@blamejs/exceptd-skills 0.13.76 → 0.13.78
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +8 -8
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +2199 -0
- package/data/attack-techniques.json +9 -0
- package/data/cve-catalog.json +610 -0
- package/data/cwe-catalog.json +8 -1
- package/data/framework-control-gaps.json +51 -5
- package/data/zeroday-lessons.json +300 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +23 -23
|
@@ -269,18 +269,23 @@
|
|
|
269
269
|
"DS0017"
|
|
270
270
|
],
|
|
271
271
|
"cve_refs": [
|
|
272
|
+
"CVE-2024-50050",
|
|
272
273
|
"CVE-2025-1094",
|
|
273
274
|
"CVE-2025-11837",
|
|
275
|
+
"CVE-2025-23254",
|
|
276
|
+
"CVE-2025-30165",
|
|
274
277
|
"CVE-2025-34291",
|
|
275
278
|
"CVE-2025-49596",
|
|
276
279
|
"CVE-2025-53773",
|
|
277
280
|
"CVE-2025-54136",
|
|
278
281
|
"CVE-2025-55319",
|
|
282
|
+
"CVE-2025-60455",
|
|
279
283
|
"CVE-2025-68664",
|
|
280
284
|
"CVE-2026-22252",
|
|
281
285
|
"CVE-2026-22688",
|
|
282
286
|
"CVE-2026-22778",
|
|
283
287
|
"CVE-2026-25592",
|
|
288
|
+
"CVE-2026-26015",
|
|
284
289
|
"CVE-2026-30615",
|
|
285
290
|
"CVE-2026-30616",
|
|
286
291
|
"CVE-2026-30617",
|
|
@@ -826,6 +831,7 @@
|
|
|
826
831
|
"CVE-2024-21762",
|
|
827
832
|
"CVE-2024-37079",
|
|
828
833
|
"CVE-2024-43468",
|
|
834
|
+
"CVE-2024-50050",
|
|
829
835
|
"CVE-2024-56145",
|
|
830
836
|
"CVE-2024-57726",
|
|
831
837
|
"CVE-2024-7694",
|
|
@@ -856,6 +862,7 @@
|
|
|
856
862
|
"CVE-2025-2775",
|
|
857
863
|
"CVE-2025-2776",
|
|
858
864
|
"CVE-2025-29635",
|
|
865
|
+
"CVE-2025-30165",
|
|
859
866
|
"CVE-2025-30397",
|
|
860
867
|
"CVE-2025-31125",
|
|
861
868
|
"CVE-2025-32432",
|
|
@@ -959,6 +966,7 @@
|
|
|
959
966
|
"CVE-2026-22778",
|
|
960
967
|
"CVE-2026-23760",
|
|
961
968
|
"CVE-2026-25108",
|
|
969
|
+
"CVE-2026-26015",
|
|
962
970
|
"CVE-2026-30616",
|
|
963
971
|
"CVE-2026-30617",
|
|
964
972
|
"CVE-2026-30624",
|
|
@@ -980,6 +988,7 @@
|
|
|
980
988
|
"CVE-2026-42945",
|
|
981
989
|
"CVE-2026-6973",
|
|
982
990
|
"CVE-2026-7482",
|
|
991
|
+
"CVE-2026-9082",
|
|
983
992
|
"MAL-2025-AI-FOUND-FFMPEG-BIGSLEEP"
|
|
984
993
|
],
|
|
985
994
|
"description_full": "Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network. The weakness in the system can be a software bug, a temporary glitch, or a misconfiguration. Exploited applications are often websites/web servers, but can also include databases (like SQL), standard services (like SMB or SSH), network device administration and management protocols (like SNMP and Smart Install), and any other system with Internet-accessible open sockets.(Citation: NVD CVE-2016-6662)(Citation: CIS Multiple SMB Vulnerabilities)(Citation: US-CERT TA18-106A Network Infrastructure Devices 2018)(Citation: Cisco Blog Legacy Device Attacks)(Citation: NVD CVE-2014-7169) On ESXi infrastructure, adversaries may exploit exposed OpenSLP services; they may alternatively exploit exposed VMware vCenter servers.(Citation: Recorded Future ESXiArgs Ransomware 2023)(Citation: Ars Technica VMWare Code Execution Vulnerability 2021) Depending on the flaw being exploited, this may also involve [Exploitation for Stealth](https://attack.mitre.org/techniques/T1211) or [Exploitation for Client Execution](https://attack.mitre.org/techniques/T1203). If an application is hosted on cloud-based infrastructure and/or is containerized, then exploiting it may lead to compromise of the underlying instance or container. This can allow an adversary a path to access the cloud or container APIs (e.g., via the [Cloud Instance Metadata API](https://attack.mitre.org/techniques/T1552/005)), exploit container host access via [Escape to Host](https://attack.mitre.org/techniques/T1611), or take advantage of weak identity and access management policies. Adversaries may also exploit edge network infrastructure and related appliances, specifically targeting devices that do not support robust host-based defenses.(Citation: Mandiant Fortinet Zero Day)(Citation: Wired Russia Cyberwar) For websites and databases, the OWASP top 10 and CWE top 25 highlight the most common web-based vulnerabilities.(Citation: OWASP Top 10)(Citation: CWE top 25)",
|