@blamejs/exceptd-skills 0.13.80 → 0.13.81
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +770 -0
- package/data/atlas-ttps.json +5 -2
- package/data/attack-techniques.json +4 -0
- package/data/cve-catalog.json +209 -0
- package/data/cwe-catalog.json +6 -1
- package/data/framework-control-gaps.json +16 -0
- package/data/zeroday-lessons.json +100 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
|
@@ -23041,6 +23041,730 @@
|
|
|
23041
23041
|
]
|
|
23042
23042
|
}
|
|
23043
23043
|
},
|
|
23044
|
+
"CVE-2026-0766": {
|
|
23045
|
+
"name": "Open WebUI Tool Module Code Injection RCE",
|
|
23046
|
+
"rwep": 29,
|
|
23047
|
+
"cvss": 8.8,
|
|
23048
|
+
"cisa_kev": false,
|
|
23049
|
+
"epss_score": null,
|
|
23050
|
+
"referencing_skills": [
|
|
23051
|
+
"kernel-lpe-triage",
|
|
23052
|
+
"ai-attack-surface",
|
|
23053
|
+
"compliance-theater",
|
|
23054
|
+
"attack-surface-pentest",
|
|
23055
|
+
"ot-ics-security",
|
|
23056
|
+
"coordinated-vuln-disclosure",
|
|
23057
|
+
"sector-energy"
|
|
23058
|
+
],
|
|
23059
|
+
"chain": {
|
|
23060
|
+
"cwes": [
|
|
23061
|
+
{
|
|
23062
|
+
"id": "CWE-1037",
|
|
23063
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
23064
|
+
"category": "Hardware / Side Channel"
|
|
23065
|
+
},
|
|
23066
|
+
{
|
|
23067
|
+
"id": "CWE-1039",
|
|
23068
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
23069
|
+
"category": "AI/ML"
|
|
23070
|
+
},
|
|
23071
|
+
{
|
|
23072
|
+
"id": "CWE-125",
|
|
23073
|
+
"name": "Out-of-bounds Read",
|
|
23074
|
+
"category": "Memory Safety"
|
|
23075
|
+
},
|
|
23076
|
+
{
|
|
23077
|
+
"id": "CWE-1357",
|
|
23078
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
23079
|
+
"category": "Supply Chain"
|
|
23080
|
+
},
|
|
23081
|
+
{
|
|
23082
|
+
"id": "CWE-1395",
|
|
23083
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
23084
|
+
"category": "Supply Chain"
|
|
23085
|
+
},
|
|
23086
|
+
{
|
|
23087
|
+
"id": "CWE-1426",
|
|
23088
|
+
"name": "Improper Validation of Generative AI Output",
|
|
23089
|
+
"category": "AI/ML"
|
|
23090
|
+
},
|
|
23091
|
+
{
|
|
23092
|
+
"id": "CWE-22",
|
|
23093
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
23094
|
+
"category": "Path/Resource"
|
|
23095
|
+
},
|
|
23096
|
+
{
|
|
23097
|
+
"id": "CWE-269",
|
|
23098
|
+
"name": "Improper Privilege Management",
|
|
23099
|
+
"category": "Authorization"
|
|
23100
|
+
},
|
|
23101
|
+
{
|
|
23102
|
+
"id": "CWE-287",
|
|
23103
|
+
"name": "Improper Authentication",
|
|
23104
|
+
"category": "Authentication"
|
|
23105
|
+
},
|
|
23106
|
+
{
|
|
23107
|
+
"id": "CWE-306",
|
|
23108
|
+
"name": "Missing Authentication for Critical Function",
|
|
23109
|
+
"category": "Authentication"
|
|
23110
|
+
},
|
|
23111
|
+
{
|
|
23112
|
+
"id": "CWE-352",
|
|
23113
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
23114
|
+
"category": "Session"
|
|
23115
|
+
},
|
|
23116
|
+
{
|
|
23117
|
+
"id": "CWE-362",
|
|
23118
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
23119
|
+
"category": "Concurrency"
|
|
23120
|
+
},
|
|
23121
|
+
{
|
|
23122
|
+
"id": "CWE-416",
|
|
23123
|
+
"name": "Use After Free",
|
|
23124
|
+
"category": "Memory Safety"
|
|
23125
|
+
},
|
|
23126
|
+
{
|
|
23127
|
+
"id": "CWE-434",
|
|
23128
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
23129
|
+
"category": "File Handling"
|
|
23130
|
+
},
|
|
23131
|
+
{
|
|
23132
|
+
"id": "CWE-672",
|
|
23133
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
23134
|
+
"category": "Memory Safety"
|
|
23135
|
+
},
|
|
23136
|
+
{
|
|
23137
|
+
"id": "CWE-732",
|
|
23138
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
23139
|
+
"category": "Authorization"
|
|
23140
|
+
},
|
|
23141
|
+
{
|
|
23142
|
+
"id": "CWE-78",
|
|
23143
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
23144
|
+
"category": "Injection"
|
|
23145
|
+
},
|
|
23146
|
+
{
|
|
23147
|
+
"id": "CWE-787",
|
|
23148
|
+
"name": "Out-of-bounds Write",
|
|
23149
|
+
"category": "Memory Safety"
|
|
23150
|
+
},
|
|
23151
|
+
{
|
|
23152
|
+
"id": "CWE-79",
|
|
23153
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
23154
|
+
"category": "Injection"
|
|
23155
|
+
},
|
|
23156
|
+
{
|
|
23157
|
+
"id": "CWE-798",
|
|
23158
|
+
"name": "Use of Hard-coded Credentials",
|
|
23159
|
+
"category": "Credentials"
|
|
23160
|
+
},
|
|
23161
|
+
{
|
|
23162
|
+
"id": "CWE-89",
|
|
23163
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
23164
|
+
"category": "Injection"
|
|
23165
|
+
},
|
|
23166
|
+
{
|
|
23167
|
+
"id": "CWE-918",
|
|
23168
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
23169
|
+
"category": "Network"
|
|
23170
|
+
},
|
|
23171
|
+
{
|
|
23172
|
+
"id": "CWE-94",
|
|
23173
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
23174
|
+
"category": "Injection"
|
|
23175
|
+
}
|
|
23176
|
+
],
|
|
23177
|
+
"atlas": [
|
|
23178
|
+
{
|
|
23179
|
+
"id": "AML.T0010",
|
|
23180
|
+
"name": "ML Supply Chain Compromise",
|
|
23181
|
+
"tactic": "Initial Access"
|
|
23182
|
+
},
|
|
23183
|
+
{
|
|
23184
|
+
"id": "AML.T0016",
|
|
23185
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
23186
|
+
"tactic": "Resource Development"
|
|
23187
|
+
},
|
|
23188
|
+
{
|
|
23189
|
+
"id": "AML.T0017",
|
|
23190
|
+
"name": "Discover ML Model Ontology",
|
|
23191
|
+
"tactic": "Discovery"
|
|
23192
|
+
},
|
|
23193
|
+
{
|
|
23194
|
+
"id": "AML.T0018",
|
|
23195
|
+
"name": "Backdoor ML Model",
|
|
23196
|
+
"tactic": "Persistence"
|
|
23197
|
+
},
|
|
23198
|
+
{
|
|
23199
|
+
"id": "AML.T0020",
|
|
23200
|
+
"name": "Poison Training Data",
|
|
23201
|
+
"tactic": "ML Attack Staging"
|
|
23202
|
+
},
|
|
23203
|
+
{
|
|
23204
|
+
"id": "AML.T0043",
|
|
23205
|
+
"name": "Craft Adversarial Data",
|
|
23206
|
+
"tactic": "ML Attack Staging"
|
|
23207
|
+
},
|
|
23208
|
+
{
|
|
23209
|
+
"id": "AML.T0051",
|
|
23210
|
+
"name": "LLM Prompt Injection",
|
|
23211
|
+
"tactic": "Execution"
|
|
23212
|
+
},
|
|
23213
|
+
{
|
|
23214
|
+
"id": "AML.T0054",
|
|
23215
|
+
"name": "LLM Jailbreak",
|
|
23216
|
+
"tactic": "Defense Evasion"
|
|
23217
|
+
},
|
|
23218
|
+
{
|
|
23219
|
+
"id": "AML.T0096",
|
|
23220
|
+
"name": "AI API as Covert C2 Channel",
|
|
23221
|
+
"tactic": "Command and Control"
|
|
23222
|
+
}
|
|
23223
|
+
],
|
|
23224
|
+
"d3fend": [
|
|
23225
|
+
{
|
|
23226
|
+
"id": "D3-ASLR",
|
|
23227
|
+
"name": "Address Space Layout Randomization",
|
|
23228
|
+
"tactic": "Harden"
|
|
23229
|
+
},
|
|
23230
|
+
{
|
|
23231
|
+
"id": "D3-CSPP",
|
|
23232
|
+
"name": "Client-server Payload Profiling",
|
|
23233
|
+
"tactic": "Detect"
|
|
23234
|
+
},
|
|
23235
|
+
{
|
|
23236
|
+
"id": "D3-EAL",
|
|
23237
|
+
"name": "Executable Allowlisting",
|
|
23238
|
+
"tactic": "Harden"
|
|
23239
|
+
},
|
|
23240
|
+
{
|
|
23241
|
+
"id": "D3-IOPR",
|
|
23242
|
+
"name": "Input/Output Profiling Resource",
|
|
23243
|
+
"tactic": "Detect"
|
|
23244
|
+
},
|
|
23245
|
+
{
|
|
23246
|
+
"id": "D3-NTA",
|
|
23247
|
+
"name": "Network Traffic Analysis",
|
|
23248
|
+
"tactic": "Detect"
|
|
23249
|
+
},
|
|
23250
|
+
{
|
|
23251
|
+
"id": "D3-PHRA",
|
|
23252
|
+
"name": "Process Hardware Resource Access",
|
|
23253
|
+
"tactic": "Isolate"
|
|
23254
|
+
},
|
|
23255
|
+
{
|
|
23256
|
+
"id": "D3-PSEP",
|
|
23257
|
+
"name": "Process Segment Execution Prevention",
|
|
23258
|
+
"tactic": "Harden"
|
|
23259
|
+
}
|
|
23260
|
+
],
|
|
23261
|
+
"framework_gaps": [
|
|
23262
|
+
{
|
|
23263
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
23264
|
+
"framework": "ALL",
|
|
23265
|
+
"control_name": "AI Pipeline Integrity"
|
|
23266
|
+
},
|
|
23267
|
+
{
|
|
23268
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
23269
|
+
"framework": "ALL",
|
|
23270
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
23271
|
+
},
|
|
23272
|
+
{
|
|
23273
|
+
"id": "CIS-Controls-v8-Control7",
|
|
23274
|
+
"framework": "CIS Controls v8",
|
|
23275
|
+
"control_name": "Continuous Vulnerability Management"
|
|
23276
|
+
},
|
|
23277
|
+
{
|
|
23278
|
+
"id": "CMMC-2.0-Level-2",
|
|
23279
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
23280
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
23281
|
+
},
|
|
23282
|
+
{
|
|
23283
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
23284
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
23285
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
23286
|
+
},
|
|
23287
|
+
{
|
|
23288
|
+
"id": "IEC-62443-3-3",
|
|
23289
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
23290
|
+
"control_name": "System security requirements and security levels"
|
|
23291
|
+
},
|
|
23292
|
+
{
|
|
23293
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
23294
|
+
"framework": "ISO/IEC 27001:2022",
|
|
23295
|
+
"control_name": "Secure coding"
|
|
23296
|
+
},
|
|
23297
|
+
{
|
|
23298
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
23299
|
+
"framework": "ISO/IEC 27001:2022",
|
|
23300
|
+
"control_name": "Management of technical vulnerabilities"
|
|
23301
|
+
},
|
|
23302
|
+
{
|
|
23303
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
23304
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
23305
|
+
"control_name": "AI risk management process"
|
|
23306
|
+
},
|
|
23307
|
+
{
|
|
23308
|
+
"id": "NERC-CIP-007-6-R4",
|
|
23309
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
23310
|
+
"control_name": "Security event monitoring"
|
|
23311
|
+
},
|
|
23312
|
+
{
|
|
23313
|
+
"id": "NIS2-Art21-patch-management",
|
|
23314
|
+
"framework": "EU NIS2 Directive",
|
|
23315
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
23316
|
+
},
|
|
23317
|
+
{
|
|
23318
|
+
"id": "NIST-800-115",
|
|
23319
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
23320
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
23321
|
+
},
|
|
23322
|
+
{
|
|
23323
|
+
"id": "NIST-800-218-SSDF",
|
|
23324
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
23325
|
+
"control_name": "Secure Software Development Framework"
|
|
23326
|
+
},
|
|
23327
|
+
{
|
|
23328
|
+
"id": "NIST-800-53-AC-2",
|
|
23329
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
23330
|
+
"control_name": "Account Management"
|
|
23331
|
+
},
|
|
23332
|
+
{
|
|
23333
|
+
"id": "NIST-800-53-SC-8",
|
|
23334
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
23335
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
23336
|
+
},
|
|
23337
|
+
{
|
|
23338
|
+
"id": "NIST-800-53-SI-2",
|
|
23339
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
23340
|
+
"control_name": "Flaw Remediation"
|
|
23341
|
+
},
|
|
23342
|
+
{
|
|
23343
|
+
"id": "NIST-800-53-SI-3",
|
|
23344
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
23345
|
+
"control_name": "Malicious Code Protection"
|
|
23346
|
+
},
|
|
23347
|
+
{
|
|
23348
|
+
"id": "NIST-800-82r3",
|
|
23349
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
23350
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
23351
|
+
},
|
|
23352
|
+
{
|
|
23353
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
23354
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
23355
|
+
"control_name": "Prompt Injection"
|
|
23356
|
+
},
|
|
23357
|
+
{
|
|
23358
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
23359
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
23360
|
+
"control_name": "Sensitive Information Disclosure"
|
|
23361
|
+
},
|
|
23362
|
+
{
|
|
23363
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
23364
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
23365
|
+
"control_name": "Web application penetration testing methodology"
|
|
23366
|
+
},
|
|
23367
|
+
{
|
|
23368
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
23369
|
+
"framework": "PCI DSS 4.0",
|
|
23370
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
23371
|
+
},
|
|
23372
|
+
{
|
|
23373
|
+
"id": "PTES-Pre-engagement",
|
|
23374
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
23375
|
+
"control_name": "Pre-engagement Interactions"
|
|
23376
|
+
},
|
|
23377
|
+
{
|
|
23378
|
+
"id": "SOC2-CC6-logical-access",
|
|
23379
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
23380
|
+
"control_name": "Logical and Physical Access Controls"
|
|
23381
|
+
},
|
|
23382
|
+
{
|
|
23383
|
+
"id": "SOC2-CC9-vendor-management",
|
|
23384
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
23385
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
23386
|
+
}
|
|
23387
|
+
],
|
|
23388
|
+
"attack_refs": [
|
|
23389
|
+
"T0855",
|
|
23390
|
+
"T0883",
|
|
23391
|
+
"T1059",
|
|
23392
|
+
"T1068",
|
|
23393
|
+
"T1078",
|
|
23394
|
+
"T1133",
|
|
23395
|
+
"T1190",
|
|
23396
|
+
"T1548.001",
|
|
23397
|
+
"T1566"
|
|
23398
|
+
],
|
|
23399
|
+
"rfc_refs": [
|
|
23400
|
+
"RFC-4301",
|
|
23401
|
+
"RFC-4303",
|
|
23402
|
+
"RFC-7296"
|
|
23403
|
+
]
|
|
23404
|
+
}
|
|
23405
|
+
},
|
|
23406
|
+
"CVE-2025-64496": {
|
|
23407
|
+
"name": "Open WebUI Malicious Model Server Code Injection (Account Takeover to RCE)",
|
|
23408
|
+
"rwep": 29,
|
|
23409
|
+
"cvss": 8,
|
|
23410
|
+
"cisa_kev": false,
|
|
23411
|
+
"epss_score": null,
|
|
23412
|
+
"referencing_skills": [
|
|
23413
|
+
"kernel-lpe-triage",
|
|
23414
|
+
"ai-attack-surface",
|
|
23415
|
+
"compliance-theater",
|
|
23416
|
+
"attack-surface-pentest",
|
|
23417
|
+
"ot-ics-security",
|
|
23418
|
+
"coordinated-vuln-disclosure",
|
|
23419
|
+
"sector-energy"
|
|
23420
|
+
],
|
|
23421
|
+
"chain": {
|
|
23422
|
+
"cwes": [
|
|
23423
|
+
{
|
|
23424
|
+
"id": "CWE-1037",
|
|
23425
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
23426
|
+
"category": "Hardware / Side Channel"
|
|
23427
|
+
},
|
|
23428
|
+
{
|
|
23429
|
+
"id": "CWE-1039",
|
|
23430
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
23431
|
+
"category": "AI/ML"
|
|
23432
|
+
},
|
|
23433
|
+
{
|
|
23434
|
+
"id": "CWE-125",
|
|
23435
|
+
"name": "Out-of-bounds Read",
|
|
23436
|
+
"category": "Memory Safety"
|
|
23437
|
+
},
|
|
23438
|
+
{
|
|
23439
|
+
"id": "CWE-1357",
|
|
23440
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
23441
|
+
"category": "Supply Chain"
|
|
23442
|
+
},
|
|
23443
|
+
{
|
|
23444
|
+
"id": "CWE-1395",
|
|
23445
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
23446
|
+
"category": "Supply Chain"
|
|
23447
|
+
},
|
|
23448
|
+
{
|
|
23449
|
+
"id": "CWE-1426",
|
|
23450
|
+
"name": "Improper Validation of Generative AI Output",
|
|
23451
|
+
"category": "AI/ML"
|
|
23452
|
+
},
|
|
23453
|
+
{
|
|
23454
|
+
"id": "CWE-22",
|
|
23455
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
23456
|
+
"category": "Path/Resource"
|
|
23457
|
+
},
|
|
23458
|
+
{
|
|
23459
|
+
"id": "CWE-269",
|
|
23460
|
+
"name": "Improper Privilege Management",
|
|
23461
|
+
"category": "Authorization"
|
|
23462
|
+
},
|
|
23463
|
+
{
|
|
23464
|
+
"id": "CWE-287",
|
|
23465
|
+
"name": "Improper Authentication",
|
|
23466
|
+
"category": "Authentication"
|
|
23467
|
+
},
|
|
23468
|
+
{
|
|
23469
|
+
"id": "CWE-306",
|
|
23470
|
+
"name": "Missing Authentication for Critical Function",
|
|
23471
|
+
"category": "Authentication"
|
|
23472
|
+
},
|
|
23473
|
+
{
|
|
23474
|
+
"id": "CWE-352",
|
|
23475
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
23476
|
+
"category": "Session"
|
|
23477
|
+
},
|
|
23478
|
+
{
|
|
23479
|
+
"id": "CWE-362",
|
|
23480
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
23481
|
+
"category": "Concurrency"
|
|
23482
|
+
},
|
|
23483
|
+
{
|
|
23484
|
+
"id": "CWE-416",
|
|
23485
|
+
"name": "Use After Free",
|
|
23486
|
+
"category": "Memory Safety"
|
|
23487
|
+
},
|
|
23488
|
+
{
|
|
23489
|
+
"id": "CWE-434",
|
|
23490
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
23491
|
+
"category": "File Handling"
|
|
23492
|
+
},
|
|
23493
|
+
{
|
|
23494
|
+
"id": "CWE-672",
|
|
23495
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
23496
|
+
"category": "Memory Safety"
|
|
23497
|
+
},
|
|
23498
|
+
{
|
|
23499
|
+
"id": "CWE-732",
|
|
23500
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
23501
|
+
"category": "Authorization"
|
|
23502
|
+
},
|
|
23503
|
+
{
|
|
23504
|
+
"id": "CWE-78",
|
|
23505
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
23506
|
+
"category": "Injection"
|
|
23507
|
+
},
|
|
23508
|
+
{
|
|
23509
|
+
"id": "CWE-787",
|
|
23510
|
+
"name": "Out-of-bounds Write",
|
|
23511
|
+
"category": "Memory Safety"
|
|
23512
|
+
},
|
|
23513
|
+
{
|
|
23514
|
+
"id": "CWE-79",
|
|
23515
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
23516
|
+
"category": "Injection"
|
|
23517
|
+
},
|
|
23518
|
+
{
|
|
23519
|
+
"id": "CWE-798",
|
|
23520
|
+
"name": "Use of Hard-coded Credentials",
|
|
23521
|
+
"category": "Credentials"
|
|
23522
|
+
},
|
|
23523
|
+
{
|
|
23524
|
+
"id": "CWE-89",
|
|
23525
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
23526
|
+
"category": "Injection"
|
|
23527
|
+
},
|
|
23528
|
+
{
|
|
23529
|
+
"id": "CWE-918",
|
|
23530
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
23531
|
+
"category": "Network"
|
|
23532
|
+
},
|
|
23533
|
+
{
|
|
23534
|
+
"id": "CWE-94",
|
|
23535
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
23536
|
+
"category": "Injection"
|
|
23537
|
+
}
|
|
23538
|
+
],
|
|
23539
|
+
"atlas": [
|
|
23540
|
+
{
|
|
23541
|
+
"id": "AML.T0010",
|
|
23542
|
+
"name": "ML Supply Chain Compromise",
|
|
23543
|
+
"tactic": "Initial Access"
|
|
23544
|
+
},
|
|
23545
|
+
{
|
|
23546
|
+
"id": "AML.T0016",
|
|
23547
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
23548
|
+
"tactic": "Resource Development"
|
|
23549
|
+
},
|
|
23550
|
+
{
|
|
23551
|
+
"id": "AML.T0017",
|
|
23552
|
+
"name": "Discover ML Model Ontology",
|
|
23553
|
+
"tactic": "Discovery"
|
|
23554
|
+
},
|
|
23555
|
+
{
|
|
23556
|
+
"id": "AML.T0018",
|
|
23557
|
+
"name": "Backdoor ML Model",
|
|
23558
|
+
"tactic": "Persistence"
|
|
23559
|
+
},
|
|
23560
|
+
{
|
|
23561
|
+
"id": "AML.T0020",
|
|
23562
|
+
"name": "Poison Training Data",
|
|
23563
|
+
"tactic": "ML Attack Staging"
|
|
23564
|
+
},
|
|
23565
|
+
{
|
|
23566
|
+
"id": "AML.T0043",
|
|
23567
|
+
"name": "Craft Adversarial Data",
|
|
23568
|
+
"tactic": "ML Attack Staging"
|
|
23569
|
+
},
|
|
23570
|
+
{
|
|
23571
|
+
"id": "AML.T0051",
|
|
23572
|
+
"name": "LLM Prompt Injection",
|
|
23573
|
+
"tactic": "Execution"
|
|
23574
|
+
},
|
|
23575
|
+
{
|
|
23576
|
+
"id": "AML.T0054",
|
|
23577
|
+
"name": "LLM Jailbreak",
|
|
23578
|
+
"tactic": "Defense Evasion"
|
|
23579
|
+
},
|
|
23580
|
+
{
|
|
23581
|
+
"id": "AML.T0096",
|
|
23582
|
+
"name": "AI API as Covert C2 Channel",
|
|
23583
|
+
"tactic": "Command and Control"
|
|
23584
|
+
}
|
|
23585
|
+
],
|
|
23586
|
+
"d3fend": [
|
|
23587
|
+
{
|
|
23588
|
+
"id": "D3-ASLR",
|
|
23589
|
+
"name": "Address Space Layout Randomization",
|
|
23590
|
+
"tactic": "Harden"
|
|
23591
|
+
},
|
|
23592
|
+
{
|
|
23593
|
+
"id": "D3-CSPP",
|
|
23594
|
+
"name": "Client-server Payload Profiling",
|
|
23595
|
+
"tactic": "Detect"
|
|
23596
|
+
},
|
|
23597
|
+
{
|
|
23598
|
+
"id": "D3-EAL",
|
|
23599
|
+
"name": "Executable Allowlisting",
|
|
23600
|
+
"tactic": "Harden"
|
|
23601
|
+
},
|
|
23602
|
+
{
|
|
23603
|
+
"id": "D3-IOPR",
|
|
23604
|
+
"name": "Input/Output Profiling Resource",
|
|
23605
|
+
"tactic": "Detect"
|
|
23606
|
+
},
|
|
23607
|
+
{
|
|
23608
|
+
"id": "D3-NTA",
|
|
23609
|
+
"name": "Network Traffic Analysis",
|
|
23610
|
+
"tactic": "Detect"
|
|
23611
|
+
},
|
|
23612
|
+
{
|
|
23613
|
+
"id": "D3-PHRA",
|
|
23614
|
+
"name": "Process Hardware Resource Access",
|
|
23615
|
+
"tactic": "Isolate"
|
|
23616
|
+
},
|
|
23617
|
+
{
|
|
23618
|
+
"id": "D3-PSEP",
|
|
23619
|
+
"name": "Process Segment Execution Prevention",
|
|
23620
|
+
"tactic": "Harden"
|
|
23621
|
+
}
|
|
23622
|
+
],
|
|
23623
|
+
"framework_gaps": [
|
|
23624
|
+
{
|
|
23625
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
23626
|
+
"framework": "ALL",
|
|
23627
|
+
"control_name": "AI Pipeline Integrity"
|
|
23628
|
+
},
|
|
23629
|
+
{
|
|
23630
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
23631
|
+
"framework": "ALL",
|
|
23632
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
23633
|
+
},
|
|
23634
|
+
{
|
|
23635
|
+
"id": "CIS-Controls-v8-Control7",
|
|
23636
|
+
"framework": "CIS Controls v8",
|
|
23637
|
+
"control_name": "Continuous Vulnerability Management"
|
|
23638
|
+
},
|
|
23639
|
+
{
|
|
23640
|
+
"id": "CMMC-2.0-Level-2",
|
|
23641
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
23642
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
23643
|
+
},
|
|
23644
|
+
{
|
|
23645
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
23646
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
23647
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
23648
|
+
},
|
|
23649
|
+
{
|
|
23650
|
+
"id": "IEC-62443-3-3",
|
|
23651
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
23652
|
+
"control_name": "System security requirements and security levels"
|
|
23653
|
+
},
|
|
23654
|
+
{
|
|
23655
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
23656
|
+
"framework": "ISO/IEC 27001:2022",
|
|
23657
|
+
"control_name": "Secure coding"
|
|
23658
|
+
},
|
|
23659
|
+
{
|
|
23660
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
23661
|
+
"framework": "ISO/IEC 27001:2022",
|
|
23662
|
+
"control_name": "Management of technical vulnerabilities"
|
|
23663
|
+
},
|
|
23664
|
+
{
|
|
23665
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
23666
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
23667
|
+
"control_name": "AI risk management process"
|
|
23668
|
+
},
|
|
23669
|
+
{
|
|
23670
|
+
"id": "NERC-CIP-007-6-R4",
|
|
23671
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
23672
|
+
"control_name": "Security event monitoring"
|
|
23673
|
+
},
|
|
23674
|
+
{
|
|
23675
|
+
"id": "NIS2-Art21-patch-management",
|
|
23676
|
+
"framework": "EU NIS2 Directive",
|
|
23677
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
23678
|
+
},
|
|
23679
|
+
{
|
|
23680
|
+
"id": "NIST-800-115",
|
|
23681
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
23682
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
23683
|
+
},
|
|
23684
|
+
{
|
|
23685
|
+
"id": "NIST-800-218-SSDF",
|
|
23686
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
23687
|
+
"control_name": "Secure Software Development Framework"
|
|
23688
|
+
},
|
|
23689
|
+
{
|
|
23690
|
+
"id": "NIST-800-53-AC-2",
|
|
23691
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
23692
|
+
"control_name": "Account Management"
|
|
23693
|
+
},
|
|
23694
|
+
{
|
|
23695
|
+
"id": "NIST-800-53-SC-8",
|
|
23696
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
23697
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
23698
|
+
},
|
|
23699
|
+
{
|
|
23700
|
+
"id": "NIST-800-53-SI-2",
|
|
23701
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
23702
|
+
"control_name": "Flaw Remediation"
|
|
23703
|
+
},
|
|
23704
|
+
{
|
|
23705
|
+
"id": "NIST-800-53-SI-3",
|
|
23706
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
23707
|
+
"control_name": "Malicious Code Protection"
|
|
23708
|
+
},
|
|
23709
|
+
{
|
|
23710
|
+
"id": "NIST-800-82r3",
|
|
23711
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
23712
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
23713
|
+
},
|
|
23714
|
+
{
|
|
23715
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
23716
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
23717
|
+
"control_name": "Prompt Injection"
|
|
23718
|
+
},
|
|
23719
|
+
{
|
|
23720
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
23721
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
23722
|
+
"control_name": "Sensitive Information Disclosure"
|
|
23723
|
+
},
|
|
23724
|
+
{
|
|
23725
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
23726
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
23727
|
+
"control_name": "Web application penetration testing methodology"
|
|
23728
|
+
},
|
|
23729
|
+
{
|
|
23730
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
23731
|
+
"framework": "PCI DSS 4.0",
|
|
23732
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
23733
|
+
},
|
|
23734
|
+
{
|
|
23735
|
+
"id": "PTES-Pre-engagement",
|
|
23736
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
23737
|
+
"control_name": "Pre-engagement Interactions"
|
|
23738
|
+
},
|
|
23739
|
+
{
|
|
23740
|
+
"id": "SOC2-CC6-logical-access",
|
|
23741
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
23742
|
+
"control_name": "Logical and Physical Access Controls"
|
|
23743
|
+
},
|
|
23744
|
+
{
|
|
23745
|
+
"id": "SOC2-CC9-vendor-management",
|
|
23746
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
23747
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
23748
|
+
}
|
|
23749
|
+
],
|
|
23750
|
+
"attack_refs": [
|
|
23751
|
+
"T0855",
|
|
23752
|
+
"T0883",
|
|
23753
|
+
"T1059",
|
|
23754
|
+
"T1068",
|
|
23755
|
+
"T1078",
|
|
23756
|
+
"T1133",
|
|
23757
|
+
"T1190",
|
|
23758
|
+
"T1548.001",
|
|
23759
|
+
"T1566"
|
|
23760
|
+
],
|
|
23761
|
+
"rfc_refs": [
|
|
23762
|
+
"RFC-4301",
|
|
23763
|
+
"RFC-4303",
|
|
23764
|
+
"RFC-7296"
|
|
23765
|
+
]
|
|
23766
|
+
}
|
|
23767
|
+
},
|
|
23044
23768
|
"CVE-2026-41091": {
|
|
23045
23769
|
"name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
|
|
23046
23770
|
"rwep": 45,
|
|
@@ -49435,7 +50159,9 @@
|
|
|
49435
50159
|
"CVE-2025-53773",
|
|
49436
50160
|
"CVE-2025-54136",
|
|
49437
50161
|
"CVE-2025-60455",
|
|
50162
|
+
"CVE-2025-64496",
|
|
49438
50163
|
"CVE-2025-6965",
|
|
50164
|
+
"CVE-2026-0766",
|
|
49439
50165
|
"CVE-2026-22252",
|
|
49440
50166
|
"CVE-2026-22688",
|
|
49441
50167
|
"CVE-2026-24206",
|
|
@@ -49798,7 +50524,9 @@
|
|
|
49798
50524
|
"CVE-2025-49596",
|
|
49799
50525
|
"CVE-2025-54136",
|
|
49800
50526
|
"CVE-2025-60455",
|
|
50527
|
+
"CVE-2025-64496",
|
|
49801
50528
|
"CVE-2025-6965",
|
|
50529
|
+
"CVE-2026-0766",
|
|
49802
50530
|
"CVE-2026-22252",
|
|
49803
50531
|
"CVE-2026-22688",
|
|
49804
50532
|
"CVE-2026-24206",
|
|
@@ -49956,7 +50684,9 @@
|
|
|
49956
50684
|
"CVE-2025-49596",
|
|
49957
50685
|
"CVE-2025-54136",
|
|
49958
50686
|
"CVE-2025-60455",
|
|
50687
|
+
"CVE-2025-64496",
|
|
49959
50688
|
"CVE-2025-6965",
|
|
50689
|
+
"CVE-2026-0766",
|
|
49960
50690
|
"CVE-2026-22252",
|
|
49961
50691
|
"CVE-2026-22688",
|
|
49962
50692
|
"CVE-2026-24206",
|
|
@@ -50128,7 +50858,9 @@
|
|
|
50128
50858
|
"CVE-2025-49596",
|
|
50129
50859
|
"CVE-2025-54136",
|
|
50130
50860
|
"CVE-2025-60455",
|
|
50861
|
+
"CVE-2025-64496",
|
|
50131
50862
|
"CVE-2025-6965",
|
|
50863
|
+
"CVE-2026-0766",
|
|
50132
50864
|
"CVE-2026-22252",
|
|
50133
50865
|
"CVE-2026-22688",
|
|
50134
50866
|
"CVE-2026-24206",
|
|
@@ -50405,7 +51137,9 @@
|
|
|
50405
51137
|
"CVE-2025-53773",
|
|
50406
51138
|
"CVE-2025-54136",
|
|
50407
51139
|
"CVE-2025-60455",
|
|
51140
|
+
"CVE-2025-64496",
|
|
50408
51141
|
"CVE-2025-6965",
|
|
51142
|
+
"CVE-2026-0766",
|
|
50409
51143
|
"CVE-2026-22252",
|
|
50410
51144
|
"CVE-2026-22688",
|
|
50411
51145
|
"CVE-2026-22778",
|
|
@@ -50772,6 +51506,7 @@
|
|
|
50772
51506
|
"CVE-2025-62849",
|
|
50773
51507
|
"CVE-2025-64328",
|
|
50774
51508
|
"CVE-2025-64446",
|
|
51509
|
+
"CVE-2025-64496",
|
|
50775
51510
|
"CVE-2025-6543",
|
|
50776
51511
|
"CVE-2025-6554",
|
|
50777
51512
|
"CVE-2025-6558",
|
|
@@ -50788,6 +51523,7 @@
|
|
|
50788
51523
|
"CVE-2025-9242",
|
|
50789
51524
|
"CVE-2025-9377",
|
|
50790
51525
|
"CVE-2026-0300",
|
|
51526
|
+
"CVE-2026-0766",
|
|
50791
51527
|
"CVE-2026-1281",
|
|
50792
51528
|
"CVE-2026-1340",
|
|
50793
51529
|
"CVE-2026-1603",
|
|
@@ -51449,7 +52185,9 @@
|
|
|
51449
52185
|
"CVE-2025-53773",
|
|
51450
52186
|
"CVE-2025-54136",
|
|
51451
52187
|
"CVE-2025-60455",
|
|
52188
|
+
"CVE-2025-64496",
|
|
51452
52189
|
"CVE-2025-6965",
|
|
52190
|
+
"CVE-2026-0766",
|
|
51453
52191
|
"CVE-2026-22252",
|
|
51454
52192
|
"CVE-2026-22688",
|
|
51455
52193
|
"CVE-2026-24206",
|
|
@@ -52046,7 +52784,9 @@
|
|
|
52046
52784
|
"CVE-2025-53773",
|
|
52047
52785
|
"CVE-2025-54136",
|
|
52048
52786
|
"CVE-2025-60455",
|
|
52787
|
+
"CVE-2025-64496",
|
|
52049
52788
|
"CVE-2025-6965",
|
|
52789
|
+
"CVE-2026-0766",
|
|
52050
52790
|
"CVE-2026-22252",
|
|
52051
52791
|
"CVE-2026-22688",
|
|
52052
52792
|
"CVE-2026-24206",
|
|
@@ -52278,6 +53018,8 @@
|
|
|
52278
53018
|
"CVE-2025-53773",
|
|
52279
53019
|
"CVE-2025-54136",
|
|
52280
53020
|
"CVE-2025-60455",
|
|
53021
|
+
"CVE-2025-64496",
|
|
53022
|
+
"CVE-2026-0766",
|
|
52281
53023
|
"CVE-2026-22252",
|
|
52282
53024
|
"CVE-2026-22688",
|
|
52283
53025
|
"CVE-2026-24206",
|
|
@@ -52942,7 +53684,9 @@
|
|
|
52942
53684
|
"CVE-2025-53773",
|
|
52943
53685
|
"CVE-2025-54136",
|
|
52944
53686
|
"CVE-2025-60455",
|
|
53687
|
+
"CVE-2025-64496",
|
|
52945
53688
|
"CVE-2025-6965",
|
|
53689
|
+
"CVE-2026-0766",
|
|
52946
53690
|
"CVE-2026-22252",
|
|
52947
53691
|
"CVE-2026-22688",
|
|
52948
53692
|
"CVE-2026-24206",
|
|
@@ -53313,6 +54057,7 @@
|
|
|
53313
54057
|
"CVE-2025-62849",
|
|
53314
54058
|
"CVE-2025-64328",
|
|
53315
54059
|
"CVE-2025-64446",
|
|
54060
|
+
"CVE-2025-64496",
|
|
53316
54061
|
"CVE-2025-6543",
|
|
53317
54062
|
"CVE-2025-6554",
|
|
53318
54063
|
"CVE-2025-6558",
|
|
@@ -53329,6 +54074,7 @@
|
|
|
53329
54074
|
"CVE-2025-9242",
|
|
53330
54075
|
"CVE-2025-9377",
|
|
53331
54076
|
"CVE-2026-0300",
|
|
54077
|
+
"CVE-2026-0766",
|
|
53332
54078
|
"CVE-2026-1281",
|
|
53333
54079
|
"CVE-2026-1340",
|
|
53334
54080
|
"CVE-2026-1603",
|
|
@@ -53731,6 +54477,7 @@
|
|
|
53731
54477
|
"CVE-2025-62849",
|
|
53732
54478
|
"CVE-2025-64328",
|
|
53733
54479
|
"CVE-2025-64446",
|
|
54480
|
+
"CVE-2025-64496",
|
|
53734
54481
|
"CVE-2025-6543",
|
|
53735
54482
|
"CVE-2025-6554",
|
|
53736
54483
|
"CVE-2025-6558",
|
|
@@ -53747,6 +54494,7 @@
|
|
|
53747
54494
|
"CVE-2025-9242",
|
|
53748
54495
|
"CVE-2025-9377",
|
|
53749
54496
|
"CVE-2026-0300",
|
|
54497
|
+
"CVE-2026-0766",
|
|
53750
54498
|
"CVE-2026-1281",
|
|
53751
54499
|
"CVE-2026-1340",
|
|
53752
54500
|
"CVE-2026-1603",
|
|
@@ -54048,7 +54796,9 @@
|
|
|
54048
54796
|
"CVE-2025-53773",
|
|
54049
54797
|
"CVE-2025-54136",
|
|
54050
54798
|
"CVE-2025-60455",
|
|
54799
|
+
"CVE-2025-64496",
|
|
54051
54800
|
"CVE-2025-6965",
|
|
54801
|
+
"CVE-2026-0766",
|
|
54052
54802
|
"CVE-2026-22252",
|
|
54053
54803
|
"CVE-2026-22688",
|
|
54054
54804
|
"CVE-2026-24206",
|
|
@@ -54971,6 +55721,7 @@
|
|
|
54971
55721
|
"CVE-2025-62849",
|
|
54972
55722
|
"CVE-2025-64328",
|
|
54973
55723
|
"CVE-2025-64446",
|
|
55724
|
+
"CVE-2025-64496",
|
|
54974
55725
|
"CVE-2025-6543",
|
|
54975
55726
|
"CVE-2025-6554",
|
|
54976
55727
|
"CVE-2025-6558",
|
|
@@ -54987,6 +55738,7 @@
|
|
|
54987
55738
|
"CVE-2025-9242",
|
|
54988
55739
|
"CVE-2025-9377",
|
|
54989
55740
|
"CVE-2026-0300",
|
|
55741
|
+
"CVE-2026-0766",
|
|
54990
55742
|
"CVE-2026-1281",
|
|
54991
55743
|
"CVE-2026-1340",
|
|
54992
55744
|
"CVE-2026-1603",
|
|
@@ -55352,7 +56104,9 @@
|
|
|
55352
56104
|
"CVE-2025-53773",
|
|
55353
56105
|
"CVE-2025-54136",
|
|
55354
56106
|
"CVE-2025-60455",
|
|
56107
|
+
"CVE-2025-64496",
|
|
55355
56108
|
"CVE-2025-6965",
|
|
56109
|
+
"CVE-2026-0766",
|
|
55356
56110
|
"CVE-2026-22252",
|
|
55357
56111
|
"CVE-2026-22688",
|
|
55358
56112
|
"CVE-2026-24206",
|
|
@@ -55805,6 +56559,7 @@
|
|
|
55805
56559
|
"CVE-2025-62849",
|
|
55806
56560
|
"CVE-2025-64328",
|
|
55807
56561
|
"CVE-2025-64446",
|
|
56562
|
+
"CVE-2025-64496",
|
|
55808
56563
|
"CVE-2025-6543",
|
|
55809
56564
|
"CVE-2025-6554",
|
|
55810
56565
|
"CVE-2025-6558",
|
|
@@ -55822,6 +56577,7 @@
|
|
|
55822
56577
|
"CVE-2025-9242",
|
|
55823
56578
|
"CVE-2025-9377",
|
|
55824
56579
|
"CVE-2026-0300",
|
|
56580
|
+
"CVE-2026-0766",
|
|
55825
56581
|
"CVE-2026-1281",
|
|
55826
56582
|
"CVE-2026-1340",
|
|
55827
56583
|
"CVE-2026-1603",
|
|
@@ -56200,6 +56956,8 @@
|
|
|
56200
56956
|
"CVE-2025-53773",
|
|
56201
56957
|
"CVE-2025-54136",
|
|
56202
56958
|
"CVE-2025-60455",
|
|
56959
|
+
"CVE-2025-64496",
|
|
56960
|
+
"CVE-2026-0766",
|
|
56203
56961
|
"CVE-2026-22252",
|
|
56204
56962
|
"CVE-2026-22688",
|
|
56205
56963
|
"CVE-2026-24206",
|
|
@@ -57133,7 +57891,9 @@
|
|
|
57133
57891
|
"CVE-2025-53773",
|
|
57134
57892
|
"CVE-2025-54136",
|
|
57135
57893
|
"CVE-2025-60455",
|
|
57894
|
+
"CVE-2025-64496",
|
|
57136
57895
|
"CVE-2025-6965",
|
|
57896
|
+
"CVE-2026-0766",
|
|
57137
57897
|
"CVE-2026-22252",
|
|
57138
57898
|
"CVE-2026-22688",
|
|
57139
57899
|
"CVE-2026-24206",
|
|
@@ -57224,6 +57984,8 @@
|
|
|
57224
57984
|
"CVE-2025-49596",
|
|
57225
57985
|
"CVE-2025-54136",
|
|
57226
57986
|
"CVE-2025-60455",
|
|
57987
|
+
"CVE-2025-64496",
|
|
57988
|
+
"CVE-2026-0766",
|
|
57227
57989
|
"CVE-2026-22252",
|
|
57228
57990
|
"CVE-2026-22688",
|
|
57229
57991
|
"CVE-2026-24206",
|
|
@@ -57389,7 +58151,9 @@
|
|
|
57389
58151
|
"CVE-2025-53773",
|
|
57390
58152
|
"CVE-2025-54136",
|
|
57391
58153
|
"CVE-2025-60455",
|
|
58154
|
+
"CVE-2025-64496",
|
|
57392
58155
|
"CVE-2025-6965",
|
|
58156
|
+
"CVE-2026-0766",
|
|
57393
58157
|
"CVE-2026-22252",
|
|
57394
58158
|
"CVE-2026-22688",
|
|
57395
58159
|
"CVE-2026-22778",
|
|
@@ -57937,6 +58701,7 @@
|
|
|
57937
58701
|
"CVE-2025-62221",
|
|
57938
58702
|
"CVE-2025-64328",
|
|
57939
58703
|
"CVE-2025-64446",
|
|
58704
|
+
"CVE-2025-64496",
|
|
57940
58705
|
"CVE-2025-6543",
|
|
57941
58706
|
"CVE-2025-6554",
|
|
57942
58707
|
"CVE-2025-6558",
|
|
@@ -57953,6 +58718,7 @@
|
|
|
57953
58718
|
"CVE-2025-9242",
|
|
57954
58719
|
"CVE-2025-9377",
|
|
57955
58720
|
"CVE-2026-0300",
|
|
58721
|
+
"CVE-2026-0766",
|
|
57956
58722
|
"CVE-2026-1281",
|
|
57957
58723
|
"CVE-2026-1340",
|
|
57958
58724
|
"CVE-2026-1603",
|
|
@@ -58251,7 +59017,9 @@
|
|
|
58251
59017
|
"CVE-2025-53773",
|
|
58252
59018
|
"CVE-2025-54136",
|
|
58253
59019
|
"CVE-2025-60455",
|
|
59020
|
+
"CVE-2025-64496",
|
|
58254
59021
|
"CVE-2025-6965",
|
|
59022
|
+
"CVE-2026-0766",
|
|
58255
59023
|
"CVE-2026-22252",
|
|
58256
59024
|
"CVE-2026-22688",
|
|
58257
59025
|
"CVE-2026-24206",
|
|
@@ -58539,7 +59307,9 @@
|
|
|
58539
59307
|
"CVE-2025-53773",
|
|
58540
59308
|
"CVE-2025-54136",
|
|
58541
59309
|
"CVE-2025-60455",
|
|
59310
|
+
"CVE-2025-64496",
|
|
58542
59311
|
"CVE-2025-6965",
|
|
59312
|
+
"CVE-2026-0766",
|
|
58543
59313
|
"CVE-2026-22252",
|
|
58544
59314
|
"CVE-2026-22688",
|
|
58545
59315
|
"CVE-2026-22778",
|