@blamejs/exceptd-skills 0.13.79 → 0.13.80
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +439 -0
- package/data/atlas-ttps.json +16 -4
- package/data/attack-techniques.json +3 -0
- package/data/cve-catalog.json +112 -0
- package/data/cwe-catalog.json +2 -0
- package/data/framework-control-gaps.json +8 -0
- package/data/zeroday-lessons.json +50 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.13.80 — 2026-05-25
|
|
4
|
+
|
|
5
|
+
CVE catalog — ShadowRay (CVE-2023-48022). Adds Anyscale Ray's unauthenticated Job Submission / Dashboard API remote code execution, the landmark case for prioritizing on real-world exploitation rather than CVSS or KEV alone. NVD marks the CVE disputed — the vendor frames the open Job API as intended for trusted networks — so it carries no code patch and is not on the CISA KEV catalog. Yet it is exploited at scale: Oligo's ShadowRay 2.0 campaign turned roughly 230,000 internet-exposed Ray clusters into crypto-mining botnets and exfiltrated model weights and cloud credentials. It therefore scores RWEP 68 (high) on confirmed active exploitation plus broad blast radius with no patch credit. The entry maps real MITRE ATLAS techniques (AML.T0049 / T0034 / T0035 / T0025) and ATT&CK T1190 / T1059 / T1496, and its zero-day lesson names the "controlled network is a security control" theater pattern, with a control requiring the AI compute control plane to authenticate every caller (Ray token auth, no untrusted-network exposure). Mitigation is configuration, not a patch. CVE count 339 → 340.
|
|
6
|
+
|
|
3
7
|
## 0.13.79 — 2026-05-25
|
|
4
8
|
|
|
5
9
|
CVE catalog — NVIDIA Triton Inference Server authentication bypass. Adds the two CWE-288 authentication-bypass CVEs from NVIDIA's May 2026 Triton bulletin: **CVE-2026-24207** and **CVE-2026-24206**, both NIST CVSS 9.8 and reachable unauthenticated over the network against one of the most widely deployed AI inference servers. A successful bypass reaches Triton's model control plane (model load/unload, repository management) without credentials. Fixed in r26.03. NVD enriched CVE-2026-24206 to 9.8 while NVIDIA scored it 7.3 — the entry stores the NVD primary and records the dispute. Their shared zero-day lesson adds a control requiring inference-server authentication to be proven complete across every request path, not assumed from the primary API. CVE count 337 → 339.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,21 +1,21 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-25T17:04:07.332Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
8
|
-
"data/atlas-ttps.json": "
|
|
9
|
-
"data/attack-techniques.json": "
|
|
10
|
-
"data/cve-catalog.json": "
|
|
11
|
-
"data/cwe-catalog.json": "
|
|
7
|
+
"manifest.json": "b34aa1f8554be5f81cc63b5b231a03b01163012f1a6156f44ce593225a4a0e2d",
|
|
8
|
+
"data/atlas-ttps.json": "9722cfa6587b374ab30f88dff3b81e113634ee98e95a0e5f0a99bf1fdb92db9d",
|
|
9
|
+
"data/attack-techniques.json": "517af0c37d407f58ea1834700ce89035850658c5a50dde69b4539d3de0418d77",
|
|
10
|
+
"data/cve-catalog.json": "64af054577e87060c32c2796d749614161680194fd81024a2d8c9399bf93b23c",
|
|
11
|
+
"data/cwe-catalog.json": "6e31090396ce1102fcb87c3691563c926eadf63068549d931d0579cd2361f289",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
14
14
|
"data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
|
|
15
|
-
"data/framework-control-gaps.json": "
|
|
15
|
+
"data/framework-control-gaps.json": "d46d49d52ec73dc7d08b49b1b0a69abe36cbb409368ee17c64aa0f1c4bf9017f",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
|
|
18
|
-
"data/zeroday-lessons.json": "
|
|
18
|
+
"data/zeroday-lessons.json": "6c3223be1ceeac535a4022f9fe7e4a66cb8e50eaecb8a0523bc156130b2cf7a3",
|
|
19
19
|
"skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
|
|
20
20
|
"skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
|
|
21
21
|
"skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
|
|
@@ -72,7 +72,7 @@
|
|
|
72
72
|
"dlp_refs": 0
|
|
73
73
|
},
|
|
74
74
|
"trigger_table_entries": 538,
|
|
75
|
-
"chains_cve_entries":
|
|
75
|
+
"chains_cve_entries": 329,
|
|
76
76
|
"chains_cwe_entries": 171,
|
|
77
77
|
"jurisdictions_indexed": 29,
|
|
78
78
|
"handoff_dag_nodes": 42,
|
|
@@ -149,7 +149,7 @@
|
|
|
149
149
|
"artifact": "data/cve-catalog.json",
|
|
150
150
|
"path": "data/cve-catalog.json",
|
|
151
151
|
"schema_version": "1.0.0",
|
|
152
|
-
"entry_count":
|
|
152
|
+
"entry_count": 340
|
|
153
153
|
},
|
|
154
154
|
{
|
|
155
155
|
"date": "2026-05-18",
|
|
@@ -165,7 +165,7 @@
|
|
|
165
165
|
"artifact": "data/zeroday-lessons.json",
|
|
166
166
|
"path": "data/zeroday-lessons.json",
|
|
167
167
|
"schema_version": "1.1.0",
|
|
168
|
-
"entry_count":
|
|
168
|
+
"entry_count": 335
|
|
169
169
|
},
|
|
170
170
|
{
|
|
171
171
|
"date": "2026-05-17",
|
|
@@ -62,7 +62,7 @@
|
|
|
62
62
|
"rebuild_after_days": 365,
|
|
63
63
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
64
64
|
},
|
|
65
|
-
"entry_count":
|
|
65
|
+
"entry_count": 340,
|
|
66
66
|
"sample_keys": [
|
|
67
67
|
"CVE-2025-53773",
|
|
68
68
|
"CVE-2026-30615",
|
|
@@ -238,7 +238,7 @@
|
|
|
238
238
|
"rebuild_after_days": 365,
|
|
239
239
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
240
240
|
},
|
|
241
|
-
"entry_count":
|
|
241
|
+
"entry_count": 335,
|
|
242
242
|
"sample_keys": [
|
|
243
243
|
"CVE-2026-31431",
|
|
244
244
|
"CVE-2025-53773",
|
|
@@ -22625,6 +22625,422 @@
|
|
|
22625
22625
|
]
|
|
22626
22626
|
}
|
|
22627
22627
|
},
|
|
22628
|
+
"CVE-2023-48022": {
|
|
22629
|
+
"name": "Anyscale Ray Job Submission API Unauthenticated RCE (ShadowRay)",
|
|
22630
|
+
"rwep": 68,
|
|
22631
|
+
"cvss": 9.8,
|
|
22632
|
+
"cisa_kev": false,
|
|
22633
|
+
"epss_score": null,
|
|
22634
|
+
"referencing_skills": [
|
|
22635
|
+
"kernel-lpe-triage",
|
|
22636
|
+
"ai-attack-surface",
|
|
22637
|
+
"compliance-theater",
|
|
22638
|
+
"ai-c2-detection",
|
|
22639
|
+
"attack-surface-pentest",
|
|
22640
|
+
"dlp-gap-analysis",
|
|
22641
|
+
"ot-ics-security",
|
|
22642
|
+
"sector-energy"
|
|
22643
|
+
],
|
|
22644
|
+
"chain": {
|
|
22645
|
+
"cwes": [
|
|
22646
|
+
{
|
|
22647
|
+
"id": "CWE-1037",
|
|
22648
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
22649
|
+
"category": "Hardware / Side Channel"
|
|
22650
|
+
},
|
|
22651
|
+
{
|
|
22652
|
+
"id": "CWE-1039",
|
|
22653
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
22654
|
+
"category": "AI/ML"
|
|
22655
|
+
},
|
|
22656
|
+
{
|
|
22657
|
+
"id": "CWE-125",
|
|
22658
|
+
"name": "Out-of-bounds Read",
|
|
22659
|
+
"category": "Memory Safety"
|
|
22660
|
+
},
|
|
22661
|
+
{
|
|
22662
|
+
"id": "CWE-1395",
|
|
22663
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
22664
|
+
"category": "Supply Chain"
|
|
22665
|
+
},
|
|
22666
|
+
{
|
|
22667
|
+
"id": "CWE-1426",
|
|
22668
|
+
"name": "Improper Validation of Generative AI Output",
|
|
22669
|
+
"category": "AI/ML"
|
|
22670
|
+
},
|
|
22671
|
+
{
|
|
22672
|
+
"id": "CWE-200",
|
|
22673
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
22674
|
+
"category": "Information Exposure"
|
|
22675
|
+
},
|
|
22676
|
+
{
|
|
22677
|
+
"id": "CWE-22",
|
|
22678
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
22679
|
+
"category": "Path/Resource"
|
|
22680
|
+
},
|
|
22681
|
+
{
|
|
22682
|
+
"id": "CWE-269",
|
|
22683
|
+
"name": "Improper Privilege Management",
|
|
22684
|
+
"category": "Authorization"
|
|
22685
|
+
},
|
|
22686
|
+
{
|
|
22687
|
+
"id": "CWE-287",
|
|
22688
|
+
"name": "Improper Authentication",
|
|
22689
|
+
"category": "Authentication"
|
|
22690
|
+
},
|
|
22691
|
+
{
|
|
22692
|
+
"id": "CWE-306",
|
|
22693
|
+
"name": "Missing Authentication for Critical Function",
|
|
22694
|
+
"category": "Authentication"
|
|
22695
|
+
},
|
|
22696
|
+
{
|
|
22697
|
+
"id": "CWE-352",
|
|
22698
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
22699
|
+
"category": "Session"
|
|
22700
|
+
},
|
|
22701
|
+
{
|
|
22702
|
+
"id": "CWE-362",
|
|
22703
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
22704
|
+
"category": "Concurrency"
|
|
22705
|
+
},
|
|
22706
|
+
{
|
|
22707
|
+
"id": "CWE-416",
|
|
22708
|
+
"name": "Use After Free",
|
|
22709
|
+
"category": "Memory Safety"
|
|
22710
|
+
},
|
|
22711
|
+
{
|
|
22712
|
+
"id": "CWE-434",
|
|
22713
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
22714
|
+
"category": "File Handling"
|
|
22715
|
+
},
|
|
22716
|
+
{
|
|
22717
|
+
"id": "CWE-672",
|
|
22718
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
22719
|
+
"category": "Memory Safety"
|
|
22720
|
+
},
|
|
22721
|
+
{
|
|
22722
|
+
"id": "CWE-732",
|
|
22723
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
22724
|
+
"category": "Authorization"
|
|
22725
|
+
},
|
|
22726
|
+
{
|
|
22727
|
+
"id": "CWE-78",
|
|
22728
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
22729
|
+
"category": "Injection"
|
|
22730
|
+
},
|
|
22731
|
+
{
|
|
22732
|
+
"id": "CWE-787",
|
|
22733
|
+
"name": "Out-of-bounds Write",
|
|
22734
|
+
"category": "Memory Safety"
|
|
22735
|
+
},
|
|
22736
|
+
{
|
|
22737
|
+
"id": "CWE-79",
|
|
22738
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
22739
|
+
"category": "Injection"
|
|
22740
|
+
},
|
|
22741
|
+
{
|
|
22742
|
+
"id": "CWE-798",
|
|
22743
|
+
"name": "Use of Hard-coded Credentials",
|
|
22744
|
+
"category": "Credentials"
|
|
22745
|
+
},
|
|
22746
|
+
{
|
|
22747
|
+
"id": "CWE-89",
|
|
22748
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
22749
|
+
"category": "Injection"
|
|
22750
|
+
},
|
|
22751
|
+
{
|
|
22752
|
+
"id": "CWE-918",
|
|
22753
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
22754
|
+
"category": "Network"
|
|
22755
|
+
},
|
|
22756
|
+
{
|
|
22757
|
+
"id": "CWE-94",
|
|
22758
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
22759
|
+
"category": "Injection"
|
|
22760
|
+
}
|
|
22761
|
+
],
|
|
22762
|
+
"atlas": [
|
|
22763
|
+
{
|
|
22764
|
+
"id": "AML.T0010",
|
|
22765
|
+
"name": "ML Supply Chain Compromise",
|
|
22766
|
+
"tactic": "Initial Access"
|
|
22767
|
+
},
|
|
22768
|
+
{
|
|
22769
|
+
"id": "AML.T0016",
|
|
22770
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
22771
|
+
"tactic": "Resource Development"
|
|
22772
|
+
},
|
|
22773
|
+
{
|
|
22774
|
+
"id": "AML.T0017",
|
|
22775
|
+
"name": "Discover ML Model Ontology",
|
|
22776
|
+
"tactic": "Discovery"
|
|
22777
|
+
},
|
|
22778
|
+
{
|
|
22779
|
+
"id": "AML.T0018",
|
|
22780
|
+
"name": "Backdoor ML Model",
|
|
22781
|
+
"tactic": "Persistence"
|
|
22782
|
+
},
|
|
22783
|
+
{
|
|
22784
|
+
"id": "AML.T0020",
|
|
22785
|
+
"name": "Poison Training Data",
|
|
22786
|
+
"tactic": "ML Attack Staging"
|
|
22787
|
+
},
|
|
22788
|
+
{
|
|
22789
|
+
"id": "AML.T0043",
|
|
22790
|
+
"name": "Craft Adversarial Data",
|
|
22791
|
+
"tactic": "ML Attack Staging"
|
|
22792
|
+
},
|
|
22793
|
+
{
|
|
22794
|
+
"id": "AML.T0051",
|
|
22795
|
+
"name": "LLM Prompt Injection",
|
|
22796
|
+
"tactic": "Execution"
|
|
22797
|
+
},
|
|
22798
|
+
{
|
|
22799
|
+
"id": "AML.T0054",
|
|
22800
|
+
"name": "LLM Jailbreak",
|
|
22801
|
+
"tactic": "Defense Evasion"
|
|
22802
|
+
},
|
|
22803
|
+
{
|
|
22804
|
+
"id": "AML.T0096",
|
|
22805
|
+
"name": "AI API as Covert C2 Channel",
|
|
22806
|
+
"tactic": "Command and Control"
|
|
22807
|
+
}
|
|
22808
|
+
],
|
|
22809
|
+
"d3fend": [
|
|
22810
|
+
{
|
|
22811
|
+
"id": "D3-ASLR",
|
|
22812
|
+
"name": "Address Space Layout Randomization",
|
|
22813
|
+
"tactic": "Harden"
|
|
22814
|
+
},
|
|
22815
|
+
{
|
|
22816
|
+
"id": "D3-CA",
|
|
22817
|
+
"name": "Certificate Analysis",
|
|
22818
|
+
"tactic": "Detect"
|
|
22819
|
+
},
|
|
22820
|
+
{
|
|
22821
|
+
"id": "D3-CSPP",
|
|
22822
|
+
"name": "Client-server Payload Profiling",
|
|
22823
|
+
"tactic": "Detect"
|
|
22824
|
+
},
|
|
22825
|
+
{
|
|
22826
|
+
"id": "D3-DA",
|
|
22827
|
+
"name": "Domain Analysis",
|
|
22828
|
+
"tactic": "Detect"
|
|
22829
|
+
},
|
|
22830
|
+
{
|
|
22831
|
+
"id": "D3-EAL",
|
|
22832
|
+
"name": "Executable Allowlisting",
|
|
22833
|
+
"tactic": "Harden"
|
|
22834
|
+
},
|
|
22835
|
+
{
|
|
22836
|
+
"id": "D3-IOPR",
|
|
22837
|
+
"name": "Input/Output Profiling Resource",
|
|
22838
|
+
"tactic": "Detect"
|
|
22839
|
+
},
|
|
22840
|
+
{
|
|
22841
|
+
"id": "D3-NI",
|
|
22842
|
+
"name": "Network Isolation",
|
|
22843
|
+
"tactic": "Isolate"
|
|
22844
|
+
},
|
|
22845
|
+
{
|
|
22846
|
+
"id": "D3-NTA",
|
|
22847
|
+
"name": "Network Traffic Analysis",
|
|
22848
|
+
"tactic": "Detect"
|
|
22849
|
+
},
|
|
22850
|
+
{
|
|
22851
|
+
"id": "D3-NTPM",
|
|
22852
|
+
"name": "Network Traffic Policy Mapping",
|
|
22853
|
+
"tactic": "Model"
|
|
22854
|
+
},
|
|
22855
|
+
{
|
|
22856
|
+
"id": "D3-PHRA",
|
|
22857
|
+
"name": "Process Hardware Resource Access",
|
|
22858
|
+
"tactic": "Isolate"
|
|
22859
|
+
},
|
|
22860
|
+
{
|
|
22861
|
+
"id": "D3-PSEP",
|
|
22862
|
+
"name": "Process Segment Execution Prevention",
|
|
22863
|
+
"tactic": "Harden"
|
|
22864
|
+
}
|
|
22865
|
+
],
|
|
22866
|
+
"framework_gaps": [
|
|
22867
|
+
{
|
|
22868
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
22869
|
+
"framework": "ALL",
|
|
22870
|
+
"control_name": "AI Pipeline Integrity"
|
|
22871
|
+
},
|
|
22872
|
+
{
|
|
22873
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
22874
|
+
"framework": "ALL",
|
|
22875
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
22876
|
+
},
|
|
22877
|
+
{
|
|
22878
|
+
"id": "CIS-Controls-v8-Control7",
|
|
22879
|
+
"framework": "CIS Controls v8",
|
|
22880
|
+
"control_name": "Continuous Vulnerability Management"
|
|
22881
|
+
},
|
|
22882
|
+
{
|
|
22883
|
+
"id": "CMMC-2.0-Level-2",
|
|
22884
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
22885
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
22886
|
+
},
|
|
22887
|
+
{
|
|
22888
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
22889
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
22890
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
22891
|
+
},
|
|
22892
|
+
{
|
|
22893
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
22894
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
22895
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
22896
|
+
},
|
|
22897
|
+
{
|
|
22898
|
+
"id": "IEC-62443-3-3",
|
|
22899
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
22900
|
+
"control_name": "System security requirements and security levels"
|
|
22901
|
+
},
|
|
22902
|
+
{
|
|
22903
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
22904
|
+
"framework": "ISO/IEC 27001:2022",
|
|
22905
|
+
"control_name": "Monitoring activities"
|
|
22906
|
+
},
|
|
22907
|
+
{
|
|
22908
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
22909
|
+
"framework": "ISO/IEC 27001:2022",
|
|
22910
|
+
"control_name": "Secure coding"
|
|
22911
|
+
},
|
|
22912
|
+
{
|
|
22913
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
22914
|
+
"framework": "ISO/IEC 27001:2022",
|
|
22915
|
+
"control_name": "Management of technical vulnerabilities"
|
|
22916
|
+
},
|
|
22917
|
+
{
|
|
22918
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
22919
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
22920
|
+
"control_name": "AI risk management process"
|
|
22921
|
+
},
|
|
22922
|
+
{
|
|
22923
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
22924
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
22925
|
+
"control_name": "AI risk assessment"
|
|
22926
|
+
},
|
|
22927
|
+
{
|
|
22928
|
+
"id": "NERC-CIP-007-6-R4",
|
|
22929
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
22930
|
+
"control_name": "Security event monitoring"
|
|
22931
|
+
},
|
|
22932
|
+
{
|
|
22933
|
+
"id": "NIS2-Art21-patch-management",
|
|
22934
|
+
"framework": "EU NIS2 Directive",
|
|
22935
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
22936
|
+
},
|
|
22937
|
+
{
|
|
22938
|
+
"id": "NIST-800-115",
|
|
22939
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
22940
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
22941
|
+
},
|
|
22942
|
+
{
|
|
22943
|
+
"id": "NIST-800-53-AC-2",
|
|
22944
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
22945
|
+
"control_name": "Account Management"
|
|
22946
|
+
},
|
|
22947
|
+
{
|
|
22948
|
+
"id": "NIST-800-53-SC-28",
|
|
22949
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
22950
|
+
"control_name": "Protection of Information at Rest"
|
|
22951
|
+
},
|
|
22952
|
+
{
|
|
22953
|
+
"id": "NIST-800-53-SC-7",
|
|
22954
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
22955
|
+
"control_name": "Boundary Protection"
|
|
22956
|
+
},
|
|
22957
|
+
{
|
|
22958
|
+
"id": "NIST-800-53-SC-8",
|
|
22959
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
22960
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
22961
|
+
},
|
|
22962
|
+
{
|
|
22963
|
+
"id": "NIST-800-53-SI-2",
|
|
22964
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
22965
|
+
"control_name": "Flaw Remediation"
|
|
22966
|
+
},
|
|
22967
|
+
{
|
|
22968
|
+
"id": "NIST-800-53-SI-3",
|
|
22969
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
22970
|
+
"control_name": "Malicious Code Protection"
|
|
22971
|
+
},
|
|
22972
|
+
{
|
|
22973
|
+
"id": "NIST-800-82r3",
|
|
22974
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
22975
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
22976
|
+
},
|
|
22977
|
+
{
|
|
22978
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
22979
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
22980
|
+
"control_name": "Prompt Injection"
|
|
22981
|
+
},
|
|
22982
|
+
{
|
|
22983
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
22984
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
22985
|
+
"control_name": "Sensitive Information Disclosure"
|
|
22986
|
+
},
|
|
22987
|
+
{
|
|
22988
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
22989
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
22990
|
+
"control_name": "Web application penetration testing methodology"
|
|
22991
|
+
},
|
|
22992
|
+
{
|
|
22993
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
22994
|
+
"framework": "PCI DSS 4.0",
|
|
22995
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
22996
|
+
},
|
|
22997
|
+
{
|
|
22998
|
+
"id": "PTES-Pre-engagement",
|
|
22999
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
23000
|
+
"control_name": "Pre-engagement Interactions"
|
|
23001
|
+
},
|
|
23002
|
+
{
|
|
23003
|
+
"id": "SOC2-CC6-logical-access",
|
|
23004
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
23005
|
+
"control_name": "Logical and Physical Access Controls"
|
|
23006
|
+
},
|
|
23007
|
+
{
|
|
23008
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
23009
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
23010
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
23011
|
+
}
|
|
23012
|
+
],
|
|
23013
|
+
"attack_refs": [
|
|
23014
|
+
"T0855",
|
|
23015
|
+
"T0883",
|
|
23016
|
+
"T1041",
|
|
23017
|
+
"T1059",
|
|
23018
|
+
"T1068",
|
|
23019
|
+
"T1071",
|
|
23020
|
+
"T1078",
|
|
23021
|
+
"T1102",
|
|
23022
|
+
"T1133",
|
|
23023
|
+
"T1190",
|
|
23024
|
+
"T1213",
|
|
23025
|
+
"T1530",
|
|
23026
|
+
"T1548.001",
|
|
23027
|
+
"T1566",
|
|
23028
|
+
"T1567",
|
|
23029
|
+
"T1568"
|
|
23030
|
+
],
|
|
23031
|
+
"rfc_refs": [
|
|
23032
|
+
"RFC-4301",
|
|
23033
|
+
"RFC-4303",
|
|
23034
|
+
"RFC-7296",
|
|
23035
|
+
"RFC-8446",
|
|
23036
|
+
"RFC-9000",
|
|
23037
|
+
"RFC-9114",
|
|
23038
|
+
"RFC-9180",
|
|
23039
|
+
"RFC-9421",
|
|
23040
|
+
"RFC-9458"
|
|
23041
|
+
]
|
|
23042
|
+
}
|
|
23043
|
+
},
|
|
22628
23044
|
"CVE-2026-41091": {
|
|
22629
23045
|
"name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
|
|
22630
23046
|
"rwep": 45,
|
|
@@ -49001,6 +49417,7 @@
|
|
|
49001
49417
|
"related_cves": [
|
|
49002
49418
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
49003
49419
|
"CVE-2023-43472",
|
|
49420
|
+
"CVE-2023-48022",
|
|
49004
49421
|
"CVE-2024-3094",
|
|
49005
49422
|
"CVE-2024-3154",
|
|
49006
49423
|
"CVE-2024-50050",
|
|
@@ -49367,6 +49784,7 @@
|
|
|
49367
49784
|
},
|
|
49368
49785
|
"related_cves": [
|
|
49369
49786
|
"CVE-2023-43472",
|
|
49787
|
+
"CVE-2023-48022",
|
|
49370
49788
|
"CVE-2024-50050",
|
|
49371
49789
|
"CVE-2025-0133",
|
|
49372
49790
|
"CVE-2025-10585",
|
|
@@ -49524,6 +49942,7 @@
|
|
|
49524
49942
|
},
|
|
49525
49943
|
"related_cves": [
|
|
49526
49944
|
"CVE-2023-43472",
|
|
49945
|
+
"CVE-2023-48022",
|
|
49527
49946
|
"CVE-2024-50050",
|
|
49528
49947
|
"CVE-2025-0133",
|
|
49529
49948
|
"CVE-2025-10585",
|
|
@@ -49695,6 +50114,7 @@
|
|
|
49695
50114
|
},
|
|
49696
50115
|
"related_cves": [
|
|
49697
50116
|
"CVE-2023-43472",
|
|
50117
|
+
"CVE-2023-48022",
|
|
49698
50118
|
"CVE-2024-50050",
|
|
49699
50119
|
"CVE-2025-0133",
|
|
49700
50120
|
"CVE-2025-10585",
|
|
@@ -49970,6 +50390,7 @@
|
|
|
49970
50390
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
49971
50391
|
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
49972
50392
|
"CVE-2023-43472",
|
|
50393
|
+
"CVE-2023-48022",
|
|
49973
50394
|
"CVE-2024-3094",
|
|
49974
50395
|
"CVE-2024-3154",
|
|
49975
50396
|
"CVE-2024-50050",
|
|
@@ -50199,6 +50620,7 @@
|
|
|
50199
50620
|
"CVE-2023-39780",
|
|
50200
50621
|
"CVE-2023-41974",
|
|
50201
50622
|
"CVE-2023-43000",
|
|
50623
|
+
"CVE-2023-48022",
|
|
50202
50624
|
"CVE-2023-50224",
|
|
50203
50625
|
"CVE-2023-52163",
|
|
50204
50626
|
"CVE-2024-0769",
|
|
@@ -50652,6 +51074,7 @@
|
|
|
50652
51074
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
50653
51075
|
"BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
|
|
50654
51076
|
"CVE-2023-43472",
|
|
51077
|
+
"CVE-2023-48022",
|
|
50655
51078
|
"CVE-2024-3094",
|
|
50656
51079
|
"CVE-2024-3154",
|
|
50657
51080
|
"CVE-2024-40635",
|
|
@@ -51008,6 +51431,7 @@
|
|
|
51008
51431
|
"related_cves": [
|
|
51009
51432
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
51010
51433
|
"CVE-2023-43472",
|
|
51434
|
+
"CVE-2023-48022",
|
|
51011
51435
|
"CVE-2024-3094",
|
|
51012
51436
|
"CVE-2024-3154",
|
|
51013
51437
|
"CVE-2024-50050",
|
|
@@ -51604,6 +52028,7 @@
|
|
|
51604
52028
|
"related_cves": [
|
|
51605
52029
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
51606
52030
|
"CVE-2023-43472",
|
|
52031
|
+
"CVE-2023-48022",
|
|
51607
52032
|
"CVE-2024-3094",
|
|
51608
52033
|
"CVE-2024-3154",
|
|
51609
52034
|
"CVE-2024-50050",
|
|
@@ -51838,6 +52263,7 @@
|
|
|
51838
52263
|
]
|
|
51839
52264
|
},
|
|
51840
52265
|
"related_cves": [
|
|
52266
|
+
"CVE-2023-48022",
|
|
51841
52267
|
"CVE-2024-3094",
|
|
51842
52268
|
"CVE-2024-50050",
|
|
51843
52269
|
"CVE-2025-10585",
|
|
@@ -52498,6 +52924,7 @@
|
|
|
52498
52924
|
"related_cves": [
|
|
52499
52925
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
52500
52926
|
"CVE-2023-43472",
|
|
52927
|
+
"CVE-2023-48022",
|
|
52501
52928
|
"CVE-2024-3094",
|
|
52502
52929
|
"CVE-2024-3154",
|
|
52503
52930
|
"CVE-2024-50050",
|
|
@@ -52734,6 +53161,7 @@
|
|
|
52734
53161
|
"CVE-2023-39780",
|
|
52735
53162
|
"CVE-2023-41974",
|
|
52736
53163
|
"CVE-2023-43000",
|
|
53164
|
+
"CVE-2023-48022",
|
|
52737
53165
|
"CVE-2023-50224",
|
|
52738
53166
|
"CVE-2023-52163",
|
|
52739
53167
|
"CVE-2024-0769",
|
|
@@ -53151,6 +53579,7 @@
|
|
|
53151
53579
|
"CVE-2023-39780",
|
|
53152
53580
|
"CVE-2023-41974",
|
|
53153
53581
|
"CVE-2023-43000",
|
|
53582
|
+
"CVE-2023-48022",
|
|
53154
53583
|
"CVE-2023-50224",
|
|
53155
53584
|
"CVE-2023-52163",
|
|
53156
53585
|
"CVE-2024-0769",
|
|
@@ -53601,6 +54030,7 @@
|
|
|
53601
54030
|
"related_cves": [
|
|
53602
54031
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
53603
54032
|
"CVE-2023-43472",
|
|
54033
|
+
"CVE-2023-48022",
|
|
53604
54034
|
"CVE-2024-3094",
|
|
53605
54035
|
"CVE-2024-3154",
|
|
53606
54036
|
"CVE-2024-50050",
|
|
@@ -54389,6 +54819,7 @@
|
|
|
54389
54819
|
"CVE-2023-39780",
|
|
54390
54820
|
"CVE-2023-41974",
|
|
54391
54821
|
"CVE-2023-43000",
|
|
54822
|
+
"CVE-2023-48022",
|
|
54392
54823
|
"CVE-2023-50224",
|
|
54393
54824
|
"CVE-2023-52163",
|
|
54394
54825
|
"CVE-2024-0769",
|
|
@@ -54903,6 +55334,7 @@
|
|
|
54903
55334
|
"related_cves": [
|
|
54904
55335
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
54905
55336
|
"CVE-2023-43472",
|
|
55337
|
+
"CVE-2023-48022",
|
|
54906
55338
|
"CVE-2024-3094",
|
|
54907
55339
|
"CVE-2024-3154",
|
|
54908
55340
|
"CVE-2024-50050",
|
|
@@ -55217,6 +55649,7 @@
|
|
|
55217
55649
|
"CVE-2023-41974",
|
|
55218
55650
|
"CVE-2023-43000",
|
|
55219
55651
|
"CVE-2023-43472",
|
|
55652
|
+
"CVE-2023-48022",
|
|
55220
55653
|
"CVE-2023-50224",
|
|
55221
55654
|
"CVE-2023-52163",
|
|
55222
55655
|
"CVE-2024-0769",
|
|
@@ -55750,6 +56183,7 @@
|
|
|
55750
56183
|
},
|
|
55751
56184
|
"related_cves": [
|
|
55752
56185
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
56186
|
+
"CVE-2023-48022",
|
|
55753
56187
|
"CVE-2024-3094",
|
|
55754
56188
|
"CVE-2024-3154",
|
|
55755
56189
|
"CVE-2024-50050",
|
|
@@ -56681,6 +57115,7 @@
|
|
|
56681
57115
|
"related_cves": [
|
|
56682
57116
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
56683
57117
|
"CVE-2023-43472",
|
|
57118
|
+
"CVE-2023-48022",
|
|
56684
57119
|
"CVE-2024-3094",
|
|
56685
57120
|
"CVE-2024-3154",
|
|
56686
57121
|
"CVE-2024-50050",
|
|
@@ -56776,6 +57211,7 @@
|
|
|
56776
57211
|
"rfc_refs": []
|
|
56777
57212
|
},
|
|
56778
57213
|
"related_cves": [
|
|
57214
|
+
"CVE-2023-48022",
|
|
56779
57215
|
"CVE-2024-50050",
|
|
56780
57216
|
"CVE-2025-10585",
|
|
56781
57217
|
"CVE-2025-1094",
|
|
@@ -56941,6 +57377,7 @@
|
|
|
56941
57377
|
"related_cves": [
|
|
56942
57378
|
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
56943
57379
|
"CVE-2023-43472",
|
|
57380
|
+
"CVE-2023-48022",
|
|
56944
57381
|
"CVE-2024-50050",
|
|
56945
57382
|
"CVE-2025-0133",
|
|
56946
57383
|
"CVE-2025-1094",
|
|
@@ -57796,6 +58233,7 @@
|
|
|
57796
58233
|
"related_cves": [
|
|
57797
58234
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
57798
58235
|
"CVE-2023-43472",
|
|
58236
|
+
"CVE-2023-48022",
|
|
57799
58237
|
"CVE-2024-3094",
|
|
57800
58238
|
"CVE-2024-3154",
|
|
57801
58239
|
"CVE-2024-50050",
|
|
@@ -58084,6 +58522,7 @@
|
|
|
58084
58522
|
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
58085
58523
|
"BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
|
|
58086
58524
|
"CVE-2023-43472",
|
|
58525
|
+
"CVE-2023-48022",
|
|
58087
58526
|
"CVE-2024-3094",
|
|
58088
58527
|
"CVE-2024-40635",
|
|
58089
58528
|
"CVE-2024-50050",
|