@blamejs/exceptd-skills 0.13.78 → 0.13.80

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +1175 -0
  6. package/data/atlas-ttps.json +16 -4
  7. package/data/attack-techniques.json +5 -0
  8. package/data/cve-catalog.json +313 -1
  9. package/data/cwe-catalog.json +4 -0
  10. package/data/framework-control-gaps.json +28 -3
  11. package/data/zeroday-lessons.json +150 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -21933,6 +21933,1114 @@
21933
21933
  ]
21934
21934
  }
21935
21935
  },
21936
+ "CVE-2026-24207": {
21937
+ "name": "NVIDIA Triton Inference Server Authentication Bypass (Alternate Path) RCE",
21938
+ "rwep": 31,
21939
+ "cvss": 9.8,
21940
+ "cisa_kev": false,
21941
+ "epss_score": null,
21942
+ "referencing_skills": [
21943
+ "kernel-lpe-triage",
21944
+ "ai-attack-surface",
21945
+ "compliance-theater",
21946
+ "attack-surface-pentest",
21947
+ "ot-ics-security",
21948
+ "sector-energy"
21949
+ ],
21950
+ "chain": {
21951
+ "cwes": [
21952
+ {
21953
+ "id": "CWE-1037",
21954
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
21955
+ "category": "Hardware / Side Channel"
21956
+ },
21957
+ {
21958
+ "id": "CWE-1039",
21959
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
21960
+ "category": "AI/ML"
21961
+ },
21962
+ {
21963
+ "id": "CWE-125",
21964
+ "name": "Out-of-bounds Read",
21965
+ "category": "Memory Safety"
21966
+ },
21967
+ {
21968
+ "id": "CWE-1395",
21969
+ "name": "Dependency on Vulnerable Third-Party Component",
21970
+ "category": "Supply Chain"
21971
+ },
21972
+ {
21973
+ "id": "CWE-1426",
21974
+ "name": "Improper Validation of Generative AI Output",
21975
+ "category": "AI/ML"
21976
+ },
21977
+ {
21978
+ "id": "CWE-22",
21979
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
21980
+ "category": "Path/Resource"
21981
+ },
21982
+ {
21983
+ "id": "CWE-269",
21984
+ "name": "Improper Privilege Management",
21985
+ "category": "Authorization"
21986
+ },
21987
+ {
21988
+ "id": "CWE-287",
21989
+ "name": "Improper Authentication",
21990
+ "category": "Authentication"
21991
+ },
21992
+ {
21993
+ "id": "CWE-306",
21994
+ "name": "Missing Authentication for Critical Function",
21995
+ "category": "Authentication"
21996
+ },
21997
+ {
21998
+ "id": "CWE-352",
21999
+ "name": "Cross-Site Request Forgery (CSRF)",
22000
+ "category": "Session"
22001
+ },
22002
+ {
22003
+ "id": "CWE-362",
22004
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
22005
+ "category": "Concurrency"
22006
+ },
22007
+ {
22008
+ "id": "CWE-416",
22009
+ "name": "Use After Free",
22010
+ "category": "Memory Safety"
22011
+ },
22012
+ {
22013
+ "id": "CWE-434",
22014
+ "name": "Unrestricted Upload of File with Dangerous Type",
22015
+ "category": "File Handling"
22016
+ },
22017
+ {
22018
+ "id": "CWE-672",
22019
+ "name": "Operation on a Resource after Expiration or Release",
22020
+ "category": "Memory Safety"
22021
+ },
22022
+ {
22023
+ "id": "CWE-732",
22024
+ "name": "Incorrect Permission Assignment for Critical Resource",
22025
+ "category": "Authorization"
22026
+ },
22027
+ {
22028
+ "id": "CWE-78",
22029
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
22030
+ "category": "Injection"
22031
+ },
22032
+ {
22033
+ "id": "CWE-787",
22034
+ "name": "Out-of-bounds Write",
22035
+ "category": "Memory Safety"
22036
+ },
22037
+ {
22038
+ "id": "CWE-79",
22039
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
22040
+ "category": "Injection"
22041
+ },
22042
+ {
22043
+ "id": "CWE-798",
22044
+ "name": "Use of Hard-coded Credentials",
22045
+ "category": "Credentials"
22046
+ },
22047
+ {
22048
+ "id": "CWE-89",
22049
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
22050
+ "category": "Injection"
22051
+ },
22052
+ {
22053
+ "id": "CWE-918",
22054
+ "name": "Server-Side Request Forgery (SSRF)",
22055
+ "category": "Network"
22056
+ },
22057
+ {
22058
+ "id": "CWE-94",
22059
+ "name": "Improper Control of Generation of Code (Code Injection)",
22060
+ "category": "Injection"
22061
+ }
22062
+ ],
22063
+ "atlas": [
22064
+ {
22065
+ "id": "AML.T0010",
22066
+ "name": "ML Supply Chain Compromise",
22067
+ "tactic": "Initial Access"
22068
+ },
22069
+ {
22070
+ "id": "AML.T0016",
22071
+ "name": "Obtain Capabilities: Develop Capabilities",
22072
+ "tactic": "Resource Development"
22073
+ },
22074
+ {
22075
+ "id": "AML.T0017",
22076
+ "name": "Discover ML Model Ontology",
22077
+ "tactic": "Discovery"
22078
+ },
22079
+ {
22080
+ "id": "AML.T0018",
22081
+ "name": "Backdoor ML Model",
22082
+ "tactic": "Persistence"
22083
+ },
22084
+ {
22085
+ "id": "AML.T0020",
22086
+ "name": "Poison Training Data",
22087
+ "tactic": "ML Attack Staging"
22088
+ },
22089
+ {
22090
+ "id": "AML.T0043",
22091
+ "name": "Craft Adversarial Data",
22092
+ "tactic": "ML Attack Staging"
22093
+ },
22094
+ {
22095
+ "id": "AML.T0051",
22096
+ "name": "LLM Prompt Injection",
22097
+ "tactic": "Execution"
22098
+ },
22099
+ {
22100
+ "id": "AML.T0054",
22101
+ "name": "LLM Jailbreak",
22102
+ "tactic": "Defense Evasion"
22103
+ },
22104
+ {
22105
+ "id": "AML.T0096",
22106
+ "name": "AI API as Covert C2 Channel",
22107
+ "tactic": "Command and Control"
22108
+ }
22109
+ ],
22110
+ "d3fend": [
22111
+ {
22112
+ "id": "D3-ASLR",
22113
+ "name": "Address Space Layout Randomization",
22114
+ "tactic": "Harden"
22115
+ },
22116
+ {
22117
+ "id": "D3-CSPP",
22118
+ "name": "Client-server Payload Profiling",
22119
+ "tactic": "Detect"
22120
+ },
22121
+ {
22122
+ "id": "D3-EAL",
22123
+ "name": "Executable Allowlisting",
22124
+ "tactic": "Harden"
22125
+ },
22126
+ {
22127
+ "id": "D3-IOPR",
22128
+ "name": "Input/Output Profiling Resource",
22129
+ "tactic": "Detect"
22130
+ },
22131
+ {
22132
+ "id": "D3-NTA",
22133
+ "name": "Network Traffic Analysis",
22134
+ "tactic": "Detect"
22135
+ },
22136
+ {
22137
+ "id": "D3-PHRA",
22138
+ "name": "Process Hardware Resource Access",
22139
+ "tactic": "Isolate"
22140
+ },
22141
+ {
22142
+ "id": "D3-PSEP",
22143
+ "name": "Process Segment Execution Prevention",
22144
+ "tactic": "Harden"
22145
+ }
22146
+ ],
22147
+ "framework_gaps": [
22148
+ {
22149
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
22150
+ "framework": "ALL",
22151
+ "control_name": "AI Pipeline Integrity"
22152
+ },
22153
+ {
22154
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
22155
+ "framework": "ALL",
22156
+ "control_name": "Prompt Injection as Access Control Failure"
22157
+ },
22158
+ {
22159
+ "id": "CIS-Controls-v8-Control7",
22160
+ "framework": "CIS Controls v8",
22161
+ "control_name": "Continuous Vulnerability Management"
22162
+ },
22163
+ {
22164
+ "id": "CMMC-2.0-Level-2",
22165
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
22166
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
22167
+ },
22168
+ {
22169
+ "id": "FedRAMP-Rev5-Moderate",
22170
+ "framework": "FedRAMP Rev 5 Moderate",
22171
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
22172
+ },
22173
+ {
22174
+ "id": "IEC-62443-3-3",
22175
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
22176
+ "control_name": "System security requirements and security levels"
22177
+ },
22178
+ {
22179
+ "id": "ISO-27001-2022-A.8.28",
22180
+ "framework": "ISO/IEC 27001:2022",
22181
+ "control_name": "Secure coding"
22182
+ },
22183
+ {
22184
+ "id": "ISO-27001-2022-A.8.8",
22185
+ "framework": "ISO/IEC 27001:2022",
22186
+ "control_name": "Management of technical vulnerabilities"
22187
+ },
22188
+ {
22189
+ "id": "ISO-IEC-23894-2023-clause-7",
22190
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
22191
+ "control_name": "AI risk management process"
22192
+ },
22193
+ {
22194
+ "id": "NERC-CIP-007-6-R4",
22195
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
22196
+ "control_name": "Security event monitoring"
22197
+ },
22198
+ {
22199
+ "id": "NIS2-Art21-patch-management",
22200
+ "framework": "EU NIS2 Directive",
22201
+ "control_name": "Vulnerability handling and disclosure"
22202
+ },
22203
+ {
22204
+ "id": "NIST-800-115",
22205
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
22206
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
22207
+ },
22208
+ {
22209
+ "id": "NIST-800-53-AC-2",
22210
+ "framework": "NIST SP 800-53 Rev 5",
22211
+ "control_name": "Account Management"
22212
+ },
22213
+ {
22214
+ "id": "NIST-800-53-SC-8",
22215
+ "framework": "NIST SP 800-53 Rev 5",
22216
+ "control_name": "Transmission Confidentiality and Integrity"
22217
+ },
22218
+ {
22219
+ "id": "NIST-800-53-SI-2",
22220
+ "framework": "NIST SP 800-53 Rev 5",
22221
+ "control_name": "Flaw Remediation"
22222
+ },
22223
+ {
22224
+ "id": "NIST-800-53-SI-3",
22225
+ "framework": "NIST SP 800-53 Rev 5",
22226
+ "control_name": "Malicious Code Protection"
22227
+ },
22228
+ {
22229
+ "id": "NIST-800-82r3",
22230
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
22231
+ "control_name": "Guide to Operational Technology (OT) Security"
22232
+ },
22233
+ {
22234
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
22235
+ "framework": "OWASP Top 10 for LLM Applications 2025",
22236
+ "control_name": "Prompt Injection"
22237
+ },
22238
+ {
22239
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
22240
+ "framework": "OWASP Top 10 for LLM Applications 2025",
22241
+ "control_name": "Sensitive Information Disclosure"
22242
+ },
22243
+ {
22244
+ "id": "OWASP-Pen-Testing-Guide-v5",
22245
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
22246
+ "control_name": "Web application penetration testing methodology"
22247
+ },
22248
+ {
22249
+ "id": "PCI-DSS-4.0-6.3.3",
22250
+ "framework": "PCI DSS 4.0",
22251
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
22252
+ },
22253
+ {
22254
+ "id": "PTES-Pre-engagement",
22255
+ "framework": "Penetration Testing Execution Standard (PTES)",
22256
+ "control_name": "Pre-engagement Interactions"
22257
+ },
22258
+ {
22259
+ "id": "SOC2-CC6-logical-access",
22260
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
22261
+ "control_name": "Logical and Physical Access Controls"
22262
+ }
22263
+ ],
22264
+ "attack_refs": [
22265
+ "T0855",
22266
+ "T0883",
22267
+ "T1059",
22268
+ "T1068",
22269
+ "T1078",
22270
+ "T1133",
22271
+ "T1190",
22272
+ "T1548.001",
22273
+ "T1566"
22274
+ ],
22275
+ "rfc_refs": [
22276
+ "RFC-4301",
22277
+ "RFC-4303",
22278
+ "RFC-7296"
22279
+ ]
22280
+ }
22281
+ },
22282
+ "CVE-2026-24206": {
22283
+ "name": "NVIDIA Triton Inference Server Authentication Bypass (Alternate Channel)",
22284
+ "rwep": 31,
22285
+ "cvss": 9.8,
22286
+ "cisa_kev": false,
22287
+ "epss_score": null,
22288
+ "referencing_skills": [
22289
+ "kernel-lpe-triage",
22290
+ "ai-attack-surface",
22291
+ "compliance-theater",
22292
+ "attack-surface-pentest",
22293
+ "ot-ics-security",
22294
+ "sector-energy"
22295
+ ],
22296
+ "chain": {
22297
+ "cwes": [
22298
+ {
22299
+ "id": "CWE-1037",
22300
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
22301
+ "category": "Hardware / Side Channel"
22302
+ },
22303
+ {
22304
+ "id": "CWE-1039",
22305
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
22306
+ "category": "AI/ML"
22307
+ },
22308
+ {
22309
+ "id": "CWE-125",
22310
+ "name": "Out-of-bounds Read",
22311
+ "category": "Memory Safety"
22312
+ },
22313
+ {
22314
+ "id": "CWE-1395",
22315
+ "name": "Dependency on Vulnerable Third-Party Component",
22316
+ "category": "Supply Chain"
22317
+ },
22318
+ {
22319
+ "id": "CWE-1426",
22320
+ "name": "Improper Validation of Generative AI Output",
22321
+ "category": "AI/ML"
22322
+ },
22323
+ {
22324
+ "id": "CWE-22",
22325
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
22326
+ "category": "Path/Resource"
22327
+ },
22328
+ {
22329
+ "id": "CWE-269",
22330
+ "name": "Improper Privilege Management",
22331
+ "category": "Authorization"
22332
+ },
22333
+ {
22334
+ "id": "CWE-287",
22335
+ "name": "Improper Authentication",
22336
+ "category": "Authentication"
22337
+ },
22338
+ {
22339
+ "id": "CWE-306",
22340
+ "name": "Missing Authentication for Critical Function",
22341
+ "category": "Authentication"
22342
+ },
22343
+ {
22344
+ "id": "CWE-352",
22345
+ "name": "Cross-Site Request Forgery (CSRF)",
22346
+ "category": "Session"
22347
+ },
22348
+ {
22349
+ "id": "CWE-362",
22350
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
22351
+ "category": "Concurrency"
22352
+ },
22353
+ {
22354
+ "id": "CWE-416",
22355
+ "name": "Use After Free",
22356
+ "category": "Memory Safety"
22357
+ },
22358
+ {
22359
+ "id": "CWE-434",
22360
+ "name": "Unrestricted Upload of File with Dangerous Type",
22361
+ "category": "File Handling"
22362
+ },
22363
+ {
22364
+ "id": "CWE-672",
22365
+ "name": "Operation on a Resource after Expiration or Release",
22366
+ "category": "Memory Safety"
22367
+ },
22368
+ {
22369
+ "id": "CWE-732",
22370
+ "name": "Incorrect Permission Assignment for Critical Resource",
22371
+ "category": "Authorization"
22372
+ },
22373
+ {
22374
+ "id": "CWE-78",
22375
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
22376
+ "category": "Injection"
22377
+ },
22378
+ {
22379
+ "id": "CWE-787",
22380
+ "name": "Out-of-bounds Write",
22381
+ "category": "Memory Safety"
22382
+ },
22383
+ {
22384
+ "id": "CWE-79",
22385
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
22386
+ "category": "Injection"
22387
+ },
22388
+ {
22389
+ "id": "CWE-798",
22390
+ "name": "Use of Hard-coded Credentials",
22391
+ "category": "Credentials"
22392
+ },
22393
+ {
22394
+ "id": "CWE-89",
22395
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
22396
+ "category": "Injection"
22397
+ },
22398
+ {
22399
+ "id": "CWE-918",
22400
+ "name": "Server-Side Request Forgery (SSRF)",
22401
+ "category": "Network"
22402
+ },
22403
+ {
22404
+ "id": "CWE-94",
22405
+ "name": "Improper Control of Generation of Code (Code Injection)",
22406
+ "category": "Injection"
22407
+ }
22408
+ ],
22409
+ "atlas": [
22410
+ {
22411
+ "id": "AML.T0010",
22412
+ "name": "ML Supply Chain Compromise",
22413
+ "tactic": "Initial Access"
22414
+ },
22415
+ {
22416
+ "id": "AML.T0016",
22417
+ "name": "Obtain Capabilities: Develop Capabilities",
22418
+ "tactic": "Resource Development"
22419
+ },
22420
+ {
22421
+ "id": "AML.T0017",
22422
+ "name": "Discover ML Model Ontology",
22423
+ "tactic": "Discovery"
22424
+ },
22425
+ {
22426
+ "id": "AML.T0018",
22427
+ "name": "Backdoor ML Model",
22428
+ "tactic": "Persistence"
22429
+ },
22430
+ {
22431
+ "id": "AML.T0020",
22432
+ "name": "Poison Training Data",
22433
+ "tactic": "ML Attack Staging"
22434
+ },
22435
+ {
22436
+ "id": "AML.T0043",
22437
+ "name": "Craft Adversarial Data",
22438
+ "tactic": "ML Attack Staging"
22439
+ },
22440
+ {
22441
+ "id": "AML.T0051",
22442
+ "name": "LLM Prompt Injection",
22443
+ "tactic": "Execution"
22444
+ },
22445
+ {
22446
+ "id": "AML.T0054",
22447
+ "name": "LLM Jailbreak",
22448
+ "tactic": "Defense Evasion"
22449
+ },
22450
+ {
22451
+ "id": "AML.T0096",
22452
+ "name": "AI API as Covert C2 Channel",
22453
+ "tactic": "Command and Control"
22454
+ }
22455
+ ],
22456
+ "d3fend": [
22457
+ {
22458
+ "id": "D3-ASLR",
22459
+ "name": "Address Space Layout Randomization",
22460
+ "tactic": "Harden"
22461
+ },
22462
+ {
22463
+ "id": "D3-CSPP",
22464
+ "name": "Client-server Payload Profiling",
22465
+ "tactic": "Detect"
22466
+ },
22467
+ {
22468
+ "id": "D3-EAL",
22469
+ "name": "Executable Allowlisting",
22470
+ "tactic": "Harden"
22471
+ },
22472
+ {
22473
+ "id": "D3-IOPR",
22474
+ "name": "Input/Output Profiling Resource",
22475
+ "tactic": "Detect"
22476
+ },
22477
+ {
22478
+ "id": "D3-NTA",
22479
+ "name": "Network Traffic Analysis",
22480
+ "tactic": "Detect"
22481
+ },
22482
+ {
22483
+ "id": "D3-PHRA",
22484
+ "name": "Process Hardware Resource Access",
22485
+ "tactic": "Isolate"
22486
+ },
22487
+ {
22488
+ "id": "D3-PSEP",
22489
+ "name": "Process Segment Execution Prevention",
22490
+ "tactic": "Harden"
22491
+ }
22492
+ ],
22493
+ "framework_gaps": [
22494
+ {
22495
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
22496
+ "framework": "ALL",
22497
+ "control_name": "AI Pipeline Integrity"
22498
+ },
22499
+ {
22500
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
22501
+ "framework": "ALL",
22502
+ "control_name": "Prompt Injection as Access Control Failure"
22503
+ },
22504
+ {
22505
+ "id": "CIS-Controls-v8-Control7",
22506
+ "framework": "CIS Controls v8",
22507
+ "control_name": "Continuous Vulnerability Management"
22508
+ },
22509
+ {
22510
+ "id": "CMMC-2.0-Level-2",
22511
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
22512
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
22513
+ },
22514
+ {
22515
+ "id": "FedRAMP-Rev5-Moderate",
22516
+ "framework": "FedRAMP Rev 5 Moderate",
22517
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
22518
+ },
22519
+ {
22520
+ "id": "IEC-62443-3-3",
22521
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
22522
+ "control_name": "System security requirements and security levels"
22523
+ },
22524
+ {
22525
+ "id": "ISO-27001-2022-A.8.28",
22526
+ "framework": "ISO/IEC 27001:2022",
22527
+ "control_name": "Secure coding"
22528
+ },
22529
+ {
22530
+ "id": "ISO-27001-2022-A.8.8",
22531
+ "framework": "ISO/IEC 27001:2022",
22532
+ "control_name": "Management of technical vulnerabilities"
22533
+ },
22534
+ {
22535
+ "id": "ISO-IEC-23894-2023-clause-7",
22536
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
22537
+ "control_name": "AI risk management process"
22538
+ },
22539
+ {
22540
+ "id": "NERC-CIP-007-6-R4",
22541
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
22542
+ "control_name": "Security event monitoring"
22543
+ },
22544
+ {
22545
+ "id": "NIS2-Art21-patch-management",
22546
+ "framework": "EU NIS2 Directive",
22547
+ "control_name": "Vulnerability handling and disclosure"
22548
+ },
22549
+ {
22550
+ "id": "NIST-800-115",
22551
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
22552
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
22553
+ },
22554
+ {
22555
+ "id": "NIST-800-53-AC-2",
22556
+ "framework": "NIST SP 800-53 Rev 5",
22557
+ "control_name": "Account Management"
22558
+ },
22559
+ {
22560
+ "id": "NIST-800-53-SC-8",
22561
+ "framework": "NIST SP 800-53 Rev 5",
22562
+ "control_name": "Transmission Confidentiality and Integrity"
22563
+ },
22564
+ {
22565
+ "id": "NIST-800-53-SI-2",
22566
+ "framework": "NIST SP 800-53 Rev 5",
22567
+ "control_name": "Flaw Remediation"
22568
+ },
22569
+ {
22570
+ "id": "NIST-800-53-SI-3",
22571
+ "framework": "NIST SP 800-53 Rev 5",
22572
+ "control_name": "Malicious Code Protection"
22573
+ },
22574
+ {
22575
+ "id": "NIST-800-82r3",
22576
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
22577
+ "control_name": "Guide to Operational Technology (OT) Security"
22578
+ },
22579
+ {
22580
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
22581
+ "framework": "OWASP Top 10 for LLM Applications 2025",
22582
+ "control_name": "Prompt Injection"
22583
+ },
22584
+ {
22585
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
22586
+ "framework": "OWASP Top 10 for LLM Applications 2025",
22587
+ "control_name": "Sensitive Information Disclosure"
22588
+ },
22589
+ {
22590
+ "id": "OWASP-Pen-Testing-Guide-v5",
22591
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
22592
+ "control_name": "Web application penetration testing methodology"
22593
+ },
22594
+ {
22595
+ "id": "PCI-DSS-4.0-6.3.3",
22596
+ "framework": "PCI DSS 4.0",
22597
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
22598
+ },
22599
+ {
22600
+ "id": "PTES-Pre-engagement",
22601
+ "framework": "Penetration Testing Execution Standard (PTES)",
22602
+ "control_name": "Pre-engagement Interactions"
22603
+ },
22604
+ {
22605
+ "id": "SOC2-CC6-logical-access",
22606
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
22607
+ "control_name": "Logical and Physical Access Controls"
22608
+ }
22609
+ ],
22610
+ "attack_refs": [
22611
+ "T0855",
22612
+ "T0883",
22613
+ "T1059",
22614
+ "T1068",
22615
+ "T1078",
22616
+ "T1133",
22617
+ "T1190",
22618
+ "T1548.001",
22619
+ "T1566"
22620
+ ],
22621
+ "rfc_refs": [
22622
+ "RFC-4301",
22623
+ "RFC-4303",
22624
+ "RFC-7296"
22625
+ ]
22626
+ }
22627
+ },
22628
+ "CVE-2023-48022": {
22629
+ "name": "Anyscale Ray Job Submission API Unauthenticated RCE (ShadowRay)",
22630
+ "rwep": 68,
22631
+ "cvss": 9.8,
22632
+ "cisa_kev": false,
22633
+ "epss_score": null,
22634
+ "referencing_skills": [
22635
+ "kernel-lpe-triage",
22636
+ "ai-attack-surface",
22637
+ "compliance-theater",
22638
+ "ai-c2-detection",
22639
+ "attack-surface-pentest",
22640
+ "dlp-gap-analysis",
22641
+ "ot-ics-security",
22642
+ "sector-energy"
22643
+ ],
22644
+ "chain": {
22645
+ "cwes": [
22646
+ {
22647
+ "id": "CWE-1037",
22648
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
22649
+ "category": "Hardware / Side Channel"
22650
+ },
22651
+ {
22652
+ "id": "CWE-1039",
22653
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
22654
+ "category": "AI/ML"
22655
+ },
22656
+ {
22657
+ "id": "CWE-125",
22658
+ "name": "Out-of-bounds Read",
22659
+ "category": "Memory Safety"
22660
+ },
22661
+ {
22662
+ "id": "CWE-1395",
22663
+ "name": "Dependency on Vulnerable Third-Party Component",
22664
+ "category": "Supply Chain"
22665
+ },
22666
+ {
22667
+ "id": "CWE-1426",
22668
+ "name": "Improper Validation of Generative AI Output",
22669
+ "category": "AI/ML"
22670
+ },
22671
+ {
22672
+ "id": "CWE-200",
22673
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
22674
+ "category": "Information Exposure"
22675
+ },
22676
+ {
22677
+ "id": "CWE-22",
22678
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
22679
+ "category": "Path/Resource"
22680
+ },
22681
+ {
22682
+ "id": "CWE-269",
22683
+ "name": "Improper Privilege Management",
22684
+ "category": "Authorization"
22685
+ },
22686
+ {
22687
+ "id": "CWE-287",
22688
+ "name": "Improper Authentication",
22689
+ "category": "Authentication"
22690
+ },
22691
+ {
22692
+ "id": "CWE-306",
22693
+ "name": "Missing Authentication for Critical Function",
22694
+ "category": "Authentication"
22695
+ },
22696
+ {
22697
+ "id": "CWE-352",
22698
+ "name": "Cross-Site Request Forgery (CSRF)",
22699
+ "category": "Session"
22700
+ },
22701
+ {
22702
+ "id": "CWE-362",
22703
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
22704
+ "category": "Concurrency"
22705
+ },
22706
+ {
22707
+ "id": "CWE-416",
22708
+ "name": "Use After Free",
22709
+ "category": "Memory Safety"
22710
+ },
22711
+ {
22712
+ "id": "CWE-434",
22713
+ "name": "Unrestricted Upload of File with Dangerous Type",
22714
+ "category": "File Handling"
22715
+ },
22716
+ {
22717
+ "id": "CWE-672",
22718
+ "name": "Operation on a Resource after Expiration or Release",
22719
+ "category": "Memory Safety"
22720
+ },
22721
+ {
22722
+ "id": "CWE-732",
22723
+ "name": "Incorrect Permission Assignment for Critical Resource",
22724
+ "category": "Authorization"
22725
+ },
22726
+ {
22727
+ "id": "CWE-78",
22728
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
22729
+ "category": "Injection"
22730
+ },
22731
+ {
22732
+ "id": "CWE-787",
22733
+ "name": "Out-of-bounds Write",
22734
+ "category": "Memory Safety"
22735
+ },
22736
+ {
22737
+ "id": "CWE-79",
22738
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
22739
+ "category": "Injection"
22740
+ },
22741
+ {
22742
+ "id": "CWE-798",
22743
+ "name": "Use of Hard-coded Credentials",
22744
+ "category": "Credentials"
22745
+ },
22746
+ {
22747
+ "id": "CWE-89",
22748
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
22749
+ "category": "Injection"
22750
+ },
22751
+ {
22752
+ "id": "CWE-918",
22753
+ "name": "Server-Side Request Forgery (SSRF)",
22754
+ "category": "Network"
22755
+ },
22756
+ {
22757
+ "id": "CWE-94",
22758
+ "name": "Improper Control of Generation of Code (Code Injection)",
22759
+ "category": "Injection"
22760
+ }
22761
+ ],
22762
+ "atlas": [
22763
+ {
22764
+ "id": "AML.T0010",
22765
+ "name": "ML Supply Chain Compromise",
22766
+ "tactic": "Initial Access"
22767
+ },
22768
+ {
22769
+ "id": "AML.T0016",
22770
+ "name": "Obtain Capabilities: Develop Capabilities",
22771
+ "tactic": "Resource Development"
22772
+ },
22773
+ {
22774
+ "id": "AML.T0017",
22775
+ "name": "Discover ML Model Ontology",
22776
+ "tactic": "Discovery"
22777
+ },
22778
+ {
22779
+ "id": "AML.T0018",
22780
+ "name": "Backdoor ML Model",
22781
+ "tactic": "Persistence"
22782
+ },
22783
+ {
22784
+ "id": "AML.T0020",
22785
+ "name": "Poison Training Data",
22786
+ "tactic": "ML Attack Staging"
22787
+ },
22788
+ {
22789
+ "id": "AML.T0043",
22790
+ "name": "Craft Adversarial Data",
22791
+ "tactic": "ML Attack Staging"
22792
+ },
22793
+ {
22794
+ "id": "AML.T0051",
22795
+ "name": "LLM Prompt Injection",
22796
+ "tactic": "Execution"
22797
+ },
22798
+ {
22799
+ "id": "AML.T0054",
22800
+ "name": "LLM Jailbreak",
22801
+ "tactic": "Defense Evasion"
22802
+ },
22803
+ {
22804
+ "id": "AML.T0096",
22805
+ "name": "AI API as Covert C2 Channel",
22806
+ "tactic": "Command and Control"
22807
+ }
22808
+ ],
22809
+ "d3fend": [
22810
+ {
22811
+ "id": "D3-ASLR",
22812
+ "name": "Address Space Layout Randomization",
22813
+ "tactic": "Harden"
22814
+ },
22815
+ {
22816
+ "id": "D3-CA",
22817
+ "name": "Certificate Analysis",
22818
+ "tactic": "Detect"
22819
+ },
22820
+ {
22821
+ "id": "D3-CSPP",
22822
+ "name": "Client-server Payload Profiling",
22823
+ "tactic": "Detect"
22824
+ },
22825
+ {
22826
+ "id": "D3-DA",
22827
+ "name": "Domain Analysis",
22828
+ "tactic": "Detect"
22829
+ },
22830
+ {
22831
+ "id": "D3-EAL",
22832
+ "name": "Executable Allowlisting",
22833
+ "tactic": "Harden"
22834
+ },
22835
+ {
22836
+ "id": "D3-IOPR",
22837
+ "name": "Input/Output Profiling Resource",
22838
+ "tactic": "Detect"
22839
+ },
22840
+ {
22841
+ "id": "D3-NI",
22842
+ "name": "Network Isolation",
22843
+ "tactic": "Isolate"
22844
+ },
22845
+ {
22846
+ "id": "D3-NTA",
22847
+ "name": "Network Traffic Analysis",
22848
+ "tactic": "Detect"
22849
+ },
22850
+ {
22851
+ "id": "D3-NTPM",
22852
+ "name": "Network Traffic Policy Mapping",
22853
+ "tactic": "Model"
22854
+ },
22855
+ {
22856
+ "id": "D3-PHRA",
22857
+ "name": "Process Hardware Resource Access",
22858
+ "tactic": "Isolate"
22859
+ },
22860
+ {
22861
+ "id": "D3-PSEP",
22862
+ "name": "Process Segment Execution Prevention",
22863
+ "tactic": "Harden"
22864
+ }
22865
+ ],
22866
+ "framework_gaps": [
22867
+ {
22868
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
22869
+ "framework": "ALL",
22870
+ "control_name": "AI Pipeline Integrity"
22871
+ },
22872
+ {
22873
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
22874
+ "framework": "ALL",
22875
+ "control_name": "Prompt Injection as Access Control Failure"
22876
+ },
22877
+ {
22878
+ "id": "CIS-Controls-v8-Control7",
22879
+ "framework": "CIS Controls v8",
22880
+ "control_name": "Continuous Vulnerability Management"
22881
+ },
22882
+ {
22883
+ "id": "CMMC-2.0-Level-2",
22884
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
22885
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
22886
+ },
22887
+ {
22888
+ "id": "FedRAMP-Rev5-Moderate",
22889
+ "framework": "FedRAMP Rev 5 Moderate",
22890
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
22891
+ },
22892
+ {
22893
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
22894
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
22895
+ "control_name": "Access control standard (technical safeguards)"
22896
+ },
22897
+ {
22898
+ "id": "IEC-62443-3-3",
22899
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
22900
+ "control_name": "System security requirements and security levels"
22901
+ },
22902
+ {
22903
+ "id": "ISO-27001-2022-A.8.16",
22904
+ "framework": "ISO/IEC 27001:2022",
22905
+ "control_name": "Monitoring activities"
22906
+ },
22907
+ {
22908
+ "id": "ISO-27001-2022-A.8.28",
22909
+ "framework": "ISO/IEC 27001:2022",
22910
+ "control_name": "Secure coding"
22911
+ },
22912
+ {
22913
+ "id": "ISO-27001-2022-A.8.8",
22914
+ "framework": "ISO/IEC 27001:2022",
22915
+ "control_name": "Management of technical vulnerabilities"
22916
+ },
22917
+ {
22918
+ "id": "ISO-IEC-23894-2023-clause-7",
22919
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
22920
+ "control_name": "AI risk management process"
22921
+ },
22922
+ {
22923
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
22924
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
22925
+ "control_name": "AI risk assessment"
22926
+ },
22927
+ {
22928
+ "id": "NERC-CIP-007-6-R4",
22929
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
22930
+ "control_name": "Security event monitoring"
22931
+ },
22932
+ {
22933
+ "id": "NIS2-Art21-patch-management",
22934
+ "framework": "EU NIS2 Directive",
22935
+ "control_name": "Vulnerability handling and disclosure"
22936
+ },
22937
+ {
22938
+ "id": "NIST-800-115",
22939
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
22940
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
22941
+ },
22942
+ {
22943
+ "id": "NIST-800-53-AC-2",
22944
+ "framework": "NIST SP 800-53 Rev 5",
22945
+ "control_name": "Account Management"
22946
+ },
22947
+ {
22948
+ "id": "NIST-800-53-SC-28",
22949
+ "framework": "NIST SP 800-53 Rev 5",
22950
+ "control_name": "Protection of Information at Rest"
22951
+ },
22952
+ {
22953
+ "id": "NIST-800-53-SC-7",
22954
+ "framework": "NIST SP 800-53 Rev 5",
22955
+ "control_name": "Boundary Protection"
22956
+ },
22957
+ {
22958
+ "id": "NIST-800-53-SC-8",
22959
+ "framework": "NIST SP 800-53 Rev 5",
22960
+ "control_name": "Transmission Confidentiality and Integrity"
22961
+ },
22962
+ {
22963
+ "id": "NIST-800-53-SI-2",
22964
+ "framework": "NIST SP 800-53 Rev 5",
22965
+ "control_name": "Flaw Remediation"
22966
+ },
22967
+ {
22968
+ "id": "NIST-800-53-SI-3",
22969
+ "framework": "NIST SP 800-53 Rev 5",
22970
+ "control_name": "Malicious Code Protection"
22971
+ },
22972
+ {
22973
+ "id": "NIST-800-82r3",
22974
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
22975
+ "control_name": "Guide to Operational Technology (OT) Security"
22976
+ },
22977
+ {
22978
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
22979
+ "framework": "OWASP Top 10 for LLM Applications 2025",
22980
+ "control_name": "Prompt Injection"
22981
+ },
22982
+ {
22983
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
22984
+ "framework": "OWASP Top 10 for LLM Applications 2025",
22985
+ "control_name": "Sensitive Information Disclosure"
22986
+ },
22987
+ {
22988
+ "id": "OWASP-Pen-Testing-Guide-v5",
22989
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
22990
+ "control_name": "Web application penetration testing methodology"
22991
+ },
22992
+ {
22993
+ "id": "PCI-DSS-4.0-6.3.3",
22994
+ "framework": "PCI DSS 4.0",
22995
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
22996
+ },
22997
+ {
22998
+ "id": "PTES-Pre-engagement",
22999
+ "framework": "Penetration Testing Execution Standard (PTES)",
23000
+ "control_name": "Pre-engagement Interactions"
23001
+ },
23002
+ {
23003
+ "id": "SOC2-CC6-logical-access",
23004
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
23005
+ "control_name": "Logical and Physical Access Controls"
23006
+ },
23007
+ {
23008
+ "id": "SOC2-CC7-anomaly-detection",
23009
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
23010
+ "control_name": "System Operations — Threat and Vulnerability Management"
23011
+ }
23012
+ ],
23013
+ "attack_refs": [
23014
+ "T0855",
23015
+ "T0883",
23016
+ "T1041",
23017
+ "T1059",
23018
+ "T1068",
23019
+ "T1071",
23020
+ "T1078",
23021
+ "T1102",
23022
+ "T1133",
23023
+ "T1190",
23024
+ "T1213",
23025
+ "T1530",
23026
+ "T1548.001",
23027
+ "T1566",
23028
+ "T1567",
23029
+ "T1568"
23030
+ ],
23031
+ "rfc_refs": [
23032
+ "RFC-4301",
23033
+ "RFC-4303",
23034
+ "RFC-7296",
23035
+ "RFC-8446",
23036
+ "RFC-9000",
23037
+ "RFC-9114",
23038
+ "RFC-9180",
23039
+ "RFC-9421",
23040
+ "RFC-9458"
23041
+ ]
23042
+ }
23043
+ },
21936
23044
  "CVE-2026-41091": {
21937
23045
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
21938
23046
  "rwep": 45,
@@ -48309,6 +49417,7 @@
48309
49417
  "related_cves": [
48310
49418
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
48311
49419
  "CVE-2023-43472",
49420
+ "CVE-2023-48022",
48312
49421
  "CVE-2024-3094",
48313
49422
  "CVE-2024-3154",
48314
49423
  "CVE-2024-50050",
@@ -48329,6 +49438,8 @@
48329
49438
  "CVE-2025-6965",
48330
49439
  "CVE-2026-22252",
48331
49440
  "CVE-2026-22688",
49441
+ "CVE-2026-24206",
49442
+ "CVE-2026-24207",
48332
49443
  "CVE-2026-25592",
48333
49444
  "CVE-2026-26015",
48334
49445
  "CVE-2026-30615",
@@ -48673,6 +49784,7 @@
48673
49784
  },
48674
49785
  "related_cves": [
48675
49786
  "CVE-2023-43472",
49787
+ "CVE-2023-48022",
48676
49788
  "CVE-2024-50050",
48677
49789
  "CVE-2025-0133",
48678
49790
  "CVE-2025-10585",
@@ -48689,6 +49801,8 @@
48689
49801
  "CVE-2025-6965",
48690
49802
  "CVE-2026-22252",
48691
49803
  "CVE-2026-22688",
49804
+ "CVE-2026-24206",
49805
+ "CVE-2026-24207",
48692
49806
  "CVE-2026-25592",
48693
49807
  "CVE-2026-26015",
48694
49808
  "CVE-2026-30616",
@@ -48828,6 +49942,7 @@
48828
49942
  },
48829
49943
  "related_cves": [
48830
49944
  "CVE-2023-43472",
49945
+ "CVE-2023-48022",
48831
49946
  "CVE-2024-50050",
48832
49947
  "CVE-2025-0133",
48833
49948
  "CVE-2025-10585",
@@ -48844,6 +49959,8 @@
48844
49959
  "CVE-2025-6965",
48845
49960
  "CVE-2026-22252",
48846
49961
  "CVE-2026-22688",
49962
+ "CVE-2026-24206",
49963
+ "CVE-2026-24207",
48847
49964
  "CVE-2026-25592",
48848
49965
  "CVE-2026-26015",
48849
49966
  "CVE-2026-30616",
@@ -48997,6 +50114,7 @@
48997
50114
  },
48998
50115
  "related_cves": [
48999
50116
  "CVE-2023-43472",
50117
+ "CVE-2023-48022",
49000
50118
  "CVE-2024-50050",
49001
50119
  "CVE-2025-0133",
49002
50120
  "CVE-2025-10585",
@@ -49013,6 +50131,8 @@
49013
50131
  "CVE-2025-6965",
49014
50132
  "CVE-2026-22252",
49015
50133
  "CVE-2026-22688",
50134
+ "CVE-2026-24206",
50135
+ "CVE-2026-24207",
49016
50136
  "CVE-2026-25592",
49017
50137
  "CVE-2026-26015",
49018
50138
  "CVE-2026-30616",
@@ -49270,6 +50390,7 @@
49270
50390
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
49271
50391
  "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
49272
50392
  "CVE-2023-43472",
50393
+ "CVE-2023-48022",
49273
50394
  "CVE-2024-3094",
49274
50395
  "CVE-2024-3154",
49275
50396
  "CVE-2024-50050",
@@ -49288,6 +50409,8 @@
49288
50409
  "CVE-2026-22252",
49289
50410
  "CVE-2026-22688",
49290
50411
  "CVE-2026-22778",
50412
+ "CVE-2026-24206",
50413
+ "CVE-2026-24207",
49291
50414
  "CVE-2026-25592",
49292
50415
  "CVE-2026-26015",
49293
50416
  "CVE-2026-30615",
@@ -49497,6 +50620,7 @@
49497
50620
  "CVE-2023-39780",
49498
50621
  "CVE-2023-41974",
49499
50622
  "CVE-2023-43000",
50623
+ "CVE-2023-48022",
49500
50624
  "CVE-2023-50224",
49501
50625
  "CVE-2023-52163",
49502
50626
  "CVE-2024-0769",
@@ -49692,6 +50816,8 @@
49692
50816
  "CVE-2026-22769",
49693
50817
  "CVE-2026-23760",
49694
50818
  "CVE-2026-24061",
50819
+ "CVE-2026-24206",
50820
+ "CVE-2026-24207",
49695
50821
  "CVE-2026-2441",
49696
50822
  "CVE-2026-24423",
49697
50823
  "CVE-2026-24858",
@@ -49948,6 +51074,7 @@
49948
51074
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
49949
51075
  "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
49950
51076
  "CVE-2023-43472",
51077
+ "CVE-2023-48022",
49951
51078
  "CVE-2024-3094",
49952
51079
  "CVE-2024-3154",
49953
51080
  "CVE-2024-40635",
@@ -50304,6 +51431,7 @@
50304
51431
  "related_cves": [
50305
51432
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
50306
51433
  "CVE-2023-43472",
51434
+ "CVE-2023-48022",
50307
51435
  "CVE-2024-3094",
50308
51436
  "CVE-2024-3154",
50309
51437
  "CVE-2024-50050",
@@ -50324,6 +51452,8 @@
50324
51452
  "CVE-2025-6965",
50325
51453
  "CVE-2026-22252",
50326
51454
  "CVE-2026-22688",
51455
+ "CVE-2026-24206",
51456
+ "CVE-2026-24207",
50327
51457
  "CVE-2026-25592",
50328
51458
  "CVE-2026-26015",
50329
51459
  "CVE-2026-30615",
@@ -50898,6 +52028,7 @@
50898
52028
  "related_cves": [
50899
52029
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
50900
52030
  "CVE-2023-43472",
52031
+ "CVE-2023-48022",
50901
52032
  "CVE-2024-3094",
50902
52033
  "CVE-2024-3154",
50903
52034
  "CVE-2024-50050",
@@ -50918,6 +52049,8 @@
50918
52049
  "CVE-2025-6965",
50919
52050
  "CVE-2026-22252",
50920
52051
  "CVE-2026-22688",
52052
+ "CVE-2026-24206",
52053
+ "CVE-2026-24207",
50921
52054
  "CVE-2026-25592",
50922
52055
  "CVE-2026-26015",
50923
52056
  "CVE-2026-30615",
@@ -51130,6 +52263,7 @@
51130
52263
  ]
51131
52264
  },
51132
52265
  "related_cves": [
52266
+ "CVE-2023-48022",
51133
52267
  "CVE-2024-3094",
51134
52268
  "CVE-2024-50050",
51135
52269
  "CVE-2025-10585",
@@ -51146,6 +52280,8 @@
51146
52280
  "CVE-2025-60455",
51147
52281
  "CVE-2026-22252",
51148
52282
  "CVE-2026-22688",
52283
+ "CVE-2026-24206",
52284
+ "CVE-2026-24207",
51149
52285
  "CVE-2026-25592",
51150
52286
  "CVE-2026-26015",
51151
52287
  "CVE-2026-30615",
@@ -51788,6 +52924,7 @@
51788
52924
  "related_cves": [
51789
52925
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
51790
52926
  "CVE-2023-43472",
52927
+ "CVE-2023-48022",
51791
52928
  "CVE-2024-3094",
51792
52929
  "CVE-2024-3154",
51793
52930
  "CVE-2024-50050",
@@ -51808,6 +52945,8 @@
51808
52945
  "CVE-2025-6965",
51809
52946
  "CVE-2026-22252",
51810
52947
  "CVE-2026-22688",
52948
+ "CVE-2026-24206",
52949
+ "CVE-2026-24207",
51811
52950
  "CVE-2026-25592",
51812
52951
  "CVE-2026-26015",
51813
52952
  "CVE-2026-30615",
@@ -52022,6 +53161,7 @@
52022
53161
  "CVE-2023-39780",
52023
53162
  "CVE-2023-41974",
52024
53163
  "CVE-2023-43000",
53164
+ "CVE-2023-48022",
52025
53165
  "CVE-2023-50224",
52026
53166
  "CVE-2023-52163",
52027
53167
  "CVE-2024-0769",
@@ -52217,6 +53357,8 @@
52217
53357
  "CVE-2026-22769",
52218
53358
  "CVE-2026-23760",
52219
53359
  "CVE-2026-24061",
53360
+ "CVE-2026-24206",
53361
+ "CVE-2026-24207",
52220
53362
  "CVE-2026-2441",
52221
53363
  "CVE-2026-24423",
52222
53364
  "CVE-2026-24858",
@@ -52437,6 +53579,7 @@
52437
53579
  "CVE-2023-39780",
52438
53580
  "CVE-2023-41974",
52439
53581
  "CVE-2023-43000",
53582
+ "CVE-2023-48022",
52440
53583
  "CVE-2023-50224",
52441
53584
  "CVE-2023-52163",
52442
53585
  "CVE-2024-0769",
@@ -52632,6 +53775,8 @@
52632
53775
  "CVE-2026-22769",
52633
53776
  "CVE-2026-23760",
52634
53777
  "CVE-2026-24061",
53778
+ "CVE-2026-24206",
53779
+ "CVE-2026-24207",
52635
53780
  "CVE-2026-2441",
52636
53781
  "CVE-2026-24423",
52637
53782
  "CVE-2026-24858",
@@ -52885,6 +54030,7 @@
52885
54030
  "related_cves": [
52886
54031
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
52887
54032
  "CVE-2023-43472",
54033
+ "CVE-2023-48022",
52888
54034
  "CVE-2024-3094",
52889
54035
  "CVE-2024-3154",
52890
54036
  "CVE-2024-50050",
@@ -52905,6 +54051,8 @@
52905
54051
  "CVE-2025-6965",
52906
54052
  "CVE-2026-22252",
52907
54053
  "CVE-2026-22688",
54054
+ "CVE-2026-24206",
54055
+ "CVE-2026-24207",
52908
54056
  "CVE-2026-25592",
52909
54057
  "CVE-2026-26015",
52910
54058
  "CVE-2026-30615",
@@ -53671,6 +54819,7 @@
53671
54819
  "CVE-2023-39780",
53672
54820
  "CVE-2023-41974",
53673
54821
  "CVE-2023-43000",
54822
+ "CVE-2023-48022",
53674
54823
  "CVE-2023-50224",
53675
54824
  "CVE-2023-52163",
53676
54825
  "CVE-2024-0769",
@@ -53866,6 +55015,8 @@
53866
55015
  "CVE-2026-22769",
53867
55016
  "CVE-2026-23760",
53868
55017
  "CVE-2026-24061",
55018
+ "CVE-2026-24206",
55019
+ "CVE-2026-24207",
53869
55020
  "CVE-2026-2441",
53870
55021
  "CVE-2026-24423",
53871
55022
  "CVE-2026-24858",
@@ -54183,6 +55334,7 @@
54183
55334
  "related_cves": [
54184
55335
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
54185
55336
  "CVE-2023-43472",
55337
+ "CVE-2023-48022",
54186
55338
  "CVE-2024-3094",
54187
55339
  "CVE-2024-3154",
54188
55340
  "CVE-2024-50050",
@@ -54203,6 +55355,8 @@
54203
55355
  "CVE-2025-6965",
54204
55356
  "CVE-2026-22252",
54205
55357
  "CVE-2026-22688",
55358
+ "CVE-2026-24206",
55359
+ "CVE-2026-24207",
54206
55360
  "CVE-2026-25592",
54207
55361
  "CVE-2026-26015",
54208
55362
  "CVE-2026-30615",
@@ -54495,6 +55649,7 @@
54495
55649
  "CVE-2023-41974",
54496
55650
  "CVE-2023-43000",
54497
55651
  "CVE-2023-43472",
55652
+ "CVE-2023-48022",
54498
55653
  "CVE-2023-50224",
54499
55654
  "CVE-2023-52163",
54500
55655
  "CVE-2024-0769",
@@ -54695,6 +55850,8 @@
54695
55850
  "CVE-2026-22769",
54696
55851
  "CVE-2026-23760",
54697
55852
  "CVE-2026-24061",
55853
+ "CVE-2026-24206",
55854
+ "CVE-2026-24207",
54698
55855
  "CVE-2026-2441",
54699
55856
  "CVE-2026-24423",
54700
55857
  "CVE-2026-24858",
@@ -55026,6 +56183,7 @@
55026
56183
  },
55027
56184
  "related_cves": [
55028
56185
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
56186
+ "CVE-2023-48022",
55029
56187
  "CVE-2024-3094",
55030
56188
  "CVE-2024-3154",
55031
56189
  "CVE-2024-50050",
@@ -55044,6 +56202,8 @@
55044
56202
  "CVE-2025-60455",
55045
56203
  "CVE-2026-22252",
55046
56204
  "CVE-2026-22688",
56205
+ "CVE-2026-24206",
56206
+ "CVE-2026-24207",
55047
56207
  "CVE-2026-25592",
55048
56208
  "CVE-2026-26015",
55049
56209
  "CVE-2026-30615",
@@ -55955,6 +57115,7 @@
55955
57115
  "related_cves": [
55956
57116
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
55957
57117
  "CVE-2023-43472",
57118
+ "CVE-2023-48022",
55958
57119
  "CVE-2024-3094",
55959
57120
  "CVE-2024-3154",
55960
57121
  "CVE-2024-50050",
@@ -55975,6 +57136,8 @@
55975
57136
  "CVE-2025-6965",
55976
57137
  "CVE-2026-22252",
55977
57138
  "CVE-2026-22688",
57139
+ "CVE-2026-24206",
57140
+ "CVE-2026-24207",
55978
57141
  "CVE-2026-25592",
55979
57142
  "CVE-2026-26015",
55980
57143
  "CVE-2026-30615",
@@ -56048,6 +57211,7 @@
56048
57211
  "rfc_refs": []
56049
57212
  },
56050
57213
  "related_cves": [
57214
+ "CVE-2023-48022",
56051
57215
  "CVE-2024-50050",
56052
57216
  "CVE-2025-10585",
56053
57217
  "CVE-2025-1094",
@@ -56062,6 +57226,8 @@
56062
57226
  "CVE-2025-60455",
56063
57227
  "CVE-2026-22252",
56064
57228
  "CVE-2026-22688",
57229
+ "CVE-2026-24206",
57230
+ "CVE-2026-24207",
56065
57231
  "CVE-2026-25592",
56066
57232
  "CVE-2026-26015",
56067
57233
  "CVE-2026-30616",
@@ -56211,6 +57377,7 @@
56211
57377
  "related_cves": [
56212
57378
  "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
56213
57379
  "CVE-2023-43472",
57380
+ "CVE-2023-48022",
56214
57381
  "CVE-2024-50050",
56215
57382
  "CVE-2025-0133",
56216
57383
  "CVE-2025-1094",
@@ -56226,6 +57393,8 @@
56226
57393
  "CVE-2026-22252",
56227
57394
  "CVE-2026-22688",
56228
57395
  "CVE-2026-22778",
57396
+ "CVE-2026-24206",
57397
+ "CVE-2026-24207",
56229
57398
  "CVE-2026-25592",
56230
57399
  "CVE-2026-26015",
56231
57400
  "CVE-2026-30616",
@@ -57064,6 +58233,7 @@
57064
58233
  "related_cves": [
57065
58234
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
57066
58235
  "CVE-2023-43472",
58236
+ "CVE-2023-48022",
57067
58237
  "CVE-2024-3094",
57068
58238
  "CVE-2024-3154",
57069
58239
  "CVE-2024-50050",
@@ -57084,6 +58254,8 @@
57084
58254
  "CVE-2025-6965",
57085
58255
  "CVE-2026-22252",
57086
58256
  "CVE-2026-22688",
58257
+ "CVE-2026-24206",
58258
+ "CVE-2026-24207",
57087
58259
  "CVE-2026-25592",
57088
58260
  "CVE-2026-26015",
57089
58261
  "CVE-2026-30615",
@@ -57350,6 +58522,7 @@
57350
58522
  "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
57351
58523
  "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
57352
58524
  "CVE-2023-43472",
58525
+ "CVE-2023-48022",
57353
58526
  "CVE-2024-3094",
57354
58527
  "CVE-2024-40635",
57355
58528
  "CVE-2024-50050",
@@ -57370,6 +58543,8 @@
57370
58543
  "CVE-2026-22252",
57371
58544
  "CVE-2026-22688",
57372
58545
  "CVE-2026-22778",
58546
+ "CVE-2026-24206",
58547
+ "CVE-2026-24207",
57373
58548
  "CVE-2026-25592",
57374
58549
  "CVE-2026-26015",
57375
58550
  "CVE-2026-30615",