@blamejs/exceptd-skills 0.13.80 → 0.13.82

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +1648 -0
  6. package/data/atlas-ttps.json +5 -2
  7. package/data/attack-techniques.json +10 -0
  8. package/data/cve-catalog.json +413 -0
  9. package/data/cwe-catalog.json +10 -3
  10. package/data/framework-control-gaps.json +33 -1
  11. package/data/zeroday-lessons.json +200 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -23041,6 +23041,1562 @@
23041
23041
  ]
23042
23042
  }
23043
23043
  },
23044
+ "CVE-2026-0766": {
23045
+ "name": "Open WebUI Tool Module Code Injection RCE",
23046
+ "rwep": 29,
23047
+ "cvss": 8.8,
23048
+ "cisa_kev": false,
23049
+ "epss_score": null,
23050
+ "referencing_skills": [
23051
+ "kernel-lpe-triage",
23052
+ "ai-attack-surface",
23053
+ "compliance-theater",
23054
+ "attack-surface-pentest",
23055
+ "ot-ics-security",
23056
+ "coordinated-vuln-disclosure",
23057
+ "sector-energy"
23058
+ ],
23059
+ "chain": {
23060
+ "cwes": [
23061
+ {
23062
+ "id": "CWE-1037",
23063
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
23064
+ "category": "Hardware / Side Channel"
23065
+ },
23066
+ {
23067
+ "id": "CWE-1039",
23068
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
23069
+ "category": "AI/ML"
23070
+ },
23071
+ {
23072
+ "id": "CWE-125",
23073
+ "name": "Out-of-bounds Read",
23074
+ "category": "Memory Safety"
23075
+ },
23076
+ {
23077
+ "id": "CWE-1357",
23078
+ "name": "Reliance on Insufficiently Trustworthy Component",
23079
+ "category": "Supply Chain"
23080
+ },
23081
+ {
23082
+ "id": "CWE-1395",
23083
+ "name": "Dependency on Vulnerable Third-Party Component",
23084
+ "category": "Supply Chain"
23085
+ },
23086
+ {
23087
+ "id": "CWE-1426",
23088
+ "name": "Improper Validation of Generative AI Output",
23089
+ "category": "AI/ML"
23090
+ },
23091
+ {
23092
+ "id": "CWE-22",
23093
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
23094
+ "category": "Path/Resource"
23095
+ },
23096
+ {
23097
+ "id": "CWE-269",
23098
+ "name": "Improper Privilege Management",
23099
+ "category": "Authorization"
23100
+ },
23101
+ {
23102
+ "id": "CWE-287",
23103
+ "name": "Improper Authentication",
23104
+ "category": "Authentication"
23105
+ },
23106
+ {
23107
+ "id": "CWE-306",
23108
+ "name": "Missing Authentication for Critical Function",
23109
+ "category": "Authentication"
23110
+ },
23111
+ {
23112
+ "id": "CWE-352",
23113
+ "name": "Cross-Site Request Forgery (CSRF)",
23114
+ "category": "Session"
23115
+ },
23116
+ {
23117
+ "id": "CWE-362",
23118
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
23119
+ "category": "Concurrency"
23120
+ },
23121
+ {
23122
+ "id": "CWE-416",
23123
+ "name": "Use After Free",
23124
+ "category": "Memory Safety"
23125
+ },
23126
+ {
23127
+ "id": "CWE-434",
23128
+ "name": "Unrestricted Upload of File with Dangerous Type",
23129
+ "category": "File Handling"
23130
+ },
23131
+ {
23132
+ "id": "CWE-672",
23133
+ "name": "Operation on a Resource after Expiration or Release",
23134
+ "category": "Memory Safety"
23135
+ },
23136
+ {
23137
+ "id": "CWE-732",
23138
+ "name": "Incorrect Permission Assignment for Critical Resource",
23139
+ "category": "Authorization"
23140
+ },
23141
+ {
23142
+ "id": "CWE-78",
23143
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
23144
+ "category": "Injection"
23145
+ },
23146
+ {
23147
+ "id": "CWE-787",
23148
+ "name": "Out-of-bounds Write",
23149
+ "category": "Memory Safety"
23150
+ },
23151
+ {
23152
+ "id": "CWE-79",
23153
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
23154
+ "category": "Injection"
23155
+ },
23156
+ {
23157
+ "id": "CWE-798",
23158
+ "name": "Use of Hard-coded Credentials",
23159
+ "category": "Credentials"
23160
+ },
23161
+ {
23162
+ "id": "CWE-89",
23163
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
23164
+ "category": "Injection"
23165
+ },
23166
+ {
23167
+ "id": "CWE-918",
23168
+ "name": "Server-Side Request Forgery (SSRF)",
23169
+ "category": "Network"
23170
+ },
23171
+ {
23172
+ "id": "CWE-94",
23173
+ "name": "Improper Control of Generation of Code (Code Injection)",
23174
+ "category": "Injection"
23175
+ }
23176
+ ],
23177
+ "atlas": [
23178
+ {
23179
+ "id": "AML.T0010",
23180
+ "name": "ML Supply Chain Compromise",
23181
+ "tactic": "Initial Access"
23182
+ },
23183
+ {
23184
+ "id": "AML.T0016",
23185
+ "name": "Obtain Capabilities: Develop Capabilities",
23186
+ "tactic": "Resource Development"
23187
+ },
23188
+ {
23189
+ "id": "AML.T0017",
23190
+ "name": "Discover ML Model Ontology",
23191
+ "tactic": "Discovery"
23192
+ },
23193
+ {
23194
+ "id": "AML.T0018",
23195
+ "name": "Backdoor ML Model",
23196
+ "tactic": "Persistence"
23197
+ },
23198
+ {
23199
+ "id": "AML.T0020",
23200
+ "name": "Poison Training Data",
23201
+ "tactic": "ML Attack Staging"
23202
+ },
23203
+ {
23204
+ "id": "AML.T0043",
23205
+ "name": "Craft Adversarial Data",
23206
+ "tactic": "ML Attack Staging"
23207
+ },
23208
+ {
23209
+ "id": "AML.T0051",
23210
+ "name": "LLM Prompt Injection",
23211
+ "tactic": "Execution"
23212
+ },
23213
+ {
23214
+ "id": "AML.T0054",
23215
+ "name": "LLM Jailbreak",
23216
+ "tactic": "Defense Evasion"
23217
+ },
23218
+ {
23219
+ "id": "AML.T0096",
23220
+ "name": "AI API as Covert C2 Channel",
23221
+ "tactic": "Command and Control"
23222
+ }
23223
+ ],
23224
+ "d3fend": [
23225
+ {
23226
+ "id": "D3-ASLR",
23227
+ "name": "Address Space Layout Randomization",
23228
+ "tactic": "Harden"
23229
+ },
23230
+ {
23231
+ "id": "D3-CSPP",
23232
+ "name": "Client-server Payload Profiling",
23233
+ "tactic": "Detect"
23234
+ },
23235
+ {
23236
+ "id": "D3-EAL",
23237
+ "name": "Executable Allowlisting",
23238
+ "tactic": "Harden"
23239
+ },
23240
+ {
23241
+ "id": "D3-IOPR",
23242
+ "name": "Input/Output Profiling Resource",
23243
+ "tactic": "Detect"
23244
+ },
23245
+ {
23246
+ "id": "D3-NTA",
23247
+ "name": "Network Traffic Analysis",
23248
+ "tactic": "Detect"
23249
+ },
23250
+ {
23251
+ "id": "D3-PHRA",
23252
+ "name": "Process Hardware Resource Access",
23253
+ "tactic": "Isolate"
23254
+ },
23255
+ {
23256
+ "id": "D3-PSEP",
23257
+ "name": "Process Segment Execution Prevention",
23258
+ "tactic": "Harden"
23259
+ }
23260
+ ],
23261
+ "framework_gaps": [
23262
+ {
23263
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
23264
+ "framework": "ALL",
23265
+ "control_name": "AI Pipeline Integrity"
23266
+ },
23267
+ {
23268
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
23269
+ "framework": "ALL",
23270
+ "control_name": "Prompt Injection as Access Control Failure"
23271
+ },
23272
+ {
23273
+ "id": "CIS-Controls-v8-Control7",
23274
+ "framework": "CIS Controls v8",
23275
+ "control_name": "Continuous Vulnerability Management"
23276
+ },
23277
+ {
23278
+ "id": "CMMC-2.0-Level-2",
23279
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
23280
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
23281
+ },
23282
+ {
23283
+ "id": "FedRAMP-Rev5-Moderate",
23284
+ "framework": "FedRAMP Rev 5 Moderate",
23285
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
23286
+ },
23287
+ {
23288
+ "id": "IEC-62443-3-3",
23289
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
23290
+ "control_name": "System security requirements and security levels"
23291
+ },
23292
+ {
23293
+ "id": "ISO-27001-2022-A.8.28",
23294
+ "framework": "ISO/IEC 27001:2022",
23295
+ "control_name": "Secure coding"
23296
+ },
23297
+ {
23298
+ "id": "ISO-27001-2022-A.8.8",
23299
+ "framework": "ISO/IEC 27001:2022",
23300
+ "control_name": "Management of technical vulnerabilities"
23301
+ },
23302
+ {
23303
+ "id": "ISO-IEC-23894-2023-clause-7",
23304
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
23305
+ "control_name": "AI risk management process"
23306
+ },
23307
+ {
23308
+ "id": "NERC-CIP-007-6-R4",
23309
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
23310
+ "control_name": "Security event monitoring"
23311
+ },
23312
+ {
23313
+ "id": "NIS2-Art21-patch-management",
23314
+ "framework": "EU NIS2 Directive",
23315
+ "control_name": "Vulnerability handling and disclosure"
23316
+ },
23317
+ {
23318
+ "id": "NIST-800-115",
23319
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
23320
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
23321
+ },
23322
+ {
23323
+ "id": "NIST-800-218-SSDF",
23324
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
23325
+ "control_name": "Secure Software Development Framework"
23326
+ },
23327
+ {
23328
+ "id": "NIST-800-53-AC-2",
23329
+ "framework": "NIST SP 800-53 Rev 5",
23330
+ "control_name": "Account Management"
23331
+ },
23332
+ {
23333
+ "id": "NIST-800-53-SC-8",
23334
+ "framework": "NIST SP 800-53 Rev 5",
23335
+ "control_name": "Transmission Confidentiality and Integrity"
23336
+ },
23337
+ {
23338
+ "id": "NIST-800-53-SI-2",
23339
+ "framework": "NIST SP 800-53 Rev 5",
23340
+ "control_name": "Flaw Remediation"
23341
+ },
23342
+ {
23343
+ "id": "NIST-800-53-SI-3",
23344
+ "framework": "NIST SP 800-53 Rev 5",
23345
+ "control_name": "Malicious Code Protection"
23346
+ },
23347
+ {
23348
+ "id": "NIST-800-82r3",
23349
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
23350
+ "control_name": "Guide to Operational Technology (OT) Security"
23351
+ },
23352
+ {
23353
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
23354
+ "framework": "OWASP Top 10 for LLM Applications 2025",
23355
+ "control_name": "Prompt Injection"
23356
+ },
23357
+ {
23358
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
23359
+ "framework": "OWASP Top 10 for LLM Applications 2025",
23360
+ "control_name": "Sensitive Information Disclosure"
23361
+ },
23362
+ {
23363
+ "id": "OWASP-Pen-Testing-Guide-v5",
23364
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
23365
+ "control_name": "Web application penetration testing methodology"
23366
+ },
23367
+ {
23368
+ "id": "PCI-DSS-4.0-6.3.3",
23369
+ "framework": "PCI DSS 4.0",
23370
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
23371
+ },
23372
+ {
23373
+ "id": "PTES-Pre-engagement",
23374
+ "framework": "Penetration Testing Execution Standard (PTES)",
23375
+ "control_name": "Pre-engagement Interactions"
23376
+ },
23377
+ {
23378
+ "id": "SOC2-CC6-logical-access",
23379
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
23380
+ "control_name": "Logical and Physical Access Controls"
23381
+ },
23382
+ {
23383
+ "id": "SOC2-CC9-vendor-management",
23384
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
23385
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
23386
+ }
23387
+ ],
23388
+ "attack_refs": [
23389
+ "T0855",
23390
+ "T0883",
23391
+ "T1059",
23392
+ "T1068",
23393
+ "T1078",
23394
+ "T1133",
23395
+ "T1190",
23396
+ "T1548.001",
23397
+ "T1566"
23398
+ ],
23399
+ "rfc_refs": [
23400
+ "RFC-4301",
23401
+ "RFC-4303",
23402
+ "RFC-7296"
23403
+ ]
23404
+ }
23405
+ },
23406
+ "CVE-2025-64496": {
23407
+ "name": "Open WebUI Malicious Model Server Code Injection (Account Takeover to RCE)",
23408
+ "rwep": 29,
23409
+ "cvss": 8,
23410
+ "cisa_kev": false,
23411
+ "epss_score": null,
23412
+ "referencing_skills": [
23413
+ "kernel-lpe-triage",
23414
+ "ai-attack-surface",
23415
+ "compliance-theater",
23416
+ "attack-surface-pentest",
23417
+ "ot-ics-security",
23418
+ "coordinated-vuln-disclosure",
23419
+ "sector-energy"
23420
+ ],
23421
+ "chain": {
23422
+ "cwes": [
23423
+ {
23424
+ "id": "CWE-1037",
23425
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
23426
+ "category": "Hardware / Side Channel"
23427
+ },
23428
+ {
23429
+ "id": "CWE-1039",
23430
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
23431
+ "category": "AI/ML"
23432
+ },
23433
+ {
23434
+ "id": "CWE-125",
23435
+ "name": "Out-of-bounds Read",
23436
+ "category": "Memory Safety"
23437
+ },
23438
+ {
23439
+ "id": "CWE-1357",
23440
+ "name": "Reliance on Insufficiently Trustworthy Component",
23441
+ "category": "Supply Chain"
23442
+ },
23443
+ {
23444
+ "id": "CWE-1395",
23445
+ "name": "Dependency on Vulnerable Third-Party Component",
23446
+ "category": "Supply Chain"
23447
+ },
23448
+ {
23449
+ "id": "CWE-1426",
23450
+ "name": "Improper Validation of Generative AI Output",
23451
+ "category": "AI/ML"
23452
+ },
23453
+ {
23454
+ "id": "CWE-22",
23455
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
23456
+ "category": "Path/Resource"
23457
+ },
23458
+ {
23459
+ "id": "CWE-269",
23460
+ "name": "Improper Privilege Management",
23461
+ "category": "Authorization"
23462
+ },
23463
+ {
23464
+ "id": "CWE-287",
23465
+ "name": "Improper Authentication",
23466
+ "category": "Authentication"
23467
+ },
23468
+ {
23469
+ "id": "CWE-306",
23470
+ "name": "Missing Authentication for Critical Function",
23471
+ "category": "Authentication"
23472
+ },
23473
+ {
23474
+ "id": "CWE-352",
23475
+ "name": "Cross-Site Request Forgery (CSRF)",
23476
+ "category": "Session"
23477
+ },
23478
+ {
23479
+ "id": "CWE-362",
23480
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
23481
+ "category": "Concurrency"
23482
+ },
23483
+ {
23484
+ "id": "CWE-416",
23485
+ "name": "Use After Free",
23486
+ "category": "Memory Safety"
23487
+ },
23488
+ {
23489
+ "id": "CWE-434",
23490
+ "name": "Unrestricted Upload of File with Dangerous Type",
23491
+ "category": "File Handling"
23492
+ },
23493
+ {
23494
+ "id": "CWE-672",
23495
+ "name": "Operation on a Resource after Expiration or Release",
23496
+ "category": "Memory Safety"
23497
+ },
23498
+ {
23499
+ "id": "CWE-732",
23500
+ "name": "Incorrect Permission Assignment for Critical Resource",
23501
+ "category": "Authorization"
23502
+ },
23503
+ {
23504
+ "id": "CWE-78",
23505
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
23506
+ "category": "Injection"
23507
+ },
23508
+ {
23509
+ "id": "CWE-787",
23510
+ "name": "Out-of-bounds Write",
23511
+ "category": "Memory Safety"
23512
+ },
23513
+ {
23514
+ "id": "CWE-79",
23515
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
23516
+ "category": "Injection"
23517
+ },
23518
+ {
23519
+ "id": "CWE-798",
23520
+ "name": "Use of Hard-coded Credentials",
23521
+ "category": "Credentials"
23522
+ },
23523
+ {
23524
+ "id": "CWE-89",
23525
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
23526
+ "category": "Injection"
23527
+ },
23528
+ {
23529
+ "id": "CWE-918",
23530
+ "name": "Server-Side Request Forgery (SSRF)",
23531
+ "category": "Network"
23532
+ },
23533
+ {
23534
+ "id": "CWE-94",
23535
+ "name": "Improper Control of Generation of Code (Code Injection)",
23536
+ "category": "Injection"
23537
+ }
23538
+ ],
23539
+ "atlas": [
23540
+ {
23541
+ "id": "AML.T0010",
23542
+ "name": "ML Supply Chain Compromise",
23543
+ "tactic": "Initial Access"
23544
+ },
23545
+ {
23546
+ "id": "AML.T0016",
23547
+ "name": "Obtain Capabilities: Develop Capabilities",
23548
+ "tactic": "Resource Development"
23549
+ },
23550
+ {
23551
+ "id": "AML.T0017",
23552
+ "name": "Discover ML Model Ontology",
23553
+ "tactic": "Discovery"
23554
+ },
23555
+ {
23556
+ "id": "AML.T0018",
23557
+ "name": "Backdoor ML Model",
23558
+ "tactic": "Persistence"
23559
+ },
23560
+ {
23561
+ "id": "AML.T0020",
23562
+ "name": "Poison Training Data",
23563
+ "tactic": "ML Attack Staging"
23564
+ },
23565
+ {
23566
+ "id": "AML.T0043",
23567
+ "name": "Craft Adversarial Data",
23568
+ "tactic": "ML Attack Staging"
23569
+ },
23570
+ {
23571
+ "id": "AML.T0051",
23572
+ "name": "LLM Prompt Injection",
23573
+ "tactic": "Execution"
23574
+ },
23575
+ {
23576
+ "id": "AML.T0054",
23577
+ "name": "LLM Jailbreak",
23578
+ "tactic": "Defense Evasion"
23579
+ },
23580
+ {
23581
+ "id": "AML.T0096",
23582
+ "name": "AI API as Covert C2 Channel",
23583
+ "tactic": "Command and Control"
23584
+ }
23585
+ ],
23586
+ "d3fend": [
23587
+ {
23588
+ "id": "D3-ASLR",
23589
+ "name": "Address Space Layout Randomization",
23590
+ "tactic": "Harden"
23591
+ },
23592
+ {
23593
+ "id": "D3-CSPP",
23594
+ "name": "Client-server Payload Profiling",
23595
+ "tactic": "Detect"
23596
+ },
23597
+ {
23598
+ "id": "D3-EAL",
23599
+ "name": "Executable Allowlisting",
23600
+ "tactic": "Harden"
23601
+ },
23602
+ {
23603
+ "id": "D3-IOPR",
23604
+ "name": "Input/Output Profiling Resource",
23605
+ "tactic": "Detect"
23606
+ },
23607
+ {
23608
+ "id": "D3-NTA",
23609
+ "name": "Network Traffic Analysis",
23610
+ "tactic": "Detect"
23611
+ },
23612
+ {
23613
+ "id": "D3-PHRA",
23614
+ "name": "Process Hardware Resource Access",
23615
+ "tactic": "Isolate"
23616
+ },
23617
+ {
23618
+ "id": "D3-PSEP",
23619
+ "name": "Process Segment Execution Prevention",
23620
+ "tactic": "Harden"
23621
+ }
23622
+ ],
23623
+ "framework_gaps": [
23624
+ {
23625
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
23626
+ "framework": "ALL",
23627
+ "control_name": "AI Pipeline Integrity"
23628
+ },
23629
+ {
23630
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
23631
+ "framework": "ALL",
23632
+ "control_name": "Prompt Injection as Access Control Failure"
23633
+ },
23634
+ {
23635
+ "id": "CIS-Controls-v8-Control7",
23636
+ "framework": "CIS Controls v8",
23637
+ "control_name": "Continuous Vulnerability Management"
23638
+ },
23639
+ {
23640
+ "id": "CMMC-2.0-Level-2",
23641
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
23642
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
23643
+ },
23644
+ {
23645
+ "id": "FedRAMP-Rev5-Moderate",
23646
+ "framework": "FedRAMP Rev 5 Moderate",
23647
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
23648
+ },
23649
+ {
23650
+ "id": "IEC-62443-3-3",
23651
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
23652
+ "control_name": "System security requirements and security levels"
23653
+ },
23654
+ {
23655
+ "id": "ISO-27001-2022-A.8.28",
23656
+ "framework": "ISO/IEC 27001:2022",
23657
+ "control_name": "Secure coding"
23658
+ },
23659
+ {
23660
+ "id": "ISO-27001-2022-A.8.8",
23661
+ "framework": "ISO/IEC 27001:2022",
23662
+ "control_name": "Management of technical vulnerabilities"
23663
+ },
23664
+ {
23665
+ "id": "ISO-IEC-23894-2023-clause-7",
23666
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
23667
+ "control_name": "AI risk management process"
23668
+ },
23669
+ {
23670
+ "id": "NERC-CIP-007-6-R4",
23671
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
23672
+ "control_name": "Security event monitoring"
23673
+ },
23674
+ {
23675
+ "id": "NIS2-Art21-patch-management",
23676
+ "framework": "EU NIS2 Directive",
23677
+ "control_name": "Vulnerability handling and disclosure"
23678
+ },
23679
+ {
23680
+ "id": "NIST-800-115",
23681
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
23682
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
23683
+ },
23684
+ {
23685
+ "id": "NIST-800-218-SSDF",
23686
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
23687
+ "control_name": "Secure Software Development Framework"
23688
+ },
23689
+ {
23690
+ "id": "NIST-800-53-AC-2",
23691
+ "framework": "NIST SP 800-53 Rev 5",
23692
+ "control_name": "Account Management"
23693
+ },
23694
+ {
23695
+ "id": "NIST-800-53-SC-8",
23696
+ "framework": "NIST SP 800-53 Rev 5",
23697
+ "control_name": "Transmission Confidentiality and Integrity"
23698
+ },
23699
+ {
23700
+ "id": "NIST-800-53-SI-2",
23701
+ "framework": "NIST SP 800-53 Rev 5",
23702
+ "control_name": "Flaw Remediation"
23703
+ },
23704
+ {
23705
+ "id": "NIST-800-53-SI-3",
23706
+ "framework": "NIST SP 800-53 Rev 5",
23707
+ "control_name": "Malicious Code Protection"
23708
+ },
23709
+ {
23710
+ "id": "NIST-800-82r3",
23711
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
23712
+ "control_name": "Guide to Operational Technology (OT) Security"
23713
+ },
23714
+ {
23715
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
23716
+ "framework": "OWASP Top 10 for LLM Applications 2025",
23717
+ "control_name": "Prompt Injection"
23718
+ },
23719
+ {
23720
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
23721
+ "framework": "OWASP Top 10 for LLM Applications 2025",
23722
+ "control_name": "Sensitive Information Disclosure"
23723
+ },
23724
+ {
23725
+ "id": "OWASP-Pen-Testing-Guide-v5",
23726
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
23727
+ "control_name": "Web application penetration testing methodology"
23728
+ },
23729
+ {
23730
+ "id": "PCI-DSS-4.0-6.3.3",
23731
+ "framework": "PCI DSS 4.0",
23732
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
23733
+ },
23734
+ {
23735
+ "id": "PTES-Pre-engagement",
23736
+ "framework": "Penetration Testing Execution Standard (PTES)",
23737
+ "control_name": "Pre-engagement Interactions"
23738
+ },
23739
+ {
23740
+ "id": "SOC2-CC6-logical-access",
23741
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
23742
+ "control_name": "Logical and Physical Access Controls"
23743
+ },
23744
+ {
23745
+ "id": "SOC2-CC9-vendor-management",
23746
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
23747
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
23748
+ }
23749
+ ],
23750
+ "attack_refs": [
23751
+ "T0855",
23752
+ "T0883",
23753
+ "T1059",
23754
+ "T1068",
23755
+ "T1078",
23756
+ "T1133",
23757
+ "T1190",
23758
+ "T1548.001",
23759
+ "T1566"
23760
+ ],
23761
+ "rfc_refs": [
23762
+ "RFC-4301",
23763
+ "RFC-4303",
23764
+ "RFC-7296"
23765
+ ]
23766
+ }
23767
+ },
23768
+ "CVE-2024-0132": {
23769
+ "name": "NVIDIA Container Toolkit TOCTOU Container Escape",
23770
+ "rwep": 35,
23771
+ "cvss": 8.3,
23772
+ "cisa_kev": false,
23773
+ "epss_score": null,
23774
+ "referencing_skills": [
23775
+ "kernel-lpe-triage",
23776
+ "ai-attack-surface",
23777
+ "compliance-theater",
23778
+ "ai-c2-detection",
23779
+ "attack-surface-pentest",
23780
+ "dlp-gap-analysis",
23781
+ "ot-ics-security",
23782
+ "sector-energy"
23783
+ ],
23784
+ "chain": {
23785
+ "cwes": [
23786
+ {
23787
+ "id": "CWE-1037",
23788
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
23789
+ "category": "Hardware / Side Channel"
23790
+ },
23791
+ {
23792
+ "id": "CWE-1039",
23793
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
23794
+ "category": "AI/ML"
23795
+ },
23796
+ {
23797
+ "id": "CWE-125",
23798
+ "name": "Out-of-bounds Read",
23799
+ "category": "Memory Safety"
23800
+ },
23801
+ {
23802
+ "id": "CWE-1395",
23803
+ "name": "Dependency on Vulnerable Third-Party Component",
23804
+ "category": "Supply Chain"
23805
+ },
23806
+ {
23807
+ "id": "CWE-1426",
23808
+ "name": "Improper Validation of Generative AI Output",
23809
+ "category": "AI/ML"
23810
+ },
23811
+ {
23812
+ "id": "CWE-200",
23813
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
23814
+ "category": "Information Exposure"
23815
+ },
23816
+ {
23817
+ "id": "CWE-22",
23818
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
23819
+ "category": "Path/Resource"
23820
+ },
23821
+ {
23822
+ "id": "CWE-269",
23823
+ "name": "Improper Privilege Management",
23824
+ "category": "Authorization"
23825
+ },
23826
+ {
23827
+ "id": "CWE-287",
23828
+ "name": "Improper Authentication",
23829
+ "category": "Authentication"
23830
+ },
23831
+ {
23832
+ "id": "CWE-306",
23833
+ "name": "Missing Authentication for Critical Function",
23834
+ "category": "Authentication"
23835
+ },
23836
+ {
23837
+ "id": "CWE-352",
23838
+ "name": "Cross-Site Request Forgery (CSRF)",
23839
+ "category": "Session"
23840
+ },
23841
+ {
23842
+ "id": "CWE-362",
23843
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
23844
+ "category": "Concurrency"
23845
+ },
23846
+ {
23847
+ "id": "CWE-416",
23848
+ "name": "Use After Free",
23849
+ "category": "Memory Safety"
23850
+ },
23851
+ {
23852
+ "id": "CWE-434",
23853
+ "name": "Unrestricted Upload of File with Dangerous Type",
23854
+ "category": "File Handling"
23855
+ },
23856
+ {
23857
+ "id": "CWE-672",
23858
+ "name": "Operation on a Resource after Expiration or Release",
23859
+ "category": "Memory Safety"
23860
+ },
23861
+ {
23862
+ "id": "CWE-732",
23863
+ "name": "Incorrect Permission Assignment for Critical Resource",
23864
+ "category": "Authorization"
23865
+ },
23866
+ {
23867
+ "id": "CWE-78",
23868
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
23869
+ "category": "Injection"
23870
+ },
23871
+ {
23872
+ "id": "CWE-787",
23873
+ "name": "Out-of-bounds Write",
23874
+ "category": "Memory Safety"
23875
+ },
23876
+ {
23877
+ "id": "CWE-79",
23878
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
23879
+ "category": "Injection"
23880
+ },
23881
+ {
23882
+ "id": "CWE-798",
23883
+ "name": "Use of Hard-coded Credentials",
23884
+ "category": "Credentials"
23885
+ },
23886
+ {
23887
+ "id": "CWE-89",
23888
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
23889
+ "category": "Injection"
23890
+ },
23891
+ {
23892
+ "id": "CWE-918",
23893
+ "name": "Server-Side Request Forgery (SSRF)",
23894
+ "category": "Network"
23895
+ },
23896
+ {
23897
+ "id": "CWE-94",
23898
+ "name": "Improper Control of Generation of Code (Code Injection)",
23899
+ "category": "Injection"
23900
+ }
23901
+ ],
23902
+ "atlas": [
23903
+ {
23904
+ "id": "AML.T0010",
23905
+ "name": "ML Supply Chain Compromise",
23906
+ "tactic": "Initial Access"
23907
+ },
23908
+ {
23909
+ "id": "AML.T0016",
23910
+ "name": "Obtain Capabilities: Develop Capabilities",
23911
+ "tactic": "Resource Development"
23912
+ },
23913
+ {
23914
+ "id": "AML.T0017",
23915
+ "name": "Discover ML Model Ontology",
23916
+ "tactic": "Discovery"
23917
+ },
23918
+ {
23919
+ "id": "AML.T0018",
23920
+ "name": "Backdoor ML Model",
23921
+ "tactic": "Persistence"
23922
+ },
23923
+ {
23924
+ "id": "AML.T0020",
23925
+ "name": "Poison Training Data",
23926
+ "tactic": "ML Attack Staging"
23927
+ },
23928
+ {
23929
+ "id": "AML.T0043",
23930
+ "name": "Craft Adversarial Data",
23931
+ "tactic": "ML Attack Staging"
23932
+ },
23933
+ {
23934
+ "id": "AML.T0051",
23935
+ "name": "LLM Prompt Injection",
23936
+ "tactic": "Execution"
23937
+ },
23938
+ {
23939
+ "id": "AML.T0054",
23940
+ "name": "LLM Jailbreak",
23941
+ "tactic": "Defense Evasion"
23942
+ },
23943
+ {
23944
+ "id": "AML.T0096",
23945
+ "name": "AI API as Covert C2 Channel",
23946
+ "tactic": "Command and Control"
23947
+ }
23948
+ ],
23949
+ "d3fend": [
23950
+ {
23951
+ "id": "D3-ASLR",
23952
+ "name": "Address Space Layout Randomization",
23953
+ "tactic": "Harden"
23954
+ },
23955
+ {
23956
+ "id": "D3-CA",
23957
+ "name": "Certificate Analysis",
23958
+ "tactic": "Detect"
23959
+ },
23960
+ {
23961
+ "id": "D3-CSPP",
23962
+ "name": "Client-server Payload Profiling",
23963
+ "tactic": "Detect"
23964
+ },
23965
+ {
23966
+ "id": "D3-DA",
23967
+ "name": "Domain Analysis",
23968
+ "tactic": "Detect"
23969
+ },
23970
+ {
23971
+ "id": "D3-EAL",
23972
+ "name": "Executable Allowlisting",
23973
+ "tactic": "Harden"
23974
+ },
23975
+ {
23976
+ "id": "D3-IOPR",
23977
+ "name": "Input/Output Profiling Resource",
23978
+ "tactic": "Detect"
23979
+ },
23980
+ {
23981
+ "id": "D3-NI",
23982
+ "name": "Network Isolation",
23983
+ "tactic": "Isolate"
23984
+ },
23985
+ {
23986
+ "id": "D3-NTA",
23987
+ "name": "Network Traffic Analysis",
23988
+ "tactic": "Detect"
23989
+ },
23990
+ {
23991
+ "id": "D3-NTPM",
23992
+ "name": "Network Traffic Policy Mapping",
23993
+ "tactic": "Model"
23994
+ },
23995
+ {
23996
+ "id": "D3-PHRA",
23997
+ "name": "Process Hardware Resource Access",
23998
+ "tactic": "Isolate"
23999
+ },
24000
+ {
24001
+ "id": "D3-PSEP",
24002
+ "name": "Process Segment Execution Prevention",
24003
+ "tactic": "Harden"
24004
+ }
24005
+ ],
24006
+ "framework_gaps": [
24007
+ {
24008
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
24009
+ "framework": "ALL",
24010
+ "control_name": "AI Pipeline Integrity"
24011
+ },
24012
+ {
24013
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
24014
+ "framework": "ALL",
24015
+ "control_name": "Prompt Injection as Access Control Failure"
24016
+ },
24017
+ {
24018
+ "id": "CIS-Controls-v8-Control7",
24019
+ "framework": "CIS Controls v8",
24020
+ "control_name": "Continuous Vulnerability Management"
24021
+ },
24022
+ {
24023
+ "id": "CMMC-2.0-Level-2",
24024
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
24025
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
24026
+ },
24027
+ {
24028
+ "id": "FedRAMP-Rev5-Moderate",
24029
+ "framework": "FedRAMP Rev 5 Moderate",
24030
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
24031
+ },
24032
+ {
24033
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
24034
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
24035
+ "control_name": "Access control standard (technical safeguards)"
24036
+ },
24037
+ {
24038
+ "id": "IEC-62443-3-3",
24039
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
24040
+ "control_name": "System security requirements and security levels"
24041
+ },
24042
+ {
24043
+ "id": "ISO-27001-2022-A.8.16",
24044
+ "framework": "ISO/IEC 27001:2022",
24045
+ "control_name": "Monitoring activities"
24046
+ },
24047
+ {
24048
+ "id": "ISO-27001-2022-A.8.28",
24049
+ "framework": "ISO/IEC 27001:2022",
24050
+ "control_name": "Secure coding"
24051
+ },
24052
+ {
24053
+ "id": "ISO-27001-2022-A.8.8",
24054
+ "framework": "ISO/IEC 27001:2022",
24055
+ "control_name": "Management of technical vulnerabilities"
24056
+ },
24057
+ {
24058
+ "id": "ISO-IEC-23894-2023-clause-7",
24059
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
24060
+ "control_name": "AI risk management process"
24061
+ },
24062
+ {
24063
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
24064
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
24065
+ "control_name": "AI risk assessment"
24066
+ },
24067
+ {
24068
+ "id": "NERC-CIP-007-6-R4",
24069
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
24070
+ "control_name": "Security event monitoring"
24071
+ },
24072
+ {
24073
+ "id": "NIS2-Art21-patch-management",
24074
+ "framework": "EU NIS2 Directive",
24075
+ "control_name": "Vulnerability handling and disclosure"
24076
+ },
24077
+ {
24078
+ "id": "NIST-800-115",
24079
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
24080
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
24081
+ },
24082
+ {
24083
+ "id": "NIST-800-53-AC-2",
24084
+ "framework": "NIST SP 800-53 Rev 5",
24085
+ "control_name": "Account Management"
24086
+ },
24087
+ {
24088
+ "id": "NIST-800-53-SC-28",
24089
+ "framework": "NIST SP 800-53 Rev 5",
24090
+ "control_name": "Protection of Information at Rest"
24091
+ },
24092
+ {
24093
+ "id": "NIST-800-53-SC-7",
24094
+ "framework": "NIST SP 800-53 Rev 5",
24095
+ "control_name": "Boundary Protection"
24096
+ },
24097
+ {
24098
+ "id": "NIST-800-53-SC-8",
24099
+ "framework": "NIST SP 800-53 Rev 5",
24100
+ "control_name": "Transmission Confidentiality and Integrity"
24101
+ },
24102
+ {
24103
+ "id": "NIST-800-53-SI-2",
24104
+ "framework": "NIST SP 800-53 Rev 5",
24105
+ "control_name": "Flaw Remediation"
24106
+ },
24107
+ {
24108
+ "id": "NIST-800-53-SI-3",
24109
+ "framework": "NIST SP 800-53 Rev 5",
24110
+ "control_name": "Malicious Code Protection"
24111
+ },
24112
+ {
24113
+ "id": "NIST-800-82r3",
24114
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
24115
+ "control_name": "Guide to Operational Technology (OT) Security"
24116
+ },
24117
+ {
24118
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
24119
+ "framework": "OWASP Top 10 for LLM Applications 2025",
24120
+ "control_name": "Prompt Injection"
24121
+ },
24122
+ {
24123
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
24124
+ "framework": "OWASP Top 10 for LLM Applications 2025",
24125
+ "control_name": "Sensitive Information Disclosure"
24126
+ },
24127
+ {
24128
+ "id": "OWASP-Pen-Testing-Guide-v5",
24129
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
24130
+ "control_name": "Web application penetration testing methodology"
24131
+ },
24132
+ {
24133
+ "id": "PCI-DSS-4.0-6.3.3",
24134
+ "framework": "PCI DSS 4.0",
24135
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
24136
+ },
24137
+ {
24138
+ "id": "PTES-Pre-engagement",
24139
+ "framework": "Penetration Testing Execution Standard (PTES)",
24140
+ "control_name": "Pre-engagement Interactions"
24141
+ },
24142
+ {
24143
+ "id": "SOC2-CC6-logical-access",
24144
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
24145
+ "control_name": "Logical and Physical Access Controls"
24146
+ },
24147
+ {
24148
+ "id": "SOC2-CC7-anomaly-detection",
24149
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
24150
+ "control_name": "System Operations — Threat and Vulnerability Management"
24151
+ }
24152
+ ],
24153
+ "attack_refs": [
24154
+ "T0855",
24155
+ "T0883",
24156
+ "T1041",
24157
+ "T1059",
24158
+ "T1068",
24159
+ "T1071",
24160
+ "T1078",
24161
+ "T1102",
24162
+ "T1133",
24163
+ "T1190",
24164
+ "T1213",
24165
+ "T1530",
24166
+ "T1548.001",
24167
+ "T1566",
24168
+ "T1567",
24169
+ "T1568"
24170
+ ],
24171
+ "rfc_refs": [
24172
+ "RFC-4301",
24173
+ "RFC-4303",
24174
+ "RFC-7296",
24175
+ "RFC-8446",
24176
+ "RFC-9000",
24177
+ "RFC-9114",
24178
+ "RFC-9180",
24179
+ "RFC-9421",
24180
+ "RFC-9458"
24181
+ ]
24182
+ }
24183
+ },
24184
+ "CVE-2025-23266": {
24185
+ "name": "NVIDIA Container Toolkit Init-Hook Untrusted Search Path Container Escape (NVIDIAScape)",
24186
+ "rwep": 35,
24187
+ "cvss": 9,
24188
+ "cisa_kev": false,
24189
+ "epss_score": null,
24190
+ "referencing_skills": [
24191
+ "kernel-lpe-triage",
24192
+ "ai-attack-surface",
24193
+ "compliance-theater",
24194
+ "ai-c2-detection",
24195
+ "attack-surface-pentest",
24196
+ "dlp-gap-analysis",
24197
+ "ot-ics-security",
24198
+ "sector-energy"
24199
+ ],
24200
+ "chain": {
24201
+ "cwes": [
24202
+ {
24203
+ "id": "CWE-1037",
24204
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
24205
+ "category": "Hardware / Side Channel"
24206
+ },
24207
+ {
24208
+ "id": "CWE-1039",
24209
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
24210
+ "category": "AI/ML"
24211
+ },
24212
+ {
24213
+ "id": "CWE-125",
24214
+ "name": "Out-of-bounds Read",
24215
+ "category": "Memory Safety"
24216
+ },
24217
+ {
24218
+ "id": "CWE-1395",
24219
+ "name": "Dependency on Vulnerable Third-Party Component",
24220
+ "category": "Supply Chain"
24221
+ },
24222
+ {
24223
+ "id": "CWE-1426",
24224
+ "name": "Improper Validation of Generative AI Output",
24225
+ "category": "AI/ML"
24226
+ },
24227
+ {
24228
+ "id": "CWE-200",
24229
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
24230
+ "category": "Information Exposure"
24231
+ },
24232
+ {
24233
+ "id": "CWE-22",
24234
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
24235
+ "category": "Path/Resource"
24236
+ },
24237
+ {
24238
+ "id": "CWE-269",
24239
+ "name": "Improper Privilege Management",
24240
+ "category": "Authorization"
24241
+ },
24242
+ {
24243
+ "id": "CWE-287",
24244
+ "name": "Improper Authentication",
24245
+ "category": "Authentication"
24246
+ },
24247
+ {
24248
+ "id": "CWE-306",
24249
+ "name": "Missing Authentication for Critical Function",
24250
+ "category": "Authentication"
24251
+ },
24252
+ {
24253
+ "id": "CWE-352",
24254
+ "name": "Cross-Site Request Forgery (CSRF)",
24255
+ "category": "Session"
24256
+ },
24257
+ {
24258
+ "id": "CWE-362",
24259
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
24260
+ "category": "Concurrency"
24261
+ },
24262
+ {
24263
+ "id": "CWE-416",
24264
+ "name": "Use After Free",
24265
+ "category": "Memory Safety"
24266
+ },
24267
+ {
24268
+ "id": "CWE-434",
24269
+ "name": "Unrestricted Upload of File with Dangerous Type",
24270
+ "category": "File Handling"
24271
+ },
24272
+ {
24273
+ "id": "CWE-672",
24274
+ "name": "Operation on a Resource after Expiration or Release",
24275
+ "category": "Memory Safety"
24276
+ },
24277
+ {
24278
+ "id": "CWE-732",
24279
+ "name": "Incorrect Permission Assignment for Critical Resource",
24280
+ "category": "Authorization"
24281
+ },
24282
+ {
24283
+ "id": "CWE-78",
24284
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
24285
+ "category": "Injection"
24286
+ },
24287
+ {
24288
+ "id": "CWE-787",
24289
+ "name": "Out-of-bounds Write",
24290
+ "category": "Memory Safety"
24291
+ },
24292
+ {
24293
+ "id": "CWE-79",
24294
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
24295
+ "category": "Injection"
24296
+ },
24297
+ {
24298
+ "id": "CWE-798",
24299
+ "name": "Use of Hard-coded Credentials",
24300
+ "category": "Credentials"
24301
+ },
24302
+ {
24303
+ "id": "CWE-89",
24304
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
24305
+ "category": "Injection"
24306
+ },
24307
+ {
24308
+ "id": "CWE-918",
24309
+ "name": "Server-Side Request Forgery (SSRF)",
24310
+ "category": "Network"
24311
+ },
24312
+ {
24313
+ "id": "CWE-94",
24314
+ "name": "Improper Control of Generation of Code (Code Injection)",
24315
+ "category": "Injection"
24316
+ }
24317
+ ],
24318
+ "atlas": [
24319
+ {
24320
+ "id": "AML.T0010",
24321
+ "name": "ML Supply Chain Compromise",
24322
+ "tactic": "Initial Access"
24323
+ },
24324
+ {
24325
+ "id": "AML.T0016",
24326
+ "name": "Obtain Capabilities: Develop Capabilities",
24327
+ "tactic": "Resource Development"
24328
+ },
24329
+ {
24330
+ "id": "AML.T0017",
24331
+ "name": "Discover ML Model Ontology",
24332
+ "tactic": "Discovery"
24333
+ },
24334
+ {
24335
+ "id": "AML.T0018",
24336
+ "name": "Backdoor ML Model",
24337
+ "tactic": "Persistence"
24338
+ },
24339
+ {
24340
+ "id": "AML.T0020",
24341
+ "name": "Poison Training Data",
24342
+ "tactic": "ML Attack Staging"
24343
+ },
24344
+ {
24345
+ "id": "AML.T0043",
24346
+ "name": "Craft Adversarial Data",
24347
+ "tactic": "ML Attack Staging"
24348
+ },
24349
+ {
24350
+ "id": "AML.T0051",
24351
+ "name": "LLM Prompt Injection",
24352
+ "tactic": "Execution"
24353
+ },
24354
+ {
24355
+ "id": "AML.T0054",
24356
+ "name": "LLM Jailbreak",
24357
+ "tactic": "Defense Evasion"
24358
+ },
24359
+ {
24360
+ "id": "AML.T0096",
24361
+ "name": "AI API as Covert C2 Channel",
24362
+ "tactic": "Command and Control"
24363
+ }
24364
+ ],
24365
+ "d3fend": [
24366
+ {
24367
+ "id": "D3-ASLR",
24368
+ "name": "Address Space Layout Randomization",
24369
+ "tactic": "Harden"
24370
+ },
24371
+ {
24372
+ "id": "D3-CA",
24373
+ "name": "Certificate Analysis",
24374
+ "tactic": "Detect"
24375
+ },
24376
+ {
24377
+ "id": "D3-CSPP",
24378
+ "name": "Client-server Payload Profiling",
24379
+ "tactic": "Detect"
24380
+ },
24381
+ {
24382
+ "id": "D3-DA",
24383
+ "name": "Domain Analysis",
24384
+ "tactic": "Detect"
24385
+ },
24386
+ {
24387
+ "id": "D3-EAL",
24388
+ "name": "Executable Allowlisting",
24389
+ "tactic": "Harden"
24390
+ },
24391
+ {
24392
+ "id": "D3-IOPR",
24393
+ "name": "Input/Output Profiling Resource",
24394
+ "tactic": "Detect"
24395
+ },
24396
+ {
24397
+ "id": "D3-NI",
24398
+ "name": "Network Isolation",
24399
+ "tactic": "Isolate"
24400
+ },
24401
+ {
24402
+ "id": "D3-NTA",
24403
+ "name": "Network Traffic Analysis",
24404
+ "tactic": "Detect"
24405
+ },
24406
+ {
24407
+ "id": "D3-NTPM",
24408
+ "name": "Network Traffic Policy Mapping",
24409
+ "tactic": "Model"
24410
+ },
24411
+ {
24412
+ "id": "D3-PHRA",
24413
+ "name": "Process Hardware Resource Access",
24414
+ "tactic": "Isolate"
24415
+ },
24416
+ {
24417
+ "id": "D3-PSEP",
24418
+ "name": "Process Segment Execution Prevention",
24419
+ "tactic": "Harden"
24420
+ }
24421
+ ],
24422
+ "framework_gaps": [
24423
+ {
24424
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
24425
+ "framework": "ALL",
24426
+ "control_name": "AI Pipeline Integrity"
24427
+ },
24428
+ {
24429
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
24430
+ "framework": "ALL",
24431
+ "control_name": "Prompt Injection as Access Control Failure"
24432
+ },
24433
+ {
24434
+ "id": "CIS-Controls-v8-Control7",
24435
+ "framework": "CIS Controls v8",
24436
+ "control_name": "Continuous Vulnerability Management"
24437
+ },
24438
+ {
24439
+ "id": "CMMC-2.0-Level-2",
24440
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
24441
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
24442
+ },
24443
+ {
24444
+ "id": "FedRAMP-Rev5-Moderate",
24445
+ "framework": "FedRAMP Rev 5 Moderate",
24446
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
24447
+ },
24448
+ {
24449
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
24450
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
24451
+ "control_name": "Access control standard (technical safeguards)"
24452
+ },
24453
+ {
24454
+ "id": "IEC-62443-3-3",
24455
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
24456
+ "control_name": "System security requirements and security levels"
24457
+ },
24458
+ {
24459
+ "id": "ISO-27001-2022-A.8.16",
24460
+ "framework": "ISO/IEC 27001:2022",
24461
+ "control_name": "Monitoring activities"
24462
+ },
24463
+ {
24464
+ "id": "ISO-27001-2022-A.8.28",
24465
+ "framework": "ISO/IEC 27001:2022",
24466
+ "control_name": "Secure coding"
24467
+ },
24468
+ {
24469
+ "id": "ISO-27001-2022-A.8.8",
24470
+ "framework": "ISO/IEC 27001:2022",
24471
+ "control_name": "Management of technical vulnerabilities"
24472
+ },
24473
+ {
24474
+ "id": "ISO-IEC-23894-2023-clause-7",
24475
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
24476
+ "control_name": "AI risk management process"
24477
+ },
24478
+ {
24479
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
24480
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
24481
+ "control_name": "AI risk assessment"
24482
+ },
24483
+ {
24484
+ "id": "NERC-CIP-007-6-R4",
24485
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
24486
+ "control_name": "Security event monitoring"
24487
+ },
24488
+ {
24489
+ "id": "NIS2-Art21-patch-management",
24490
+ "framework": "EU NIS2 Directive",
24491
+ "control_name": "Vulnerability handling and disclosure"
24492
+ },
24493
+ {
24494
+ "id": "NIST-800-115",
24495
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
24496
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
24497
+ },
24498
+ {
24499
+ "id": "NIST-800-53-AC-2",
24500
+ "framework": "NIST SP 800-53 Rev 5",
24501
+ "control_name": "Account Management"
24502
+ },
24503
+ {
24504
+ "id": "NIST-800-53-SC-28",
24505
+ "framework": "NIST SP 800-53 Rev 5",
24506
+ "control_name": "Protection of Information at Rest"
24507
+ },
24508
+ {
24509
+ "id": "NIST-800-53-SC-7",
24510
+ "framework": "NIST SP 800-53 Rev 5",
24511
+ "control_name": "Boundary Protection"
24512
+ },
24513
+ {
24514
+ "id": "NIST-800-53-SC-8",
24515
+ "framework": "NIST SP 800-53 Rev 5",
24516
+ "control_name": "Transmission Confidentiality and Integrity"
24517
+ },
24518
+ {
24519
+ "id": "NIST-800-53-SI-2",
24520
+ "framework": "NIST SP 800-53 Rev 5",
24521
+ "control_name": "Flaw Remediation"
24522
+ },
24523
+ {
24524
+ "id": "NIST-800-53-SI-3",
24525
+ "framework": "NIST SP 800-53 Rev 5",
24526
+ "control_name": "Malicious Code Protection"
24527
+ },
24528
+ {
24529
+ "id": "NIST-800-82r3",
24530
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
24531
+ "control_name": "Guide to Operational Technology (OT) Security"
24532
+ },
24533
+ {
24534
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
24535
+ "framework": "OWASP Top 10 for LLM Applications 2025",
24536
+ "control_name": "Prompt Injection"
24537
+ },
24538
+ {
24539
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
24540
+ "framework": "OWASP Top 10 for LLM Applications 2025",
24541
+ "control_name": "Sensitive Information Disclosure"
24542
+ },
24543
+ {
24544
+ "id": "OWASP-Pen-Testing-Guide-v5",
24545
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
24546
+ "control_name": "Web application penetration testing methodology"
24547
+ },
24548
+ {
24549
+ "id": "PCI-DSS-4.0-6.3.3",
24550
+ "framework": "PCI DSS 4.0",
24551
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
24552
+ },
24553
+ {
24554
+ "id": "PTES-Pre-engagement",
24555
+ "framework": "Penetration Testing Execution Standard (PTES)",
24556
+ "control_name": "Pre-engagement Interactions"
24557
+ },
24558
+ {
24559
+ "id": "SOC2-CC6-logical-access",
24560
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
24561
+ "control_name": "Logical and Physical Access Controls"
24562
+ },
24563
+ {
24564
+ "id": "SOC2-CC7-anomaly-detection",
24565
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
24566
+ "control_name": "System Operations — Threat and Vulnerability Management"
24567
+ }
24568
+ ],
24569
+ "attack_refs": [
24570
+ "T0855",
24571
+ "T0883",
24572
+ "T1041",
24573
+ "T1059",
24574
+ "T1068",
24575
+ "T1071",
24576
+ "T1078",
24577
+ "T1102",
24578
+ "T1133",
24579
+ "T1190",
24580
+ "T1213",
24581
+ "T1530",
24582
+ "T1548.001",
24583
+ "T1566",
24584
+ "T1567",
24585
+ "T1568"
24586
+ ],
24587
+ "rfc_refs": [
24588
+ "RFC-4301",
24589
+ "RFC-4303",
24590
+ "RFC-7296",
24591
+ "RFC-8446",
24592
+ "RFC-9000",
24593
+ "RFC-9114",
24594
+ "RFC-9180",
24595
+ "RFC-9421",
24596
+ "RFC-9458"
24597
+ ]
24598
+ }
24599
+ },
23044
24600
  "CVE-2026-41091": {
23045
24601
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
23046
24602
  "rwep": 45,
@@ -49418,6 +50974,7 @@
49418
50974
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
49419
50975
  "CVE-2023-43472",
49420
50976
  "CVE-2023-48022",
50977
+ "CVE-2024-0132",
49421
50978
  "CVE-2024-3094",
49422
50979
  "CVE-2024-3154",
49423
50980
  "CVE-2024-50050",
@@ -49426,6 +50983,7 @@
49426
50983
  "CVE-2025-1094",
49427
50984
  "CVE-2025-14174",
49428
50985
  "CVE-2025-23254",
50986
+ "CVE-2025-23266",
49429
50987
  "CVE-2025-30165",
49430
50988
  "CVE-2025-34291",
49431
50989
  "CVE-2025-38352",
@@ -49435,7 +50993,9 @@
49435
50993
  "CVE-2025-53773",
49436
50994
  "CVE-2025-54136",
49437
50995
  "CVE-2025-60455",
50996
+ "CVE-2025-64496",
49438
50997
  "CVE-2025-6965",
50998
+ "CVE-2026-0766",
49439
50999
  "CVE-2026-22252",
49440
51000
  "CVE-2026-22688",
49441
51001
  "CVE-2026-24206",
@@ -49785,12 +51345,14 @@
49785
51345
  "related_cves": [
49786
51346
  "CVE-2023-43472",
49787
51347
  "CVE-2023-48022",
51348
+ "CVE-2024-0132",
49788
51349
  "CVE-2024-50050",
49789
51350
  "CVE-2025-0133",
49790
51351
  "CVE-2025-10585",
49791
51352
  "CVE-2025-1094",
49792
51353
  "CVE-2025-14174",
49793
51354
  "CVE-2025-23254",
51355
+ "CVE-2025-23266",
49794
51356
  "CVE-2025-30165",
49795
51357
  "CVE-2025-34291",
49796
51358
  "CVE-2025-38352",
@@ -49798,7 +51360,9 @@
49798
51360
  "CVE-2025-49596",
49799
51361
  "CVE-2025-54136",
49800
51362
  "CVE-2025-60455",
51363
+ "CVE-2025-64496",
49801
51364
  "CVE-2025-6965",
51365
+ "CVE-2026-0766",
49802
51366
  "CVE-2026-22252",
49803
51367
  "CVE-2026-22688",
49804
51368
  "CVE-2026-24206",
@@ -49943,12 +51507,14 @@
49943
51507
  "related_cves": [
49944
51508
  "CVE-2023-43472",
49945
51509
  "CVE-2023-48022",
51510
+ "CVE-2024-0132",
49946
51511
  "CVE-2024-50050",
49947
51512
  "CVE-2025-0133",
49948
51513
  "CVE-2025-10585",
49949
51514
  "CVE-2025-1094",
49950
51515
  "CVE-2025-14174",
49951
51516
  "CVE-2025-23254",
51517
+ "CVE-2025-23266",
49952
51518
  "CVE-2025-30165",
49953
51519
  "CVE-2025-34291",
49954
51520
  "CVE-2025-38352",
@@ -49956,7 +51522,9 @@
49956
51522
  "CVE-2025-49596",
49957
51523
  "CVE-2025-54136",
49958
51524
  "CVE-2025-60455",
51525
+ "CVE-2025-64496",
49959
51526
  "CVE-2025-6965",
51527
+ "CVE-2026-0766",
49960
51528
  "CVE-2026-22252",
49961
51529
  "CVE-2026-22688",
49962
51530
  "CVE-2026-24206",
@@ -50115,12 +51683,14 @@
50115
51683
  "related_cves": [
50116
51684
  "CVE-2023-43472",
50117
51685
  "CVE-2023-48022",
51686
+ "CVE-2024-0132",
50118
51687
  "CVE-2024-50050",
50119
51688
  "CVE-2025-0133",
50120
51689
  "CVE-2025-10585",
50121
51690
  "CVE-2025-1094",
50122
51691
  "CVE-2025-14174",
50123
51692
  "CVE-2025-23254",
51693
+ "CVE-2025-23266",
50124
51694
  "CVE-2025-30165",
50125
51695
  "CVE-2025-34291",
50126
51696
  "CVE-2025-38352",
@@ -50128,7 +51698,9 @@
50128
51698
  "CVE-2025-49596",
50129
51699
  "CVE-2025-54136",
50130
51700
  "CVE-2025-60455",
51701
+ "CVE-2025-64496",
50131
51702
  "CVE-2025-6965",
51703
+ "CVE-2026-0766",
50132
51704
  "CVE-2026-22252",
50133
51705
  "CVE-2026-22688",
50134
51706
  "CVE-2026-24206",
@@ -50391,6 +51963,7 @@
50391
51963
  "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
50392
51964
  "CVE-2023-43472",
50393
51965
  "CVE-2023-48022",
51966
+ "CVE-2024-0132",
50394
51967
  "CVE-2024-3094",
50395
51968
  "CVE-2024-3154",
50396
51969
  "CVE-2024-50050",
@@ -50398,6 +51971,7 @@
50398
51971
  "CVE-2025-1094",
50399
51972
  "CVE-2025-11837",
50400
51973
  "CVE-2025-23254",
51974
+ "CVE-2025-23266",
50401
51975
  "CVE-2025-30165",
50402
51976
  "CVE-2025-34291",
50403
51977
  "CVE-2025-49596",
@@ -50405,7 +51979,9 @@
50405
51979
  "CVE-2025-53773",
50406
51980
  "CVE-2025-54136",
50407
51981
  "CVE-2025-60455",
51982
+ "CVE-2025-64496",
50408
51983
  "CVE-2025-6965",
51984
+ "CVE-2026-0766",
50409
51985
  "CVE-2026-22252",
50410
51986
  "CVE-2026-22688",
50411
51987
  "CVE-2026-22778",
@@ -50623,6 +52199,7 @@
50623
52199
  "CVE-2023-48022",
50624
52200
  "CVE-2023-50224",
50625
52201
  "CVE-2023-52163",
52202
+ "CVE-2024-0132",
50626
52203
  "CVE-2024-0769",
50627
52204
  "CVE-2024-11182",
50628
52205
  "CVE-2024-12987",
@@ -50665,6 +52242,7 @@
50665
52242
  "CVE-2025-21479",
50666
52243
  "CVE-2025-21480",
50667
52244
  "CVE-2025-23254",
52245
+ "CVE-2025-23266",
50668
52246
  "CVE-2025-24016",
50669
52247
  "CVE-2025-24201",
50670
52248
  "CVE-2025-24893",
@@ -50772,6 +52350,7 @@
50772
52350
  "CVE-2025-62849",
50773
52351
  "CVE-2025-64328",
50774
52352
  "CVE-2025-64446",
52353
+ "CVE-2025-64496",
50775
52354
  "CVE-2025-6543",
50776
52355
  "CVE-2025-6554",
50777
52356
  "CVE-2025-6558",
@@ -50788,6 +52367,7 @@
50788
52367
  "CVE-2025-9242",
50789
52368
  "CVE-2025-9377",
50790
52369
  "CVE-2026-0300",
52370
+ "CVE-2026-0766",
50791
52371
  "CVE-2026-1281",
50792
52372
  "CVE-2026-1340",
50793
52373
  "CVE-2026-1603",
@@ -51075,6 +52655,7 @@
51075
52655
  "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
51076
52656
  "CVE-2023-43472",
51077
52657
  "CVE-2023-48022",
52658
+ "CVE-2024-0132",
51078
52659
  "CVE-2024-3094",
51079
52660
  "CVE-2024-3154",
51080
52661
  "CVE-2024-40635",
@@ -51082,6 +52663,7 @@
51082
52663
  "CVE-2025-1094",
51083
52664
  "CVE-2025-14847",
51084
52665
  "CVE-2025-22226",
52666
+ "CVE-2025-23266",
51085
52667
  "CVE-2025-49844",
51086
52668
  "CVE-2025-53767",
51087
52669
  "CVE-2025-53773",
@@ -51432,6 +53014,7 @@
51432
53014
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
51433
53015
  "CVE-2023-43472",
51434
53016
  "CVE-2023-48022",
53017
+ "CVE-2024-0132",
51435
53018
  "CVE-2024-3094",
51436
53019
  "CVE-2024-3154",
51437
53020
  "CVE-2024-50050",
@@ -51440,6 +53023,7 @@
51440
53023
  "CVE-2025-1094",
51441
53024
  "CVE-2025-14174",
51442
53025
  "CVE-2025-23254",
53026
+ "CVE-2025-23266",
51443
53027
  "CVE-2025-30165",
51444
53028
  "CVE-2025-34291",
51445
53029
  "CVE-2025-38352",
@@ -51449,7 +53033,9 @@
51449
53033
  "CVE-2025-53773",
51450
53034
  "CVE-2025-54136",
51451
53035
  "CVE-2025-60455",
53036
+ "CVE-2025-64496",
51452
53037
  "CVE-2025-6965",
53038
+ "CVE-2026-0766",
51453
53039
  "CVE-2026-22252",
51454
53040
  "CVE-2026-22688",
51455
53041
  "CVE-2026-24206",
@@ -52029,6 +53615,7 @@
52029
53615
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
52030
53616
  "CVE-2023-43472",
52031
53617
  "CVE-2023-48022",
53618
+ "CVE-2024-0132",
52032
53619
  "CVE-2024-3094",
52033
53620
  "CVE-2024-3154",
52034
53621
  "CVE-2024-50050",
@@ -52037,6 +53624,7 @@
52037
53624
  "CVE-2025-1094",
52038
53625
  "CVE-2025-14174",
52039
53626
  "CVE-2025-23254",
53627
+ "CVE-2025-23266",
52040
53628
  "CVE-2025-30165",
52041
53629
  "CVE-2025-34291",
52042
53630
  "CVE-2025-38352",
@@ -52046,7 +53634,9 @@
52046
53634
  "CVE-2025-53773",
52047
53635
  "CVE-2025-54136",
52048
53636
  "CVE-2025-60455",
53637
+ "CVE-2025-64496",
52049
53638
  "CVE-2025-6965",
53639
+ "CVE-2026-0766",
52050
53640
  "CVE-2026-22252",
52051
53641
  "CVE-2026-22688",
52052
53642
  "CVE-2026-24206",
@@ -52264,12 +53854,14 @@
52264
53854
  },
52265
53855
  "related_cves": [
52266
53856
  "CVE-2023-48022",
53857
+ "CVE-2024-0132",
52267
53858
  "CVE-2024-3094",
52268
53859
  "CVE-2024-50050",
52269
53860
  "CVE-2025-10585",
52270
53861
  "CVE-2025-1094",
52271
53862
  "CVE-2025-14174",
52272
53863
  "CVE-2025-23254",
53864
+ "CVE-2025-23266",
52273
53865
  "CVE-2025-30165",
52274
53866
  "CVE-2025-34291",
52275
53867
  "CVE-2025-38352",
@@ -52278,6 +53870,8 @@
52278
53870
  "CVE-2025-53773",
52279
53871
  "CVE-2025-54136",
52280
53872
  "CVE-2025-60455",
53873
+ "CVE-2025-64496",
53874
+ "CVE-2026-0766",
52281
53875
  "CVE-2026-22252",
52282
53876
  "CVE-2026-22688",
52283
53877
  "CVE-2026-24206",
@@ -52925,6 +54519,7 @@
52925
54519
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
52926
54520
  "CVE-2023-43472",
52927
54521
  "CVE-2023-48022",
54522
+ "CVE-2024-0132",
52928
54523
  "CVE-2024-3094",
52929
54524
  "CVE-2024-3154",
52930
54525
  "CVE-2024-50050",
@@ -52933,6 +54528,7 @@
52933
54528
  "CVE-2025-1094",
52934
54529
  "CVE-2025-14174",
52935
54530
  "CVE-2025-23254",
54531
+ "CVE-2025-23266",
52936
54532
  "CVE-2025-30165",
52937
54533
  "CVE-2025-34291",
52938
54534
  "CVE-2025-38352",
@@ -52942,7 +54538,9 @@
52942
54538
  "CVE-2025-53773",
52943
54539
  "CVE-2025-54136",
52944
54540
  "CVE-2025-60455",
54541
+ "CVE-2025-64496",
52945
54542
  "CVE-2025-6965",
54543
+ "CVE-2026-0766",
52946
54544
  "CVE-2026-22252",
52947
54545
  "CVE-2026-22688",
52948
54546
  "CVE-2026-24206",
@@ -53164,6 +54762,7 @@
53164
54762
  "CVE-2023-48022",
53165
54763
  "CVE-2023-50224",
53166
54764
  "CVE-2023-52163",
54765
+ "CVE-2024-0132",
53167
54766
  "CVE-2024-0769",
53168
54767
  "CVE-2024-11182",
53169
54768
  "CVE-2024-12987",
@@ -53206,6 +54805,7 @@
53206
54805
  "CVE-2025-21479",
53207
54806
  "CVE-2025-21480",
53208
54807
  "CVE-2025-23254",
54808
+ "CVE-2025-23266",
53209
54809
  "CVE-2025-24016",
53210
54810
  "CVE-2025-24201",
53211
54811
  "CVE-2025-24893",
@@ -53313,6 +54913,7 @@
53313
54913
  "CVE-2025-62849",
53314
54914
  "CVE-2025-64328",
53315
54915
  "CVE-2025-64446",
54916
+ "CVE-2025-64496",
53316
54917
  "CVE-2025-6543",
53317
54918
  "CVE-2025-6554",
53318
54919
  "CVE-2025-6558",
@@ -53329,6 +54930,7 @@
53329
54930
  "CVE-2025-9242",
53330
54931
  "CVE-2025-9377",
53331
54932
  "CVE-2026-0300",
54933
+ "CVE-2026-0766",
53332
54934
  "CVE-2026-1281",
53333
54935
  "CVE-2026-1340",
53334
54936
  "CVE-2026-1603",
@@ -53582,6 +55184,7 @@
53582
55184
  "CVE-2023-48022",
53583
55185
  "CVE-2023-50224",
53584
55186
  "CVE-2023-52163",
55187
+ "CVE-2024-0132",
53585
55188
  "CVE-2024-0769",
53586
55189
  "CVE-2024-11182",
53587
55190
  "CVE-2024-12987",
@@ -53624,6 +55227,7 @@
53624
55227
  "CVE-2025-21479",
53625
55228
  "CVE-2025-21480",
53626
55229
  "CVE-2025-23254",
55230
+ "CVE-2025-23266",
53627
55231
  "CVE-2025-24016",
53628
55232
  "CVE-2025-24201",
53629
55233
  "CVE-2025-24893",
@@ -53731,6 +55335,7 @@
53731
55335
  "CVE-2025-62849",
53732
55336
  "CVE-2025-64328",
53733
55337
  "CVE-2025-64446",
55338
+ "CVE-2025-64496",
53734
55339
  "CVE-2025-6543",
53735
55340
  "CVE-2025-6554",
53736
55341
  "CVE-2025-6558",
@@ -53747,6 +55352,7 @@
53747
55352
  "CVE-2025-9242",
53748
55353
  "CVE-2025-9377",
53749
55354
  "CVE-2026-0300",
55355
+ "CVE-2026-0766",
53750
55356
  "CVE-2026-1281",
53751
55357
  "CVE-2026-1340",
53752
55358
  "CVE-2026-1603",
@@ -54031,6 +55637,7 @@
54031
55637
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
54032
55638
  "CVE-2023-43472",
54033
55639
  "CVE-2023-48022",
55640
+ "CVE-2024-0132",
54034
55641
  "CVE-2024-3094",
54035
55642
  "CVE-2024-3154",
54036
55643
  "CVE-2024-50050",
@@ -54039,6 +55646,7 @@
54039
55646
  "CVE-2025-1094",
54040
55647
  "CVE-2025-14174",
54041
55648
  "CVE-2025-23254",
55649
+ "CVE-2025-23266",
54042
55650
  "CVE-2025-30165",
54043
55651
  "CVE-2025-34291",
54044
55652
  "CVE-2025-38352",
@@ -54048,7 +55656,9 @@
54048
55656
  "CVE-2025-53773",
54049
55657
  "CVE-2025-54136",
54050
55658
  "CVE-2025-60455",
55659
+ "CVE-2025-64496",
54051
55660
  "CVE-2025-6965",
55661
+ "CVE-2026-0766",
54052
55662
  "CVE-2026-22252",
54053
55663
  "CVE-2026-22688",
54054
55664
  "CVE-2026-24206",
@@ -54822,6 +56432,7 @@
54822
56432
  "CVE-2023-48022",
54823
56433
  "CVE-2023-50224",
54824
56434
  "CVE-2023-52163",
56435
+ "CVE-2024-0132",
54825
56436
  "CVE-2024-0769",
54826
56437
  "CVE-2024-11182",
54827
56438
  "CVE-2024-12987",
@@ -54864,6 +56475,7 @@
54864
56475
  "CVE-2025-21479",
54865
56476
  "CVE-2025-21480",
54866
56477
  "CVE-2025-23254",
56478
+ "CVE-2025-23266",
54867
56479
  "CVE-2025-24016",
54868
56480
  "CVE-2025-24201",
54869
56481
  "CVE-2025-24893",
@@ -54971,6 +56583,7 @@
54971
56583
  "CVE-2025-62849",
54972
56584
  "CVE-2025-64328",
54973
56585
  "CVE-2025-64446",
56586
+ "CVE-2025-64496",
54974
56587
  "CVE-2025-6543",
54975
56588
  "CVE-2025-6554",
54976
56589
  "CVE-2025-6558",
@@ -54987,6 +56600,7 @@
54987
56600
  "CVE-2025-9242",
54988
56601
  "CVE-2025-9377",
54989
56602
  "CVE-2026-0300",
56603
+ "CVE-2026-0766",
54990
56604
  "CVE-2026-1281",
54991
56605
  "CVE-2026-1340",
54992
56606
  "CVE-2026-1603",
@@ -55335,6 +56949,7 @@
55335
56949
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
55336
56950
  "CVE-2023-43472",
55337
56951
  "CVE-2023-48022",
56952
+ "CVE-2024-0132",
55338
56953
  "CVE-2024-3094",
55339
56954
  "CVE-2024-3154",
55340
56955
  "CVE-2024-50050",
@@ -55343,6 +56958,7 @@
55343
56958
  "CVE-2025-1094",
55344
56959
  "CVE-2025-14174",
55345
56960
  "CVE-2025-23254",
56961
+ "CVE-2025-23266",
55346
56962
  "CVE-2025-30165",
55347
56963
  "CVE-2025-34291",
55348
56964
  "CVE-2025-38352",
@@ -55352,7 +56968,9 @@
55352
56968
  "CVE-2025-53773",
55353
56969
  "CVE-2025-54136",
55354
56970
  "CVE-2025-60455",
56971
+ "CVE-2025-64496",
55355
56972
  "CVE-2025-6965",
56973
+ "CVE-2026-0766",
55356
56974
  "CVE-2026-22252",
55357
56975
  "CVE-2026-22688",
55358
56976
  "CVE-2026-24206",
@@ -55652,6 +57270,7 @@
55652
57270
  "CVE-2023-48022",
55653
57271
  "CVE-2023-50224",
55654
57272
  "CVE-2023-52163",
57273
+ "CVE-2024-0132",
55655
57274
  "CVE-2024-0769",
55656
57275
  "CVE-2024-11182",
55657
57276
  "CVE-2024-12987",
@@ -55697,6 +57316,7 @@
55697
57316
  "CVE-2025-21479",
55698
57317
  "CVE-2025-21480",
55699
57318
  "CVE-2025-23254",
57319
+ "CVE-2025-23266",
55700
57320
  "CVE-2025-24016",
55701
57321
  "CVE-2025-24201",
55702
57322
  "CVE-2025-24893",
@@ -55805,6 +57425,7 @@
55805
57425
  "CVE-2025-62849",
55806
57426
  "CVE-2025-64328",
55807
57427
  "CVE-2025-64446",
57428
+ "CVE-2025-64496",
55808
57429
  "CVE-2025-6543",
55809
57430
  "CVE-2025-6554",
55810
57431
  "CVE-2025-6558",
@@ -55822,6 +57443,7 @@
55822
57443
  "CVE-2025-9242",
55823
57444
  "CVE-2025-9377",
55824
57445
  "CVE-2026-0300",
57446
+ "CVE-2026-0766",
55825
57447
  "CVE-2026-1281",
55826
57448
  "CVE-2026-1340",
55827
57449
  "CVE-2026-1603",
@@ -56184,6 +57806,7 @@
56184
57806
  "related_cves": [
56185
57807
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
56186
57808
  "CVE-2023-48022",
57809
+ "CVE-2024-0132",
56187
57810
  "CVE-2024-3094",
56188
57811
  "CVE-2024-3154",
56189
57812
  "CVE-2024-50050",
@@ -56191,6 +57814,7 @@
56191
57814
  "CVE-2025-1094",
56192
57815
  "CVE-2025-14174",
56193
57816
  "CVE-2025-23254",
57817
+ "CVE-2025-23266",
56194
57818
  "CVE-2025-30165",
56195
57819
  "CVE-2025-34291",
56196
57820
  "CVE-2025-38352",
@@ -56200,6 +57824,8 @@
56200
57824
  "CVE-2025-53773",
56201
57825
  "CVE-2025-54136",
56202
57826
  "CVE-2025-60455",
57827
+ "CVE-2025-64496",
57828
+ "CVE-2026-0766",
56203
57829
  "CVE-2026-22252",
56204
57830
  "CVE-2026-22688",
56205
57831
  "CVE-2026-24206",
@@ -57116,6 +58742,7 @@
57116
58742
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
57117
58743
  "CVE-2023-43472",
57118
58744
  "CVE-2023-48022",
58745
+ "CVE-2024-0132",
57119
58746
  "CVE-2024-3094",
57120
58747
  "CVE-2024-3154",
57121
58748
  "CVE-2024-50050",
@@ -57124,6 +58751,7 @@
57124
58751
  "CVE-2025-1094",
57125
58752
  "CVE-2025-14174",
57126
58753
  "CVE-2025-23254",
58754
+ "CVE-2025-23266",
57127
58755
  "CVE-2025-30165",
57128
58756
  "CVE-2025-34291",
57129
58757
  "CVE-2025-38352",
@@ -57133,7 +58761,9 @@
57133
58761
  "CVE-2025-53773",
57134
58762
  "CVE-2025-54136",
57135
58763
  "CVE-2025-60455",
58764
+ "CVE-2025-64496",
57136
58765
  "CVE-2025-6965",
58766
+ "CVE-2026-0766",
57137
58767
  "CVE-2026-22252",
57138
58768
  "CVE-2026-22688",
57139
58769
  "CVE-2026-24206",
@@ -57212,11 +58842,13 @@
57212
58842
  },
57213
58843
  "related_cves": [
57214
58844
  "CVE-2023-48022",
58845
+ "CVE-2024-0132",
57215
58846
  "CVE-2024-50050",
57216
58847
  "CVE-2025-10585",
57217
58848
  "CVE-2025-1094",
57218
58849
  "CVE-2025-14174",
57219
58850
  "CVE-2025-23254",
58851
+ "CVE-2025-23266",
57220
58852
  "CVE-2025-30165",
57221
58853
  "CVE-2025-34291",
57222
58854
  "CVE-2025-38352",
@@ -57224,6 +58856,8 @@
57224
58856
  "CVE-2025-49596",
57225
58857
  "CVE-2025-54136",
57226
58858
  "CVE-2025-60455",
58859
+ "CVE-2025-64496",
58860
+ "CVE-2026-0766",
57227
58861
  "CVE-2026-22252",
57228
58862
  "CVE-2026-22688",
57229
58863
  "CVE-2026-24206",
@@ -57378,18 +59012,22 @@
57378
59012
  "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
57379
59013
  "CVE-2023-43472",
57380
59014
  "CVE-2023-48022",
59015
+ "CVE-2024-0132",
57381
59016
  "CVE-2024-50050",
57382
59017
  "CVE-2025-0133",
57383
59018
  "CVE-2025-1094",
57384
59019
  "CVE-2025-11837",
57385
59020
  "CVE-2025-23254",
59021
+ "CVE-2025-23266",
57386
59022
  "CVE-2025-30165",
57387
59023
  "CVE-2025-34291",
57388
59024
  "CVE-2025-49596",
57389
59025
  "CVE-2025-53773",
57390
59026
  "CVE-2025-54136",
57391
59027
  "CVE-2025-60455",
59028
+ "CVE-2025-64496",
57392
59029
  "CVE-2025-6965",
59030
+ "CVE-2026-0766",
57393
59031
  "CVE-2026-22252",
57394
59032
  "CVE-2026-22688",
57395
59033
  "CVE-2026-22778",
@@ -57937,6 +59575,7 @@
57937
59575
  "CVE-2025-62221",
57938
59576
  "CVE-2025-64328",
57939
59577
  "CVE-2025-64446",
59578
+ "CVE-2025-64496",
57940
59579
  "CVE-2025-6543",
57941
59580
  "CVE-2025-6554",
57942
59581
  "CVE-2025-6558",
@@ -57953,6 +59592,7 @@
57953
59592
  "CVE-2025-9242",
57954
59593
  "CVE-2025-9377",
57955
59594
  "CVE-2026-0300",
59595
+ "CVE-2026-0766",
57956
59596
  "CVE-2026-1281",
57957
59597
  "CVE-2026-1340",
57958
59598
  "CVE-2026-1603",
@@ -58234,6 +59874,7 @@
58234
59874
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
58235
59875
  "CVE-2023-43472",
58236
59876
  "CVE-2023-48022",
59877
+ "CVE-2024-0132",
58237
59878
  "CVE-2024-3094",
58238
59879
  "CVE-2024-3154",
58239
59880
  "CVE-2024-50050",
@@ -58242,6 +59883,7 @@
58242
59883
  "CVE-2025-1094",
58243
59884
  "CVE-2025-14174",
58244
59885
  "CVE-2025-23254",
59886
+ "CVE-2025-23266",
58245
59887
  "CVE-2025-30165",
58246
59888
  "CVE-2025-34291",
58247
59889
  "CVE-2025-38352",
@@ -58251,7 +59893,9 @@
58251
59893
  "CVE-2025-53773",
58252
59894
  "CVE-2025-54136",
58253
59895
  "CVE-2025-60455",
59896
+ "CVE-2025-64496",
58254
59897
  "CVE-2025-6965",
59898
+ "CVE-2026-0766",
58255
59899
  "CVE-2026-22252",
58256
59900
  "CVE-2026-22688",
58257
59901
  "CVE-2026-24206",
@@ -58523,6 +60167,7 @@
58523
60167
  "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
58524
60168
  "CVE-2023-43472",
58525
60169
  "CVE-2023-48022",
60170
+ "CVE-2024-0132",
58526
60171
  "CVE-2024-3094",
58527
60172
  "CVE-2024-40635",
58528
60173
  "CVE-2024-50050",
@@ -58532,6 +60177,7 @@
58532
60177
  "CVE-2025-14847",
58533
60178
  "CVE-2025-22226",
58534
60179
  "CVE-2025-23254",
60180
+ "CVE-2025-23266",
58535
60181
  "CVE-2025-30165",
58536
60182
  "CVE-2025-34291",
58537
60183
  "CVE-2025-49596",
@@ -58539,7 +60185,9 @@
58539
60185
  "CVE-2025-53773",
58540
60186
  "CVE-2025-54136",
58541
60187
  "CVE-2025-60455",
60188
+ "CVE-2025-64496",
58542
60189
  "CVE-2025-6965",
60190
+ "CVE-2026-0766",
58543
60191
  "CVE-2026-22252",
58544
60192
  "CVE-2026-22688",
58545
60193
  "CVE-2026-22778",