@blamejs/exceptd-skills 0.13.74 → 0.13.75
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/data/_indexes/_meta.json +8 -8
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +770 -0
- package/data/attack-techniques.json +4 -0
- package/data/cve-catalog.json +205 -0
- package/data/cwe-catalog.json +6 -1
- package/data/framework-control-gaps.json +15 -1
- package/data/zeroday-lessons.json +100 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +23 -23
|
@@ -17335,6 +17335,730 @@
|
|
|
17335
17335
|
]
|
|
17336
17336
|
}
|
|
17337
17337
|
},
|
|
17338
|
+
"CVE-2026-22252": {
|
|
17339
|
+
"name": "LibreChat MCP stdio Transport — Authenticated Arbitrary Command Execution as Root",
|
|
17340
|
+
"rwep": 30,
|
|
17341
|
+
"cvss": 9.9,
|
|
17342
|
+
"cisa_kev": false,
|
|
17343
|
+
"epss_score": null,
|
|
17344
|
+
"referencing_skills": [
|
|
17345
|
+
"kernel-lpe-triage",
|
|
17346
|
+
"ai-attack-surface",
|
|
17347
|
+
"compliance-theater",
|
|
17348
|
+
"attack-surface-pentest",
|
|
17349
|
+
"ot-ics-security",
|
|
17350
|
+
"coordinated-vuln-disclosure",
|
|
17351
|
+
"sector-energy"
|
|
17352
|
+
],
|
|
17353
|
+
"chain": {
|
|
17354
|
+
"cwes": [
|
|
17355
|
+
{
|
|
17356
|
+
"id": "CWE-1037",
|
|
17357
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
17358
|
+
"category": "Hardware / Side Channel"
|
|
17359
|
+
},
|
|
17360
|
+
{
|
|
17361
|
+
"id": "CWE-1039",
|
|
17362
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
17363
|
+
"category": "AI/ML"
|
|
17364
|
+
},
|
|
17365
|
+
{
|
|
17366
|
+
"id": "CWE-125",
|
|
17367
|
+
"name": "Out-of-bounds Read",
|
|
17368
|
+
"category": "Memory Safety"
|
|
17369
|
+
},
|
|
17370
|
+
{
|
|
17371
|
+
"id": "CWE-1357",
|
|
17372
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
17373
|
+
"category": "Supply Chain"
|
|
17374
|
+
},
|
|
17375
|
+
{
|
|
17376
|
+
"id": "CWE-1395",
|
|
17377
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
17378
|
+
"category": "Supply Chain"
|
|
17379
|
+
},
|
|
17380
|
+
{
|
|
17381
|
+
"id": "CWE-1426",
|
|
17382
|
+
"name": "Improper Validation of Generative AI Output",
|
|
17383
|
+
"category": "AI/ML"
|
|
17384
|
+
},
|
|
17385
|
+
{
|
|
17386
|
+
"id": "CWE-22",
|
|
17387
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
17388
|
+
"category": "Path/Resource"
|
|
17389
|
+
},
|
|
17390
|
+
{
|
|
17391
|
+
"id": "CWE-269",
|
|
17392
|
+
"name": "Improper Privilege Management",
|
|
17393
|
+
"category": "Authorization"
|
|
17394
|
+
},
|
|
17395
|
+
{
|
|
17396
|
+
"id": "CWE-287",
|
|
17397
|
+
"name": "Improper Authentication",
|
|
17398
|
+
"category": "Authentication"
|
|
17399
|
+
},
|
|
17400
|
+
{
|
|
17401
|
+
"id": "CWE-306",
|
|
17402
|
+
"name": "Missing Authentication for Critical Function",
|
|
17403
|
+
"category": "Authentication"
|
|
17404
|
+
},
|
|
17405
|
+
{
|
|
17406
|
+
"id": "CWE-352",
|
|
17407
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
17408
|
+
"category": "Session"
|
|
17409
|
+
},
|
|
17410
|
+
{
|
|
17411
|
+
"id": "CWE-362",
|
|
17412
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
17413
|
+
"category": "Concurrency"
|
|
17414
|
+
},
|
|
17415
|
+
{
|
|
17416
|
+
"id": "CWE-416",
|
|
17417
|
+
"name": "Use After Free",
|
|
17418
|
+
"category": "Memory Safety"
|
|
17419
|
+
},
|
|
17420
|
+
{
|
|
17421
|
+
"id": "CWE-434",
|
|
17422
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
17423
|
+
"category": "File Handling"
|
|
17424
|
+
},
|
|
17425
|
+
{
|
|
17426
|
+
"id": "CWE-672",
|
|
17427
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
17428
|
+
"category": "Memory Safety"
|
|
17429
|
+
},
|
|
17430
|
+
{
|
|
17431
|
+
"id": "CWE-732",
|
|
17432
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
17433
|
+
"category": "Authorization"
|
|
17434
|
+
},
|
|
17435
|
+
{
|
|
17436
|
+
"id": "CWE-78",
|
|
17437
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
17438
|
+
"category": "Injection"
|
|
17439
|
+
},
|
|
17440
|
+
{
|
|
17441
|
+
"id": "CWE-787",
|
|
17442
|
+
"name": "Out-of-bounds Write",
|
|
17443
|
+
"category": "Memory Safety"
|
|
17444
|
+
},
|
|
17445
|
+
{
|
|
17446
|
+
"id": "CWE-79",
|
|
17447
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
17448
|
+
"category": "Injection"
|
|
17449
|
+
},
|
|
17450
|
+
{
|
|
17451
|
+
"id": "CWE-798",
|
|
17452
|
+
"name": "Use of Hard-coded Credentials",
|
|
17453
|
+
"category": "Credentials"
|
|
17454
|
+
},
|
|
17455
|
+
{
|
|
17456
|
+
"id": "CWE-89",
|
|
17457
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
17458
|
+
"category": "Injection"
|
|
17459
|
+
},
|
|
17460
|
+
{
|
|
17461
|
+
"id": "CWE-918",
|
|
17462
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
17463
|
+
"category": "Network"
|
|
17464
|
+
},
|
|
17465
|
+
{
|
|
17466
|
+
"id": "CWE-94",
|
|
17467
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
17468
|
+
"category": "Injection"
|
|
17469
|
+
}
|
|
17470
|
+
],
|
|
17471
|
+
"atlas": [
|
|
17472
|
+
{
|
|
17473
|
+
"id": "AML.T0010",
|
|
17474
|
+
"name": "ML Supply Chain Compromise",
|
|
17475
|
+
"tactic": "Initial Access"
|
|
17476
|
+
},
|
|
17477
|
+
{
|
|
17478
|
+
"id": "AML.T0016",
|
|
17479
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
17480
|
+
"tactic": "Resource Development"
|
|
17481
|
+
},
|
|
17482
|
+
{
|
|
17483
|
+
"id": "AML.T0017",
|
|
17484
|
+
"name": "Discover ML Model Ontology",
|
|
17485
|
+
"tactic": "Discovery"
|
|
17486
|
+
},
|
|
17487
|
+
{
|
|
17488
|
+
"id": "AML.T0018",
|
|
17489
|
+
"name": "Backdoor ML Model",
|
|
17490
|
+
"tactic": "Persistence"
|
|
17491
|
+
},
|
|
17492
|
+
{
|
|
17493
|
+
"id": "AML.T0020",
|
|
17494
|
+
"name": "Poison Training Data",
|
|
17495
|
+
"tactic": "ML Attack Staging"
|
|
17496
|
+
},
|
|
17497
|
+
{
|
|
17498
|
+
"id": "AML.T0043",
|
|
17499
|
+
"name": "Craft Adversarial Data",
|
|
17500
|
+
"tactic": "ML Attack Staging"
|
|
17501
|
+
},
|
|
17502
|
+
{
|
|
17503
|
+
"id": "AML.T0051",
|
|
17504
|
+
"name": "LLM Prompt Injection",
|
|
17505
|
+
"tactic": "Execution"
|
|
17506
|
+
},
|
|
17507
|
+
{
|
|
17508
|
+
"id": "AML.T0054",
|
|
17509
|
+
"name": "LLM Jailbreak",
|
|
17510
|
+
"tactic": "Defense Evasion"
|
|
17511
|
+
},
|
|
17512
|
+
{
|
|
17513
|
+
"id": "AML.T0096",
|
|
17514
|
+
"name": "AI API as Covert C2 Channel",
|
|
17515
|
+
"tactic": "Command and Control"
|
|
17516
|
+
}
|
|
17517
|
+
],
|
|
17518
|
+
"d3fend": [
|
|
17519
|
+
{
|
|
17520
|
+
"id": "D3-ASLR",
|
|
17521
|
+
"name": "Address Space Layout Randomization",
|
|
17522
|
+
"tactic": "Harden"
|
|
17523
|
+
},
|
|
17524
|
+
{
|
|
17525
|
+
"id": "D3-CSPP",
|
|
17526
|
+
"name": "Client-server Payload Profiling",
|
|
17527
|
+
"tactic": "Detect"
|
|
17528
|
+
},
|
|
17529
|
+
{
|
|
17530
|
+
"id": "D3-EAL",
|
|
17531
|
+
"name": "Executable Allowlisting",
|
|
17532
|
+
"tactic": "Harden"
|
|
17533
|
+
},
|
|
17534
|
+
{
|
|
17535
|
+
"id": "D3-IOPR",
|
|
17536
|
+
"name": "Input/Output Profiling Resource",
|
|
17537
|
+
"tactic": "Detect"
|
|
17538
|
+
},
|
|
17539
|
+
{
|
|
17540
|
+
"id": "D3-NTA",
|
|
17541
|
+
"name": "Network Traffic Analysis",
|
|
17542
|
+
"tactic": "Detect"
|
|
17543
|
+
},
|
|
17544
|
+
{
|
|
17545
|
+
"id": "D3-PHRA",
|
|
17546
|
+
"name": "Process Hardware Resource Access",
|
|
17547
|
+
"tactic": "Isolate"
|
|
17548
|
+
},
|
|
17549
|
+
{
|
|
17550
|
+
"id": "D3-PSEP",
|
|
17551
|
+
"name": "Process Segment Execution Prevention",
|
|
17552
|
+
"tactic": "Harden"
|
|
17553
|
+
}
|
|
17554
|
+
],
|
|
17555
|
+
"framework_gaps": [
|
|
17556
|
+
{
|
|
17557
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
17558
|
+
"framework": "ALL",
|
|
17559
|
+
"control_name": "AI Pipeline Integrity"
|
|
17560
|
+
},
|
|
17561
|
+
{
|
|
17562
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
17563
|
+
"framework": "ALL",
|
|
17564
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
17565
|
+
},
|
|
17566
|
+
{
|
|
17567
|
+
"id": "CIS-Controls-v8-Control7",
|
|
17568
|
+
"framework": "CIS Controls v8",
|
|
17569
|
+
"control_name": "Continuous Vulnerability Management"
|
|
17570
|
+
},
|
|
17571
|
+
{
|
|
17572
|
+
"id": "CMMC-2.0-Level-2",
|
|
17573
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
17574
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
17575
|
+
},
|
|
17576
|
+
{
|
|
17577
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
17578
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
17579
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
17580
|
+
},
|
|
17581
|
+
{
|
|
17582
|
+
"id": "IEC-62443-3-3",
|
|
17583
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
17584
|
+
"control_name": "System security requirements and security levels"
|
|
17585
|
+
},
|
|
17586
|
+
{
|
|
17587
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
17588
|
+
"framework": "ISO/IEC 27001:2022",
|
|
17589
|
+
"control_name": "Secure coding"
|
|
17590
|
+
},
|
|
17591
|
+
{
|
|
17592
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
17593
|
+
"framework": "ISO/IEC 27001:2022",
|
|
17594
|
+
"control_name": "Management of technical vulnerabilities"
|
|
17595
|
+
},
|
|
17596
|
+
{
|
|
17597
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
17598
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
17599
|
+
"control_name": "AI risk management process"
|
|
17600
|
+
},
|
|
17601
|
+
{
|
|
17602
|
+
"id": "NERC-CIP-007-6-R4",
|
|
17603
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
17604
|
+
"control_name": "Security event monitoring"
|
|
17605
|
+
},
|
|
17606
|
+
{
|
|
17607
|
+
"id": "NIS2-Art21-patch-management",
|
|
17608
|
+
"framework": "EU NIS2 Directive",
|
|
17609
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
17610
|
+
},
|
|
17611
|
+
{
|
|
17612
|
+
"id": "NIST-800-115",
|
|
17613
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
17614
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
17615
|
+
},
|
|
17616
|
+
{
|
|
17617
|
+
"id": "NIST-800-218-SSDF",
|
|
17618
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
17619
|
+
"control_name": "Secure Software Development Framework"
|
|
17620
|
+
},
|
|
17621
|
+
{
|
|
17622
|
+
"id": "NIST-800-53-AC-2",
|
|
17623
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17624
|
+
"control_name": "Account Management"
|
|
17625
|
+
},
|
|
17626
|
+
{
|
|
17627
|
+
"id": "NIST-800-53-SC-8",
|
|
17628
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17629
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
17630
|
+
},
|
|
17631
|
+
{
|
|
17632
|
+
"id": "NIST-800-53-SI-2",
|
|
17633
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17634
|
+
"control_name": "Flaw Remediation"
|
|
17635
|
+
},
|
|
17636
|
+
{
|
|
17637
|
+
"id": "NIST-800-53-SI-3",
|
|
17638
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17639
|
+
"control_name": "Malicious Code Protection"
|
|
17640
|
+
},
|
|
17641
|
+
{
|
|
17642
|
+
"id": "NIST-800-82r3",
|
|
17643
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
17644
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
17645
|
+
},
|
|
17646
|
+
{
|
|
17647
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
17648
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
17649
|
+
"control_name": "Prompt Injection"
|
|
17650
|
+
},
|
|
17651
|
+
{
|
|
17652
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
17653
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
17654
|
+
"control_name": "Sensitive Information Disclosure"
|
|
17655
|
+
},
|
|
17656
|
+
{
|
|
17657
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
17658
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
17659
|
+
"control_name": "Web application penetration testing methodology"
|
|
17660
|
+
},
|
|
17661
|
+
{
|
|
17662
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
17663
|
+
"framework": "PCI DSS 4.0",
|
|
17664
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
17665
|
+
},
|
|
17666
|
+
{
|
|
17667
|
+
"id": "PTES-Pre-engagement",
|
|
17668
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
17669
|
+
"control_name": "Pre-engagement Interactions"
|
|
17670
|
+
},
|
|
17671
|
+
{
|
|
17672
|
+
"id": "SOC2-CC6-logical-access",
|
|
17673
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
17674
|
+
"control_name": "Logical and Physical Access Controls"
|
|
17675
|
+
},
|
|
17676
|
+
{
|
|
17677
|
+
"id": "SOC2-CC9-vendor-management",
|
|
17678
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
17679
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
17680
|
+
}
|
|
17681
|
+
],
|
|
17682
|
+
"attack_refs": [
|
|
17683
|
+
"T0855",
|
|
17684
|
+
"T0883",
|
|
17685
|
+
"T1059",
|
|
17686
|
+
"T1068",
|
|
17687
|
+
"T1078",
|
|
17688
|
+
"T1133",
|
|
17689
|
+
"T1190",
|
|
17690
|
+
"T1548.001",
|
|
17691
|
+
"T1566"
|
|
17692
|
+
],
|
|
17693
|
+
"rfc_refs": [
|
|
17694
|
+
"RFC-4301",
|
|
17695
|
+
"RFC-4303",
|
|
17696
|
+
"RFC-7296"
|
|
17697
|
+
]
|
|
17698
|
+
}
|
|
17699
|
+
},
|
|
17700
|
+
"CVE-2026-22688": {
|
|
17701
|
+
"name": "Tencent WeKnora MCP stdio Command Injection",
|
|
17702
|
+
"rwep": 30,
|
|
17703
|
+
"cvss": 8.8,
|
|
17704
|
+
"cisa_kev": false,
|
|
17705
|
+
"epss_score": null,
|
|
17706
|
+
"referencing_skills": [
|
|
17707
|
+
"kernel-lpe-triage",
|
|
17708
|
+
"ai-attack-surface",
|
|
17709
|
+
"compliance-theater",
|
|
17710
|
+
"attack-surface-pentest",
|
|
17711
|
+
"ot-ics-security",
|
|
17712
|
+
"coordinated-vuln-disclosure",
|
|
17713
|
+
"sector-energy"
|
|
17714
|
+
],
|
|
17715
|
+
"chain": {
|
|
17716
|
+
"cwes": [
|
|
17717
|
+
{
|
|
17718
|
+
"id": "CWE-1037",
|
|
17719
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
17720
|
+
"category": "Hardware / Side Channel"
|
|
17721
|
+
},
|
|
17722
|
+
{
|
|
17723
|
+
"id": "CWE-1039",
|
|
17724
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
17725
|
+
"category": "AI/ML"
|
|
17726
|
+
},
|
|
17727
|
+
{
|
|
17728
|
+
"id": "CWE-125",
|
|
17729
|
+
"name": "Out-of-bounds Read",
|
|
17730
|
+
"category": "Memory Safety"
|
|
17731
|
+
},
|
|
17732
|
+
{
|
|
17733
|
+
"id": "CWE-1357",
|
|
17734
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
17735
|
+
"category": "Supply Chain"
|
|
17736
|
+
},
|
|
17737
|
+
{
|
|
17738
|
+
"id": "CWE-1395",
|
|
17739
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
17740
|
+
"category": "Supply Chain"
|
|
17741
|
+
},
|
|
17742
|
+
{
|
|
17743
|
+
"id": "CWE-1426",
|
|
17744
|
+
"name": "Improper Validation of Generative AI Output",
|
|
17745
|
+
"category": "AI/ML"
|
|
17746
|
+
},
|
|
17747
|
+
{
|
|
17748
|
+
"id": "CWE-22",
|
|
17749
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
17750
|
+
"category": "Path/Resource"
|
|
17751
|
+
},
|
|
17752
|
+
{
|
|
17753
|
+
"id": "CWE-269",
|
|
17754
|
+
"name": "Improper Privilege Management",
|
|
17755
|
+
"category": "Authorization"
|
|
17756
|
+
},
|
|
17757
|
+
{
|
|
17758
|
+
"id": "CWE-287",
|
|
17759
|
+
"name": "Improper Authentication",
|
|
17760
|
+
"category": "Authentication"
|
|
17761
|
+
},
|
|
17762
|
+
{
|
|
17763
|
+
"id": "CWE-306",
|
|
17764
|
+
"name": "Missing Authentication for Critical Function",
|
|
17765
|
+
"category": "Authentication"
|
|
17766
|
+
},
|
|
17767
|
+
{
|
|
17768
|
+
"id": "CWE-352",
|
|
17769
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
17770
|
+
"category": "Session"
|
|
17771
|
+
},
|
|
17772
|
+
{
|
|
17773
|
+
"id": "CWE-362",
|
|
17774
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
17775
|
+
"category": "Concurrency"
|
|
17776
|
+
},
|
|
17777
|
+
{
|
|
17778
|
+
"id": "CWE-416",
|
|
17779
|
+
"name": "Use After Free",
|
|
17780
|
+
"category": "Memory Safety"
|
|
17781
|
+
},
|
|
17782
|
+
{
|
|
17783
|
+
"id": "CWE-434",
|
|
17784
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
17785
|
+
"category": "File Handling"
|
|
17786
|
+
},
|
|
17787
|
+
{
|
|
17788
|
+
"id": "CWE-672",
|
|
17789
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
17790
|
+
"category": "Memory Safety"
|
|
17791
|
+
},
|
|
17792
|
+
{
|
|
17793
|
+
"id": "CWE-732",
|
|
17794
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
17795
|
+
"category": "Authorization"
|
|
17796
|
+
},
|
|
17797
|
+
{
|
|
17798
|
+
"id": "CWE-78",
|
|
17799
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
17800
|
+
"category": "Injection"
|
|
17801
|
+
},
|
|
17802
|
+
{
|
|
17803
|
+
"id": "CWE-787",
|
|
17804
|
+
"name": "Out-of-bounds Write",
|
|
17805
|
+
"category": "Memory Safety"
|
|
17806
|
+
},
|
|
17807
|
+
{
|
|
17808
|
+
"id": "CWE-79",
|
|
17809
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
17810
|
+
"category": "Injection"
|
|
17811
|
+
},
|
|
17812
|
+
{
|
|
17813
|
+
"id": "CWE-798",
|
|
17814
|
+
"name": "Use of Hard-coded Credentials",
|
|
17815
|
+
"category": "Credentials"
|
|
17816
|
+
},
|
|
17817
|
+
{
|
|
17818
|
+
"id": "CWE-89",
|
|
17819
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
17820
|
+
"category": "Injection"
|
|
17821
|
+
},
|
|
17822
|
+
{
|
|
17823
|
+
"id": "CWE-918",
|
|
17824
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
17825
|
+
"category": "Network"
|
|
17826
|
+
},
|
|
17827
|
+
{
|
|
17828
|
+
"id": "CWE-94",
|
|
17829
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
17830
|
+
"category": "Injection"
|
|
17831
|
+
}
|
|
17832
|
+
],
|
|
17833
|
+
"atlas": [
|
|
17834
|
+
{
|
|
17835
|
+
"id": "AML.T0010",
|
|
17836
|
+
"name": "ML Supply Chain Compromise",
|
|
17837
|
+
"tactic": "Initial Access"
|
|
17838
|
+
},
|
|
17839
|
+
{
|
|
17840
|
+
"id": "AML.T0016",
|
|
17841
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
17842
|
+
"tactic": "Resource Development"
|
|
17843
|
+
},
|
|
17844
|
+
{
|
|
17845
|
+
"id": "AML.T0017",
|
|
17846
|
+
"name": "Discover ML Model Ontology",
|
|
17847
|
+
"tactic": "Discovery"
|
|
17848
|
+
},
|
|
17849
|
+
{
|
|
17850
|
+
"id": "AML.T0018",
|
|
17851
|
+
"name": "Backdoor ML Model",
|
|
17852
|
+
"tactic": "Persistence"
|
|
17853
|
+
},
|
|
17854
|
+
{
|
|
17855
|
+
"id": "AML.T0020",
|
|
17856
|
+
"name": "Poison Training Data",
|
|
17857
|
+
"tactic": "ML Attack Staging"
|
|
17858
|
+
},
|
|
17859
|
+
{
|
|
17860
|
+
"id": "AML.T0043",
|
|
17861
|
+
"name": "Craft Adversarial Data",
|
|
17862
|
+
"tactic": "ML Attack Staging"
|
|
17863
|
+
},
|
|
17864
|
+
{
|
|
17865
|
+
"id": "AML.T0051",
|
|
17866
|
+
"name": "LLM Prompt Injection",
|
|
17867
|
+
"tactic": "Execution"
|
|
17868
|
+
},
|
|
17869
|
+
{
|
|
17870
|
+
"id": "AML.T0054",
|
|
17871
|
+
"name": "LLM Jailbreak",
|
|
17872
|
+
"tactic": "Defense Evasion"
|
|
17873
|
+
},
|
|
17874
|
+
{
|
|
17875
|
+
"id": "AML.T0096",
|
|
17876
|
+
"name": "AI API as Covert C2 Channel",
|
|
17877
|
+
"tactic": "Command and Control"
|
|
17878
|
+
}
|
|
17879
|
+
],
|
|
17880
|
+
"d3fend": [
|
|
17881
|
+
{
|
|
17882
|
+
"id": "D3-ASLR",
|
|
17883
|
+
"name": "Address Space Layout Randomization",
|
|
17884
|
+
"tactic": "Harden"
|
|
17885
|
+
},
|
|
17886
|
+
{
|
|
17887
|
+
"id": "D3-CSPP",
|
|
17888
|
+
"name": "Client-server Payload Profiling",
|
|
17889
|
+
"tactic": "Detect"
|
|
17890
|
+
},
|
|
17891
|
+
{
|
|
17892
|
+
"id": "D3-EAL",
|
|
17893
|
+
"name": "Executable Allowlisting",
|
|
17894
|
+
"tactic": "Harden"
|
|
17895
|
+
},
|
|
17896
|
+
{
|
|
17897
|
+
"id": "D3-IOPR",
|
|
17898
|
+
"name": "Input/Output Profiling Resource",
|
|
17899
|
+
"tactic": "Detect"
|
|
17900
|
+
},
|
|
17901
|
+
{
|
|
17902
|
+
"id": "D3-NTA",
|
|
17903
|
+
"name": "Network Traffic Analysis",
|
|
17904
|
+
"tactic": "Detect"
|
|
17905
|
+
},
|
|
17906
|
+
{
|
|
17907
|
+
"id": "D3-PHRA",
|
|
17908
|
+
"name": "Process Hardware Resource Access",
|
|
17909
|
+
"tactic": "Isolate"
|
|
17910
|
+
},
|
|
17911
|
+
{
|
|
17912
|
+
"id": "D3-PSEP",
|
|
17913
|
+
"name": "Process Segment Execution Prevention",
|
|
17914
|
+
"tactic": "Harden"
|
|
17915
|
+
}
|
|
17916
|
+
],
|
|
17917
|
+
"framework_gaps": [
|
|
17918
|
+
{
|
|
17919
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
17920
|
+
"framework": "ALL",
|
|
17921
|
+
"control_name": "AI Pipeline Integrity"
|
|
17922
|
+
},
|
|
17923
|
+
{
|
|
17924
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
17925
|
+
"framework": "ALL",
|
|
17926
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
17927
|
+
},
|
|
17928
|
+
{
|
|
17929
|
+
"id": "CIS-Controls-v8-Control7",
|
|
17930
|
+
"framework": "CIS Controls v8",
|
|
17931
|
+
"control_name": "Continuous Vulnerability Management"
|
|
17932
|
+
},
|
|
17933
|
+
{
|
|
17934
|
+
"id": "CMMC-2.0-Level-2",
|
|
17935
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
17936
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
17937
|
+
},
|
|
17938
|
+
{
|
|
17939
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
17940
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
17941
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
17942
|
+
},
|
|
17943
|
+
{
|
|
17944
|
+
"id": "IEC-62443-3-3",
|
|
17945
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
17946
|
+
"control_name": "System security requirements and security levels"
|
|
17947
|
+
},
|
|
17948
|
+
{
|
|
17949
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
17950
|
+
"framework": "ISO/IEC 27001:2022",
|
|
17951
|
+
"control_name": "Secure coding"
|
|
17952
|
+
},
|
|
17953
|
+
{
|
|
17954
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
17955
|
+
"framework": "ISO/IEC 27001:2022",
|
|
17956
|
+
"control_name": "Management of technical vulnerabilities"
|
|
17957
|
+
},
|
|
17958
|
+
{
|
|
17959
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
17960
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
17961
|
+
"control_name": "AI risk management process"
|
|
17962
|
+
},
|
|
17963
|
+
{
|
|
17964
|
+
"id": "NERC-CIP-007-6-R4",
|
|
17965
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
17966
|
+
"control_name": "Security event monitoring"
|
|
17967
|
+
},
|
|
17968
|
+
{
|
|
17969
|
+
"id": "NIS2-Art21-patch-management",
|
|
17970
|
+
"framework": "EU NIS2 Directive",
|
|
17971
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
17972
|
+
},
|
|
17973
|
+
{
|
|
17974
|
+
"id": "NIST-800-115",
|
|
17975
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
17976
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
17977
|
+
},
|
|
17978
|
+
{
|
|
17979
|
+
"id": "NIST-800-218-SSDF",
|
|
17980
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
17981
|
+
"control_name": "Secure Software Development Framework"
|
|
17982
|
+
},
|
|
17983
|
+
{
|
|
17984
|
+
"id": "NIST-800-53-AC-2",
|
|
17985
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17986
|
+
"control_name": "Account Management"
|
|
17987
|
+
},
|
|
17988
|
+
{
|
|
17989
|
+
"id": "NIST-800-53-SC-8",
|
|
17990
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17991
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
17992
|
+
},
|
|
17993
|
+
{
|
|
17994
|
+
"id": "NIST-800-53-SI-2",
|
|
17995
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
17996
|
+
"control_name": "Flaw Remediation"
|
|
17997
|
+
},
|
|
17998
|
+
{
|
|
17999
|
+
"id": "NIST-800-53-SI-3",
|
|
18000
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
18001
|
+
"control_name": "Malicious Code Protection"
|
|
18002
|
+
},
|
|
18003
|
+
{
|
|
18004
|
+
"id": "NIST-800-82r3",
|
|
18005
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
18006
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
18007
|
+
},
|
|
18008
|
+
{
|
|
18009
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
18010
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
18011
|
+
"control_name": "Prompt Injection"
|
|
18012
|
+
},
|
|
18013
|
+
{
|
|
18014
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
18015
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
18016
|
+
"control_name": "Sensitive Information Disclosure"
|
|
18017
|
+
},
|
|
18018
|
+
{
|
|
18019
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
18020
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
18021
|
+
"control_name": "Web application penetration testing methodology"
|
|
18022
|
+
},
|
|
18023
|
+
{
|
|
18024
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
18025
|
+
"framework": "PCI DSS 4.0",
|
|
18026
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
18027
|
+
},
|
|
18028
|
+
{
|
|
18029
|
+
"id": "PTES-Pre-engagement",
|
|
18030
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
18031
|
+
"control_name": "Pre-engagement Interactions"
|
|
18032
|
+
},
|
|
18033
|
+
{
|
|
18034
|
+
"id": "SOC2-CC6-logical-access",
|
|
18035
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
18036
|
+
"control_name": "Logical and Physical Access Controls"
|
|
18037
|
+
},
|
|
18038
|
+
{
|
|
18039
|
+
"id": "SOC2-CC9-vendor-management",
|
|
18040
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
18041
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
18042
|
+
}
|
|
18043
|
+
],
|
|
18044
|
+
"attack_refs": [
|
|
18045
|
+
"T0855",
|
|
18046
|
+
"T0883",
|
|
18047
|
+
"T1059",
|
|
18048
|
+
"T1068",
|
|
18049
|
+
"T1078",
|
|
18050
|
+
"T1133",
|
|
18051
|
+
"T1190",
|
|
18052
|
+
"T1548.001",
|
|
18053
|
+
"T1566"
|
|
18054
|
+
],
|
|
18055
|
+
"rfc_refs": [
|
|
18056
|
+
"RFC-4301",
|
|
18057
|
+
"RFC-4303",
|
|
18058
|
+
"RFC-7296"
|
|
18059
|
+
]
|
|
18060
|
+
}
|
|
18061
|
+
},
|
|
17338
18062
|
"CVE-2026-41091": {
|
|
17339
18063
|
"name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
|
|
17340
18064
|
"rwep": 45,
|
|
@@ -43725,6 +44449,8 @@
|
|
|
43725
44449
|
"CVE-2025-53773",
|
|
43726
44450
|
"CVE-2025-54136",
|
|
43727
44451
|
"CVE-2025-6965",
|
|
44452
|
+
"CVE-2026-22252",
|
|
44453
|
+
"CVE-2026-22688",
|
|
43728
44454
|
"CVE-2026-25592",
|
|
43729
44455
|
"CVE-2026-30615",
|
|
43730
44456
|
"CVE-2026-30623",
|
|
@@ -44072,6 +44798,8 @@
|
|
|
44072
44798
|
"CVE-2025-49596",
|
|
44073
44799
|
"CVE-2025-54136",
|
|
44074
44800
|
"CVE-2025-6965",
|
|
44801
|
+
"CVE-2026-22252",
|
|
44802
|
+
"CVE-2026-22688",
|
|
44075
44803
|
"CVE-2026-25592",
|
|
44076
44804
|
"CVE-2026-30623",
|
|
44077
44805
|
"CVE-2026-31431",
|
|
@@ -44214,6 +44942,8 @@
|
|
|
44214
44942
|
"CVE-2025-49596",
|
|
44215
44943
|
"CVE-2025-54136",
|
|
44216
44944
|
"CVE-2025-6965",
|
|
44945
|
+
"CVE-2026-22252",
|
|
44946
|
+
"CVE-2026-22688",
|
|
44217
44947
|
"CVE-2026-25592",
|
|
44218
44948
|
"CVE-2026-30623",
|
|
44219
44949
|
"CVE-2026-31431",
|
|
@@ -44370,6 +45100,8 @@
|
|
|
44370
45100
|
"CVE-2025-49596",
|
|
44371
45101
|
"CVE-2025-54136",
|
|
44372
45102
|
"CVE-2025-6965",
|
|
45103
|
+
"CVE-2026-22252",
|
|
45104
|
+
"CVE-2026-22688",
|
|
44373
45105
|
"CVE-2026-25592",
|
|
44374
45106
|
"CVE-2026-30623",
|
|
44375
45107
|
"CVE-2026-31431",
|
|
@@ -44631,6 +45363,8 @@
|
|
|
44631
45363
|
"CVE-2025-53773",
|
|
44632
45364
|
"CVE-2025-54136",
|
|
44633
45365
|
"CVE-2025-6965",
|
|
45366
|
+
"CVE-2026-22252",
|
|
45367
|
+
"CVE-2026-22688",
|
|
44634
45368
|
"CVE-2026-22778",
|
|
44635
45369
|
"CVE-2026-25592",
|
|
44636
45370
|
"CVE-2026-30615",
|
|
@@ -45020,6 +45754,8 @@
|
|
|
45020
45754
|
"CVE-2026-21525",
|
|
45021
45755
|
"CVE-2026-21533",
|
|
45022
45756
|
"CVE-2026-21643",
|
|
45757
|
+
"CVE-2026-22252",
|
|
45758
|
+
"CVE-2026-22688",
|
|
45023
45759
|
"CVE-2026-22719",
|
|
45024
45760
|
"CVE-2026-22769",
|
|
45025
45761
|
"CVE-2026-23760",
|
|
@@ -45643,6 +46379,8 @@
|
|
|
45643
46379
|
"CVE-2025-53773",
|
|
45644
46380
|
"CVE-2025-54136",
|
|
45645
46381
|
"CVE-2025-6965",
|
|
46382
|
+
"CVE-2026-22252",
|
|
46383
|
+
"CVE-2026-22688",
|
|
45646
46384
|
"CVE-2026-25592",
|
|
45647
46385
|
"CVE-2026-30615",
|
|
45648
46386
|
"CVE-2026-30623",
|
|
@@ -46224,6 +46962,8 @@
|
|
|
46224
46962
|
"CVE-2025-53773",
|
|
46225
46963
|
"CVE-2025-54136",
|
|
46226
46964
|
"CVE-2025-6965",
|
|
46965
|
+
"CVE-2026-22252",
|
|
46966
|
+
"CVE-2026-22688",
|
|
46227
46967
|
"CVE-2026-25592",
|
|
46228
46968
|
"CVE-2026-30615",
|
|
46229
46969
|
"CVE-2026-30623",
|
|
@@ -46439,6 +47179,8 @@
|
|
|
46439
47179
|
"CVE-2025-49596",
|
|
46440
47180
|
"CVE-2025-53773",
|
|
46441
47181
|
"CVE-2025-54136",
|
|
47182
|
+
"CVE-2026-22252",
|
|
47183
|
+
"CVE-2026-22688",
|
|
46442
47184
|
"CVE-2026-25592",
|
|
46443
47185
|
"CVE-2026-30615",
|
|
46444
47186
|
"CVE-2026-31431",
|
|
@@ -47088,6 +47830,8 @@
|
|
|
47088
47830
|
"CVE-2025-53773",
|
|
47089
47831
|
"CVE-2025-54136",
|
|
47090
47832
|
"CVE-2025-6965",
|
|
47833
|
+
"CVE-2026-22252",
|
|
47834
|
+
"CVE-2026-22688",
|
|
47091
47835
|
"CVE-2026-25592",
|
|
47092
47836
|
"CVE-2026-30615",
|
|
47093
47837
|
"CVE-2026-30623",
|
|
@@ -47480,6 +48224,8 @@
|
|
|
47480
48224
|
"CVE-2026-21525",
|
|
47481
48225
|
"CVE-2026-21533",
|
|
47482
48226
|
"CVE-2026-21643",
|
|
48227
|
+
"CVE-2026-22252",
|
|
48228
|
+
"CVE-2026-22688",
|
|
47483
48229
|
"CVE-2026-22719",
|
|
47484
48230
|
"CVE-2026-22769",
|
|
47485
48231
|
"CVE-2026-23760",
|
|
@@ -47882,6 +48628,8 @@
|
|
|
47882
48628
|
"CVE-2026-21525",
|
|
47883
48629
|
"CVE-2026-21533",
|
|
47884
48630
|
"CVE-2026-21643",
|
|
48631
|
+
"CVE-2026-22252",
|
|
48632
|
+
"CVE-2026-22688",
|
|
47885
48633
|
"CVE-2026-22719",
|
|
47886
48634
|
"CVE-2026-22769",
|
|
47887
48635
|
"CVE-2026-23760",
|
|
@@ -48146,6 +48894,8 @@
|
|
|
48146
48894
|
"CVE-2025-53773",
|
|
48147
48895
|
"CVE-2025-54136",
|
|
48148
48896
|
"CVE-2025-6965",
|
|
48897
|
+
"CVE-2026-22252",
|
|
48898
|
+
"CVE-2026-22688",
|
|
48149
48899
|
"CVE-2026-25592",
|
|
48150
48900
|
"CVE-2026-30615",
|
|
48151
48901
|
"CVE-2026-30623",
|
|
@@ -49090,6 +49840,8 @@
|
|
|
49090
49840
|
"CVE-2026-21525",
|
|
49091
49841
|
"CVE-2026-21533",
|
|
49092
49842
|
"CVE-2026-21643",
|
|
49843
|
+
"CVE-2026-22252",
|
|
49844
|
+
"CVE-2026-22688",
|
|
49093
49845
|
"CVE-2026-22719",
|
|
49094
49846
|
"CVE-2026-22769",
|
|
49095
49847
|
"CVE-2026-23760",
|
|
@@ -49418,6 +50170,8 @@
|
|
|
49418
50170
|
"CVE-2025-53773",
|
|
49419
50171
|
"CVE-2025-54136",
|
|
49420
50172
|
"CVE-2025-6965",
|
|
50173
|
+
"CVE-2026-22252",
|
|
50174
|
+
"CVE-2026-22688",
|
|
49421
50175
|
"CVE-2026-25592",
|
|
49422
50176
|
"CVE-2026-30615",
|
|
49423
50177
|
"CVE-2026-30623",
|
|
@@ -49893,6 +50647,8 @@
|
|
|
49893
50647
|
"CVE-2026-21525",
|
|
49894
50648
|
"CVE-2026-21533",
|
|
49895
50649
|
"CVE-2026-21643",
|
|
50650
|
+
"CVE-2026-22252",
|
|
50651
|
+
"CVE-2026-22688",
|
|
49896
50652
|
"CVE-2026-22719",
|
|
49897
50653
|
"CVE-2026-22769",
|
|
49898
50654
|
"CVE-2026-23760",
|
|
@@ -50233,6 +50989,8 @@
|
|
|
50233
50989
|
"CVE-2025-49844",
|
|
50234
50990
|
"CVE-2025-53773",
|
|
50235
50991
|
"CVE-2025-54136",
|
|
50992
|
+
"CVE-2026-22252",
|
|
50993
|
+
"CVE-2026-22688",
|
|
50236
50994
|
"CVE-2026-25592",
|
|
50237
50995
|
"CVE-2026-30615",
|
|
50238
50996
|
"CVE-2026-31431",
|
|
@@ -51151,6 +51909,8 @@
|
|
|
51151
51909
|
"CVE-2025-53773",
|
|
51152
51910
|
"CVE-2025-54136",
|
|
51153
51911
|
"CVE-2025-6965",
|
|
51912
|
+
"CVE-2026-22252",
|
|
51913
|
+
"CVE-2026-22688",
|
|
51154
51914
|
"CVE-2026-25592",
|
|
51155
51915
|
"CVE-2026-30615",
|
|
51156
51916
|
"CVE-2026-30623",
|
|
@@ -51225,6 +51985,8 @@
|
|
|
51225
51985
|
"CVE-2025-43300",
|
|
51226
51986
|
"CVE-2025-49596",
|
|
51227
51987
|
"CVE-2025-54136",
|
|
51988
|
+
"CVE-2026-22252",
|
|
51989
|
+
"CVE-2026-22688",
|
|
51228
51990
|
"CVE-2026-25592",
|
|
51229
51991
|
"CVE-2026-31431",
|
|
51230
51992
|
"CVE-2026-34926",
|
|
@@ -51375,6 +52137,8 @@
|
|
|
51375
52137
|
"CVE-2025-53773",
|
|
51376
52138
|
"CVE-2025-54136",
|
|
51377
52139
|
"CVE-2025-6965",
|
|
52140
|
+
"CVE-2026-22252",
|
|
52141
|
+
"CVE-2026-22688",
|
|
51378
52142
|
"CVE-2026-22778",
|
|
51379
52143
|
"CVE-2026-25592",
|
|
51380
52144
|
"CVE-2026-30623",
|
|
@@ -51946,6 +52710,8 @@
|
|
|
51946
52710
|
"CVE-2026-21525",
|
|
51947
52711
|
"CVE-2026-21533",
|
|
51948
52712
|
"CVE-2026-21643",
|
|
52713
|
+
"CVE-2026-22252",
|
|
52714
|
+
"CVE-2026-22688",
|
|
51949
52715
|
"CVE-2026-22719",
|
|
51950
52716
|
"CVE-2026-22769",
|
|
51951
52717
|
"CVE-2026-23760",
|
|
@@ -52209,6 +52975,8 @@
|
|
|
52209
52975
|
"CVE-2025-53773",
|
|
52210
52976
|
"CVE-2025-54136",
|
|
52211
52977
|
"CVE-2025-6965",
|
|
52978
|
+
"CVE-2026-22252",
|
|
52979
|
+
"CVE-2026-22688",
|
|
52212
52980
|
"CVE-2026-25592",
|
|
52213
52981
|
"CVE-2026-30615",
|
|
52214
52982
|
"CVE-2026-30623",
|
|
@@ -52481,6 +53249,8 @@
|
|
|
52481
53249
|
"CVE-2025-53773",
|
|
52482
53250
|
"CVE-2025-54136",
|
|
52483
53251
|
"CVE-2025-6965",
|
|
53252
|
+
"CVE-2026-22252",
|
|
53253
|
+
"CVE-2026-22688",
|
|
52484
53254
|
"CVE-2026-22778",
|
|
52485
53255
|
"CVE-2026-25592",
|
|
52486
53256
|
"CVE-2026-30615",
|