@blamejs/exceptd-skills 0.13.81 → 0.13.82

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/data/_indexes/_meta.json +8 -8
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +878 -0
  6. package/data/attack-techniques.json +6 -0
  7. package/data/cve-catalog.json +204 -0
  8. package/data/cwe-catalog.json +4 -2
  9. package/data/framework-control-gaps.json +17 -1
  10. package/data/zeroday-lessons.json +100 -0
  11. package/manifest.json +44 -44
  12. package/package.json +2 -2
  13. package/sbom.cdx.json +23 -23
package/data/_indexes/chains.json CHANGED
@@ -23765,6 +23765,838 @@
23765
23765
  ]
23766
23766
  }
23767
23767
  },
23768
+ "CVE-2024-0132": {
23769
+ "name": "NVIDIA Container Toolkit TOCTOU Container Escape",
23770
+ "rwep": 35,
23771
+ "cvss": 8.3,
23772
+ "cisa_kev": false,
23773
+ "epss_score": null,
23774
+ "referencing_skills": [
23775
+ "kernel-lpe-triage",
23776
+ "ai-attack-surface",
23777
+ "compliance-theater",
23778
+ "ai-c2-detection",
23779
+ "attack-surface-pentest",
23780
+ "dlp-gap-analysis",
23781
+ "ot-ics-security",
23782
+ "sector-energy"
23783
+ ],
23784
+ "chain": {
23785
+ "cwes": [
23786
+ {
23787
+ "id": "CWE-1037",
23788
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
23789
+ "category": "Hardware / Side Channel"
23790
+ },
23791
+ {
23792
+ "id": "CWE-1039",
23793
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
23794
+ "category": "AI/ML"
23795
+ },
23796
+ {
23797
+ "id": "CWE-125",
23798
+ "name": "Out-of-bounds Read",
23799
+ "category": "Memory Safety"
23800
+ },
23801
+ {
23802
+ "id": "CWE-1395",
23803
+ "name": "Dependency on Vulnerable Third-Party Component",
23804
+ "category": "Supply Chain"
23805
+ },
23806
+ {
23807
+ "id": "CWE-1426",
23808
+ "name": "Improper Validation of Generative AI Output",
23809
+ "category": "AI/ML"
23810
+ },
23811
+ {
23812
+ "id": "CWE-200",
23813
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
23814
+ "category": "Information Exposure"
23815
+ },
23816
+ {
23817
+ "id": "CWE-22",
23818
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
23819
+ "category": "Path/Resource"
23820
+ },
23821
+ {
23822
+ "id": "CWE-269",
23823
+ "name": "Improper Privilege Management",
23824
+ "category": "Authorization"
23825
+ },
23826
+ {
23827
+ "id": "CWE-287",
23828
+ "name": "Improper Authentication",
23829
+ "category": "Authentication"
23830
+ },
23831
+ {
23832
+ "id": "CWE-306",
23833
+ "name": "Missing Authentication for Critical Function",
23834
+ "category": "Authentication"
23835
+ },
23836
+ {
23837
+ "id": "CWE-352",
23838
+ "name": "Cross-Site Request Forgery (CSRF)",
23839
+ "category": "Session"
23840
+ },
23841
+ {
23842
+ "id": "CWE-362",
23843
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
23844
+ "category": "Concurrency"
23845
+ },
23846
+ {
23847
+ "id": "CWE-416",
23848
+ "name": "Use After Free",
23849
+ "category": "Memory Safety"
23850
+ },
23851
+ {
23852
+ "id": "CWE-434",
23853
+ "name": "Unrestricted Upload of File with Dangerous Type",
23854
+ "category": "File Handling"
23855
+ },
23856
+ {
23857
+ "id": "CWE-672",
23858
+ "name": "Operation on a Resource after Expiration or Release",
23859
+ "category": "Memory Safety"
23860
+ },
23861
+ {
23862
+ "id": "CWE-732",
23863
+ "name": "Incorrect Permission Assignment for Critical Resource",
23864
+ "category": "Authorization"
23865
+ },
23866
+ {
23867
+ "id": "CWE-78",
23868
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
23869
+ "category": "Injection"
23870
+ },
23871
+ {
23872
+ "id": "CWE-787",
23873
+ "name": "Out-of-bounds Write",
23874
+ "category": "Memory Safety"
23875
+ },
23876
+ {
23877
+ "id": "CWE-79",
23878
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
23879
+ "category": "Injection"
23880
+ },
23881
+ {
23882
+ "id": "CWE-798",
23883
+ "name": "Use of Hard-coded Credentials",
23884
+ "category": "Credentials"
23885
+ },
23886
+ {
23887
+ "id": "CWE-89",
23888
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
23889
+ "category": "Injection"
23890
+ },
23891
+ {
23892
+ "id": "CWE-918",
23893
+ "name": "Server-Side Request Forgery (SSRF)",
23894
+ "category": "Network"
23895
+ },
23896
+ {
23897
+ "id": "CWE-94",
23898
+ "name": "Improper Control of Generation of Code (Code Injection)",
23899
+ "category": "Injection"
23900
+ }
23901
+ ],
23902
+ "atlas": [
23903
+ {
23904
+ "id": "AML.T0010",
23905
+ "name": "ML Supply Chain Compromise",
23906
+ "tactic": "Initial Access"
23907
+ },
23908
+ {
23909
+ "id": "AML.T0016",
23910
+ "name": "Obtain Capabilities: Develop Capabilities",
23911
+ "tactic": "Resource Development"
23912
+ },
23913
+ {
23914
+ "id": "AML.T0017",
23915
+ "name": "Discover ML Model Ontology",
23916
+ "tactic": "Discovery"
23917
+ },
23918
+ {
23919
+ "id": "AML.T0018",
23920
+ "name": "Backdoor ML Model",
23921
+ "tactic": "Persistence"
23922
+ },
23923
+ {
23924
+ "id": "AML.T0020",
23925
+ "name": "Poison Training Data",
23926
+ "tactic": "ML Attack Staging"
23927
+ },
23928
+ {
23929
+ "id": "AML.T0043",
23930
+ "name": "Craft Adversarial Data",
23931
+ "tactic": "ML Attack Staging"
23932
+ },
23933
+ {
23934
+ "id": "AML.T0051",
23935
+ "name": "LLM Prompt Injection",
23936
+ "tactic": "Execution"
23937
+ },
23938
+ {
23939
+ "id": "AML.T0054",
23940
+ "name": "LLM Jailbreak",
23941
+ "tactic": "Defense Evasion"
23942
+ },
23943
+ {
23944
+ "id": "AML.T0096",
23945
+ "name": "AI API as Covert C2 Channel",
23946
+ "tactic": "Command and Control"
23947
+ }
23948
+ ],
23949
+ "d3fend": [
23950
+ {
23951
+ "id": "D3-ASLR",
23952
+ "name": "Address Space Layout Randomization",
23953
+ "tactic": "Harden"
23954
+ },
23955
+ {
23956
+ "id": "D3-CA",
23957
+ "name": "Certificate Analysis",
23958
+ "tactic": "Detect"
23959
+ },
23960
+ {
23961
+ "id": "D3-CSPP",
23962
+ "name": "Client-server Payload Profiling",
23963
+ "tactic": "Detect"
23964
+ },
23965
+ {
23966
+ "id": "D3-DA",
23967
+ "name": "Domain Analysis",
23968
+ "tactic": "Detect"
23969
+ },
23970
+ {
23971
+ "id": "D3-EAL",
23972
+ "name": "Executable Allowlisting",
23973
+ "tactic": "Harden"
23974
+ },
23975
+ {
23976
+ "id": "D3-IOPR",
23977
+ "name": "Input/Output Profiling Resource",
23978
+ "tactic": "Detect"
23979
+ },
23980
+ {
23981
+ "id": "D3-NI",
23982
+ "name": "Network Isolation",
23983
+ "tactic": "Isolate"
23984
+ },
23985
+ {
23986
+ "id": "D3-NTA",
23987
+ "name": "Network Traffic Analysis",
23988
+ "tactic": "Detect"
23989
+ },
23990
+ {
23991
+ "id": "D3-NTPM",
23992
+ "name": "Network Traffic Policy Mapping",
23993
+ "tactic": "Model"
23994
+ },
23995
+ {
23996
+ "id": "D3-PHRA",
23997
+ "name": "Process Hardware Resource Access",
23998
+ "tactic": "Isolate"
23999
+ },
24000
+ {
24001
+ "id": "D3-PSEP",
24002
+ "name": "Process Segment Execution Prevention",
24003
+ "tactic": "Harden"
24004
+ }
24005
+ ],
24006
+ "framework_gaps": [
24007
+ {
24008
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
24009
+ "framework": "ALL",
24010
+ "control_name": "AI Pipeline Integrity"
24011
+ },
24012
+ {
24013
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
24014
+ "framework": "ALL",
24015
+ "control_name": "Prompt Injection as Access Control Failure"
24016
+ },
24017
+ {
24018
+ "id": "CIS-Controls-v8-Control7",
24019
+ "framework": "CIS Controls v8",
24020
+ "control_name": "Continuous Vulnerability Management"
24021
+ },
24022
+ {
24023
+ "id": "CMMC-2.0-Level-2",
24024
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
24025
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
24026
+ },
24027
+ {
24028
+ "id": "FedRAMP-Rev5-Moderate",
24029
+ "framework": "FedRAMP Rev 5 Moderate",
24030
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
24031
+ },
24032
+ {
24033
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
24034
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
24035
+ "control_name": "Access control standard (technical safeguards)"
24036
+ },
24037
+ {
24038
+ "id": "IEC-62443-3-3",
24039
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
24040
+ "control_name": "System security requirements and security levels"
24041
+ },
24042
+ {
24043
+ "id": "ISO-27001-2022-A.8.16",
24044
+ "framework": "ISO/IEC 27001:2022",
24045
+ "control_name": "Monitoring activities"
24046
+ },
24047
+ {
24048
+ "id": "ISO-27001-2022-A.8.28",
24049
+ "framework": "ISO/IEC 27001:2022",
24050
+ "control_name": "Secure coding"
24051
+ },
24052
+ {
24053
+ "id": "ISO-27001-2022-A.8.8",
24054
+ "framework": "ISO/IEC 27001:2022",
24055
+ "control_name": "Management of technical vulnerabilities"
24056
+ },
24057
+ {
24058
+ "id": "ISO-IEC-23894-2023-clause-7",
24059
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
24060
+ "control_name": "AI risk management process"
24061
+ },
24062
+ {
24063
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
24064
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
24065
+ "control_name": "AI risk assessment"
24066
+ },
24067
+ {
24068
+ "id": "NERC-CIP-007-6-R4",
24069
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
24070
+ "control_name": "Security event monitoring"
24071
+ },
24072
+ {
24073
+ "id": "NIS2-Art21-patch-management",
24074
+ "framework": "EU NIS2 Directive",
24075
+ "control_name": "Vulnerability handling and disclosure"
24076
+ },
24077
+ {
24078
+ "id": "NIST-800-115",
24079
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
24080
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
24081
+ },
24082
+ {
24083
+ "id": "NIST-800-53-AC-2",
24084
+ "framework": "NIST SP 800-53 Rev 5",
24085
+ "control_name": "Account Management"
24086
+ },
24087
+ {
24088
+ "id": "NIST-800-53-SC-28",
24089
+ "framework": "NIST SP 800-53 Rev 5",
24090
+ "control_name": "Protection of Information at Rest"
24091
+ },
24092
+ {
24093
+ "id": "NIST-800-53-SC-7",
24094
+ "framework": "NIST SP 800-53 Rev 5",
24095
+ "control_name": "Boundary Protection"
24096
+ },
24097
+ {
24098
+ "id": "NIST-800-53-SC-8",
24099
+ "framework": "NIST SP 800-53 Rev 5",
24100
+ "control_name": "Transmission Confidentiality and Integrity"
24101
+ },
24102
+ {
24103
+ "id": "NIST-800-53-SI-2",
24104
+ "framework": "NIST SP 800-53 Rev 5",
24105
+ "control_name": "Flaw Remediation"
24106
+ },
24107
+ {
24108
+ "id": "NIST-800-53-SI-3",
24109
+ "framework": "NIST SP 800-53 Rev 5",
24110
+ "control_name": "Malicious Code Protection"
24111
+ },
24112
+ {
24113
+ "id": "NIST-800-82r3",
24114
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
24115
+ "control_name": "Guide to Operational Technology (OT) Security"
24116
+ },
24117
+ {
24118
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
24119
+ "framework": "OWASP Top 10 for LLM Applications 2025",
24120
+ "control_name": "Prompt Injection"
24121
+ },
24122
+ {
24123
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
24124
+ "framework": "OWASP Top 10 for LLM Applications 2025",
24125
+ "control_name": "Sensitive Information Disclosure"
24126
+ },
24127
+ {
24128
+ "id": "OWASP-Pen-Testing-Guide-v5",
24129
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
24130
+ "control_name": "Web application penetration testing methodology"
24131
+ },
24132
+ {
24133
+ "id": "PCI-DSS-4.0-6.3.3",
24134
+ "framework": "PCI DSS 4.0",
24135
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
24136
+ },
24137
+ {
24138
+ "id": "PTES-Pre-engagement",
24139
+ "framework": "Penetration Testing Execution Standard (PTES)",
24140
+ "control_name": "Pre-engagement Interactions"
24141
+ },
24142
+ {
24143
+ "id": "SOC2-CC6-logical-access",
24144
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
24145
+ "control_name": "Logical and Physical Access Controls"
24146
+ },
24147
+ {
24148
+ "id": "SOC2-CC7-anomaly-detection",
24149
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
24150
+ "control_name": "System Operations — Threat and Vulnerability Management"
24151
+ }
24152
+ ],
24153
+ "attack_refs": [
24154
+ "T0855",
24155
+ "T0883",
24156
+ "T1041",
24157
+ "T1059",
24158
+ "T1068",
24159
+ "T1071",
24160
+ "T1078",
24161
+ "T1102",
24162
+ "T1133",
24163
+ "T1190",
24164
+ "T1213",
24165
+ "T1530",
24166
+ "T1548.001",
24167
+ "T1566",
24168
+ "T1567",
24169
+ "T1568"
24170
+ ],
24171
+ "rfc_refs": [
24172
+ "RFC-4301",
24173
+ "RFC-4303",
24174
+ "RFC-7296",
24175
+ "RFC-8446",
24176
+ "RFC-9000",
24177
+ "RFC-9114",
24178
+ "RFC-9180",
24179
+ "RFC-9421",
24180
+ "RFC-9458"
24181
+ ]
24182
+ }
24183
+ },
24184
+ "CVE-2025-23266": {
24185
+ "name": "NVIDIA Container Toolkit Init-Hook Untrusted Search Path Container Escape (NVIDIAScape)",
24186
+ "rwep": 35,
24187
+ "cvss": 9,
24188
+ "cisa_kev": false,
24189
+ "epss_score": null,
24190
+ "referencing_skills": [
24191
+ "kernel-lpe-triage",
24192
+ "ai-attack-surface",
24193
+ "compliance-theater",
24194
+ "ai-c2-detection",
24195
+ "attack-surface-pentest",
24196
+ "dlp-gap-analysis",
24197
+ "ot-ics-security",
24198
+ "sector-energy"
24199
+ ],
24200
+ "chain": {
24201
+ "cwes": [
24202
+ {
24203
+ "id": "CWE-1037",
24204
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
24205
+ "category": "Hardware / Side Channel"
24206
+ },
24207
+ {
24208
+ "id": "CWE-1039",
24209
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
24210
+ "category": "AI/ML"
24211
+ },
24212
+ {
24213
+ "id": "CWE-125",
24214
+ "name": "Out-of-bounds Read",
24215
+ "category": "Memory Safety"
24216
+ },
24217
+ {
24218
+ "id": "CWE-1395",
24219
+ "name": "Dependency on Vulnerable Third-Party Component",
24220
+ "category": "Supply Chain"
24221
+ },
24222
+ {
24223
+ "id": "CWE-1426",
24224
+ "name": "Improper Validation of Generative AI Output",
24225
+ "category": "AI/ML"
24226
+ },
24227
+ {
24228
+ "id": "CWE-200",
24229
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
24230
+ "category": "Information Exposure"
24231
+ },
24232
+ {
24233
+ "id": "CWE-22",
24234
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
24235
+ "category": "Path/Resource"
24236
+ },
24237
+ {
24238
+ "id": "CWE-269",
24239
+ "name": "Improper Privilege Management",
24240
+ "category": "Authorization"
24241
+ },
24242
+ {
24243
+ "id": "CWE-287",
24244
+ "name": "Improper Authentication",
24245
+ "category": "Authentication"
24246
+ },
24247
+ {
24248
+ "id": "CWE-306",
24249
+ "name": "Missing Authentication for Critical Function",
24250
+ "category": "Authentication"
24251
+ },
24252
+ {
24253
+ "id": "CWE-352",
24254
+ "name": "Cross-Site Request Forgery (CSRF)",
24255
+ "category": "Session"
24256
+ },
24257
+ {
24258
+ "id": "CWE-362",
24259
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
24260
+ "category": "Concurrency"
24261
+ },
24262
+ {
24263
+ "id": "CWE-416",
24264
+ "name": "Use After Free",
24265
+ "category": "Memory Safety"
24266
+ },
24267
+ {
24268
+ "id": "CWE-434",
24269
+ "name": "Unrestricted Upload of File with Dangerous Type",
24270
+ "category": "File Handling"
24271
+ },
24272
+ {
24273
+ "id": "CWE-672",
24274
+ "name": "Operation on a Resource after Expiration or Release",
24275
+ "category": "Memory Safety"
24276
+ },
24277
+ {
24278
+ "id": "CWE-732",
24279
+ "name": "Incorrect Permission Assignment for Critical Resource",
24280
+ "category": "Authorization"
24281
+ },
24282
+ {
24283
+ "id": "CWE-78",
24284
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
24285
+ "category": "Injection"
24286
+ },
24287
+ {
24288
+ "id": "CWE-787",
24289
+ "name": "Out-of-bounds Write",
24290
+ "category": "Memory Safety"
24291
+ },
24292
+ {
24293
+ "id": "CWE-79",
24294
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
24295
+ "category": "Injection"
24296
+ },
24297
+ {
24298
+ "id": "CWE-798",
24299
+ "name": "Use of Hard-coded Credentials",
24300
+ "category": "Credentials"
24301
+ },
24302
+ {
24303
+ "id": "CWE-89",
24304
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
24305
+ "category": "Injection"
24306
+ },
24307
+ {
24308
+ "id": "CWE-918",
24309
+ "name": "Server-Side Request Forgery (SSRF)",
24310
+ "category": "Network"
24311
+ },
24312
+ {
24313
+ "id": "CWE-94",
24314
+ "name": "Improper Control of Generation of Code (Code Injection)",
24315
+ "category": "Injection"
24316
+ }
24317
+ ],
24318
+ "atlas": [
24319
+ {
24320
+ "id": "AML.T0010",
24321
+ "name": "ML Supply Chain Compromise",
24322
+ "tactic": "Initial Access"
24323
+ },
24324
+ {
24325
+ "id": "AML.T0016",
24326
+ "name": "Obtain Capabilities: Develop Capabilities",
24327
+ "tactic": "Resource Development"
24328
+ },
24329
+ {
24330
+ "id": "AML.T0017",
24331
+ "name": "Discover ML Model Ontology",
24332
+ "tactic": "Discovery"
24333
+ },
24334
+ {
24335
+ "id": "AML.T0018",
24336
+ "name": "Backdoor ML Model",
24337
+ "tactic": "Persistence"
24338
+ },
24339
+ {
24340
+ "id": "AML.T0020",
24341
+ "name": "Poison Training Data",
24342
+ "tactic": "ML Attack Staging"
24343
+ },
24344
+ {
24345
+ "id": "AML.T0043",
24346
+ "name": "Craft Adversarial Data",
24347
+ "tactic": "ML Attack Staging"
24348
+ },
24349
+ {
24350
+ "id": "AML.T0051",
24351
+ "name": "LLM Prompt Injection",
24352
+ "tactic": "Execution"
24353
+ },
24354
+ {
24355
+ "id": "AML.T0054",
24356
+ "name": "LLM Jailbreak",
24357
+ "tactic": "Defense Evasion"
24358
+ },
24359
+ {
24360
+ "id": "AML.T0096",
24361
+ "name": "AI API as Covert C2 Channel",
24362
+ "tactic": "Command and Control"
24363
+ }
24364
+ ],
24365
+ "d3fend": [
24366
+ {
24367
+ "id": "D3-ASLR",
24368
+ "name": "Address Space Layout Randomization",
24369
+ "tactic": "Harden"
24370
+ },
24371
+ {
24372
+ "id": "D3-CA",
24373
+ "name": "Certificate Analysis",
24374
+ "tactic": "Detect"
24375
+ },
24376
+ {
24377
+ "id": "D3-CSPP",
24378
+ "name": "Client-server Payload Profiling",
24379
+ "tactic": "Detect"
24380
+ },
24381
+ {
24382
+ "id": "D3-DA",
24383
+ "name": "Domain Analysis",
24384
+ "tactic": "Detect"
24385
+ },
24386
+ {
24387
+ "id": "D3-EAL",
24388
+ "name": "Executable Allowlisting",
24389
+ "tactic": "Harden"
24390
+ },
24391
+ {
24392
+ "id": "D3-IOPR",
24393
+ "name": "Input/Output Profiling Resource",
24394
+ "tactic": "Detect"
24395
+ },
24396
+ {
24397
+ "id": "D3-NI",
24398
+ "name": "Network Isolation",
24399
+ "tactic": "Isolate"
24400
+ },
24401
+ {
24402
+ "id": "D3-NTA",
24403
+ "name": "Network Traffic Analysis",
24404
+ "tactic": "Detect"
24405
+ },
24406
+ {
24407
+ "id": "D3-NTPM",
24408
+ "name": "Network Traffic Policy Mapping",
24409
+ "tactic": "Model"
24410
+ },
24411
+ {
24412
+ "id": "D3-PHRA",
24413
+ "name": "Process Hardware Resource Access",
24414
+ "tactic": "Isolate"
24415
+ },
24416
+ {
24417
+ "id": "D3-PSEP",
24418
+ "name": "Process Segment Execution Prevention",
24419
+ "tactic": "Harden"
24420
+ }
24421
+ ],
24422
+ "framework_gaps": [
24423
+ {
24424
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
24425
+ "framework": "ALL",
24426
+ "control_name": "AI Pipeline Integrity"
24427
+ },
24428
+ {
24429
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
24430
+ "framework": "ALL",
24431
+ "control_name": "Prompt Injection as Access Control Failure"
24432
+ },
24433
+ {
24434
+ "id": "CIS-Controls-v8-Control7",
24435
+ "framework": "CIS Controls v8",
24436
+ "control_name": "Continuous Vulnerability Management"
24437
+ },
24438
+ {
24439
+ "id": "CMMC-2.0-Level-2",
24440
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
24441
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
24442
+ },
24443
+ {
24444
+ "id": "FedRAMP-Rev5-Moderate",
24445
+ "framework": "FedRAMP Rev 5 Moderate",
24446
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
24447
+ },
24448
+ {
24449
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
24450
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
24451
+ "control_name": "Access control standard (technical safeguards)"
24452
+ },
24453
+ {
24454
+ "id": "IEC-62443-3-3",
24455
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
24456
+ "control_name": "System security requirements and security levels"
24457
+ },
24458
+ {
24459
+ "id": "ISO-27001-2022-A.8.16",
24460
+ "framework": "ISO/IEC 27001:2022",
24461
+ "control_name": "Monitoring activities"
24462
+ },
24463
+ {
24464
+ "id": "ISO-27001-2022-A.8.28",
24465
+ "framework": "ISO/IEC 27001:2022",
24466
+ "control_name": "Secure coding"
24467
+ },
24468
+ {
24469
+ "id": "ISO-27001-2022-A.8.8",
24470
+ "framework": "ISO/IEC 27001:2022",
24471
+ "control_name": "Management of technical vulnerabilities"
24472
+ },
24473
+ {
24474
+ "id": "ISO-IEC-23894-2023-clause-7",
24475
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
24476
+ "control_name": "AI risk management process"
24477
+ },
24478
+ {
24479
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
24480
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
24481
+ "control_name": "AI risk assessment"
24482
+ },
24483
+ {
24484
+ "id": "NERC-CIP-007-6-R4",
24485
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
24486
+ "control_name": "Security event monitoring"
24487
+ },
24488
+ {
24489
+ "id": "NIS2-Art21-patch-management",
24490
+ "framework": "EU NIS2 Directive",
24491
+ "control_name": "Vulnerability handling and disclosure"
24492
+ },
24493
+ {
24494
+ "id": "NIST-800-115",
24495
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
24496
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
24497
+ },
24498
+ {
24499
+ "id": "NIST-800-53-AC-2",
24500
+ "framework": "NIST SP 800-53 Rev 5",
24501
+ "control_name": "Account Management"
24502
+ },
24503
+ {
24504
+ "id": "NIST-800-53-SC-28",
24505
+ "framework": "NIST SP 800-53 Rev 5",
24506
+ "control_name": "Protection of Information at Rest"
24507
+ },
24508
+ {
24509
+ "id": "NIST-800-53-SC-7",
24510
+ "framework": "NIST SP 800-53 Rev 5",
24511
+ "control_name": "Boundary Protection"
24512
+ },
24513
+ {
24514
+ "id": "NIST-800-53-SC-8",
24515
+ "framework": "NIST SP 800-53 Rev 5",
24516
+ "control_name": "Transmission Confidentiality and Integrity"
24517
+ },
24518
+ {
24519
+ "id": "NIST-800-53-SI-2",
24520
+ "framework": "NIST SP 800-53 Rev 5",
24521
+ "control_name": "Flaw Remediation"
24522
+ },
24523
+ {
24524
+ "id": "NIST-800-53-SI-3",
24525
+ "framework": "NIST SP 800-53 Rev 5",
24526
+ "control_name": "Malicious Code Protection"
24527
+ },
24528
+ {
24529
+ "id": "NIST-800-82r3",
24530
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
24531
+ "control_name": "Guide to Operational Technology (OT) Security"
24532
+ },
24533
+ {
24534
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
24535
+ "framework": "OWASP Top 10 for LLM Applications 2025",
24536
+ "control_name": "Prompt Injection"
24537
+ },
24538
+ {
24539
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
24540
+ "framework": "OWASP Top 10 for LLM Applications 2025",
24541
+ "control_name": "Sensitive Information Disclosure"
24542
+ },
24543
+ {
24544
+ "id": "OWASP-Pen-Testing-Guide-v5",
24545
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
24546
+ "control_name": "Web application penetration testing methodology"
24547
+ },
24548
+ {
24549
+ "id": "PCI-DSS-4.0-6.3.3",
24550
+ "framework": "PCI DSS 4.0",
24551
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
24552
+ },
24553
+ {
24554
+ "id": "PTES-Pre-engagement",
24555
+ "framework": "Penetration Testing Execution Standard (PTES)",
24556
+ "control_name": "Pre-engagement Interactions"
24557
+ },
24558
+ {
24559
+ "id": "SOC2-CC6-logical-access",
24560
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
24561
+ "control_name": "Logical and Physical Access Controls"
24562
+ },
24563
+ {
24564
+ "id": "SOC2-CC7-anomaly-detection",
24565
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
24566
+ "control_name": "System Operations — Threat and Vulnerability Management"
24567
+ }
24568
+ ],
24569
+ "attack_refs": [
24570
+ "T0855",
24571
+ "T0883",
24572
+ "T1041",
24573
+ "T1059",
24574
+ "T1068",
24575
+ "T1071",
24576
+ "T1078",
24577
+ "T1102",
24578
+ "T1133",
24579
+ "T1190",
24580
+ "T1213",
24581
+ "T1530",
24582
+ "T1548.001",
24583
+ "T1566",
24584
+ "T1567",
24585
+ "T1568"
24586
+ ],
24587
+ "rfc_refs": [
24588
+ "RFC-4301",
24589
+ "RFC-4303",
24590
+ "RFC-7296",
24591
+ "RFC-8446",
24592
+ "RFC-9000",
24593
+ "RFC-9114",
24594
+ "RFC-9180",
24595
+ "RFC-9421",
24596
+ "RFC-9458"
24597
+ ]
24598
+ }
24599
+ },
23768
24600
  "CVE-2026-41091": {
23769
24601
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
23770
24602
  "rwep": 45,
@@ -50142,6 +50974,7 @@
50142
50974
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
50143
50975
  "CVE-2023-43472",
50144
50976
  "CVE-2023-48022",
50977
+ "CVE-2024-0132",
50145
50978
  "CVE-2024-3094",
50146
50979
  "CVE-2024-3154",
50147
50980
  "CVE-2024-50050",
@@ -50150,6 +50983,7 @@
50150
50983
  "CVE-2025-1094",
50151
50984
  "CVE-2025-14174",
50152
50985
  "CVE-2025-23254",
50986
+ "CVE-2025-23266",
50153
50987
  "CVE-2025-30165",
50154
50988
  "CVE-2025-34291",
50155
50989
  "CVE-2025-38352",
@@ -50511,12 +51345,14 @@
50511
51345
  "related_cves": [
50512
51346
  "CVE-2023-43472",
50513
51347
  "CVE-2023-48022",
51348
+ "CVE-2024-0132",
50514
51349
  "CVE-2024-50050",
50515
51350
  "CVE-2025-0133",
50516
51351
  "CVE-2025-10585",
50517
51352
  "CVE-2025-1094",
50518
51353
  "CVE-2025-14174",
50519
51354
  "CVE-2025-23254",
51355
+ "CVE-2025-23266",
50520
51356
  "CVE-2025-30165",
50521
51357
  "CVE-2025-34291",
50522
51358
  "CVE-2025-38352",
@@ -50671,12 +51507,14 @@
50671
51507
  "related_cves": [
50672
51508
  "CVE-2023-43472",
50673
51509
  "CVE-2023-48022",
51510
+ "CVE-2024-0132",
50674
51511
  "CVE-2024-50050",
50675
51512
  "CVE-2025-0133",
50676
51513
  "CVE-2025-10585",
50677
51514
  "CVE-2025-1094",
50678
51515
  "CVE-2025-14174",
50679
51516
  "CVE-2025-23254",
51517
+ "CVE-2025-23266",
50680
51518
  "CVE-2025-30165",
50681
51519
  "CVE-2025-34291",
50682
51520
  "CVE-2025-38352",
@@ -50845,12 +51683,14 @@
50845
51683
  "related_cves": [
50846
51684
  "CVE-2023-43472",
50847
51685
  "CVE-2023-48022",
51686
+ "CVE-2024-0132",
50848
51687
  "CVE-2024-50050",
50849
51688
  "CVE-2025-0133",
50850
51689
  "CVE-2025-10585",
50851
51690
  "CVE-2025-1094",
50852
51691
  "CVE-2025-14174",
50853
51692
  "CVE-2025-23254",
51693
+ "CVE-2025-23266",
50854
51694
  "CVE-2025-30165",
50855
51695
  "CVE-2025-34291",
50856
51696
  "CVE-2025-38352",
@@ -51123,6 +51963,7 @@
51123
51963
  "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
51124
51964
  "CVE-2023-43472",
51125
51965
  "CVE-2023-48022",
51966
+ "CVE-2024-0132",
51126
51967
  "CVE-2024-3094",
51127
51968
  "CVE-2024-3154",
51128
51969
  "CVE-2024-50050",
@@ -51130,6 +51971,7 @@
51130
51971
  "CVE-2025-1094",
51131
51972
  "CVE-2025-11837",
51132
51973
  "CVE-2025-23254",
51974
+ "CVE-2025-23266",
51133
51975
  "CVE-2025-30165",
51134
51976
  "CVE-2025-34291",
51135
51977
  "CVE-2025-49596",
@@ -51357,6 +52199,7 @@
51357
52199
  "CVE-2023-48022",
51358
52200
  "CVE-2023-50224",
51359
52201
  "CVE-2023-52163",
52202
+ "CVE-2024-0132",
51360
52203
  "CVE-2024-0769",
51361
52204
  "CVE-2024-11182",
51362
52205
  "CVE-2024-12987",
@@ -51399,6 +52242,7 @@
51399
52242
  "CVE-2025-21479",
51400
52243
  "CVE-2025-21480",
51401
52244
  "CVE-2025-23254",
52245
+ "CVE-2025-23266",
51402
52246
  "CVE-2025-24016",
51403
52247
  "CVE-2025-24201",
51404
52248
  "CVE-2025-24893",
@@ -51811,6 +52655,7 @@
51811
52655
  "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
51812
52656
  "CVE-2023-43472",
51813
52657
  "CVE-2023-48022",
52658
+ "CVE-2024-0132",
51814
52659
  "CVE-2024-3094",
51815
52660
  "CVE-2024-3154",
51816
52661
  "CVE-2024-40635",
@@ -51818,6 +52663,7 @@
51818
52663
  "CVE-2025-1094",
51819
52664
  "CVE-2025-14847",
51820
52665
  "CVE-2025-22226",
52666
+ "CVE-2025-23266",
51821
52667
  "CVE-2025-49844",
51822
52668
  "CVE-2025-53767",
51823
52669
  "CVE-2025-53773",
@@ -52168,6 +53014,7 @@
52168
53014
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
52169
53015
  "CVE-2023-43472",
52170
53016
  "CVE-2023-48022",
53017
+ "CVE-2024-0132",
52171
53018
  "CVE-2024-3094",
52172
53019
  "CVE-2024-3154",
52173
53020
  "CVE-2024-50050",
@@ -52176,6 +53023,7 @@
52176
53023
  "CVE-2025-1094",
52177
53024
  "CVE-2025-14174",
52178
53025
  "CVE-2025-23254",
53026
+ "CVE-2025-23266",
52179
53027
  "CVE-2025-30165",
52180
53028
  "CVE-2025-34291",
52181
53029
  "CVE-2025-38352",
@@ -52767,6 +53615,7 @@
52767
53615
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
52768
53616
  "CVE-2023-43472",
52769
53617
  "CVE-2023-48022",
53618
+ "CVE-2024-0132",
52770
53619
  "CVE-2024-3094",
52771
53620
  "CVE-2024-3154",
52772
53621
  "CVE-2024-50050",
@@ -52775,6 +53624,7 @@
52775
53624
  "CVE-2025-1094",
52776
53625
  "CVE-2025-14174",
52777
53626
  "CVE-2025-23254",
53627
+ "CVE-2025-23266",
52778
53628
  "CVE-2025-30165",
52779
53629
  "CVE-2025-34291",
52780
53630
  "CVE-2025-38352",
@@ -53004,12 +53854,14 @@
53004
53854
  },
53005
53855
  "related_cves": [
53006
53856
  "CVE-2023-48022",
53857
+ "CVE-2024-0132",
53007
53858
  "CVE-2024-3094",
53008
53859
  "CVE-2024-50050",
53009
53860
  "CVE-2025-10585",
53010
53861
  "CVE-2025-1094",
53011
53862
  "CVE-2025-14174",
53012
53863
  "CVE-2025-23254",
53864
+ "CVE-2025-23266",
53013
53865
  "CVE-2025-30165",
53014
53866
  "CVE-2025-34291",
53015
53867
  "CVE-2025-38352",
@@ -53667,6 +54519,7 @@
53667
54519
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
53668
54520
  "CVE-2023-43472",
53669
54521
  "CVE-2023-48022",
54522
+ "CVE-2024-0132",
53670
54523
  "CVE-2024-3094",
53671
54524
  "CVE-2024-3154",
53672
54525
  "CVE-2024-50050",
@@ -53675,6 +54528,7 @@
53675
54528
  "CVE-2025-1094",
53676
54529
  "CVE-2025-14174",
53677
54530
  "CVE-2025-23254",
54531
+ "CVE-2025-23266",
53678
54532
  "CVE-2025-30165",
53679
54533
  "CVE-2025-34291",
53680
54534
  "CVE-2025-38352",
@@ -53908,6 +54762,7 @@
53908
54762
  "CVE-2023-48022",
53909
54763
  "CVE-2023-50224",
53910
54764
  "CVE-2023-52163",
54765
+ "CVE-2024-0132",
53911
54766
  "CVE-2024-0769",
53912
54767
  "CVE-2024-11182",
53913
54768
  "CVE-2024-12987",
@@ -53950,6 +54805,7 @@
53950
54805
  "CVE-2025-21479",
53951
54806
  "CVE-2025-21480",
53952
54807
  "CVE-2025-23254",
54808
+ "CVE-2025-23266",
53953
54809
  "CVE-2025-24016",
53954
54810
  "CVE-2025-24201",
53955
54811
  "CVE-2025-24893",
@@ -54328,6 +55184,7 @@
54328
55184
  "CVE-2023-48022",
54329
55185
  "CVE-2023-50224",
54330
55186
  "CVE-2023-52163",
55187
+ "CVE-2024-0132",
54331
55188
  "CVE-2024-0769",
54332
55189
  "CVE-2024-11182",
54333
55190
  "CVE-2024-12987",
@@ -54370,6 +55227,7 @@
54370
55227
  "CVE-2025-21479",
54371
55228
  "CVE-2025-21480",
54372
55229
  "CVE-2025-23254",
55230
+ "CVE-2025-23266",
54373
55231
  "CVE-2025-24016",
54374
55232
  "CVE-2025-24201",
54375
55233
  "CVE-2025-24893",
@@ -54779,6 +55637,7 @@
54779
55637
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
54780
55638
  "CVE-2023-43472",
54781
55639
  "CVE-2023-48022",
55640
+ "CVE-2024-0132",
54782
55641
  "CVE-2024-3094",
54783
55642
  "CVE-2024-3154",
54784
55643
  "CVE-2024-50050",
@@ -54787,6 +55646,7 @@
54787
55646
  "CVE-2025-1094",
54788
55647
  "CVE-2025-14174",
54789
55648
  "CVE-2025-23254",
55649
+ "CVE-2025-23266",
54790
55650
  "CVE-2025-30165",
54791
55651
  "CVE-2025-34291",
54792
55652
  "CVE-2025-38352",
@@ -55572,6 +56432,7 @@
55572
56432
  "CVE-2023-48022",
55573
56433
  "CVE-2023-50224",
55574
56434
  "CVE-2023-52163",
56435
+ "CVE-2024-0132",
55575
56436
  "CVE-2024-0769",
55576
56437
  "CVE-2024-11182",
55577
56438
  "CVE-2024-12987",
@@ -55614,6 +56475,7 @@
55614
56475
  "CVE-2025-21479",
55615
56476
  "CVE-2025-21480",
55616
56477
  "CVE-2025-23254",
56478
+ "CVE-2025-23266",
55617
56479
  "CVE-2025-24016",
55618
56480
  "CVE-2025-24201",
55619
56481
  "CVE-2025-24893",
@@ -56087,6 +56949,7 @@
56087
56949
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
56088
56950
  "CVE-2023-43472",
56089
56951
  "CVE-2023-48022",
56952
+ "CVE-2024-0132",
56090
56953
  "CVE-2024-3094",
56091
56954
  "CVE-2024-3154",
56092
56955
  "CVE-2024-50050",
@@ -56095,6 +56958,7 @@
56095
56958
  "CVE-2025-1094",
56096
56959
  "CVE-2025-14174",
56097
56960
  "CVE-2025-23254",
56961
+ "CVE-2025-23266",
56098
56962
  "CVE-2025-30165",
56099
56963
  "CVE-2025-34291",
56100
56964
  "CVE-2025-38352",
@@ -56406,6 +57270,7 @@
56406
57270
  "CVE-2023-48022",
56407
57271
  "CVE-2023-50224",
56408
57272
  "CVE-2023-52163",
57273
+ "CVE-2024-0132",
56409
57274
  "CVE-2024-0769",
56410
57275
  "CVE-2024-11182",
56411
57276
  "CVE-2024-12987",
@@ -56451,6 +57316,7 @@
56451
57316
  "CVE-2025-21479",
56452
57317
  "CVE-2025-21480",
56453
57318
  "CVE-2025-23254",
57319
+ "CVE-2025-23266",
56454
57320
  "CVE-2025-24016",
56455
57321
  "CVE-2025-24201",
56456
57322
  "CVE-2025-24893",
@@ -56940,6 +57806,7 @@
56940
57806
  "related_cves": [
56941
57807
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
56942
57808
  "CVE-2023-48022",
57809
+ "CVE-2024-0132",
56943
57810
  "CVE-2024-3094",
56944
57811
  "CVE-2024-3154",
56945
57812
  "CVE-2024-50050",
@@ -56947,6 +57814,7 @@
56947
57814
  "CVE-2025-1094",
56948
57815
  "CVE-2025-14174",
56949
57816
  "CVE-2025-23254",
57817
+ "CVE-2025-23266",
56950
57818
  "CVE-2025-30165",
56951
57819
  "CVE-2025-34291",
56952
57820
  "CVE-2025-38352",
@@ -57874,6 +58742,7 @@
57874
58742
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
57875
58743
  "CVE-2023-43472",
57876
58744
  "CVE-2023-48022",
58745
+ "CVE-2024-0132",
57877
58746
  "CVE-2024-3094",
57878
58747
  "CVE-2024-3154",
57879
58748
  "CVE-2024-50050",
@@ -57882,6 +58751,7 @@
57882
58751
  "CVE-2025-1094",
57883
58752
  "CVE-2025-14174",
57884
58753
  "CVE-2025-23254",
58754
+ "CVE-2025-23266",
57885
58755
  "CVE-2025-30165",
57886
58756
  "CVE-2025-34291",
57887
58757
  "CVE-2025-38352",
@@ -57972,11 +58842,13 @@
57972
58842
  },
57973
58843
  "related_cves": [
57974
58844
  "CVE-2023-48022",
58845
+ "CVE-2024-0132",
57975
58846
  "CVE-2024-50050",
57976
58847
  "CVE-2025-10585",
57977
58848
  "CVE-2025-1094",
57978
58849
  "CVE-2025-14174",
57979
58850
  "CVE-2025-23254",
58851
+ "CVE-2025-23266",
57980
58852
  "CVE-2025-30165",
57981
58853
  "CVE-2025-34291",
57982
58854
  "CVE-2025-38352",
@@ -58140,11 +59012,13 @@
58140
59012
  "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
58141
59013
  "CVE-2023-43472",
58142
59014
  "CVE-2023-48022",
59015
+ "CVE-2024-0132",
58143
59016
  "CVE-2024-50050",
58144
59017
  "CVE-2025-0133",
58145
59018
  "CVE-2025-1094",
58146
59019
  "CVE-2025-11837",
58147
59020
  "CVE-2025-23254",
59021
+ "CVE-2025-23266",
58148
59022
  "CVE-2025-30165",
58149
59023
  "CVE-2025-34291",
58150
59024
  "CVE-2025-49596",
@@ -59000,6 +59874,7 @@
59000
59874
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
59001
59875
  "CVE-2023-43472",
59002
59876
  "CVE-2023-48022",
59877
+ "CVE-2024-0132",
59003
59878
  "CVE-2024-3094",
59004
59879
  "CVE-2024-3154",
59005
59880
  "CVE-2024-50050",
@@ -59008,6 +59883,7 @@
59008
59883
  "CVE-2025-1094",
59009
59884
  "CVE-2025-14174",
59010
59885
  "CVE-2025-23254",
59886
+ "CVE-2025-23266",
59011
59887
  "CVE-2025-30165",
59012
59888
  "CVE-2025-34291",
59013
59889
  "CVE-2025-38352",
@@ -59291,6 +60167,7 @@
59291
60167
  "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
59292
60168
  "CVE-2023-43472",
59293
60169
  "CVE-2023-48022",
60170
+ "CVE-2024-0132",
59294
60171
  "CVE-2024-3094",
59295
60172
  "CVE-2024-40635",
59296
60173
  "CVE-2024-50050",
@@ -59300,6 +60177,7 @@
59300
60177
  "CVE-2025-14847",
59301
60178
  "CVE-2025-22226",
59302
60179
  "CVE-2025-23254",
60180
+ "CVE-2025-23266",
59303
60181
  "CVE-2025-30165",
59304
60182
  "CVE-2025-34291",
59305
60183
  "CVE-2025-49596",