
|
|
17534
|
+
{
|
|
17535
|
+
"id": "D3-IOPR",
|
|
17536
|
+
"name": "Input/Output Profiling Resource",
|
|
17537
|
+
"tactic": "Detect"
|
|
17538
|
+
},
|
|
17539
|
+
{
|
|
17540
|
+
"id": "D3-NTA",
|
|
17541
|
+
"name": "Network Traffic Analysis",
|
|
17542
|
+
"tactic": "Detect"
|
|
17543
|
+
},
|
|
17544
|
+
{
|
|
17545
|
+
"id": "D3-PHRA",
|
|
17546
|
+
"name": "Process Hardware Resource Access",
|
|
17547
|
+
"tactic": "Isolate"
|
|
17548
|
+
},
|
|
17549
|
+
{
|
|
17550
|
+
"id": "D3-PSEP",
|
|
17551
|
+
"name": "Process Segment Execution Prevention",
|
|
17552
|
+
"tactic": "Harden"
|
|
17553
|
+
}
|
|
17554
|
+
],
|
|
17555
|
+
"framework_gaps": [
|
|
17556
|
+
{
|
|
17557
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
17558
|
+
"framework": "ALL",
|
|
17559
|
+
"control_name": "AI Pipeline Integrity"
|
|
17560
|
+
},
|
|
17561
|
+
{
|
|
17562
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
17563
|
+
"framework": "ALL",
|
|
17564
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
17565
|
+
},
|
|
17566
|
+
{
|
|
17567
|
+
"id": "CIS-Controls-v8-Control7",
|
|
17568
|
+
"framework": "CIS Controls v8",
|
|
17569
|
+
"control_name": "Continuous Vulnerability Management"
|
|
17570
|
+
},
|
|
17571
|
+
{
|
|
17572
|
+
"id": "CMMC-2.0-Level-2",
|
|
17573
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
17574
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
17575
|
+
},
|
|
17576
|
+
{
|
|
17577
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
17578
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
17579
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
17580
|
+
},
|
|
17581
|
+
{
|
|
17582
|
+
"id": "IEC-62443-3-3",
|
|
17583
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
17584
|
+
"control_name": "System security requirements and security levels"
|
|
17585
|
+
},
|
|
17586
|
+
{
|
|
17587
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
17588
|
+
"framework": "ISO/IEC 27001:2022",
|
|
17589
|
+
"control_name": "Secure coding"
|
|
17590
|
+
},
|
|
17591
|
+
{
|
|
17592
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
17593
|
+
"framework": "ISO/IEC 27001:2022",
|
|
17594
|
+
"control_name": "Management of technical vulnerabilities"
|
|
17595
|
+
},
|
|
17596
|
+
{
|
|
17597
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
17598
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
17599
|
+
"control_name": "AI risk management process"
|
|
17600
|
+
},
|
|
17601
|
+
{
|
|
17602
|
+
"id": "NERC-CIP-007-6-R4",
|
|
17603
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
17604
|
+
"control_name": "Security event monitoring"
|
|
17605
|
+
},
|
|
17606
|
+
{
|
|
17607
|
+
"id": "NIS2-Art21-patch-management",
|
|
17608
|
+
"framework": "EU NIS2 Directive",
|
|
17609
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
17610
|
+
},
|
|
17611
|
+
{
|
|
17612
|
+
"id": "NIST-800-115",
|
|
17613
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
17614
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
17615
|
+
},
|
|
17616
|
+
{
|
|
17617
|
+
"id": "NIST-800-218-SSDF",
|
|
17618
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
17619
|
+
"control_name": "Secure Software Development Framework"
|
|
17620
|
+
},
|
|
17621
|
+
{
|
|
17622
|
+
"id": "NIST-800-53-AC-2",
|
|
17623
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17624
|
+
"control_name": "Account Management"
|
|
17625
|
+
},
|
|
17626
|
+
{
|
|
17627
|
+
"id": "NIST-800-53-SC-8",
|
|
17628
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17629
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
17630
|
+
},
|
|
17631
|
+
{
|
|
17632
|
+
"id": "NIST-800-53-SI-2",
|
|
17633
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17634
|
+
"control_name": "Flaw Remediation"
|
|
17635
|
+
},
|
|
17636
|
+
{
|
|
17637
|
+
"id": "NIST-800-53-SI-3",
|
|
17638
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17639
|
+
"control_name": "Malicious Code Protection"
|
|
17640
|
+
},
|
|
17641
|
+
{
|
|
17642
|
+
"id": "NIST-800-82r3",
|
|
17643
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
17644
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
17645
|
+
},
|
|
17646
|
+
{
|
|
17647
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
17648
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
17649
|
+
"control_name": "Prompt Injection"
|
|
17650
|
+
},
|
|
17651
|
+
{
|
|
17652
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
17653
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
17654
|
+
"control_name": "Sensitive Information Disclosure"
|
|
17655
|
+
},
|
|
17656
|
+
{
|
|
17657
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
17658
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
17659
|
+
"control_name": "Web application penetration testing methodology"
|
|
17660
|
+
},
|
|
17661
|
+
{
|
|
17662
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
17663
|
+
"framework": "PCI DSS 4.0",
|
|
17664
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
17665
|
+
},
|
|
17666
|
+
{
|
|
17667
|
+
"id": "PTES-Pre-engagement",
|
|
17668
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
17669
|
+
"control_name": "Pre-engagement Interactions"
|
|
17670
|
+
},
|
|
17671
|
+
{
|
|
17672
|
+
"id": "SOC2-CC6-logical-access",
|
|
17673
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
17674
|
+
"control_name": "Logical and Physical Access Controls"
|
|
17675
|
+
},
|
|
17676
|
+
{
|
|
17677
|
+
"id": "SOC2-CC9-vendor-management",
|
|
17678
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
17679
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
17680
|
+
}
|
|
17681
|
+
],
|
|
17682
|
+
"attack_refs": [
|
|
17683
|
+
"T0855",
|
|
17684
|
+
"T0883",
|
|
17685
|
+
"T1059",
|
|
17686
|
+
"T1068",
|
|
17687
|
+
"T1078",
|
|
17688
|
+
"T1133",
|
|
17689
|
+
"T1190",
|
|
17690
|
+
"T1548.001",
|
|
17691
|
+
"T1566"
|
|
17692
|
+
],
|
|
17693
|
+
"rfc_refs": [
|
|
17694
|
+
"RFC-4301",
|
|
17695
|
+
"RFC-4303",
|
|
17696
|
+
"RFC-7296"
|
|
17697
|
+
]
|
|
17698
|
+
}
|
|
17699
|
+
},
|
|
17700
|
+
"CVE-2026-22688": {
|
|
17701
|
+
"name": "Tencent WeKnora MCP stdio Command Injection",
|
|
17702
|
+
"rwep": 30,
|
|
17703
|
+
"cvss": 8.8,
|
|
17704
|
+
"cisa_kev": false,
|
|
17705
|
+
"epss_score": null,
|
|
17706
|
+
"referencing_skills": [
|
|
17707
|
+
"kernel-lpe-triage",
|
|
17708
|
+
"ai-attack-surface",
|
|
17709
|
+
"compliance-theater",
|
|
17710
|
+
"attack-surface-pentest",
|
|
17711
|
+
"ot-ics-security",
|
|
17712
|
+
"coordinated-vuln-disclosure",
|
|
17713
|
+
"sector-energy"
|
|
17714
|
+
],
|
|
17715
|
+
"chain": {
|
|
17716
|
+
"cwes": [
|
|
17717
|
+
{
|
|
17718
|
+
"id": "CWE-1037",
|
|
17719
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
17720
|
+
"category": "Hardware / Side Channel"
|
|
17721
|
+
},
|
|
17722
|
+
{
|
|
17723
|
+
"id": "CWE-1039",
|
|
17724
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
17725
|
+
"category": "AI/ML"
|
|
17726
|
+
},
|
|
17727
|
+
{
|
|
17728
|
+
"id": "CWE-125",
|
|
17729
|
+
"name": "Out-of-bounds Read",
|
|
17730
|
+
"category": "Memory Safety"
|
|
17731
|
+
},
|
|
17732
|
+
{
|
|
17733
|
+
"id": "CWE-1357",
|
|
17734
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
17735
|
+
"category": "Supply Chain"
|
|
17736
|
+
},
|
|
17737
|
+
{
|
|
17738
|
+
"id": "CWE-1395",
|
|
17739
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
17740
|
+
"category": "Supply Chain"
|
|
17741
|
+
},
|
|
17742
|
+
{
|
|
17743
|
+
"id": "CWE-1426",
|
|
17744
|
+
"name": "Improper Validation of Generative AI Output",
|
|
17745
|
+
"category": "AI/ML"
|
|
17746
|
+
},
|
|
17747
|
+
{
|
|
17748
|
+
"id": "CWE-22",
|
|
17749
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
17750
|
+
"category": "Path/Resource"
|
|
17751
|
+
},
|
|
17752
|
+
{
|
|
17753
|
+
"id": "CWE-269",
|
|
17754
|
+
"name": "Improper Privilege Management",
|
|
17755
|
+
"category": "Authorization"
|
|
17756
|
+
},
|
|
17757
|
+
{
|
|
17758
|
+
"id": "CWE-287",
|
|
17759
|
+
"name": "Improper Authentication",
|
|
17760
|
+
"category": "Authentication"
|
|
17761
|
+
},
|
|
17762
|
+
{
|
|
17763
|
+
"id": "CWE-306",
|
|
17764
|
+
"name": "Missing Authentication for Critical Function",
|
|
17765
|
+
"category": "Authentication"
|
|
17766
|
+
},
|
|
17767
|
+
{
|
|
17768
|
+
"id": "CWE-352",
|
|
17769
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
17770
|
+
"category": "Session"
|
|
17771
|
+
},
|
|
17772
|
+
{
|
|
17773
|
+
"id": "CWE-362",
|
|
17774
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
17775
|
+
"category": "Concurrency"
|
|
17776
|
+
},
|
|
17777
|
+
{
|
|
17778
|
+
"id": "CWE-416",
|
|
17779
|
+
"name": "Use After Free",
|
|
17780
|
+
"category": "Memory Safety"
|
|
17781
|
+
},
|
|
17782
|
+
{
|
|
17783
|
+
"id": "CWE-434",
|
|
17784
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
17785
|
+
"category": "File Handling"
|
|
17786
|
+
},
|
|
17787
|
+
{
|
|
17788
|
+
"id": "CWE-672",
|
|
17789
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
17790
|
+
"category": "Memory Safety"
|
|
17791
|
+
},
|
|
17792
|
+
{
|
|
17793
|
+
"id": "CWE-732",
|
|
17794
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
17795
|
+
"category": "Authorization"
|
|
17796
|
+
},
|
|
17797
|
+
{
|
|
17798
|
+
"id": "CWE-78",
|
|
17799
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
17800
|
+
"category": "Injection"
|
|
17801
|
+
},
|
|
17802
|
+
{
|
|
17803
|
+
"id": "CWE-787",
|
|
17804
|
+
"name": "Out-of-bounds Write",
|
|
17805
|
+
"category": "Memory Safety"
|
|
17806
|
+
},
|
|
17807
|
+
{
|
|
17808
|
+
"id": "CWE-79",
|
|
17809
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
17810
|
+
"category": "Injection"
|
|
17811
|
+
},
|
|
17812
|
+
{
|
|
17813
|
+
"id": "CWE-798",
|
|
17814
|
+
"name": "Use of Hard-coded Credentials",
|
|
17815
|
+
"category": "Credentials"
|
|
17816
|
+
},
|
|
17817
|
+
{
|
|
17818
|
+
"id": "CWE-89",
|
|
17819
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
17820
|
+
"category": "Injection"
|
|
17821
|
+
},
|
|
17822
|
+
{
|
|
17823
|
+
"id": "CWE-918",
|
|
17824
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
17825
|
+
"category": "Network"
|
|
17826
|
+
},
|
|
17827
|
+
{
|
|
17828
|
+
"id": "CWE-94",
|
|
17829
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
17830
|
+
"category": "Injection"
|
|
17831
|
+
}
|
|
17832
|
+
],
|
|
17833
|
+
"atlas": [
|
|
17834
|
+
{
|
|
17835
|
+
"id": "AML.T0010",
|
|
17836
|
+
"name": "ML Supply Chain Compromise",
|
|
17837
|
+
"tactic": "Initial Access"
|
|
17838
|
+
},
|
|
17839
|
+
{
|
|
17840
|
+
"id": "AML.T0016",
|
|
17841
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
17842
|
+
"tactic": "Resource Development"
|
|
17843
|
+
},
|
|
17844
|
+
{
|
|
17845
|
+
"id": "AML.T0017",
|
|
17846
|
+
"name": "Discover ML Model Ontology",
|
|
17847
|
+
"tactic": "Discovery"
|
|
17848
|
+
},
|
|
17849
|
+
{
|
|
17850
|
+
"id": "AML.T0018",
|
|
17851
|
+
"name": "Backdoor ML Model",
|
|
17852
|
+
"tactic": "Persistence"
|
|
17853
|
+
},
|
|
17854
|
+
{
|
|
17855
|
+
"id": "AML.T0020",
|
|
17856
|
+
"name": "Poison Training Data",
|
|
17857
|
+
"tactic": "ML Attack Staging"
|
|
17858
|
+
},
|
|
17859
|
+
{
|
|
17860
|
+
"id": "AML.T0043",
|
|
17861
|
+
"name": "Craft Adversarial Data",
|
|
17862
|
+
"tactic": "ML Attack Staging"
|
|
17863
|
+
},
|
|
17864
|
+
{
|
|
17865
|
+
"id": "AML.T0051",
|
|
17866
|
+
"name": "LLM Prompt Injection",
|
|
17867
|
+
"tactic": "Execution"
|
|
17868
|
+
},
|
|
17869
|
+
{
|
|
17870
|
+
"id": "AML.T0054",
|
|
17871
|
+
"name": "LLM Jailbreak",
|
|
17872
|
+
"tactic": "Defense Evasion"
|
|
17873
|
+
},
|
|
17874
|
+
{
|
|
17875
|
+
"id": "AML.T0096",
|
|
17876
|
+
"name": "AI API as Covert C2 Channel",
|
|
17877
|
+
"tactic": "Command and Control"
|
|
17878
|
+
}
|
|
17879
|
+
],
|
|
17880
|
+
"d3fend": [
|
|
17881
|
+
{
|
|
17882
|
+
"id": "D3-ASLR",
|
|
17883
|
+
"name": "Address Space Layout Randomization",
|
|
17884
|
+
"tactic": "Harden"
|
|
17885
|
+
},
|
|
17886
|
+
{
|
|
17887
|
+
"id": "D3-CSPP",
|
|
17888
|
+
"name": "Client-server Payload Profiling",
|
|
17889
|
+
"tactic": "Detect"
|
|
17890
|
+
},
|
|
17891
|
+
{
|
|
17892
|
+
"id": "D3-EAL",
|
|
17893
|
+
"name": "Executable Allowlisting",
|
|
17894
|
+
"tactic": "Harden"
|
|
17895
|
+
},
|
|
17896
|
+
{
|
|
17897
|
+
"id": "D3-IOPR",
|
|
17898
|
+
"name": "Input/Output Profiling Resource",
|
|
17899
|
+
"tactic": "Detect"
|
|
17900
|
+
},
|
|
17901
|
+
{
|
|
17902
|
+
"id": "D3-NTA",
|
|
17903
|
+
"name": "Network Traffic Analysis",
|
|
17904
|
+
"tactic": "Detect"
|
|
17905
|
+
},
|
|
17906
|
+
{
|
|
17907
|
+
"id": "D3-PHRA",
|
|
17908
|
+
"name": "Process Hardware Resource Access",
|
|
17909
|
+
"tactic": "Isolate"
|
|
17910
|
+
},
|
|
17911
|
+
{
|
|
17912
|
+
"id": "D3-PSEP",
|
|
17913
|
+
"name": "Process Segment Execution Prevention",
|
|
17914
|
+
"tactic": "Harden"
|
|
17915
|
+
}
|
|
17916
|
+
],
|
|
17917
|
+
"framework_gaps": [
|
|
17918
|
+
{
|
|
17919
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
17920
|
+
"framework": "ALL",
|
|
17921
|
+
"control_name": "AI Pipeline Integrity"
|
|
17922
|
+
},
|
|
17923
|
+
{
|
|
17924
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
17925
|
+
"framework": "ALL",
|
|
17926
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
17927
|
+
},
|
|
17928
|
+
{
|
|
17929
|
+
"id": "CIS-Controls-v8-Control7",
|
|
17930
|
+
"framework": "CIS Controls v8",
|
|
17931
|
+
"control_name": "Continuous Vulnerability Management"
|
|
17932
|
+
},
|
|
17933
|
+
{
|
|
17934
|
+
"id": "CMMC-2.0-Level-2",
|
|
17935
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
17936
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
17937
|
+
},
|
|
17938
|
+
{
|
|
17939
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
17940
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
17941
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
17942
|
+
},
|
|
17943
|
+
{
|
|
17944
|
+
"id": "IEC-62443-3-3",
|
|
17945
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
17946
|
+
"control_name": "System security requirements and security levels"
|
|
17947
|
+
},
|
|
17948
|
+
{
|
|
17949
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
17950
|
+
"framework": "ISO/IEC 27001:2022",
|
|
17951
|
+
"control_name": "Secure coding"
|
|
17952
|
+
},
|
|
17953
|
+
{
|
|
17954
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
17955
|
+
"framework": "ISO/IEC 27001:2022",
|
|
17956
|
+
"control_name": "Management of technical vulnerabilities"
|
|
17957
|
+
},
|
|
17958
|
+
{
|
|
17959
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
17960
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
17961
|
+
"control_name": "AI risk management process"
|
|
17962
|
+
},
|
|
17963
|
+
{
|
|
17964
|
+
"id": "NERC-CIP-007-6-R4",
|
|
17965
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
17966
|
+
"control_name": "Security event monitoring"
|
|
17967
|
+
},
|
|
17968
|
+
{
|
|
17969
|
+
"id": "NIS2-Art21-patch-management",
|
|
17970
|
+
"framework": "EU NIS2 Directive",
|
|
17971
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
17972
|
+
},
|
|
17973
|
+
{
|
|
17974
|
+
"id": "NIST-800-115",
|
|
17975
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
17976
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
17977
|
+
},
|
|
17978
|
+
{
|
|
17979
|
+
"id": "NIST-800-218-SSDF",
|
|
17980
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
17981
|
+
"control_name": "Secure Software Development Framework"
|
|
17982
|
+
},
|
|
17983
|
+
{
|
|
17984
|
+
"id": "NIST-800-53-AC-2",
|
|
17985
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17986
|
+
"control_name": "Account Management"
|
|
17987
|
+
},
|
|
17988
|
+
{
|
|
17989
|
+
"id": "NIST-800-53-SC-8",
|
|
17990
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17991
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
17992
|
+
},
|
|
17993
|
+
{
|
|
17994
|
+
"id": "NIST-800-53-SI-2",
|
|
17995
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17996
|
+
"control_name": "Flaw Remediation"
|
|
17997
|
+
},
|
|
17998
|
+
{
|
|
17999
|
+
"id": "NIST-800-53-SI-3",
|
|
18000
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
18001
|
+
"control_name": "Malicious Code Protection"
|
|
18002
|
+
},
|
|
18003
|
+
{
|
|
18004
|
+
"id": "NIST-800-82r3",
|
|
18005
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
18006
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
18007
|
+
},
|
|
18008
|
+
{
|
|
18009
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
18010
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
18011
|
+
"control_name": "Prompt Injection"
|
|
18012
|
+
},
|
|
18013
|
+
{
|
|
18014
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
18015
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
18016
|
+
"control_name": "Sensitive Information Disclosure"
|
|
18017
|
+
},
|
|
18018
|
+
{
|
|
18019
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
18020
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
18021
|
+
"control_name": "Web application penetration testing methodology"
|
|
18022
|
+
},
|
|
18023
|
+
{
|
|
18024
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
18025
|
+
"framework": "PCI DSS 4.0",
|
|
18026
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
18027
|
+
},
|
|
18028
|
+
{
|
|
18029
|
+
"id": "PTES-Pre-engagement",
|
|
18030
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
18031
|
+
"control_name": "Pre-engagement Interactions"
|
|
18032
|
+
},
|
|
18033
|
+
{
|
|
18034
|
+
"id": "SOC2-CC6-logical-access",
|
|
18035
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
18036
|
+
"control_name": "Logical and Physical Access Controls"
|
|
18037
|
+
},
|
|
18038
|
+
{
|
|
18039
|
+
"id": "SOC2-CC9-vendor-management",
|
|
18040
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
18041
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
18042
|
+
}
|
|
18043
|
+
],
|
|
18044
|
+
"attack_refs": [
|
|
18045
|
+
"T0855",
|
|
18046
|
+
"T0883",
|
|
18047
|
+
"T1059",
|
|
18048
|
+
"T1068",
|
|
18049
|
+
"T1078",
|
|
18050
|
+
"T1133",
|
|
18051
|
+
"T1190",
|
|
18052
|
+
"T1548.001",
|
|
18053
|
+
"T1566"
|
|
18054
|
+
],
|
|
18055
|
+
"rfc_refs": [
|
|
18056
|
+
"RFC-4301",
|
|
18057
|
+
"RFC-4303",
|
|
18058
|
+
"RFC-7296"
|
|
18059
|
+
]
|
|
18060
|
+
}
|
|
18061
|
+
},
|
|
16976
18062
|
"CVE-2026-41091": {
|
|
16977
18063
|
"name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
|
|
16978
18064
|
"rwep": 45,
|
|
@@ -43361,7 +44447,10 @@
|
|
|
43361
44447
|
"CVE-2025-49596",
|
|
43362
44448
|
"CVE-2025-49844",
|
|
43363
44449
|
"CVE-2025-53773",
|
|
44450
|
+
"CVE-2025-54136",
|
|
43364
44451
|
"CVE-2025-6965",
|
|
44452
|
+
"CVE-2026-22252",
|
|
44453
|
+
"CVE-2026-22688",
|
|
43365
44454
|
"CVE-2026-25592",
|
|
43366
44455
|
"CVE-2026-30615",
|
|
43367
44456
|
"CVE-2026-30623",
|
|
@@ -43707,7 +44796,10 @@
|
|
|
43707
44796
|
"CVE-2025-38352",
|
|
43708
44797
|
"CVE-2025-43300",
|
|
43709
44798
|
"CVE-2025-49596",
|
|
44799
|
+
"CVE-2025-54136",
|
|
43710
44800
|
"CVE-2025-6965",
|
|
44801
|
+
"CVE-2026-22252",
|
|
44802
|
+
"CVE-2026-22688",
|
|
43711
44803
|
"CVE-2026-25592",
|
|
43712
44804
|
"CVE-2026-30623",
|
|
43713
44805
|
"CVE-2026-31431",
|
|
@@ -43848,7 +44940,10 @@
|
|
|
43848
44940
|
"CVE-2025-38352",
|
|
43849
44941
|
"CVE-2025-43300",
|
|
43850
44942
|
"CVE-2025-49596",
|
|
44943
|
+
"CVE-2025-54136",
|
|
43851
44944
|
"CVE-2025-6965",
|
|
44945
|
+
"CVE-2026-22252",
|
|
44946
|
+
"CVE-2026-22688",
|
|
43852
44947
|
"CVE-2026-25592",
|
|
43853
44948
|
"CVE-2026-30623",
|
|
43854
44949
|
"CVE-2026-31431",
|
|
@@ -44003,7 +45098,10 @@
|
|
|
44003
45098
|
"CVE-2025-38352",
|
|
44004
45099
|
"CVE-2025-43300",
|
|
44005
45100
|
"CVE-2025-49596",
|
|
45101
|
+
"CVE-2025-54136",
|
|
44006
45102
|
"CVE-2025-6965",
|
|
45103
|
+
"CVE-2026-22252",
|
|
45104
|
+
"CVE-2026-22688",
|
|
44007
45105
|
"CVE-2026-25592",
|
|
44008
45106
|
"CVE-2026-30623",
|
|
44009
45107
|
"CVE-2026-31431",
|
|
@@ -44263,7 +45361,10 @@
|
|
|
44263
45361
|
"CVE-2025-49596",
|
|
44264
45362
|
"CVE-2025-49844",
|
|
44265
45363
|
"CVE-2025-53773",
|
|
45364
|
+
"CVE-2025-54136",
|
|
44266
45365
|
"CVE-2025-6965",
|
|
45366
|
+
"CVE-2026-22252",
|
|
45367
|
+
"CVE-2026-22688",
|
|
44267
45368
|
"CVE-2026-22778",
|
|
44268
45369
|
"CVE-2026-25592",
|
|
44269
45370
|
"CVE-2026-30615",
|
|
@@ -44581,6 +45682,7 @@
|
|
|
44581
45682
|
"CVE-2025-53690",
|
|
44582
45683
|
"CVE-2025-53770",
|
|
44583
45684
|
"CVE-2025-54068",
|
|
45685
|
+
"CVE-2025-54136",
|
|
44584
45686
|
"CVE-2025-5419",
|
|
44585
45687
|
"CVE-2025-54236",
|
|
44586
45688
|
"CVE-2025-54253",
|
|
@@ -44652,6 +45754,8 @@
|
|
|
44652
45754
|
"CVE-2026-21525",
|
|
44653
45755
|
"CVE-2026-21533",
|
|
44654
45756
|
"CVE-2026-21643",
|
|
45757
|
+
"CVE-2026-22252",
|
|
45758
|
+
"CVE-2026-22688",
|
|
44655
45759
|
"CVE-2026-22719",
|
|
44656
45760
|
"CVE-2026-22769",
|
|
44657
45761
|
"CVE-2026-23760",
|
|
@@ -45273,7 +46377,10 @@
|
|
|
45273
46377
|
"CVE-2025-49596",
|
|
45274
46378
|
"CVE-2025-49844",
|
|
45275
46379
|
"CVE-2025-53773",
|
|
46380
|
+
"CVE-2025-54136",
|
|
45276
46381
|
"CVE-2025-6965",
|
|
46382
|
+
"CVE-2026-22252",
|
|
46383
|
+
"CVE-2026-22688",
|
|
45277
46384
|
"CVE-2026-25592",
|
|
45278
46385
|
"CVE-2026-30615",
|
|
45279
46386
|
"CVE-2026-30623",
|
|
@@ -45853,7 +46960,10 @@
|
|
|
45853
46960
|
"CVE-2025-49596",
|
|
45854
46961
|
"CVE-2025-49844",
|
|
45855
46962
|
"CVE-2025-53773",
|
|
46963
|
+
"CVE-2025-54136",
|
|
45856
46964
|
"CVE-2025-6965",
|
|
46965
|
+
"CVE-2026-22252",
|
|
46966
|
+
"CVE-2026-22688",
|
|
45857
46967
|
"CVE-2026-25592",
|
|
45858
46968
|
"CVE-2026-30615",
|
|
45859
46969
|
"CVE-2026-30623",
|
|
@@ -46068,6 +47178,9 @@
|
|
|
46068
47178
|
"CVE-2025-43300",
|
|
46069
47179
|
"CVE-2025-49596",
|
|
46070
47180
|
"CVE-2025-53773",
|
|
47181
|
+
"CVE-2025-54136",
|
|
47182
|
+
"CVE-2026-22252",
|
|
47183
|
+
"CVE-2026-22688",
|
|
46071
47184
|
"CVE-2026-25592",
|
|
46072
47185
|
"CVE-2026-30615",
|
|
46073
47186
|
"CVE-2026-31431",
|
|
@@ -46715,7 +47828,10 @@
|
|
|
46715
47828
|
"CVE-2025-49596",
|
|
46716
47829
|
"CVE-2025-49844",
|
|
46717
47830
|
"CVE-2025-53773",
|
|
47831
|
+
"CVE-2025-54136",
|
|
46718
47832
|
"CVE-2025-6965",
|
|
47833
|
+
"CVE-2026-22252",
|
|
47834
|
+
"CVE-2026-22688",
|
|
46719
47835
|
"CVE-2026-25592",
|
|
46720
47836
|
"CVE-2026-30615",
|
|
46721
47837
|
"CVE-2026-30623",
|
|
@@ -47036,6 +48152,7 @@
|
|
|
47036
48152
|
"CVE-2025-53690",
|
|
47037
48153
|
"CVE-2025-53770",
|
|
47038
48154
|
"CVE-2025-54068",
|
|
48155
|
+
"CVE-2025-54136",
|
|
47039
48156
|
"CVE-2025-5419",
|
|
47040
48157
|
"CVE-2025-54236",
|
|
47041
48158
|
"CVE-2025-54253",
|
|
@@ -47107,6 +48224,8 @@
|
|
|
47107
48224
|
"CVE-2026-21525",
|
|
47108
48225
|
"CVE-2026-21533",
|
|
47109
48226
|
"CVE-2026-21643",
|
|
48227
|
+
"CVE-2026-22252",
|
|
48228
|
+
"CVE-2026-22688",
|
|
47110
48229
|
"CVE-2026-22719",
|
|
47111
48230
|
"CVE-2026-22769",
|
|
47112
48231
|
"CVE-2026-23760",
|
|
@@ -47437,6 +48556,7 @@
|
|
|
47437
48556
|
"CVE-2025-53690",
|
|
47438
48557
|
"CVE-2025-53770",
|
|
47439
48558
|
"CVE-2025-54068",
|
|
48559
|
+
"CVE-2025-54136",
|
|
47440
48560
|
"CVE-2025-5419",
|
|
47441
48561
|
"CVE-2025-54236",
|
|
47442
48562
|
"CVE-2025-54253",
|
|
@@ -47508,6 +48628,8 @@
|
|
|
47508
48628
|
"CVE-2026-21525",
|
|
47509
48629
|
"CVE-2026-21533",
|
|
47510
48630
|
"CVE-2026-21643",
|
|
48631
|
+
"CVE-2026-22252",
|
|
48632
|
+
"CVE-2026-22688",
|
|
47511
48633
|
"CVE-2026-22719",
|
|
47512
48634
|
"CVE-2026-22769",
|
|
47513
48635
|
"CVE-2026-23760",
|
|
@@ -47770,7 +48892,10 @@
|
|
|
47770
48892
|
"CVE-2025-49596",
|
|
47771
48893
|
"CVE-2025-49844",
|
|
47772
48894
|
"CVE-2025-53773",
|
|
48895
|
+
"CVE-2025-54136",
|
|
47773
48896
|
"CVE-2025-6965",
|
|
48897
|
+
"CVE-2026-22252",
|
|
48898
|
+
"CVE-2026-22688",
|
|
47774
48899
|
"CVE-2026-25592",
|
|
47775
48900
|
"CVE-2026-30615",
|
|
47776
48901
|
"CVE-2026-30623",
|
|
@@ -48643,6 +49768,7 @@
|
|
|
48643
49768
|
"CVE-2025-53690",
|
|
48644
49769
|
"CVE-2025-53770",
|
|
48645
49770
|
"CVE-2025-54068",
|
|
49771
|
+
"CVE-2025-54136",
|
|
48646
49772
|
"CVE-2025-5419",
|
|
48647
49773
|
"CVE-2025-54236",
|
|
48648
49774
|
"CVE-2025-54253",
|
|
@@ -48714,6 +49840,8 @@
|
|
|
48714
49840
|
"CVE-2026-21525",
|
|
48715
49841
|
"CVE-2026-21533",
|
|
48716
49842
|
"CVE-2026-21643",
|
|
49843
|
+
"CVE-2026-22252",
|
|
49844
|
+
"CVE-2026-22688",
|
|
48717
49845
|
"CVE-2026-22719",
|
|
48718
49846
|
"CVE-2026-22769",
|
|
48719
49847
|
"CVE-2026-23760",
|
|
@@ -49040,7 +50168,10 @@
|
|
|
49040
50168
|
"CVE-2025-49596",
|
|
49041
50169
|
"CVE-2025-49844",
|
|
49042
50170
|
"CVE-2025-53773",
|
|
50171
|
+
"CVE-2025-54136",
|
|
49043
50172
|
"CVE-2025-6965",
|
|
50173
|
+
"CVE-2026-22252",
|
|
50174
|
+
"CVE-2026-22688",
|
|
49044
50175
|
"CVE-2026-25592",
|
|
49045
50176
|
"CVE-2026-30615",
|
|
49046
50177
|
"CVE-2026-30623",
|
|
@@ -49443,6 +50574,7 @@
|
|
|
49443
50574
|
"CVE-2025-53770",
|
|
49444
50575
|
"CVE-2025-53773",
|
|
49445
50576
|
"CVE-2025-54068",
|
|
50577
|
+
"CVE-2025-54136",
|
|
49446
50578
|
"CVE-2025-5419",
|
|
49447
50579
|
"CVE-2025-54236",
|
|
49448
50580
|
"CVE-2025-54253",
|
|
@@ -49515,6 +50647,8 @@
|
|
|
49515
50647
|
"CVE-2026-21525",
|
|
49516
50648
|
"CVE-2026-21533",
|
|
49517
50649
|
"CVE-2026-21643",
|
|
50650
|
+
"CVE-2026-22252",
|
|
50651
|
+
"CVE-2026-22688",
|
|
49518
50652
|
"CVE-2026-22719",
|
|
49519
50653
|
"CVE-2026-22769",
|
|
49520
50654
|
"CVE-2026-23760",
|
|
@@ -49854,6 +50988,9 @@
|
|
|
49854
50988
|
"CVE-2025-49596",
|
|
49855
50989
|
"CVE-2025-49844",
|
|
49856
50990
|
"CVE-2025-53773",
|
|
50991
|
+
"CVE-2025-54136",
|
|
50992
|
+
"CVE-2026-22252",
|
|
50993
|
+
"CVE-2026-22688",
|
|
49857
50994
|
"CVE-2026-25592",
|
|
49858
50995
|
"CVE-2026-30615",
|
|
49859
50996
|
"CVE-2026-31431",
|
|
@@ -50770,7 +51907,10 @@
|
|
|
50770
51907
|
"CVE-2025-49596",
|
|
50771
51908
|
"CVE-2025-49844",
|
|
50772
51909
|
"CVE-2025-53773",
|
|
51910
|
+
"CVE-2025-54136",
|
|
50773
51911
|
"CVE-2025-6965",
|
|
51912
|
+
"CVE-2026-22252",
|
|
51913
|
+
"CVE-2026-22688",
|
|
50774
51914
|
"CVE-2026-25592",
|
|
50775
51915
|
"CVE-2026-30615",
|
|
50776
51916
|
"CVE-2026-30623",
|
|
@@ -50844,6 +51984,9 @@
|
|
|
50844
51984
|
"CVE-2025-38352",
|
|
50845
51985
|
"CVE-2025-43300",
|
|
50846
51986
|
"CVE-2025-49596",
|
|
51987
|
+
"CVE-2025-54136",
|
|
51988
|
+
"CVE-2026-22252",
|
|
51989
|
+
"CVE-2026-22688",
|
|
50847
51990
|
"CVE-2026-25592",
|
|
50848
51991
|
"CVE-2026-31431",
|
|
50849
51992
|
"CVE-2026-34926",
|
|
@@ -50992,7 +52135,10 @@
|
|
|
50992
52135
|
"CVE-2025-34291",
|
|
50993
52136
|
"CVE-2025-49596",
|
|
50994
52137
|
"CVE-2025-53773",
|
|
52138
|
+
"CVE-2025-54136",
|
|
50995
52139
|
"CVE-2025-6965",
|
|
52140
|
+
"CVE-2026-22252",
|
|
52141
|
+
"CVE-2026-22688",
|
|
50996
52142
|
"CVE-2026-22778",
|
|
50997
52143
|
"CVE-2026-25592",
|
|
50998
52144
|
"CVE-2026-30623",
|
|
@@ -51496,6 +52642,7 @@
|
|
|
51496
52642
|
"CVE-2025-53690",
|
|
51497
52643
|
"CVE-2025-53770",
|
|
51498
52644
|
"CVE-2025-54068",
|
|
52645
|
+
"CVE-2025-54136",
|
|
51499
52646
|
"CVE-2025-5419",
|
|
51500
52647
|
"CVE-2025-54236",
|
|
51501
52648
|
"CVE-2025-54253",
|
|
@@ -51563,6 +52710,8 @@
|
|
|
51563
52710
|
"CVE-2026-21525",
|
|
51564
52711
|
"CVE-2026-21533",
|
|
51565
52712
|
"CVE-2026-21643",
|
|
52713
|
+
"CVE-2026-22252",
|
|
52714
|
+
"CVE-2026-22688",
|
|
51566
52715
|
"CVE-2026-22719",
|
|
51567
52716
|
"CVE-2026-22769",
|
|
51568
52717
|
"CVE-2026-23760",
|
|
@@ -51824,7 +52973,10 @@
|
|
|
51824
52973
|
"CVE-2025-49596",
|
|
51825
52974
|
"CVE-2025-49844",
|
|
51826
52975
|
"CVE-2025-53773",
|
|
52976
|
+
"CVE-2025-54136",
|
|
51827
52977
|
"CVE-2025-6965",
|
|
52978
|
+
"CVE-2026-22252",
|
|
52979
|
+
"CVE-2026-22688",
|
|
51828
52980
|
"CVE-2026-25592",
|
|
51829
52981
|
"CVE-2026-30615",
|
|
51830
52982
|
"CVE-2026-30623",
|
|
@@ -52095,7 +53247,10 @@
|
|
|
52095
53247
|
"CVE-2025-49596",
|
|
52096
53248
|
"CVE-2025-53767",
|
|
52097
53249
|
"CVE-2025-53773",
|
|
53250
|
+
"CVE-2025-54136",
|
|
52098
53251
|
"CVE-2025-6965",
|
|
53252
|
+
"CVE-2026-22252",
|
|
53253
|
+
"CVE-2026-22688",
|
|
52099
53254
|
"CVE-2026-22778",
|
|
52100
53255
|
"CVE-2026-25592",
|
|
52101
53256
|
"CVE-2026-30615",
|