@blamejs/exceptd-skills 0.13.77 → 0.13.78

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/data/_indexes/_meta.json +8 -8
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +1540 -0
  6. package/data/attack-techniques.json +6 -0
  7. package/data/cve-catalog.json +402 -0
  8. package/data/cwe-catalog.json +4 -0
  9. package/data/framework-control-gaps.json +32 -0
  10. package/data/zeroday-lessons.json +200 -0
  11. package/manifest.json +44 -44
  12. package/package.json +2 -2
  13. package/sbom.cdx.json +23 -23
package/data/_indexes/chains.json CHANGED
@@ -20485,6 +20485,1454 @@
20485
20485
  ]
20486
20486
  }
20487
20487
  },
20488
+ "CVE-2025-23254": {
20489
+ "name": "NVIDIA TensorRT-LLM Python Executor Deserialization RCE (ShadowMQ)",
20490
+ "rwep": 29,
20491
+ "cvss": 8.8,
20492
+ "cisa_kev": false,
20493
+ "epss_score": null,
20494
+ "referencing_skills": [
20495
+ "kernel-lpe-triage",
20496
+ "ai-attack-surface",
20497
+ "compliance-theater",
20498
+ "attack-surface-pentest",
20499
+ "ot-ics-security",
20500
+ "coordinated-vuln-disclosure",
20501
+ "sector-energy"
20502
+ ],
20503
+ "chain": {
20504
+ "cwes": [
20505
+ {
20506
+ "id": "CWE-1037",
20507
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
20508
+ "category": "Hardware / Side Channel"
20509
+ },
20510
+ {
20511
+ "id": "CWE-1039",
20512
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
20513
+ "category": "AI/ML"
20514
+ },
20515
+ {
20516
+ "id": "CWE-125",
20517
+ "name": "Out-of-bounds Read",
20518
+ "category": "Memory Safety"
20519
+ },
20520
+ {
20521
+ "id": "CWE-1357",
20522
+ "name": "Reliance on Insufficiently Trustworthy Component",
20523
+ "category": "Supply Chain"
20524
+ },
20525
+ {
20526
+ "id": "CWE-1395",
20527
+ "name": "Dependency on Vulnerable Third-Party Component",
20528
+ "category": "Supply Chain"
20529
+ },
20530
+ {
20531
+ "id": "CWE-1426",
20532
+ "name": "Improper Validation of Generative AI Output",
20533
+ "category": "AI/ML"
20534
+ },
20535
+ {
20536
+ "id": "CWE-22",
20537
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
20538
+ "category": "Path/Resource"
20539
+ },
20540
+ {
20541
+ "id": "CWE-269",
20542
+ "name": "Improper Privilege Management",
20543
+ "category": "Authorization"
20544
+ },
20545
+ {
20546
+ "id": "CWE-287",
20547
+ "name": "Improper Authentication",
20548
+ "category": "Authentication"
20549
+ },
20550
+ {
20551
+ "id": "CWE-306",
20552
+ "name": "Missing Authentication for Critical Function",
20553
+ "category": "Authentication"
20554
+ },
20555
+ {
20556
+ "id": "CWE-352",
20557
+ "name": "Cross-Site Request Forgery (CSRF)",
20558
+ "category": "Session"
20559
+ },
20560
+ {
20561
+ "id": "CWE-362",
20562
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
20563
+ "category": "Concurrency"
20564
+ },
20565
+ {
20566
+ "id": "CWE-416",
20567
+ "name": "Use After Free",
20568
+ "category": "Memory Safety"
20569
+ },
20570
+ {
20571
+ "id": "CWE-434",
20572
+ "name": "Unrestricted Upload of File with Dangerous Type",
20573
+ "category": "File Handling"
20574
+ },
20575
+ {
20576
+ "id": "CWE-672",
20577
+ "name": "Operation on a Resource after Expiration or Release",
20578
+ "category": "Memory Safety"
20579
+ },
20580
+ {
20581
+ "id": "CWE-732",
20582
+ "name": "Incorrect Permission Assignment for Critical Resource",
20583
+ "category": "Authorization"
20584
+ },
20585
+ {
20586
+ "id": "CWE-78",
20587
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
20588
+ "category": "Injection"
20589
+ },
20590
+ {
20591
+ "id": "CWE-787",
20592
+ "name": "Out-of-bounds Write",
20593
+ "category": "Memory Safety"
20594
+ },
20595
+ {
20596
+ "id": "CWE-79",
20597
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
20598
+ "category": "Injection"
20599
+ },
20600
+ {
20601
+ "id": "CWE-798",
20602
+ "name": "Use of Hard-coded Credentials",
20603
+ "category": "Credentials"
20604
+ },
20605
+ {
20606
+ "id": "CWE-89",
20607
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
20608
+ "category": "Injection"
20609
+ },
20610
+ {
20611
+ "id": "CWE-918",
20612
+ "name": "Server-Side Request Forgery (SSRF)",
20613
+ "category": "Network"
20614
+ },
20615
+ {
20616
+ "id": "CWE-94",
20617
+ "name": "Improper Control of Generation of Code (Code Injection)",
20618
+ "category": "Injection"
20619
+ }
20620
+ ],
20621
+ "atlas": [
20622
+ {
20623
+ "id": "AML.T0010",
20624
+ "name": "ML Supply Chain Compromise",
20625
+ "tactic": "Initial Access"
20626
+ },
20627
+ {
20628
+ "id": "AML.T0016",
20629
+ "name": "Obtain Capabilities: Develop Capabilities",
20630
+ "tactic": "Resource Development"
20631
+ },
20632
+ {
20633
+ "id": "AML.T0017",
20634
+ "name": "Discover ML Model Ontology",
20635
+ "tactic": "Discovery"
20636
+ },
20637
+ {
20638
+ "id": "AML.T0018",
20639
+ "name": "Backdoor ML Model",
20640
+ "tactic": "Persistence"
20641
+ },
20642
+ {
20643
+ "id": "AML.T0020",
20644
+ "name": "Poison Training Data",
20645
+ "tactic": "ML Attack Staging"
20646
+ },
20647
+ {
20648
+ "id": "AML.T0043",
20649
+ "name": "Craft Adversarial Data",
20650
+ "tactic": "ML Attack Staging"
20651
+ },
20652
+ {
20653
+ "id": "AML.T0051",
20654
+ "name": "LLM Prompt Injection",
20655
+ "tactic": "Execution"
20656
+ },
20657
+ {
20658
+ "id": "AML.T0054",
20659
+ "name": "LLM Jailbreak",
20660
+ "tactic": "Defense Evasion"
20661
+ },
20662
+ {
20663
+ "id": "AML.T0096",
20664
+ "name": "AI API as Covert C2 Channel",
20665
+ "tactic": "Command and Control"
20666
+ }
20667
+ ],
20668
+ "d3fend": [
20669
+ {
20670
+ "id": "D3-ASLR",
20671
+ "name": "Address Space Layout Randomization",
20672
+ "tactic": "Harden"
20673
+ },
20674
+ {
20675
+ "id": "D3-CSPP",
20676
+ "name": "Client-server Payload Profiling",
20677
+ "tactic": "Detect"
20678
+ },
20679
+ {
20680
+ "id": "D3-EAL",
20681
+ "name": "Executable Allowlisting",
20682
+ "tactic": "Harden"
20683
+ },
20684
+ {
20685
+ "id": "D3-IOPR",
20686
+ "name": "Input/Output Profiling Resource",
20687
+ "tactic": "Detect"
20688
+ },
20689
+ {
20690
+ "id": "D3-NTA",
20691
+ "name": "Network Traffic Analysis",
20692
+ "tactic": "Detect"
20693
+ },
20694
+ {
20695
+ "id": "D3-PHRA",
20696
+ "name": "Process Hardware Resource Access",
20697
+ "tactic": "Isolate"
20698
+ },
20699
+ {
20700
+ "id": "D3-PSEP",
20701
+ "name": "Process Segment Execution Prevention",
20702
+ "tactic": "Harden"
20703
+ }
20704
+ ],
20705
+ "framework_gaps": [
20706
+ {
20707
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
20708
+ "framework": "ALL",
20709
+ "control_name": "AI Pipeline Integrity"
20710
+ },
20711
+ {
20712
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
20713
+ "framework": "ALL",
20714
+ "control_name": "Prompt Injection as Access Control Failure"
20715
+ },
20716
+ {
20717
+ "id": "CIS-Controls-v8-Control7",
20718
+ "framework": "CIS Controls v8",
20719
+ "control_name": "Continuous Vulnerability Management"
20720
+ },
20721
+ {
20722
+ "id": "CMMC-2.0-Level-2",
20723
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
20724
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
20725
+ },
20726
+ {
20727
+ "id": "FedRAMP-Rev5-Moderate",
20728
+ "framework": "FedRAMP Rev 5 Moderate",
20729
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
20730
+ },
20731
+ {
20732
+ "id": "IEC-62443-3-3",
20733
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
20734
+ "control_name": "System security requirements and security levels"
20735
+ },
20736
+ {
20737
+ "id": "ISO-27001-2022-A.8.28",
20738
+ "framework": "ISO/IEC 27001:2022",
20739
+ "control_name": "Secure coding"
20740
+ },
20741
+ {
20742
+ "id": "ISO-27001-2022-A.8.8",
20743
+ "framework": "ISO/IEC 27001:2022",
20744
+ "control_name": "Management of technical vulnerabilities"
20745
+ },
20746
+ {
20747
+ "id": "ISO-IEC-23894-2023-clause-7",
20748
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
20749
+ "control_name": "AI risk management process"
20750
+ },
20751
+ {
20752
+ "id": "NERC-CIP-007-6-R4",
20753
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
20754
+ "control_name": "Security event monitoring"
20755
+ },
20756
+ {
20757
+ "id": "NIS2-Art21-patch-management",
20758
+ "framework": "EU NIS2 Directive",
20759
+ "control_name": "Vulnerability handling and disclosure"
20760
+ },
20761
+ {
20762
+ "id": "NIST-800-115",
20763
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
20764
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
20765
+ },
20766
+ {
20767
+ "id": "NIST-800-218-SSDF",
20768
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
20769
+ "control_name": "Secure Software Development Framework"
20770
+ },
20771
+ {
20772
+ "id": "NIST-800-53-AC-2",
20773
+ "framework": "NIST SP 800-53 Rev 5",
20774
+ "control_name": "Account Management"
20775
+ },
20776
+ {
20777
+ "id": "NIST-800-53-SC-8",
20778
+ "framework": "NIST SP 800-53 Rev 5",
20779
+ "control_name": "Transmission Confidentiality and Integrity"
20780
+ },
20781
+ {
20782
+ "id": "NIST-800-53-SI-2",
20783
+ "framework": "NIST SP 800-53 Rev 5",
20784
+ "control_name": "Flaw Remediation"
20785
+ },
20786
+ {
20787
+ "id": "NIST-800-53-SI-3",
20788
+ "framework": "NIST SP 800-53 Rev 5",
20789
+ "control_name": "Malicious Code Protection"
20790
+ },
20791
+ {
20792
+ "id": "NIST-800-82r3",
20793
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
20794
+ "control_name": "Guide to Operational Technology (OT) Security"
20795
+ },
20796
+ {
20797
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
20798
+ "framework": "OWASP Top 10 for LLM Applications 2025",
20799
+ "control_name": "Prompt Injection"
20800
+ },
20801
+ {
20802
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
20803
+ "framework": "OWASP Top 10 for LLM Applications 2025",
20804
+ "control_name": "Sensitive Information Disclosure"
20805
+ },
20806
+ {
20807
+ "id": "OWASP-Pen-Testing-Guide-v5",
20808
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
20809
+ "control_name": "Web application penetration testing methodology"
20810
+ },
20811
+ {
20812
+ "id": "PCI-DSS-4.0-6.3.3",
20813
+ "framework": "PCI DSS 4.0",
20814
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
20815
+ },
20816
+ {
20817
+ "id": "PTES-Pre-engagement",
20818
+ "framework": "Penetration Testing Execution Standard (PTES)",
20819
+ "control_name": "Pre-engagement Interactions"
20820
+ },
20821
+ {
20822
+ "id": "SOC2-CC6-logical-access",
20823
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
20824
+ "control_name": "Logical and Physical Access Controls"
20825
+ },
20826
+ {
20827
+ "id": "SOC2-CC9-vendor-management",
20828
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
20829
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
20830
+ }
20831
+ ],
20832
+ "attack_refs": [
20833
+ "T0855",
20834
+ "T0883",
20835
+ "T1059",
20836
+ "T1068",
20837
+ "T1078",
20838
+ "T1133",
20839
+ "T1190",
20840
+ "T1548.001",
20841
+ "T1566"
20842
+ ],
20843
+ "rfc_refs": [
20844
+ "RFC-4301",
20845
+ "RFC-4303",
20846
+ "RFC-7296"
20847
+ ]
20848
+ }
20849
+ },
20850
+ "CVE-2025-30165": {
20851
+ "name": "vLLM V0 Engine ZeroMQ Deserialization RCE (ShadowMQ)",
20852
+ "rwep": 46,
20853
+ "cvss": 8,
20854
+ "cisa_kev": false,
20855
+ "epss_score": null,
20856
+ "referencing_skills": [
20857
+ "kernel-lpe-triage",
20858
+ "ai-attack-surface",
20859
+ "compliance-theater",
20860
+ "attack-surface-pentest",
20861
+ "ot-ics-security",
20862
+ "coordinated-vuln-disclosure",
20863
+ "sector-energy"
20864
+ ],
20865
+ "chain": {
20866
+ "cwes": [
20867
+ {
20868
+ "id": "CWE-1037",
20869
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
20870
+ "category": "Hardware / Side Channel"
20871
+ },
20872
+ {
20873
+ "id": "CWE-1039",
20874
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
20875
+ "category": "AI/ML"
20876
+ },
20877
+ {
20878
+ "id": "CWE-125",
20879
+ "name": "Out-of-bounds Read",
20880
+ "category": "Memory Safety"
20881
+ },
20882
+ {
20883
+ "id": "CWE-1357",
20884
+ "name": "Reliance on Insufficiently Trustworthy Component",
20885
+ "category": "Supply Chain"
20886
+ },
20887
+ {
20888
+ "id": "CWE-1395",
20889
+ "name": "Dependency on Vulnerable Third-Party Component",
20890
+ "category": "Supply Chain"
20891
+ },
20892
+ {
20893
+ "id": "CWE-1426",
20894
+ "name": "Improper Validation of Generative AI Output",
20895
+ "category": "AI/ML"
20896
+ },
20897
+ {
20898
+ "id": "CWE-22",
20899
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
20900
+ "category": "Path/Resource"
20901
+ },
20902
+ {
20903
+ "id": "CWE-269",
20904
+ "name": "Improper Privilege Management",
20905
+ "category": "Authorization"
20906
+ },
20907
+ {
20908
+ "id": "CWE-287",
20909
+ "name": "Improper Authentication",
20910
+ "category": "Authentication"
20911
+ },
20912
+ {
20913
+ "id": "CWE-306",
20914
+ "name": "Missing Authentication for Critical Function",
20915
+ "category": "Authentication"
20916
+ },
20917
+ {
20918
+ "id": "CWE-352",
20919
+ "name": "Cross-Site Request Forgery (CSRF)",
20920
+ "category": "Session"
20921
+ },
20922
+ {
20923
+ "id": "CWE-362",
20924
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
20925
+ "category": "Concurrency"
20926
+ },
20927
+ {
20928
+ "id": "CWE-416",
20929
+ "name": "Use After Free",
20930
+ "category": "Memory Safety"
20931
+ },
20932
+ {
20933
+ "id": "CWE-434",
20934
+ "name": "Unrestricted Upload of File with Dangerous Type",
20935
+ "category": "File Handling"
20936
+ },
20937
+ {
20938
+ "id": "CWE-672",
20939
+ "name": "Operation on a Resource after Expiration or Release",
20940
+ "category": "Memory Safety"
20941
+ },
20942
+ {
20943
+ "id": "CWE-732",
20944
+ "name": "Incorrect Permission Assignment for Critical Resource",
20945
+ "category": "Authorization"
20946
+ },
20947
+ {
20948
+ "id": "CWE-78",
20949
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
20950
+ "category": "Injection"
20951
+ },
20952
+ {
20953
+ "id": "CWE-787",
20954
+ "name": "Out-of-bounds Write",
20955
+ "category": "Memory Safety"
20956
+ },
20957
+ {
20958
+ "id": "CWE-79",
20959
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
20960
+ "category": "Injection"
20961
+ },
20962
+ {
20963
+ "id": "CWE-798",
20964
+ "name": "Use of Hard-coded Credentials",
20965
+ "category": "Credentials"
20966
+ },
20967
+ {
20968
+ "id": "CWE-89",
20969
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
20970
+ "category": "Injection"
20971
+ },
20972
+ {
20973
+ "id": "CWE-918",
20974
+ "name": "Server-Side Request Forgery (SSRF)",
20975
+ "category": "Network"
20976
+ },
20977
+ {
20978
+ "id": "CWE-94",
20979
+ "name": "Improper Control of Generation of Code (Code Injection)",
20980
+ "category": "Injection"
20981
+ }
20982
+ ],
20983
+ "atlas": [
20984
+ {
20985
+ "id": "AML.T0010",
20986
+ "name": "ML Supply Chain Compromise",
20987
+ "tactic": "Initial Access"
20988
+ },
20989
+ {
20990
+ "id": "AML.T0016",
20991
+ "name": "Obtain Capabilities: Develop Capabilities",
20992
+ "tactic": "Resource Development"
20993
+ },
20994
+ {
20995
+ "id": "AML.T0017",
20996
+ "name": "Discover ML Model Ontology",
20997
+ "tactic": "Discovery"
20998
+ },
20999
+ {
21000
+ "id": "AML.T0018",
21001
+ "name": "Backdoor ML Model",
21002
+ "tactic": "Persistence"
21003
+ },
21004
+ {
21005
+ "id": "AML.T0020",
21006
+ "name": "Poison Training Data",
21007
+ "tactic": "ML Attack Staging"
21008
+ },
21009
+ {
21010
+ "id": "AML.T0043",
21011
+ "name": "Craft Adversarial Data",
21012
+ "tactic": "ML Attack Staging"
21013
+ },
21014
+ {
21015
+ "id": "AML.T0051",
21016
+ "name": "LLM Prompt Injection",
21017
+ "tactic": "Execution"
21018
+ },
21019
+ {
21020
+ "id": "AML.T0054",
21021
+ "name": "LLM Jailbreak",
21022
+ "tactic": "Defense Evasion"
21023
+ },
21024
+ {
21025
+ "id": "AML.T0096",
21026
+ "name": "AI API as Covert C2 Channel",
21027
+ "tactic": "Command and Control"
21028
+ }
21029
+ ],
21030
+ "d3fend": [
21031
+ {
21032
+ "id": "D3-ASLR",
21033
+ "name": "Address Space Layout Randomization",
21034
+ "tactic": "Harden"
21035
+ },
21036
+ {
21037
+ "id": "D3-CSPP",
21038
+ "name": "Client-server Payload Profiling",
21039
+ "tactic": "Detect"
21040
+ },
21041
+ {
21042
+ "id": "D3-EAL",
21043
+ "name": "Executable Allowlisting",
21044
+ "tactic": "Harden"
21045
+ },
21046
+ {
21047
+ "id": "D3-IOPR",
21048
+ "name": "Input/Output Profiling Resource",
21049
+ "tactic": "Detect"
21050
+ },
21051
+ {
21052
+ "id": "D3-NTA",
21053
+ "name": "Network Traffic Analysis",
21054
+ "tactic": "Detect"
21055
+ },
21056
+ {
21057
+ "id": "D3-PHRA",
21058
+ "name": "Process Hardware Resource Access",
21059
+ "tactic": "Isolate"
21060
+ },
21061
+ {
21062
+ "id": "D3-PSEP",
21063
+ "name": "Process Segment Execution Prevention",
21064
+ "tactic": "Harden"
21065
+ }
21066
+ ],
21067
+ "framework_gaps": [
21068
+ {
21069
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
21070
+ "framework": "ALL",
21071
+ "control_name": "AI Pipeline Integrity"
21072
+ },
21073
+ {
21074
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
21075
+ "framework": "ALL",
21076
+ "control_name": "Prompt Injection as Access Control Failure"
21077
+ },
21078
+ {
21079
+ "id": "CIS-Controls-v8-Control7",
21080
+ "framework": "CIS Controls v8",
21081
+ "control_name": "Continuous Vulnerability Management"
21082
+ },
21083
+ {
21084
+ "id": "CMMC-2.0-Level-2",
21085
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
21086
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
21087
+ },
21088
+ {
21089
+ "id": "FedRAMP-Rev5-Moderate",
21090
+ "framework": "FedRAMP Rev 5 Moderate",
21091
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
21092
+ },
21093
+ {
21094
+ "id": "IEC-62443-3-3",
21095
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
21096
+ "control_name": "System security requirements and security levels"
21097
+ },
21098
+ {
21099
+ "id": "ISO-27001-2022-A.8.28",
21100
+ "framework": "ISO/IEC 27001:2022",
21101
+ "control_name": "Secure coding"
21102
+ },
21103
+ {
21104
+ "id": "ISO-27001-2022-A.8.8",
21105
+ "framework": "ISO/IEC 27001:2022",
21106
+ "control_name": "Management of technical vulnerabilities"
21107
+ },
21108
+ {
21109
+ "id": "ISO-IEC-23894-2023-clause-7",
21110
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
21111
+ "control_name": "AI risk management process"
21112
+ },
21113
+ {
21114
+ "id": "NERC-CIP-007-6-R4",
21115
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
21116
+ "control_name": "Security event monitoring"
21117
+ },
21118
+ {
21119
+ "id": "NIS2-Art21-patch-management",
21120
+ "framework": "EU NIS2 Directive",
21121
+ "control_name": "Vulnerability handling and disclosure"
21122
+ },
21123
+ {
21124
+ "id": "NIST-800-115",
21125
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
21126
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
21127
+ },
21128
+ {
21129
+ "id": "NIST-800-218-SSDF",
21130
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
21131
+ "control_name": "Secure Software Development Framework"
21132
+ },
21133
+ {
21134
+ "id": "NIST-800-53-AC-2",
21135
+ "framework": "NIST SP 800-53 Rev 5",
21136
+ "control_name": "Account Management"
21137
+ },
21138
+ {
21139
+ "id": "NIST-800-53-SC-8",
21140
+ "framework": "NIST SP 800-53 Rev 5",
21141
+ "control_name": "Transmission Confidentiality and Integrity"
21142
+ },
21143
+ {
21144
+ "id": "NIST-800-53-SI-2",
21145
+ "framework": "NIST SP 800-53 Rev 5",
21146
+ "control_name": "Flaw Remediation"
21147
+ },
21148
+ {
21149
+ "id": "NIST-800-53-SI-3",
21150
+ "framework": "NIST SP 800-53 Rev 5",
21151
+ "control_name": "Malicious Code Protection"
21152
+ },
21153
+ {
21154
+ "id": "NIST-800-82r3",
21155
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
21156
+ "control_name": "Guide to Operational Technology (OT) Security"
21157
+ },
21158
+ {
21159
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
21160
+ "framework": "OWASP Top 10 for LLM Applications 2025",
21161
+ "control_name": "Prompt Injection"
21162
+ },
21163
+ {
21164
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
21165
+ "framework": "OWASP Top 10 for LLM Applications 2025",
21166
+ "control_name": "Sensitive Information Disclosure"
21167
+ },
21168
+ {
21169
+ "id": "OWASP-Pen-Testing-Guide-v5",
21170
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
21171
+ "control_name": "Web application penetration testing methodology"
21172
+ },
21173
+ {
21174
+ "id": "PCI-DSS-4.0-6.3.3",
21175
+ "framework": "PCI DSS 4.0",
21176
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
21177
+ },
21178
+ {
21179
+ "id": "PTES-Pre-engagement",
21180
+ "framework": "Penetration Testing Execution Standard (PTES)",
21181
+ "control_name": "Pre-engagement Interactions"
21182
+ },
21183
+ {
21184
+ "id": "SOC2-CC6-logical-access",
21185
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
21186
+ "control_name": "Logical and Physical Access Controls"
21187
+ },
21188
+ {
21189
+ "id": "SOC2-CC9-vendor-management",
21190
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
21191
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
21192
+ }
21193
+ ],
21194
+ "attack_refs": [
21195
+ "T0855",
21196
+ "T0883",
21197
+ "T1059",
21198
+ "T1068",
21199
+ "T1078",
21200
+ "T1133",
21201
+ "T1190",
21202
+ "T1548.001",
21203
+ "T1566"
21204
+ ],
21205
+ "rfc_refs": [
21206
+ "RFC-4301",
21207
+ "RFC-4303",
21208
+ "RFC-7296"
21209
+ ]
21210
+ }
21211
+ },
21212
+ "CVE-2024-50050": {
21213
+ "name": "Meta Llama Stack Socket Deserialization RCE (ShadowMQ)",
21214
+ "rwep": 27,
21215
+ "cvss": 6.3,
21216
+ "cisa_kev": false,
21217
+ "epss_score": null,
21218
+ "referencing_skills": [
21219
+ "kernel-lpe-triage",
21220
+ "ai-attack-surface",
21221
+ "compliance-theater",
21222
+ "attack-surface-pentest",
21223
+ "ot-ics-security",
21224
+ "coordinated-vuln-disclosure",
21225
+ "sector-energy"
21226
+ ],
21227
+ "chain": {
21228
+ "cwes": [
21229
+ {
21230
+ "id": "CWE-1037",
21231
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
21232
+ "category": "Hardware / Side Channel"
21233
+ },
21234
+ {
21235
+ "id": "CWE-1039",
21236
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
21237
+ "category": "AI/ML"
21238
+ },
21239
+ {
21240
+ "id": "CWE-125",
21241
+ "name": "Out-of-bounds Read",
21242
+ "category": "Memory Safety"
21243
+ },
21244
+ {
21245
+ "id": "CWE-1357",
21246
+ "name": "Reliance on Insufficiently Trustworthy Component",
21247
+ "category": "Supply Chain"
21248
+ },
21249
+ {
21250
+ "id": "CWE-1395",
21251
+ "name": "Dependency on Vulnerable Third-Party Component",
21252
+ "category": "Supply Chain"
21253
+ },
21254
+ {
21255
+ "id": "CWE-1426",
21256
+ "name": "Improper Validation of Generative AI Output",
21257
+ "category": "AI/ML"
21258
+ },
21259
+ {
21260
+ "id": "CWE-22",
21261
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
21262
+ "category": "Path/Resource"
21263
+ },
21264
+ {
21265
+ "id": "CWE-269",
21266
+ "name": "Improper Privilege Management",
21267
+ "category": "Authorization"
21268
+ },
21269
+ {
21270
+ "id": "CWE-287",
21271
+ "name": "Improper Authentication",
21272
+ "category": "Authentication"
21273
+ },
21274
+ {
21275
+ "id": "CWE-306",
21276
+ "name": "Missing Authentication for Critical Function",
21277
+ "category": "Authentication"
21278
+ },
21279
+ {
21280
+ "id": "CWE-352",
21281
+ "name": "Cross-Site Request Forgery (CSRF)",
21282
+ "category": "Session"
21283
+ },
21284
+ {
21285
+ "id": "CWE-362",
21286
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
21287
+ "category": "Concurrency"
21288
+ },
21289
+ {
21290
+ "id": "CWE-416",
21291
+ "name": "Use After Free",
21292
+ "category": "Memory Safety"
21293
+ },
21294
+ {
21295
+ "id": "CWE-434",
21296
+ "name": "Unrestricted Upload of File with Dangerous Type",
21297
+ "category": "File Handling"
21298
+ },
21299
+ {
21300
+ "id": "CWE-672",
21301
+ "name": "Operation on a Resource after Expiration or Release",
21302
+ "category": "Memory Safety"
21303
+ },
21304
+ {
21305
+ "id": "CWE-732",
21306
+ "name": "Incorrect Permission Assignment for Critical Resource",
21307
+ "category": "Authorization"
21308
+ },
21309
+ {
21310
+ "id": "CWE-78",
21311
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
21312
+ "category": "Injection"
21313
+ },
21314
+ {
21315
+ "id": "CWE-787",
21316
+ "name": "Out-of-bounds Write",
21317
+ "category": "Memory Safety"
21318
+ },
21319
+ {
21320
+ "id": "CWE-79",
21321
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
21322
+ "category": "Injection"
21323
+ },
21324
+ {
21325
+ "id": "CWE-798",
21326
+ "name": "Use of Hard-coded Credentials",
21327
+ "category": "Credentials"
21328
+ },
21329
+ {
21330
+ "id": "CWE-89",
21331
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
21332
+ "category": "Injection"
21333
+ },
21334
+ {
21335
+ "id": "CWE-918",
21336
+ "name": "Server-Side Request Forgery (SSRF)",
21337
+ "category": "Network"
21338
+ },
21339
+ {
21340
+ "id": "CWE-94",
21341
+ "name": "Improper Control of Generation of Code (Code Injection)",
21342
+ "category": "Injection"
21343
+ }
21344
+ ],
21345
+ "atlas": [
21346
+ {
21347
+ "id": "AML.T0010",
21348
+ "name": "ML Supply Chain Compromise",
21349
+ "tactic": "Initial Access"
21350
+ },
21351
+ {
21352
+ "id": "AML.T0016",
21353
+ "name": "Obtain Capabilities: Develop Capabilities",
21354
+ "tactic": "Resource Development"
21355
+ },
21356
+ {
21357
+ "id": "AML.T0017",
21358
+ "name": "Discover ML Model Ontology",
21359
+ "tactic": "Discovery"
21360
+ },
21361
+ {
21362
+ "id": "AML.T0018",
21363
+ "name": "Backdoor ML Model",
21364
+ "tactic": "Persistence"
21365
+ },
21366
+ {
21367
+ "id": "AML.T0020",
21368
+ "name": "Poison Training Data",
21369
+ "tactic": "ML Attack Staging"
21370
+ },
21371
+ {
21372
+ "id": "AML.T0043",
21373
+ "name": "Craft Adversarial Data",
21374
+ "tactic": "ML Attack Staging"
21375
+ },
21376
+ {
21377
+ "id": "AML.T0051",
21378
+ "name": "LLM Prompt Injection",
21379
+ "tactic": "Execution"
21380
+ },
21381
+ {
21382
+ "id": "AML.T0054",
21383
+ "name": "LLM Jailbreak",
21384
+ "tactic": "Defense Evasion"
21385
+ },
21386
+ {
21387
+ "id": "AML.T0096",
21388
+ "name": "AI API as Covert C2 Channel",
21389
+ "tactic": "Command and Control"
21390
+ }
21391
+ ],
21392
+ "d3fend": [
21393
+ {
21394
+ "id": "D3-ASLR",
21395
+ "name": "Address Space Layout Randomization",
21396
+ "tactic": "Harden"
21397
+ },
21398
+ {
21399
+ "id": "D3-CSPP",
21400
+ "name": "Client-server Payload Profiling",
21401
+ "tactic": "Detect"
21402
+ },
21403
+ {
21404
+ "id": "D3-EAL",
21405
+ "name": "Executable Allowlisting",
21406
+ "tactic": "Harden"
21407
+ },
21408
+ {
21409
+ "id": "D3-IOPR",
21410
+ "name": "Input/Output Profiling Resource",
21411
+ "tactic": "Detect"
21412
+ },
21413
+ {
21414
+ "id": "D3-NTA",
21415
+ "name": "Network Traffic Analysis",
21416
+ "tactic": "Detect"
21417
+ },
21418
+ {
21419
+ "id": "D3-PHRA",
21420
+ "name": "Process Hardware Resource Access",
21421
+ "tactic": "Isolate"
21422
+ },
21423
+ {
21424
+ "id": "D3-PSEP",
21425
+ "name": "Process Segment Execution Prevention",
21426
+ "tactic": "Harden"
21427
+ }
21428
+ ],
21429
+ "framework_gaps": [
21430
+ {
21431
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
21432
+ "framework": "ALL",
21433
+ "control_name": "AI Pipeline Integrity"
21434
+ },
21435
+ {
21436
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
21437
+ "framework": "ALL",
21438
+ "control_name": "Prompt Injection as Access Control Failure"
21439
+ },
21440
+ {
21441
+ "id": "CIS-Controls-v8-Control7",
21442
+ "framework": "CIS Controls v8",
21443
+ "control_name": "Continuous Vulnerability Management"
21444
+ },
21445
+ {
21446
+ "id": "CMMC-2.0-Level-2",
21447
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
21448
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
21449
+ },
21450
+ {
21451
+ "id": "FedRAMP-Rev5-Moderate",
21452
+ "framework": "FedRAMP Rev 5 Moderate",
21453
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
21454
+ },
21455
+ {
21456
+ "id": "IEC-62443-3-3",
21457
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
21458
+ "control_name": "System security requirements and security levels"
21459
+ },
21460
+ {
21461
+ "id": "ISO-27001-2022-A.8.28",
21462
+ "framework": "ISO/IEC 27001:2022",
21463
+ "control_name": "Secure coding"
21464
+ },
21465
+ {
21466
+ "id": "ISO-27001-2022-A.8.8",
21467
+ "framework": "ISO/IEC 27001:2022",
21468
+ "control_name": "Management of technical vulnerabilities"
21469
+ },
21470
+ {
21471
+ "id": "ISO-IEC-23894-2023-clause-7",
21472
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
21473
+ "control_name": "AI risk management process"
21474
+ },
21475
+ {
21476
+ "id": "NERC-CIP-007-6-R4",
21477
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
21478
+ "control_name": "Security event monitoring"
21479
+ },
21480
+ {
21481
+ "id": "NIS2-Art21-patch-management",
21482
+ "framework": "EU NIS2 Directive",
21483
+ "control_name": "Vulnerability handling and disclosure"
21484
+ },
21485
+ {
21486
+ "id": "NIST-800-115",
21487
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
21488
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
21489
+ },
21490
+ {
21491
+ "id": "NIST-800-218-SSDF",
21492
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
21493
+ "control_name": "Secure Software Development Framework"
21494
+ },
21495
+ {
21496
+ "id": "NIST-800-53-AC-2",
21497
+ "framework": "NIST SP 800-53 Rev 5",
21498
+ "control_name": "Account Management"
21499
+ },
21500
+ {
21501
+ "id": "NIST-800-53-SC-8",
21502
+ "framework": "NIST SP 800-53 Rev 5",
21503
+ "control_name": "Transmission Confidentiality and Integrity"
21504
+ },
21505
+ {
21506
+ "id": "NIST-800-53-SI-2",
21507
+ "framework": "NIST SP 800-53 Rev 5",
21508
+ "control_name": "Flaw Remediation"
21509
+ },
21510
+ {
21511
+ "id": "NIST-800-53-SI-3",
21512
+ "framework": "NIST SP 800-53 Rev 5",
21513
+ "control_name": "Malicious Code Protection"
21514
+ },
21515
+ {
21516
+ "id": "NIST-800-82r3",
21517
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
21518
+ "control_name": "Guide to Operational Technology (OT) Security"
21519
+ },
21520
+ {
21521
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
21522
+ "framework": "OWASP Top 10 for LLM Applications 2025",
21523
+ "control_name": "Prompt Injection"
21524
+ },
21525
+ {
21526
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
21527
+ "framework": "OWASP Top 10 for LLM Applications 2025",
21528
+ "control_name": "Sensitive Information Disclosure"
21529
+ },
21530
+ {
21531
+ "id": "OWASP-Pen-Testing-Guide-v5",
21532
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
21533
+ "control_name": "Web application penetration testing methodology"
21534
+ },
21535
+ {
21536
+ "id": "PCI-DSS-4.0-6.3.3",
21537
+ "framework": "PCI DSS 4.0",
21538
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
21539
+ },
21540
+ {
21541
+ "id": "PTES-Pre-engagement",
21542
+ "framework": "Penetration Testing Execution Standard (PTES)",
21543
+ "control_name": "Pre-engagement Interactions"
21544
+ },
21545
+ {
21546
+ "id": "SOC2-CC6-logical-access",
21547
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
21548
+ "control_name": "Logical and Physical Access Controls"
21549
+ },
21550
+ {
21551
+ "id": "SOC2-CC9-vendor-management",
21552
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
21553
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
21554
+ }
21555
+ ],
21556
+ "attack_refs": [
21557
+ "T0855",
21558
+ "T0883",
21559
+ "T1059",
21560
+ "T1068",
21561
+ "T1078",
21562
+ "T1133",
21563
+ "T1190",
21564
+ "T1548.001",
21565
+ "T1566"
21566
+ ],
21567
+ "rfc_refs": [
21568
+ "RFC-4301",
21569
+ "RFC-4303",
21570
+ "RFC-7296"
21571
+ ]
21572
+ }
21573
+ },
21574
+ "CVE-2025-60455": {
21575
+ "name": "Modular Max Server KVCache-Agent Deserialization RCE (ShadowMQ)",
21576
+ "rwep": 23,
21577
+ "cvss": 8.4,
21578
+ "cisa_kev": false,
21579
+ "epss_score": null,
21580
+ "referencing_skills": [
21581
+ "kernel-lpe-triage",
21582
+ "ai-attack-surface",
21583
+ "compliance-theater",
21584
+ "attack-surface-pentest",
21585
+ "ot-ics-security",
21586
+ "coordinated-vuln-disclosure",
21587
+ "sector-energy"
21588
+ ],
21589
+ "chain": {
21590
+ "cwes": [
21591
+ {
21592
+ "id": "CWE-1037",
21593
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
21594
+ "category": "Hardware / Side Channel"
21595
+ },
21596
+ {
21597
+ "id": "CWE-1039",
21598
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
21599
+ "category": "AI/ML"
21600
+ },
21601
+ {
21602
+ "id": "CWE-125",
21603
+ "name": "Out-of-bounds Read",
21604
+ "category": "Memory Safety"
21605
+ },
21606
+ {
21607
+ "id": "CWE-1357",
21608
+ "name": "Reliance on Insufficiently Trustworthy Component",
21609
+ "category": "Supply Chain"
21610
+ },
21611
+ {
21612
+ "id": "CWE-1395",
21613
+ "name": "Dependency on Vulnerable Third-Party Component",
21614
+ "category": "Supply Chain"
21615
+ },
21616
+ {
21617
+ "id": "CWE-1426",
21618
+ "name": "Improper Validation of Generative AI Output",
21619
+ "category": "AI/ML"
21620
+ },
21621
+ {
21622
+ "id": "CWE-22",
21623
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
21624
+ "category": "Path/Resource"
21625
+ },
21626
+ {
21627
+ "id": "CWE-269",
21628
+ "name": "Improper Privilege Management",
21629
+ "category": "Authorization"
21630
+ },
21631
+ {
21632
+ "id": "CWE-287",
21633
+ "name": "Improper Authentication",
21634
+ "category": "Authentication"
21635
+ },
21636
+ {
21637
+ "id": "CWE-306",
21638
+ "name": "Missing Authentication for Critical Function",
21639
+ "category": "Authentication"
21640
+ },
21641
+ {
21642
+ "id": "CWE-352",
21643
+ "name": "Cross-Site Request Forgery (CSRF)",
21644
+ "category": "Session"
21645
+ },
21646
+ {
21647
+ "id": "CWE-362",
21648
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
21649
+ "category": "Concurrency"
21650
+ },
21651
+ {
21652
+ "id": "CWE-416",
21653
+ "name": "Use After Free",
21654
+ "category": "Memory Safety"
21655
+ },
21656
+ {
21657
+ "id": "CWE-434",
21658
+ "name": "Unrestricted Upload of File with Dangerous Type",
21659
+ "category": "File Handling"
21660
+ },
21661
+ {
21662
+ "id": "CWE-672",
21663
+ "name": "Operation on a Resource after Expiration or Release",
21664
+ "category": "Memory Safety"
21665
+ },
21666
+ {
21667
+ "id": "CWE-732",
21668
+ "name": "Incorrect Permission Assignment for Critical Resource",
21669
+ "category": "Authorization"
21670
+ },
21671
+ {
21672
+ "id": "CWE-78",
21673
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
21674
+ "category": "Injection"
21675
+ },
21676
+ {
21677
+ "id": "CWE-787",
21678
+ "name": "Out-of-bounds Write",
21679
+ "category": "Memory Safety"
21680
+ },
21681
+ {
21682
+ "id": "CWE-79",
21683
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
21684
+ "category": "Injection"
21685
+ },
21686
+ {
21687
+ "id": "CWE-798",
21688
+ "name": "Use of Hard-coded Credentials",
21689
+ "category": "Credentials"
21690
+ },
21691
+ {
21692
+ "id": "CWE-89",
21693
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
21694
+ "category": "Injection"
21695
+ },
21696
+ {
21697
+ "id": "CWE-918",
21698
+ "name": "Server-Side Request Forgery (SSRF)",
21699
+ "category": "Network"
21700
+ },
21701
+ {
21702
+ "id": "CWE-94",
21703
+ "name": "Improper Control of Generation of Code (Code Injection)",
21704
+ "category": "Injection"
21705
+ }
21706
+ ],
21707
+ "atlas": [
21708
+ {
21709
+ "id": "AML.T0010",
21710
+ "name": "ML Supply Chain Compromise",
21711
+ "tactic": "Initial Access"
21712
+ },
21713
+ {
21714
+ "id": "AML.T0016",
21715
+ "name": "Obtain Capabilities: Develop Capabilities",
21716
+ "tactic": "Resource Development"
21717
+ },
21718
+ {
21719
+ "id": "AML.T0017",
21720
+ "name": "Discover ML Model Ontology",
21721
+ "tactic": "Discovery"
21722
+ },
21723
+ {
21724
+ "id": "AML.T0018",
21725
+ "name": "Backdoor ML Model",
21726
+ "tactic": "Persistence"
21727
+ },
21728
+ {
21729
+ "id": "AML.T0020",
21730
+ "name": "Poison Training Data",
21731
+ "tactic": "ML Attack Staging"
21732
+ },
21733
+ {
21734
+ "id": "AML.T0043",
21735
+ "name": "Craft Adversarial Data",
21736
+ "tactic": "ML Attack Staging"
21737
+ },
21738
+ {
21739
+ "id": "AML.T0051",
21740
+ "name": "LLM Prompt Injection",
21741
+ "tactic": "Execution"
21742
+ },
21743
+ {
21744
+ "id": "AML.T0054",
21745
+ "name": "LLM Jailbreak",
21746
+ "tactic": "Defense Evasion"
21747
+ },
21748
+ {
21749
+ "id": "AML.T0096",
21750
+ "name": "AI API as Covert C2 Channel",
21751
+ "tactic": "Command and Control"
21752
+ }
21753
+ ],
21754
+ "d3fend": [
21755
+ {
21756
+ "id": "D3-ASLR",
21757
+ "name": "Address Space Layout Randomization",
21758
+ "tactic": "Harden"
21759
+ },
21760
+ {
21761
+ "id": "D3-CSPP",
21762
+ "name": "Client-server Payload Profiling",
21763
+ "tactic": "Detect"
21764
+ },
21765
+ {
21766
+ "id": "D3-EAL",
21767
+ "name": "Executable Allowlisting",
21768
+ "tactic": "Harden"
21769
+ },
21770
+ {
21771
+ "id": "D3-IOPR",
21772
+ "name": "Input/Output Profiling Resource",
21773
+ "tactic": "Detect"
21774
+ },
21775
+ {
21776
+ "id": "D3-NTA",
21777
+ "name": "Network Traffic Analysis",
21778
+ "tactic": "Detect"
21779
+ },
21780
+ {
21781
+ "id": "D3-PHRA",
21782
+ "name": "Process Hardware Resource Access",
21783
+ "tactic": "Isolate"
21784
+ },
21785
+ {
21786
+ "id": "D3-PSEP",
21787
+ "name": "Process Segment Execution Prevention",
21788
+ "tactic": "Harden"
21789
+ }
21790
+ ],
21791
+ "framework_gaps": [
21792
+ {
21793
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
21794
+ "framework": "ALL",
21795
+ "control_name": "AI Pipeline Integrity"
21796
+ },
21797
+ {
21798
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
21799
+ "framework": "ALL",
21800
+ "control_name": "Prompt Injection as Access Control Failure"
21801
+ },
21802
+ {
21803
+ "id": "CIS-Controls-v8-Control7",
21804
+ "framework": "CIS Controls v8",
21805
+ "control_name": "Continuous Vulnerability Management"
21806
+ },
21807
+ {
21808
+ "id": "CMMC-2.0-Level-2",
21809
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
21810
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
21811
+ },
21812
+ {
21813
+ "id": "FedRAMP-Rev5-Moderate",
21814
+ "framework": "FedRAMP Rev 5 Moderate",
21815
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
21816
+ },
21817
+ {
21818
+ "id": "IEC-62443-3-3",
21819
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
21820
+ "control_name": "System security requirements and security levels"
21821
+ },
21822
+ {
21823
+ "id": "ISO-27001-2022-A.8.28",
21824
+ "framework": "ISO/IEC 27001:2022",
21825
+ "control_name": "Secure coding"
21826
+ },
21827
+ {
21828
+ "id": "ISO-27001-2022-A.8.8",
21829
+ "framework": "ISO/IEC 27001:2022",
21830
+ "control_name": "Management of technical vulnerabilities"
21831
+ },
21832
+ {
21833
+ "id": "ISO-IEC-23894-2023-clause-7",
21834
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
21835
+ "control_name": "AI risk management process"
21836
+ },
21837
+ {
21838
+ "id": "NERC-CIP-007-6-R4",
21839
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
21840
+ "control_name": "Security event monitoring"
21841
+ },
21842
+ {
21843
+ "id": "NIS2-Art21-patch-management",
21844
+ "framework": "EU NIS2 Directive",
21845
+ "control_name": "Vulnerability handling and disclosure"
21846
+ },
21847
+ {
21848
+ "id": "NIST-800-115",
21849
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
21850
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
21851
+ },
21852
+ {
21853
+ "id": "NIST-800-218-SSDF",
21854
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
21855
+ "control_name": "Secure Software Development Framework"
21856
+ },
21857
+ {
21858
+ "id": "NIST-800-53-AC-2",
21859
+ "framework": "NIST SP 800-53 Rev 5",
21860
+ "control_name": "Account Management"
21861
+ },
21862
+ {
21863
+ "id": "NIST-800-53-SC-8",
21864
+ "framework": "NIST SP 800-53 Rev 5",
21865
+ "control_name": "Transmission Confidentiality and Integrity"
21866
+ },
21867
+ {
21868
+ "id": "NIST-800-53-SI-2",
21869
+ "framework": "NIST SP 800-53 Rev 5",
21870
+ "control_name": "Flaw Remediation"
21871
+ },
21872
+ {
21873
+ "id": "NIST-800-53-SI-3",
21874
+ "framework": "NIST SP 800-53 Rev 5",
21875
+ "control_name": "Malicious Code Protection"
21876
+ },
21877
+ {
21878
+ "id": "NIST-800-82r3",
21879
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
21880
+ "control_name": "Guide to Operational Technology (OT) Security"
21881
+ },
21882
+ {
21883
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
21884
+ "framework": "OWASP Top 10 for LLM Applications 2025",
21885
+ "control_name": "Prompt Injection"
21886
+ },
21887
+ {
21888
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
21889
+ "framework": "OWASP Top 10 for LLM Applications 2025",
21890
+ "control_name": "Sensitive Information Disclosure"
21891
+ },
21892
+ {
21893
+ "id": "OWASP-Pen-Testing-Guide-v5",
21894
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
21895
+ "control_name": "Web application penetration testing methodology"
21896
+ },
21897
+ {
21898
+ "id": "PCI-DSS-4.0-6.3.3",
21899
+ "framework": "PCI DSS 4.0",
21900
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
21901
+ },
21902
+ {
21903
+ "id": "PTES-Pre-engagement",
21904
+ "framework": "Penetration Testing Execution Standard (PTES)",
21905
+ "control_name": "Pre-engagement Interactions"
21906
+ },
21907
+ {
21908
+ "id": "SOC2-CC6-logical-access",
21909
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
21910
+ "control_name": "Logical and Physical Access Controls"
21911
+ },
21912
+ {
21913
+ "id": "SOC2-CC9-vendor-management",
21914
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
21915
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
21916
+ }
21917
+ ],
21918
+ "attack_refs": [
21919
+ "T0855",
21920
+ "T0883",
21921
+ "T1059",
21922
+ "T1068",
21923
+ "T1078",
21924
+ "T1133",
21925
+ "T1190",
21926
+ "T1548.001",
21927
+ "T1566"
21928
+ ],
21929
+ "rfc_refs": [
21930
+ "RFC-4301",
21931
+ "RFC-4303",
21932
+ "RFC-7296"
21933
+ ]
21934
+ }
21935
+ },
20488
21936
  "CVE-2026-41091": {
20489
21937
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
20490
21938
  "rwep": 45,
@@ -46863,10 +48311,13 @@
46863
48311
  "CVE-2023-43472",
46864
48312
  "CVE-2024-3094",
46865
48313
  "CVE-2024-3154",
48314
+ "CVE-2024-50050",
46866
48315
  "CVE-2025-0133",
46867
48316
  "CVE-2025-10585",
46868
48317
  "CVE-2025-1094",
46869
48318
  "CVE-2025-14174",
48319
+ "CVE-2025-23254",
48320
+ "CVE-2025-30165",
46870
48321
  "CVE-2025-34291",
46871
48322
  "CVE-2025-38352",
46872
48323
  "CVE-2025-43300",
@@ -46874,6 +48325,7 @@
46874
48325
  "CVE-2025-49844",
46875
48326
  "CVE-2025-53773",
46876
48327
  "CVE-2025-54136",
48328
+ "CVE-2025-60455",
46877
48329
  "CVE-2025-6965",
46878
48330
  "CVE-2026-22252",
46879
48331
  "CVE-2026-22688",
@@ -47221,15 +48673,19 @@
47221
48673
  },
47222
48674
  "related_cves": [
47223
48675
  "CVE-2023-43472",
48676
+ "CVE-2024-50050",
47224
48677
  "CVE-2025-0133",
47225
48678
  "CVE-2025-10585",
47226
48679
  "CVE-2025-1094",
47227
48680
  "CVE-2025-14174",
48681
+ "CVE-2025-23254",
48682
+ "CVE-2025-30165",
47228
48683
  "CVE-2025-34291",
47229
48684
  "CVE-2025-38352",
47230
48685
  "CVE-2025-43300",
47231
48686
  "CVE-2025-49596",
47232
48687
  "CVE-2025-54136",
48688
+ "CVE-2025-60455",
47233
48689
  "CVE-2025-6965",
47234
48690
  "CVE-2026-22252",
47235
48691
  "CVE-2026-22688",
@@ -47372,15 +48828,19 @@
47372
48828
  },
47373
48829
  "related_cves": [
47374
48830
  "CVE-2023-43472",
48831
+ "CVE-2024-50050",
47375
48832
  "CVE-2025-0133",
47376
48833
  "CVE-2025-10585",
47377
48834
  "CVE-2025-1094",
47378
48835
  "CVE-2025-14174",
48836
+ "CVE-2025-23254",
48837
+ "CVE-2025-30165",
47379
48838
  "CVE-2025-34291",
47380
48839
  "CVE-2025-38352",
47381
48840
  "CVE-2025-43300",
47382
48841
  "CVE-2025-49596",
47383
48842
  "CVE-2025-54136",
48843
+ "CVE-2025-60455",
47384
48844
  "CVE-2025-6965",
47385
48845
  "CVE-2026-22252",
47386
48846
  "CVE-2026-22688",
@@ -47537,15 +48997,19 @@
47537
48997
  },
47538
48998
  "related_cves": [
47539
48999
  "CVE-2023-43472",
49000
+ "CVE-2024-50050",
47540
49001
  "CVE-2025-0133",
47541
49002
  "CVE-2025-10585",
47542
49003
  "CVE-2025-1094",
47543
49004
  "CVE-2025-14174",
49005
+ "CVE-2025-23254",
49006
+ "CVE-2025-30165",
47544
49007
  "CVE-2025-34291",
47545
49008
  "CVE-2025-38352",
47546
49009
  "CVE-2025-43300",
47547
49010
  "CVE-2025-49596",
47548
49011
  "CVE-2025-54136",
49012
+ "CVE-2025-60455",
47549
49013
  "CVE-2025-6965",
47550
49014
  "CVE-2026-22252",
47551
49015
  "CVE-2026-22688",
@@ -47808,14 +49272,18 @@
47808
49272
  "CVE-2023-43472",
47809
49273
  "CVE-2024-3094",
47810
49274
  "CVE-2024-3154",
49275
+ "CVE-2024-50050",
47811
49276
  "CVE-2025-0133",
47812
49277
  "CVE-2025-1094",
47813
49278
  "CVE-2025-11837",
49279
+ "CVE-2025-23254",
49280
+ "CVE-2025-30165",
47814
49281
  "CVE-2025-34291",
47815
49282
  "CVE-2025-49596",
47816
49283
  "CVE-2025-49844",
47817
49284
  "CVE-2025-53773",
47818
49285
  "CVE-2025-54136",
49286
+ "CVE-2025-60455",
47819
49287
  "CVE-2025-6965",
47820
49288
  "CVE-2026-22252",
47821
49289
  "CVE-2026-22688",
@@ -48041,6 +49509,7 @@
48041
49509
  "CVE-2024-37079",
48042
49510
  "CVE-2024-42009",
48043
49511
  "CVE-2024-43468",
49512
+ "CVE-2024-50050",
48044
49513
  "CVE-2024-54085",
48045
49514
  "CVE-2024-56145",
48046
49515
  "CVE-2024-57726",
@@ -48071,6 +49540,7 @@
48071
49540
  "CVE-2025-21043",
48072
49541
  "CVE-2025-21479",
48073
49542
  "CVE-2025-21480",
49543
+ "CVE-2025-23254",
48074
49544
  "CVE-2025-24016",
48075
49545
  "CVE-2025-24201",
48076
49546
  "CVE-2025-24893",
@@ -48086,6 +49556,7 @@
48086
49556
  "CVE-2025-27915",
48087
49557
  "CVE-2025-27920",
48088
49558
  "CVE-2025-29635",
49559
+ "CVE-2025-30165",
48089
49560
  "CVE-2025-30397",
48090
49561
  "CVE-2025-31125",
48091
49562
  "CVE-2025-31277",
@@ -48161,6 +49632,7 @@
48161
49632
  "CVE-2025-59389",
48162
49633
  "CVE-2025-59689",
48163
49634
  "CVE-2025-59718",
49635
+ "CVE-2025-60455",
48164
49636
  "CVE-2025-60710",
48165
49637
  "CVE-2025-61757",
48166
49638
  "CVE-2025-61882",
@@ -48834,10 +50306,13 @@
48834
50306
  "CVE-2023-43472",
48835
50307
  "CVE-2024-3094",
48836
50308
  "CVE-2024-3154",
50309
+ "CVE-2024-50050",
48837
50310
  "CVE-2025-0133",
48838
50311
  "CVE-2025-10585",
48839
50312
  "CVE-2025-1094",
48840
50313
  "CVE-2025-14174",
50314
+ "CVE-2025-23254",
50315
+ "CVE-2025-30165",
48841
50316
  "CVE-2025-34291",
48842
50317
  "CVE-2025-38352",
48843
50318
  "CVE-2025-43300",
@@ -48845,6 +50320,7 @@
48845
50320
  "CVE-2025-49844",
48846
50321
  "CVE-2025-53773",
48847
50322
  "CVE-2025-54136",
50323
+ "CVE-2025-60455",
48848
50324
  "CVE-2025-6965",
48849
50325
  "CVE-2026-22252",
48850
50326
  "CVE-2026-22688",
@@ -49424,10 +50900,13 @@
49424
50900
  "CVE-2023-43472",
49425
50901
  "CVE-2024-3094",
49426
50902
  "CVE-2024-3154",
50903
+ "CVE-2024-50050",
49427
50904
  "CVE-2025-0133",
49428
50905
  "CVE-2025-10585",
49429
50906
  "CVE-2025-1094",
49430
50907
  "CVE-2025-14174",
50908
+ "CVE-2025-23254",
50909
+ "CVE-2025-30165",
49431
50910
  "CVE-2025-34291",
49432
50911
  "CVE-2025-38352",
49433
50912
  "CVE-2025-43300",
@@ -49435,6 +50914,7 @@
49435
50914
  "CVE-2025-49844",
49436
50915
  "CVE-2025-53773",
49437
50916
  "CVE-2025-54136",
50917
+ "CVE-2025-60455",
49438
50918
  "CVE-2025-6965",
49439
50919
  "CVE-2026-22252",
49440
50920
  "CVE-2026-22688",
@@ -49651,15 +51131,19 @@
49651
51131
  },
49652
51132
  "related_cves": [
49653
51133
  "CVE-2024-3094",
51134
+ "CVE-2024-50050",
49654
51135
  "CVE-2025-10585",
49655
51136
  "CVE-2025-1094",
49656
51137
  "CVE-2025-14174",
51138
+ "CVE-2025-23254",
51139
+ "CVE-2025-30165",
49657
51140
  "CVE-2025-34291",
49658
51141
  "CVE-2025-38352",
49659
51142
  "CVE-2025-43300",
49660
51143
  "CVE-2025-49596",
49661
51144
  "CVE-2025-53773",
49662
51145
  "CVE-2025-54136",
51146
+ "CVE-2025-60455",
49663
51147
  "CVE-2026-22252",
49664
51148
  "CVE-2026-22688",
49665
51149
  "CVE-2026-25592",
@@ -50306,10 +51790,13 @@
50306
51790
  "CVE-2023-43472",
50307
51791
  "CVE-2024-3094",
50308
51792
  "CVE-2024-3154",
51793
+ "CVE-2024-50050",
50309
51794
  "CVE-2025-0133",
50310
51795
  "CVE-2025-10585",
50311
51796
  "CVE-2025-1094",
50312
51797
  "CVE-2025-14174",
51798
+ "CVE-2025-23254",
51799
+ "CVE-2025-30165",
50313
51800
  "CVE-2025-34291",
50314
51801
  "CVE-2025-38352",
50315
51802
  "CVE-2025-43300",
@@ -50317,6 +51804,7 @@
50317
51804
  "CVE-2025-49844",
50318
51805
  "CVE-2025-53773",
50319
51806
  "CVE-2025-54136",
51807
+ "CVE-2025-60455",
50320
51808
  "CVE-2025-6965",
50321
51809
  "CVE-2026-22252",
50322
51810
  "CVE-2026-22688",
@@ -50546,6 +52034,7 @@
50546
52034
  "CVE-2024-37079",
50547
52035
  "CVE-2024-42009",
50548
52036
  "CVE-2024-43468",
52037
+ "CVE-2024-50050",
50549
52038
  "CVE-2024-54085",
50550
52039
  "CVE-2024-56145",
50551
52040
  "CVE-2024-57726",
@@ -50576,6 +52065,7 @@
50576
52065
  "CVE-2025-21043",
50577
52066
  "CVE-2025-21479",
50578
52067
  "CVE-2025-21480",
52068
+ "CVE-2025-23254",
50579
52069
  "CVE-2025-24016",
50580
52070
  "CVE-2025-24201",
50581
52071
  "CVE-2025-24893",
@@ -50591,6 +52081,7 @@
50591
52081
  "CVE-2025-27915",
50592
52082
  "CVE-2025-27920",
50593
52083
  "CVE-2025-29635",
52084
+ "CVE-2025-30165",
50594
52085
  "CVE-2025-30397",
50595
52086
  "CVE-2025-31125",
50596
52087
  "CVE-2025-31277",
@@ -50666,6 +52157,7 @@
50666
52157
  "CVE-2025-59389",
50667
52158
  "CVE-2025-59689",
50668
52159
  "CVE-2025-59718",
52160
+ "CVE-2025-60455",
50669
52161
  "CVE-2025-60710",
50670
52162
  "CVE-2025-61757",
50671
52163
  "CVE-2025-61882",
@@ -50957,6 +52449,7 @@
50957
52449
  "CVE-2024-37079",
50958
52450
  "CVE-2024-42009",
50959
52451
  "CVE-2024-43468",
52452
+ "CVE-2024-50050",
50960
52453
  "CVE-2024-54085",
50961
52454
  "CVE-2024-56145",
50962
52455
  "CVE-2024-57726",
@@ -50987,6 +52480,7 @@
50987
52480
  "CVE-2025-21043",
50988
52481
  "CVE-2025-21479",
50989
52482
  "CVE-2025-21480",
52483
+ "CVE-2025-23254",
50990
52484
  "CVE-2025-24016",
50991
52485
  "CVE-2025-24201",
50992
52486
  "CVE-2025-24893",
@@ -51002,6 +52496,7 @@
51002
52496
  "CVE-2025-27915",
51003
52497
  "CVE-2025-27920",
51004
52498
  "CVE-2025-29635",
52499
+ "CVE-2025-30165",
51005
52500
  "CVE-2025-30397",
51006
52501
  "CVE-2025-31125",
51007
52502
  "CVE-2025-31277",
@@ -51077,6 +52572,7 @@
51077
52572
  "CVE-2025-59389",
51078
52573
  "CVE-2025-59689",
51079
52574
  "CVE-2025-59718",
52575
+ "CVE-2025-60455",
51080
52576
  "CVE-2025-60710",
51081
52577
  "CVE-2025-61757",
51082
52578
  "CVE-2025-61882",
@@ -51391,10 +52887,13 @@
51391
52887
  "CVE-2023-43472",
51392
52888
  "CVE-2024-3094",
51393
52889
  "CVE-2024-3154",
52890
+ "CVE-2024-50050",
51394
52891
  "CVE-2025-0133",
51395
52892
  "CVE-2025-10585",
51396
52893
  "CVE-2025-1094",
51397
52894
  "CVE-2025-14174",
52895
+ "CVE-2025-23254",
52896
+ "CVE-2025-30165",
51398
52897
  "CVE-2025-34291",
51399
52898
  "CVE-2025-38352",
51400
52899
  "CVE-2025-43300",
@@ -51402,6 +52901,7 @@
51402
52901
  "CVE-2025-49844",
51403
52902
  "CVE-2025-53773",
51404
52903
  "CVE-2025-54136",
52904
+ "CVE-2025-60455",
51405
52905
  "CVE-2025-6965",
51406
52906
  "CVE-2026-22252",
51407
52907
  "CVE-2026-22688",
@@ -52183,6 +53683,7 @@
52183
53683
  "CVE-2024-37079",
52184
53684
  "CVE-2024-42009",
52185
53685
  "CVE-2024-43468",
53686
+ "CVE-2024-50050",
52186
53687
  "CVE-2024-54085",
52187
53688
  "CVE-2024-56145",
52188
53689
  "CVE-2024-57726",
@@ -52213,6 +53714,7 @@
52213
53714
  "CVE-2025-21043",
52214
53715
  "CVE-2025-21479",
52215
53716
  "CVE-2025-21480",
53717
+ "CVE-2025-23254",
52216
53718
  "CVE-2025-24016",
52217
53719
  "CVE-2025-24201",
52218
53720
  "CVE-2025-24893",
@@ -52228,6 +53730,7 @@
52228
53730
  "CVE-2025-27915",
52229
53731
  "CVE-2025-27920",
52230
53732
  "CVE-2025-29635",
53733
+ "CVE-2025-30165",
52231
53734
  "CVE-2025-30397",
52232
53735
  "CVE-2025-31125",
52233
53736
  "CVE-2025-31277",
@@ -52303,6 +53806,7 @@
52303
53806
  "CVE-2025-59389",
52304
53807
  "CVE-2025-59689",
52305
53808
  "CVE-2025-59718",
53809
+ "CVE-2025-60455",
52306
53810
  "CVE-2025-60710",
52307
53811
  "CVE-2025-61757",
52308
53812
  "CVE-2025-61882",
@@ -52681,10 +54185,13 @@
52681
54185
  "CVE-2023-43472",
52682
54186
  "CVE-2024-3094",
52683
54187
  "CVE-2024-3154",
54188
+ "CVE-2024-50050",
52684
54189
  "CVE-2025-0133",
52685
54190
  "CVE-2025-10585",
52686
54191
  "CVE-2025-1094",
52687
54192
  "CVE-2025-14174",
54193
+ "CVE-2025-23254",
54194
+ "CVE-2025-30165",
52688
54195
  "CVE-2025-34291",
52689
54196
  "CVE-2025-38352",
52690
54197
  "CVE-2025-43300",
@@ -52692,6 +54199,7 @@
52692
54199
  "CVE-2025-49844",
52693
54200
  "CVE-2025-53773",
52694
54201
  "CVE-2025-54136",
54202
+ "CVE-2025-60455",
52695
54203
  "CVE-2025-6965",
52696
54204
  "CVE-2026-22252",
52697
54205
  "CVE-2026-22688",
@@ -53001,6 +54509,7 @@
53001
54509
  "CVE-2024-37079",
53002
54510
  "CVE-2024-42009",
53003
54511
  "CVE-2024-43468",
54512
+ "CVE-2024-50050",
53004
54513
  "CVE-2024-54085",
53005
54514
  "CVE-2024-56145",
53006
54515
  "CVE-2024-57726",
@@ -53032,6 +54541,7 @@
53032
54541
  "CVE-2025-21043",
53033
54542
  "CVE-2025-21479",
53034
54543
  "CVE-2025-21480",
54544
+ "CVE-2025-23254",
53035
54545
  "CVE-2025-24016",
53036
54546
  "CVE-2025-24201",
53037
54547
  "CVE-2025-24893",
@@ -53047,6 +54557,7 @@
53047
54557
  "CVE-2025-27915",
53048
54558
  "CVE-2025-27920",
53049
54559
  "CVE-2025-29635",
54560
+ "CVE-2025-30165",
53050
54561
  "CVE-2025-30397",
53051
54562
  "CVE-2025-31125",
53052
54563
  "CVE-2025-31277",
@@ -53123,6 +54634,7 @@
53123
54634
  "CVE-2025-59389",
53124
54635
  "CVE-2025-59689",
53125
54636
  "CVE-2025-59718",
54637
+ "CVE-2025-60455",
53126
54638
  "CVE-2025-60710",
53127
54639
  "CVE-2025-61757",
53128
54640
  "CVE-2025-61882",
@@ -53516,9 +55028,12 @@
53516
55028
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
53517
55029
  "CVE-2024-3094",
53518
55030
  "CVE-2024-3154",
55031
+ "CVE-2024-50050",
53519
55032
  "CVE-2025-10585",
53520
55033
  "CVE-2025-1094",
53521
55034
  "CVE-2025-14174",
55035
+ "CVE-2025-23254",
55036
+ "CVE-2025-30165",
53522
55037
  "CVE-2025-34291",
53523
55038
  "CVE-2025-38352",
53524
55039
  "CVE-2025-43300",
@@ -53526,6 +55041,7 @@
53526
55041
  "CVE-2025-49844",
53527
55042
  "CVE-2025-53773",
53528
55043
  "CVE-2025-54136",
55044
+ "CVE-2025-60455",
53529
55045
  "CVE-2026-22252",
53530
55046
  "CVE-2026-22688",
53531
55047
  "CVE-2026-25592",
@@ -54441,10 +55957,13 @@
54441
55957
  "CVE-2023-43472",
54442
55958
  "CVE-2024-3094",
54443
55959
  "CVE-2024-3154",
55960
+ "CVE-2024-50050",
54444
55961
  "CVE-2025-0133",
54445
55962
  "CVE-2025-10585",
54446
55963
  "CVE-2025-1094",
54447
55964
  "CVE-2025-14174",
55965
+ "CVE-2025-23254",
55966
+ "CVE-2025-30165",
54448
55967
  "CVE-2025-34291",
54449
55968
  "CVE-2025-38352",
54450
55969
  "CVE-2025-43300",
@@ -54452,6 +55971,7 @@
54452
55971
  "CVE-2025-49844",
54453
55972
  "CVE-2025-53773",
54454
55973
  "CVE-2025-54136",
55974
+ "CVE-2025-60455",
54455
55975
  "CVE-2025-6965",
54456
55976
  "CVE-2026-22252",
54457
55977
  "CVE-2026-22688",
@@ -54528,14 +56048,18 @@
54528
56048
  "rfc_refs": []
54529
56049
  },
54530
56050
  "related_cves": [
56051
+ "CVE-2024-50050",
54531
56052
  "CVE-2025-10585",
54532
56053
  "CVE-2025-1094",
54533
56054
  "CVE-2025-14174",
56055
+ "CVE-2025-23254",
56056
+ "CVE-2025-30165",
54534
56057
  "CVE-2025-34291",
54535
56058
  "CVE-2025-38352",
54536
56059
  "CVE-2025-43300",
54537
56060
  "CVE-2025-49596",
54538
56061
  "CVE-2025-54136",
56062
+ "CVE-2025-60455",
54539
56063
  "CVE-2026-22252",
54540
56064
  "CVE-2026-22688",
54541
56065
  "CVE-2026-25592",
@@ -54687,13 +56211,17 @@
54687
56211
  "related_cves": [
54688
56212
  "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
54689
56213
  "CVE-2023-43472",
56214
+ "CVE-2024-50050",
54690
56215
  "CVE-2025-0133",
54691
56216
  "CVE-2025-1094",
54692
56217
  "CVE-2025-11837",
56218
+ "CVE-2025-23254",
56219
+ "CVE-2025-30165",
54693
56220
  "CVE-2025-34291",
54694
56221
  "CVE-2025-49596",
54695
56222
  "CVE-2025-53773",
54696
56223
  "CVE-2025-54136",
56224
+ "CVE-2025-60455",
54697
56225
  "CVE-2025-6965",
54698
56226
  "CVE-2026-22252",
54699
56227
  "CVE-2026-22688",
@@ -55108,6 +56636,7 @@
55108
56636
  "CVE-2024-37079",
55109
56637
  "CVE-2024-42009",
55110
56638
  "CVE-2024-43468",
56639
+ "CVE-2024-50050",
55111
56640
  "CVE-2024-54085",
55112
56641
  "CVE-2024-56145",
55113
56642
  "CVE-2024-57726",
@@ -55136,6 +56665,7 @@
55136
56665
  "CVE-2025-21043",
55137
56666
  "CVE-2025-21479",
55138
56667
  "CVE-2025-21480",
56668
+ "CVE-2025-23254",
55139
56669
  "CVE-2025-24016",
55140
56670
  "CVE-2025-24201",
55141
56671
  "CVE-2025-24893",
@@ -55151,6 +56681,7 @@
55151
56681
  "CVE-2025-27915",
55152
56682
  "CVE-2025-27920",
55153
56683
  "CVE-2025-29635",
56684
+ "CVE-2025-30165",
55154
56685
  "CVE-2025-30397",
55155
56686
  "CVE-2025-31125",
55156
56687
  "CVE-2025-31277",
@@ -55224,6 +56755,7 @@
55224
56755
  "CVE-2025-59374",
55225
56756
  "CVE-2025-59689",
55226
56757
  "CVE-2025-59718",
56758
+ "CVE-2025-60455",
55227
56759
  "CVE-2025-60710",
55228
56760
  "CVE-2025-61757",
55229
56761
  "CVE-2025-61882",
@@ -55534,10 +57066,13 @@
55534
57066
  "CVE-2023-43472",
55535
57067
  "CVE-2024-3094",
55536
57068
  "CVE-2024-3154",
57069
+ "CVE-2024-50050",
55537
57070
  "CVE-2025-0133",
55538
57071
  "CVE-2025-10585",
55539
57072
  "CVE-2025-1094",
55540
57073
  "CVE-2025-14174",
57074
+ "CVE-2025-23254",
57075
+ "CVE-2025-30165",
55541
57076
  "CVE-2025-34291",
55542
57077
  "CVE-2025-38352",
55543
57078
  "CVE-2025-43300",
@@ -55545,6 +57080,7 @@
55545
57080
  "CVE-2025-49844",
55546
57081
  "CVE-2025-53773",
55547
57082
  "CVE-2025-54136",
57083
+ "CVE-2025-60455",
55548
57084
  "CVE-2025-6965",
55549
57085
  "CVE-2026-22252",
55550
57086
  "CVE-2026-22688",
@@ -55816,16 +57352,20 @@
55816
57352
  "CVE-2023-43472",
55817
57353
  "CVE-2024-3094",
55818
57354
  "CVE-2024-40635",
57355
+ "CVE-2024-50050",
55819
57356
  "CVE-2025-0133",
55820
57357
  "CVE-2025-1094",
55821
57358
  "CVE-2025-11837",
55822
57359
  "CVE-2025-14847",
55823
57360
  "CVE-2025-22226",
57361
+ "CVE-2025-23254",
57362
+ "CVE-2025-30165",
55824
57363
  "CVE-2025-34291",
55825
57364
  "CVE-2025-49596",
55826
57365
  "CVE-2025-53767",
55827
57366
  "CVE-2025-53773",
55828
57367
  "CVE-2025-54136",
57368
+ "CVE-2025-60455",
55829
57369
  "CVE-2025-6965",
55830
57370
  "CVE-2026-22252",
55831
57371
  "CVE-2026-22688",