@blamejs/exceptd-skills 0.13.81 → 0.13.83
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +1648 -0
- package/data/atlas-ttps.json +9 -1
- package/data/attack-techniques.json +15 -1
- package/data/cve-catalog.json +418 -0
- package/data/cwe-catalog.json +6 -2
- package/data/framework-control-gaps.json +33 -1
- package/data/zeroday-lessons.json +200 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
|
@@ -23765,6 +23765,1562 @@
|
|
|
23765
23765
|
]
|
|
23766
23766
|
}
|
|
23767
23767
|
},
|
|
23768
|
+
"CVE-2024-0132": {
|
|
23769
|
+
"name": "NVIDIA Container Toolkit TOCTOU Container Escape",
|
|
23770
|
+
"rwep": 35,
|
|
23771
|
+
"cvss": 8.3,
|
|
23772
|
+
"cisa_kev": false,
|
|
23773
|
+
"epss_score": null,
|
|
23774
|
+
"referencing_skills": [
|
|
23775
|
+
"kernel-lpe-triage",
|
|
23776
|
+
"ai-attack-surface",
|
|
23777
|
+
"compliance-theater",
|
|
23778
|
+
"ai-c2-detection",
|
|
23779
|
+
"attack-surface-pentest",
|
|
23780
|
+
"dlp-gap-analysis",
|
|
23781
|
+
"ot-ics-security",
|
|
23782
|
+
"sector-energy"
|
|
23783
|
+
],
|
|
23784
|
+
"chain": {
|
|
23785
|
+
"cwes": [
|
|
23786
|
+
{
|
|
23787
|
+
"id": "CWE-1037",
|
|
23788
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
23789
|
+
"category": "Hardware / Side Channel"
|
|
23790
|
+
},
|
|
23791
|
+
{
|
|
23792
|
+
"id": "CWE-1039",
|
|
23793
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
23794
|
+
"category": "AI/ML"
|
|
23795
|
+
},
|
|
23796
|
+
{
|
|
23797
|
+
"id": "CWE-125",
|
|
23798
|
+
"name": "Out-of-bounds Read",
|
|
23799
|
+
"category": "Memory Safety"
|
|
23800
|
+
},
|
|
23801
|
+
{
|
|
23802
|
+
"id": "CWE-1395",
|
|
23803
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
23804
|
+
"category": "Supply Chain"
|
|
23805
|
+
},
|
|
23806
|
+
{
|
|
23807
|
+
"id": "CWE-1426",
|
|
23808
|
+
"name": "Improper Validation of Generative AI Output",
|
|
23809
|
+
"category": "AI/ML"
|
|
23810
|
+
},
|
|
23811
|
+
{
|
|
23812
|
+
"id": "CWE-200",
|
|
23813
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
23814
|
+
"category": "Information Exposure"
|
|
23815
|
+
},
|
|
23816
|
+
{
|
|
23817
|
+
"id": "CWE-22",
|
|
23818
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
23819
|
+
"category": "Path/Resource"
|
|
23820
|
+
},
|
|
23821
|
+
{
|
|
23822
|
+
"id": "CWE-269",
|
|
23823
|
+
"name": "Improper Privilege Management",
|
|
23824
|
+
"category": "Authorization"
|
|
23825
|
+
},
|
|
23826
|
+
{
|
|
23827
|
+
"id": "CWE-287",
|
|
23828
|
+
"name": "Improper Authentication",
|
|
23829
|
+
"category": "Authentication"
|
|
23830
|
+
},
|
|
23831
|
+
{
|
|
23832
|
+
"id": "CWE-306",
|
|
23833
|
+
"name": "Missing Authentication for Critical Function",
|
|
23834
|
+
"category": "Authentication"
|
|
23835
|
+
},
|
|
23836
|
+
{
|
|
23837
|
+
"id": "CWE-352",
|
|
23838
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
23839
|
+
"category": "Session"
|
|
23840
|
+
},
|
|
23841
|
+
{
|
|
23842
|
+
"id": "CWE-362",
|
|
23843
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
23844
|
+
"category": "Concurrency"
|
|
23845
|
+
},
|
|
23846
|
+
{
|
|
23847
|
+
"id": "CWE-416",
|
|
23848
|
+
"name": "Use After Free",
|
|
23849
|
+
"category": "Memory Safety"
|
|
23850
|
+
},
|
|
23851
|
+
{
|
|
23852
|
+
"id": "CWE-434",
|
|
23853
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
23854
|
+
"category": "File Handling"
|
|
23855
|
+
},
|
|
23856
|
+
{
|
|
23857
|
+
"id": "CWE-672",
|
|
23858
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
23859
|
+
"category": "Memory Safety"
|
|
23860
|
+
},
|
|
23861
|
+
{
|
|
23862
|
+
"id": "CWE-732",
|
|
23863
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
23864
|
+
"category": "Authorization"
|
|
23865
|
+
},
|
|
23866
|
+
{
|
|
23867
|
+
"id": "CWE-78",
|
|
23868
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
23869
|
+
"category": "Injection"
|
|
23870
|
+
},
|
|
23871
|
+
{
|
|
23872
|
+
"id": "CWE-787",
|
|
23873
|
+
"name": "Out-of-bounds Write",
|
|
23874
|
+
"category": "Memory Safety"
|
|
23875
|
+
},
|
|
23876
|
+
{
|
|
23877
|
+
"id": "CWE-79",
|
|
23878
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
23879
|
+
"category": "Injection"
|
|
23880
|
+
},
|
|
23881
|
+
{
|
|
23882
|
+
"id": "CWE-798",
|
|
23883
|
+
"name": "Use of Hard-coded Credentials",
|
|
23884
|
+
"category": "Credentials"
|
|
23885
|
+
},
|
|
23886
|
+
{
|
|
23887
|
+
"id": "CWE-89",
|
|
23888
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
23889
|
+
"category": "Injection"
|
|
23890
|
+
},
|
|
23891
|
+
{
|
|
23892
|
+
"id": "CWE-918",
|
|
23893
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
23894
|
+
"category": "Network"
|
|
23895
|
+
},
|
|
23896
|
+
{
|
|
23897
|
+
"id": "CWE-94",
|
|
23898
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
23899
|
+
"category": "Injection"
|
|
23900
|
+
}
|
|
23901
|
+
],
|
|
23902
|
+
"atlas": [
|
|
23903
|
+
{
|
|
23904
|
+
"id": "AML.T0010",
|
|
23905
|
+
"name": "ML Supply Chain Compromise",
|
|
23906
|
+
"tactic": "Initial Access"
|
|
23907
|
+
},
|
|
23908
|
+
{
|
|
23909
|
+
"id": "AML.T0016",
|
|
23910
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
23911
|
+
"tactic": "Resource Development"
|
|
23912
|
+
},
|
|
23913
|
+
{
|
|
23914
|
+
"id": "AML.T0017",
|
|
23915
|
+
"name": "Discover ML Model Ontology",
|
|
23916
|
+
"tactic": "Discovery"
|
|
23917
|
+
},
|
|
23918
|
+
{
|
|
23919
|
+
"id": "AML.T0018",
|
|
23920
|
+
"name": "Backdoor ML Model",
|
|
23921
|
+
"tactic": "Persistence"
|
|
23922
|
+
},
|
|
23923
|
+
{
|
|
23924
|
+
"id": "AML.T0020",
|
|
23925
|
+
"name": "Poison Training Data",
|
|
23926
|
+
"tactic": "ML Attack Staging"
|
|
23927
|
+
},
|
|
23928
|
+
{
|
|
23929
|
+
"id": "AML.T0043",
|
|
23930
|
+
"name": "Craft Adversarial Data",
|
|
23931
|
+
"tactic": "ML Attack Staging"
|
|
23932
|
+
},
|
|
23933
|
+
{
|
|
23934
|
+
"id": "AML.T0051",
|
|
23935
|
+
"name": "LLM Prompt Injection",
|
|
23936
|
+
"tactic": "Execution"
|
|
23937
|
+
},
|
|
23938
|
+
{
|
|
23939
|
+
"id": "AML.T0054",
|
|
23940
|
+
"name": "LLM Jailbreak",
|
|
23941
|
+
"tactic": "Defense Evasion"
|
|
23942
|
+
},
|
|
23943
|
+
{
|
|
23944
|
+
"id": "AML.T0096",
|
|
23945
|
+
"name": "AI API as Covert C2 Channel",
|
|
23946
|
+
"tactic": "Command and Control"
|
|
23947
|
+
}
|
|
23948
|
+
],
|
|
23949
|
+
"d3fend": [
|
|
23950
|
+
{
|
|
23951
|
+
"id": "D3-ASLR",
|
|
23952
|
+
"name": "Address Space Layout Randomization",
|
|
23953
|
+
"tactic": "Harden"
|
|
23954
|
+
},
|
|
23955
|
+
{
|
|
23956
|
+
"id": "D3-CA",
|
|
23957
|
+
"name": "Certificate Analysis",
|
|
23958
|
+
"tactic": "Detect"
|
|
23959
|
+
},
|
|
23960
|
+
{
|
|
23961
|
+
"id": "D3-CSPP",
|
|
23962
|
+
"name": "Client-server Payload Profiling",
|
|
23963
|
+
"tactic": "Detect"
|
|
23964
|
+
},
|
|
23965
|
+
{
|
|
23966
|
+
"id": "D3-DA",
|
|
23967
|
+
"name": "Domain Analysis",
|
|
23968
|
+
"tactic": "Detect"
|
|
23969
|
+
},
|
|
23970
|
+
{
|
|
23971
|
+
"id": "D3-EAL",
|
|
23972
|
+
"name": "Executable Allowlisting",
|
|
23973
|
+
"tactic": "Harden"
|
|
23974
|
+
},
|
|
23975
|
+
{
|
|
23976
|
+
"id": "D3-IOPR",
|
|
23977
|
+
"name": "Input/Output Profiling Resource",
|
|
23978
|
+
"tactic": "Detect"
|
|
23979
|
+
},
|
|
23980
|
+
{
|
|
23981
|
+
"id": "D3-NI",
|
|
23982
|
+
"name": "Network Isolation",
|
|
23983
|
+
"tactic": "Isolate"
|
|
23984
|
+
},
|
|
23985
|
+
{
|
|
23986
|
+
"id": "D3-NTA",
|
|
23987
|
+
"name": "Network Traffic Analysis",
|
|
23988
|
+
"tactic": "Detect"
|
|
23989
|
+
},
|
|
23990
|
+
{
|
|
23991
|
+
"id": "D3-NTPM",
|
|
23992
|
+
"name": "Network Traffic Policy Mapping",
|
|
23993
|
+
"tactic": "Model"
|
|
23994
|
+
},
|
|
23995
|
+
{
|
|
23996
|
+
"id": "D3-PHRA",
|
|
23997
|
+
"name": "Process Hardware Resource Access",
|
|
23998
|
+
"tactic": "Isolate"
|
|
23999
|
+
},
|
|
24000
|
+
{
|
|
24001
|
+
"id": "D3-PSEP",
|
|
24002
|
+
"name": "Process Segment Execution Prevention",
|
|
24003
|
+
"tactic": "Harden"
|
|
24004
|
+
}
|
|
24005
|
+
],
|
|
24006
|
+
"framework_gaps": [
|
|
24007
|
+
{
|
|
24008
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
24009
|
+
"framework": "ALL",
|
|
24010
|
+
"control_name": "AI Pipeline Integrity"
|
|
24011
|
+
},
|
|
24012
|
+
{
|
|
24013
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
24014
|
+
"framework": "ALL",
|
|
24015
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
24016
|
+
},
|
|
24017
|
+
{
|
|
24018
|
+
"id": "CIS-Controls-v8-Control7",
|
|
24019
|
+
"framework": "CIS Controls v8",
|
|
24020
|
+
"control_name": "Continuous Vulnerability Management"
|
|
24021
|
+
},
|
|
24022
|
+
{
|
|
24023
|
+
"id": "CMMC-2.0-Level-2",
|
|
24024
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
24025
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
24026
|
+
},
|
|
24027
|
+
{
|
|
24028
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
24029
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
24030
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
24031
|
+
},
|
|
24032
|
+
{
|
|
24033
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
24034
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
24035
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
24036
|
+
},
|
|
24037
|
+
{
|
|
24038
|
+
"id": "IEC-62443-3-3",
|
|
24039
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
24040
|
+
"control_name": "System security requirements and security levels"
|
|
24041
|
+
},
|
|
24042
|
+
{
|
|
24043
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
24044
|
+
"framework": "ISO/IEC 27001:2022",
|
|
24045
|
+
"control_name": "Monitoring activities"
|
|
24046
|
+
},
|
|
24047
|
+
{
|
|
24048
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
24049
|
+
"framework": "ISO/IEC 27001:2022",
|
|
24050
|
+
"control_name": "Secure coding"
|
|
24051
|
+
},
|
|
24052
|
+
{
|
|
24053
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
24054
|
+
"framework": "ISO/IEC 27001:2022",
|
|
24055
|
+
"control_name": "Management of technical vulnerabilities"
|
|
24056
|
+
},
|
|
24057
|
+
{
|
|
24058
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
24059
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
24060
|
+
"control_name": "AI risk management process"
|
|
24061
|
+
},
|
|
24062
|
+
{
|
|
24063
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
24064
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
24065
|
+
"control_name": "AI risk assessment"
|
|
24066
|
+
},
|
|
24067
|
+
{
|
|
24068
|
+
"id": "NERC-CIP-007-6-R4",
|
|
24069
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
24070
|
+
"control_name": "Security event monitoring"
|
|
24071
|
+
},
|
|
24072
|
+
{
|
|
24073
|
+
"id": "NIS2-Art21-patch-management",
|
|
24074
|
+
"framework": "EU NIS2 Directive",
|
|
24075
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
24076
|
+
},
|
|
24077
|
+
{
|
|
24078
|
+
"id": "NIST-800-115",
|
|
24079
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
24080
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
24081
|
+
},
|
|
24082
|
+
{
|
|
24083
|
+
"id": "NIST-800-53-AC-2",
|
|
24084
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
24085
|
+
"control_name": "Account Management"
|
|
24086
|
+
},
|
|
24087
|
+
{
|
|
24088
|
+
"id": "NIST-800-53-SC-28",
|
|
24089
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
24090
|
+
"control_name": "Protection of Information at Rest"
|
|
24091
|
+
},
|
|
24092
|
+
{
|
|
24093
|
+
"id": "NIST-800-53-SC-7",
|
|
24094
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
24095
|
+
"control_name": "Boundary Protection"
|
|
24096
|
+
},
|
|
24097
|
+
{
|
|
24098
|
+
"id": "NIST-800-53-SC-8",
|
|
24099
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
24100
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
24101
|
+
},
|
|
24102
|
+
{
|
|
24103
|
+
"id": "NIST-800-53-SI-2",
|
|
24104
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
24105
|
+
"control_name": "Flaw Remediation"
|
|
24106
|
+
},
|
|
24107
|
+
{
|
|
24108
|
+
"id": "NIST-800-53-SI-3",
|
|
24109
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
24110
|
+
"control_name": "Malicious Code Protection"
|
|
24111
|
+
},
|
|
24112
|
+
{
|
|
24113
|
+
"id": "NIST-800-82r3",
|
|
24114
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
24115
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
24116
|
+
},
|
|
24117
|
+
{
|
|
24118
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
24119
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
24120
|
+
"control_name": "Prompt Injection"
|
|
24121
|
+
},
|
|
24122
|
+
{
|
|
24123
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
24124
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
24125
|
+
"control_name": "Sensitive Information Disclosure"
|
|
24126
|
+
},
|
|
24127
|
+
{
|
|
24128
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
24129
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
24130
|
+
"control_name": "Web application penetration testing methodology"
|
|
24131
|
+
},
|
|
24132
|
+
{
|
|
24133
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
24134
|
+
"framework": "PCI DSS 4.0",
|
|
24135
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
24136
|
+
},
|
|
24137
|
+
{
|
|
24138
|
+
"id": "PTES-Pre-engagement",
|
|
24139
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
24140
|
+
"control_name": "Pre-engagement Interactions"
|
|
24141
|
+
},
|
|
24142
|
+
{
|
|
24143
|
+
"id": "SOC2-CC6-logical-access",
|
|
24144
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
24145
|
+
"control_name": "Logical and Physical Access Controls"
|
|
24146
|
+
},
|
|
24147
|
+
{
|
|
24148
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
24149
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
24150
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
24151
|
+
}
|
|
24152
|
+
],
|
|
24153
|
+
"attack_refs": [
|
|
24154
|
+
"T0855",
|
|
24155
|
+
"T0883",
|
|
24156
|
+
"T1041",
|
|
24157
|
+
"T1059",
|
|
24158
|
+
"T1068",
|
|
24159
|
+
"T1071",
|
|
24160
|
+
"T1078",
|
|
24161
|
+
"T1102",
|
|
24162
|
+
"T1133",
|
|
24163
|
+
"T1190",
|
|
24164
|
+
"T1213",
|
|
24165
|
+
"T1530",
|
|
24166
|
+
"T1548.001",
|
|
24167
|
+
"T1566",
|
|
24168
|
+
"T1567",
|
|
24169
|
+
"T1568"
|
|
24170
|
+
],
|
|
24171
|
+
"rfc_refs": [
|
|
24172
|
+
"RFC-4301",
|
|
24173
|
+
"RFC-4303",
|
|
24174
|
+
"RFC-7296",
|
|
24175
|
+
"RFC-8446",
|
|
24176
|
+
"RFC-9000",
|
|
24177
|
+
"RFC-9114",
|
|
24178
|
+
"RFC-9180",
|
|
24179
|
+
"RFC-9421",
|
|
24180
|
+
"RFC-9458"
|
|
24181
|
+
]
|
|
24182
|
+
}
|
|
24183
|
+
},
|
|
24184
|
+
"CVE-2025-23266": {
|
|
24185
|
+
"name": "NVIDIA Container Toolkit Init-Hook Untrusted Search Path Container Escape (NVIDIAScape)",
|
|
24186
|
+
"rwep": 35,
|
|
24187
|
+
"cvss": 9,
|
|
24188
|
+
"cisa_kev": false,
|
|
24189
|
+
"epss_score": null,
|
|
24190
|
+
"referencing_skills": [
|
|
24191
|
+
"kernel-lpe-triage",
|
|
24192
|
+
"ai-attack-surface",
|
|
24193
|
+
"compliance-theater",
|
|
24194
|
+
"ai-c2-detection",
|
|
24195
|
+
"attack-surface-pentest",
|
|
24196
|
+
"dlp-gap-analysis",
|
|
24197
|
+
"ot-ics-security",
|
|
24198
|
+
"sector-energy"
|
|
24199
|
+
],
|
|
24200
|
+
"chain": {
|
|
24201
|
+
"cwes": [
|
|
24202
|
+
{
|
|
24203
|
+
"id": "CWE-1037",
|
|
24204
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
24205
|
+
"category": "Hardware / Side Channel"
|
|
24206
|
+
},
|
|
24207
|
+
{
|
|
24208
|
+
"id": "CWE-1039",
|
|
24209
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
24210
|
+
"category": "AI/ML"
|
|
24211
|
+
},
|
|
24212
|
+
{
|
|
24213
|
+
"id": "CWE-125",
|
|
24214
|
+
"name": "Out-of-bounds Read",
|
|
24215
|
+
"category": "Memory Safety"
|
|
24216
|
+
},
|
|
24217
|
+
{
|
|
24218
|
+
"id": "CWE-1395",
|
|
24219
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
24220
|
+
"category": "Supply Chain"
|
|
24221
|
+
},
|
|
24222
|
+
{
|
|
24223
|
+
"id": "CWE-1426",
|
|
24224
|
+
"name": "Improper Validation of Generative AI Output",
|
|
24225
|
+
"category": "AI/ML"
|
|
24226
|
+
},
|
|
24227
|
+
{
|
|
24228
|
+
"id": "CWE-200",
|
|
24229
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
24230
|
+
"category": "Information Exposure"
|
|
24231
|
+
},
|
|
24232
|
+
{
|
|
24233
|
+
"id": "CWE-22",
|
|
24234
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
24235
|
+
"category": "Path/Resource"
|
|
24236
|
+
},
|
|
24237
|
+
{
|
|
24238
|
+
"id": "CWE-269",
|
|
24239
|
+
"name": "Improper Privilege Management",
|
|
24240
|
+
"category": "Authorization"
|
|
24241
|
+
},
|
|
24242
|
+
{
|
|
24243
|
+
"id": "CWE-287",
|
|
24244
|
+
"name": "Improper Authentication",
|
|
24245
|
+
"category": "Authentication"
|
|
24246
|
+
},
|
|
24247
|
+
{
|
|
24248
|
+
"id": "CWE-306",
|
|
24249
|
+
"name": "Missing Authentication for Critical Function",
|
|
24250
|
+
"category": "Authentication"
|
|
24251
|
+
},
|
|
24252
|
+
{
|
|
24253
|
+
"id": "CWE-352",
|
|
24254
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
24255
|
+
"category": "Session"
|
|
24256
|
+
},
|
|
24257
|
+
{
|
|
24258
|
+
"id": "CWE-362",
|
|
24259
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
24260
|
+
"category": "Concurrency"
|
|
24261
|
+
},
|
|
24262
|
+
{
|
|
24263
|
+
"id": "CWE-416",
|
|
24264
|
+
"name": "Use After Free",
|
|
24265
|
+
"category": "Memory Safety"
|
|
24266
|
+
},
|
|
24267
|
+
{
|
|
24268
|
+
"id": "CWE-434",
|
|
24269
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
24270
|
+
"category": "File Handling"
|
|
24271
|
+
},
|
|
24272
|
+
{
|
|
24273
|
+
"id": "CWE-672",
|
|
24274
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
24275
|
+
"category": "Memory Safety"
|
|
24276
|
+
},
|
|
24277
|
+
{
|
|
24278
|
+
"id": "CWE-732",
|
|
24279
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
24280
|
+
"category": "Authorization"
|
|
24281
|
+
},
|
|
24282
|
+
{
|
|
24283
|
+
"id": "CWE-78",
|
|
24284
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
24285
|
+
"category": "Injection"
|
|
24286
|
+
},
|
|
24287
|
+
{
|
|
24288
|
+
"id": "CWE-787",
|
|
24289
|
+
"name": "Out-of-bounds Write",
|
|
24290
|
+
"category": "Memory Safety"
|
|
24291
|
+
},
|
|
24292
|
+
{
|
|
24293
|
+
"id": "CWE-79",
|
|
24294
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
24295
|
+
"category": "Injection"
|
|
24296
|
+
},
|
|
24297
|
+
{
|
|
24298
|
+
"id": "CWE-798",
|
|
24299
|
+
"name": "Use of Hard-coded Credentials",
|
|
24300
|
+
"category": "Credentials"
|
|
24301
|
+
},
|
|
24302
|
+
{
|
|
24303
|
+
"id": "CWE-89",
|
|
24304
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
24305
|
+
"category": "Injection"
|
|
24306
|
+
},
|
|
24307
|
+
{
|
|
24308
|
+
"id": "CWE-918",
|
|
24309
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
24310
|
+
"category": "Network"
|
|
24311
|
+
},
|
|
24312
|
+
{
|
|
24313
|
+
"id": "CWE-94",
|
|
24314
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
24315
|
+
"category": "Injection"
|
|
24316
|
+
}
|
|
24317
|
+
],
|
|
24318
|
+
"atlas": [
|
|
24319
|
+
{
|
|
24320
|
+
"id": "AML.T0010",
|
|
24321
|
+
"name": "ML Supply Chain Compromise",
|
|
24322
|
+
"tactic": "Initial Access"
|
|
24323
|
+
},
|
|
24324
|
+
{
|
|
24325
|
+
"id": "AML.T0016",
|
|
24326
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
24327
|
+
"tactic": "Resource Development"
|
|
24328
|
+
},
|
|
24329
|
+
{
|
|
24330
|
+
"id": "AML.T0017",
|
|
24331
|
+
"name": "Discover ML Model Ontology",
|
|
24332
|
+
"tactic": "Discovery"
|
|
24333
|
+
},
|
|
24334
|
+
{
|
|
24335
|
+
"id": "AML.T0018",
|
|
24336
|
+
"name": "Backdoor ML Model",
|
|
24337
|
+
"tactic": "Persistence"
|
|
24338
|
+
},
|
|
24339
|
+
{
|
|
24340
|
+
"id": "AML.T0020",
|
|
24341
|
+
"name": "Poison Training Data",
|
|
24342
|
+
"tactic": "ML Attack Staging"
|
|
24343
|
+
},
|
|
24344
|
+
{
|
|
24345
|
+
"id": "AML.T0043",
|
|
24346
|
+
"name": "Craft Adversarial Data",
|
|
24347
|
+
"tactic": "ML Attack Staging"
|
|
24348
|
+
},
|
|
24349
|
+
{
|
|
24350
|
+
"id": "AML.T0051",
|
|
24351
|
+
"name": "LLM Prompt Injection",
|
|
24352
|
+
"tactic": "Execution"
|
|
24353
|
+
},
|
|
24354
|
+
{
|
|
24355
|
+
"id": "AML.T0054",
|
|
24356
|
+
"name": "LLM Jailbreak",
|
|
24357
|
+
"tactic": "Defense Evasion"
|
|
24358
|
+
},
|
|
24359
|
+
{
|
|
24360
|
+
"id": "AML.T0096",
|
|
24361
|
+
"name": "AI API as Covert C2 Channel",
|
|
24362
|
+
"tactic": "Command and Control"
|
|
24363
|
+
}
|
|
24364
|
+
],
|
|
24365
|
+
"d3fend": [
|
|
24366
|
+
{
|
|
24367
|
+
"id": "D3-ASLR",
|
|
24368
|
+
"name": "Address Space Layout Randomization",
|
|
24369
|
+
"tactic": "Harden"
|
|
24370
|
+
},
|
|
24371
|
+
{
|
|
24372
|
+
"id": "D3-CA",
|
|
24373
|
+
"name": "Certificate Analysis",
|
|
24374
|
+
"tactic": "Detect"
|
|
24375
|
+
},
|
|
24376
|
+
{
|
|
24377
|
+
"id": "D3-CSPP",
|
|
24378
|
+
"name": "Client-server Payload Profiling",
|
|
24379
|
+
"tactic": "Detect"
|
|
24380
|
+
},
|
|
24381
|
+
{
|
|
24382
|
+
"id": "D3-DA",
|
|
24383
|
+
"name": "Domain Analysis",
|
|
24384
|
+
"tactic": "Detect"
|
|
24385
|
+
},
|
|
24386
|
+
{
|
|
24387
|
+
"id": "D3-EAL",
|
|
24388
|
+
"name": "Executable Allowlisting",
|
|
24389
|
+
"tactic": "Harden"
|
|
24390
|
+
},
|
|
24391
|
+
{
|
|
24392
|
+
"id": "D3-IOPR",
|
|
24393
|
+
"name": "Input/Output Profiling Resource",
|
|
24394
|
+
"tactic": "Detect"
|
|
24395
|
+
},
|
|
24396
|
+
{
|
|
24397
|
+
"id": "D3-NI",
|
|
24398
|
+
"name": "Network Isolation",
|
|
24399
|
+
"tactic": "Isolate"
|
|
24400
|
+
},
|
|
24401
|
+
{
|
|
24402
|
+
"id": "D3-NTA",
|
|
24403
|
+
"name": "Network Traffic Analysis",
|
|
24404
|
+
"tactic": "Detect"
|
|
24405
|
+
},
|
|
24406
|
+
{
|
|
24407
|
+
"id": "D3-NTPM",
|
|
24408
|
+
"name": "Network Traffic Policy Mapping",
|
|
24409
|
+
"tactic": "Model"
|
|
24410
|
+
},
|
|
24411
|
+
{
|
|
24412
|
+
"id": "D3-PHRA",
|
|
24413
|
+
"name": "Process Hardware Resource Access",
|
|
24414
|
+
"tactic": "Isolate"
|
|
24415
|
+
},
|
|
24416
|
+
{
|
|
24417
|
+
"id": "D3-PSEP",
|
|
24418
|
+
"name": "Process Segment Execution Prevention",
|
|
24419
|
+
"tactic": "Harden"
|
|
24420
|
+
}
|
|
24421
|
+
],
|
|
24422
|
+
"framework_gaps": [
|
|
24423
|
+
{
|
|
24424
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
24425
|
+
"framework": "ALL",
|
|
24426
|
+
"control_name": "AI Pipeline Integrity"
|
|
24427
|
+
},
|
|
24428
|
+
{
|
|
24429
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
24430
|
+
"framework": "ALL",
|
|
24431
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
24432
|
+
},
|
|
24433
|
+
{
|
|
24434
|
+
"id": "CIS-Controls-v8-Control7",
|
|
24435
|
+
"framework": "CIS Controls v8",
|
|
24436
|
+
"control_name": "Continuous Vulnerability Management"
|
|
24437
|
+
},
|
|
24438
|
+
{
|
|
24439
|
+
"id": "CMMC-2.0-Level-2",
|
|
24440
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
24441
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
24442
|
+
},
|
|
24443
|
+
{
|
|
24444
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
24445
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
24446
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
24447
|
+
},
|
|
24448
|
+
{
|
|
24449
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
24450
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
24451
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
24452
|
+
},
|
|
24453
|
+
{
|
|
24454
|
+
"id": "IEC-62443-3-3",
|
|
24455
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
24456
|
+
"control_name": "System security requirements and security levels"
|
|
24457
|
+
},
|
|
24458
|
+
{
|
|
24459
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
24460
|
+
"framework": "ISO/IEC 27001:2022",
|
|
24461
|
+
"control_name": "Monitoring activities"
|
|
24462
|
+
},
|
|
24463
|
+
{
|
|
24464
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
24465
|
+
"framework": "ISO/IEC 27001:2022",
|
|
24466
|
+
"control_name": "Secure coding"
|
|
24467
|
+
},
|
|
24468
|
+
{
|
|
24469
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
24470
|
+
"framework": "ISO/IEC 27001:2022",
|
|
24471
|
+
"control_name": "Management of technical vulnerabilities"
|
|
24472
|
+
},
|
|
24473
|
+
{
|
|
24474
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
24475
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
24476
|
+
"control_name": "AI risk management process"
|
|
24477
|
+
},
|
|
24478
|
+
{
|
|
24479
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
24480
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
24481
|
+
"control_name": "AI risk assessment"
|
|
24482
|
+
},
|
|
24483
|
+
{
|
|
24484
|
+
"id": "NERC-CIP-007-6-R4",
|
|
24485
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
24486
|
+
"control_name": "Security event monitoring"
|
|
24487
|
+
},
|
|
24488
|
+
{
|
|
24489
|
+
"id": "NIS2-Art21-patch-management",
|
|
24490
|
+
"framework": "EU NIS2 Directive",
|
|
24491
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
24492
|
+
},
|
|
24493
|
+
{
|
|
24494
|
+
"id": "NIST-800-115",
|
|
24495
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
24496
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
24497
|
+
},
|
|
24498
|
+
{
|
|
24499
|
+
"id": "NIST-800-53-AC-2",
|
|
24500
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
24501
|
+
"control_name": "Account Management"
|
|
24502
|
+
},
|
|
24503
|
+
{
|
|
24504
|
+
"id": "NIST-800-53-SC-28",
|
|
24505
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
24506
|
+
"control_name": "Protection of Information at Rest"
|
|
24507
|
+
},
|
|
24508
|
+
{
|
|
24509
|
+
"id": "NIST-800-53-SC-7",
|
|
24510
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
24511
|
+
"control_name": "Boundary Protection"
|
|
24512
|
+
},
|
|
24513
|
+
{
|
|
24514
|
+
"id": "NIST-800-53-SC-8",
|
|
24515
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
24516
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
24517
|
+
},
|
|
24518
|
+
{
|
|
24519
|
+
"id": "NIST-800-53-SI-2",
|
|
24520
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
24521
|
+
"control_name": "Flaw Remediation"
|
|
24522
|
+
},
|
|
24523
|
+
{
|
|
24524
|
+
"id": "NIST-800-53-SI-3",
|
|
24525
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
24526
|
+
"control_name": "Malicious Code Protection"
|
|
24527
|
+
},
|
|
24528
|
+
{
|
|
24529
|
+
"id": "NIST-800-82r3",
|
|
24530
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
24531
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
24532
|
+
},
|
|
24533
|
+
{
|
|
24534
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
24535
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
24536
|
+
"control_name": "Prompt Injection"
|
|
24537
|
+
},
|
|
24538
|
+
{
|
|
24539
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
24540
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
24541
|
+
"control_name": "Sensitive Information Disclosure"
|
|
24542
|
+
},
|
|
24543
|
+
{
|
|
24544
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
24545
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
24546
|
+
"control_name": "Web application penetration testing methodology"
|
|
24547
|
+
},
|
|
24548
|
+
{
|
|
24549
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
24550
|
+
"framework": "PCI DSS 4.0",
|
|
24551
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
24552
|
+
},
|
|
24553
|
+
{
|
|
24554
|
+
"id": "PTES-Pre-engagement",
|
|
24555
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
24556
|
+
"control_name": "Pre-engagement Interactions"
|
|
24557
|
+
},
|
|
24558
|
+
{
|
|
24559
|
+
"id": "SOC2-CC6-logical-access",
|
|
24560
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
24561
|
+
"control_name": "Logical and Physical Access Controls"
|
|
24562
|
+
},
|
|
24563
|
+
{
|
|
24564
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
24565
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
24566
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
24567
|
+
}
|
|
24568
|
+
],
|
|
24569
|
+
"attack_refs": [
|
|
24570
|
+
"T0855",
|
|
24571
|
+
"T0883",
|
|
24572
|
+
"T1041",
|
|
24573
|
+
"T1059",
|
|
24574
|
+
"T1068",
|
|
24575
|
+
"T1071",
|
|
24576
|
+
"T1078",
|
|
24577
|
+
"T1102",
|
|
24578
|
+
"T1133",
|
|
24579
|
+
"T1190",
|
|
24580
|
+
"T1213",
|
|
24581
|
+
"T1530",
|
|
24582
|
+
"T1548.001",
|
|
24583
|
+
"T1566",
|
|
24584
|
+
"T1567",
|
|
24585
|
+
"T1568"
|
|
24586
|
+
],
|
|
24587
|
+
"rfc_refs": [
|
|
24588
|
+
"RFC-4301",
|
|
24589
|
+
"RFC-4303",
|
|
24590
|
+
"RFC-7296",
|
|
24591
|
+
"RFC-8446",
|
|
24592
|
+
"RFC-9000",
|
|
24593
|
+
"RFC-9114",
|
|
24594
|
+
"RFC-9180",
|
|
24595
|
+
"RFC-9421",
|
|
24596
|
+
"RFC-9458"
|
|
24597
|
+
]
|
|
24598
|
+
}
|
|
24599
|
+
},
|
|
24600
|
+
"CVE-2025-1550": {
|
|
24601
|
+
"name": "Keras .keras Model Deserialization Arbitrary Code Execution",
|
|
24602
|
+
"rwep": 31,
|
|
24603
|
+
"cvss": 9.8,
|
|
24604
|
+
"cisa_kev": false,
|
|
24605
|
+
"epss_score": null,
|
|
24606
|
+
"referencing_skills": [
|
|
24607
|
+
"kernel-lpe-triage",
|
|
24608
|
+
"ai-attack-surface",
|
|
24609
|
+
"compliance-theater",
|
|
24610
|
+
"attack-surface-pentest",
|
|
24611
|
+
"ot-ics-security",
|
|
24612
|
+
"coordinated-vuln-disclosure",
|
|
24613
|
+
"sector-energy"
|
|
24614
|
+
],
|
|
24615
|
+
"chain": {
|
|
24616
|
+
"cwes": [
|
|
24617
|
+
{
|
|
24618
|
+
"id": "CWE-1037",
|
|
24619
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
24620
|
+
"category": "Hardware / Side Channel"
|
|
24621
|
+
},
|
|
24622
|
+
{
|
|
24623
|
+
"id": "CWE-1039",
|
|
24624
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
24625
|
+
"category": "AI/ML"
|
|
24626
|
+
},
|
|
24627
|
+
{
|
|
24628
|
+
"id": "CWE-125",
|
|
24629
|
+
"name": "Out-of-bounds Read",
|
|
24630
|
+
"category": "Memory Safety"
|
|
24631
|
+
},
|
|
24632
|
+
{
|
|
24633
|
+
"id": "CWE-1357",
|
|
24634
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
24635
|
+
"category": "Supply Chain"
|
|
24636
|
+
},
|
|
24637
|
+
{
|
|
24638
|
+
"id": "CWE-1395",
|
|
24639
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
24640
|
+
"category": "Supply Chain"
|
|
24641
|
+
},
|
|
24642
|
+
{
|
|
24643
|
+
"id": "CWE-1426",
|
|
24644
|
+
"name": "Improper Validation of Generative AI Output",
|
|
24645
|
+
"category": "AI/ML"
|
|
24646
|
+
},
|
|
24647
|
+
{
|
|
24648
|
+
"id": "CWE-22",
|
|
24649
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
24650
|
+
"category": "Path/Resource"
|
|
24651
|
+
},
|
|
24652
|
+
{
|
|
24653
|
+
"id": "CWE-269",
|
|
24654
|
+
"name": "Improper Privilege Management",
|
|
24655
|
+
"category": "Authorization"
|
|
24656
|
+
},
|
|
24657
|
+
{
|
|
24658
|
+
"id": "CWE-287",
|
|
24659
|
+
"name": "Improper Authentication",
|
|
24660
|
+
"category": "Authentication"
|
|
24661
|
+
},
|
|
24662
|
+
{
|
|
24663
|
+
"id": "CWE-306",
|
|
24664
|
+
"name": "Missing Authentication for Critical Function",
|
|
24665
|
+
"category": "Authentication"
|
|
24666
|
+
},
|
|
24667
|
+
{
|
|
24668
|
+
"id": "CWE-352",
|
|
24669
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
24670
|
+
"category": "Session"
|
|
24671
|
+
},
|
|
24672
|
+
{
|
|
24673
|
+
"id": "CWE-362",
|
|
24674
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
24675
|
+
"category": "Concurrency"
|
|
24676
|
+
},
|
|
24677
|
+
{
|
|
24678
|
+
"id": "CWE-416",
|
|
24679
|
+
"name": "Use After Free",
|
|
24680
|
+
"category": "Memory Safety"
|
|
24681
|
+
},
|
|
24682
|
+
{
|
|
24683
|
+
"id": "CWE-434",
|
|
24684
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
24685
|
+
"category": "File Handling"
|
|
24686
|
+
},
|
|
24687
|
+
{
|
|
24688
|
+
"id": "CWE-672",
|
|
24689
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
24690
|
+
"category": "Memory Safety"
|
|
24691
|
+
},
|
|
24692
|
+
{
|
|
24693
|
+
"id": "CWE-732",
|
|
24694
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
24695
|
+
"category": "Authorization"
|
|
24696
|
+
},
|
|
24697
|
+
{
|
|
24698
|
+
"id": "CWE-78",
|
|
24699
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
24700
|
+
"category": "Injection"
|
|
24701
|
+
},
|
|
24702
|
+
{
|
|
24703
|
+
"id": "CWE-787",
|
|
24704
|
+
"name": "Out-of-bounds Write",
|
|
24705
|
+
"category": "Memory Safety"
|
|
24706
|
+
},
|
|
24707
|
+
{
|
|
24708
|
+
"id": "CWE-79",
|
|
24709
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
24710
|
+
"category": "Injection"
|
|
24711
|
+
},
|
|
24712
|
+
{
|
|
24713
|
+
"id": "CWE-798",
|
|
24714
|
+
"name": "Use of Hard-coded Credentials",
|
|
24715
|
+
"category": "Credentials"
|
|
24716
|
+
},
|
|
24717
|
+
{
|
|
24718
|
+
"id": "CWE-89",
|
|
24719
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
24720
|
+
"category": "Injection"
|
|
24721
|
+
},
|
|
24722
|
+
{
|
|
24723
|
+
"id": "CWE-918",
|
|
24724
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
24725
|
+
"category": "Network"
|
|
24726
|
+
},
|
|
24727
|
+
{
|
|
24728
|
+
"id": "CWE-94",
|
|
24729
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
24730
|
+
"category": "Injection"
|
|
24731
|
+
}
|
|
24732
|
+
],
|
|
24733
|
+
"atlas": [
|
|
24734
|
+
{
|
|
24735
|
+
"id": "AML.T0010",
|
|
24736
|
+
"name": "ML Supply Chain Compromise",
|
|
24737
|
+
"tactic": "Initial Access"
|
|
24738
|
+
},
|
|
24739
|
+
{
|
|
24740
|
+
"id": "AML.T0016",
|
|
24741
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
24742
|
+
"tactic": "Resource Development"
|
|
24743
|
+
},
|
|
24744
|
+
{
|
|
24745
|
+
"id": "AML.T0017",
|
|
24746
|
+
"name": "Discover ML Model Ontology",
|
|
24747
|
+
"tactic": "Discovery"
|
|
24748
|
+
},
|
|
24749
|
+
{
|
|
24750
|
+
"id": "AML.T0018",
|
|
24751
|
+
"name": "Backdoor ML Model",
|
|
24752
|
+
"tactic": "Persistence"
|
|
24753
|
+
},
|
|
24754
|
+
{
|
|
24755
|
+
"id": "AML.T0020",
|
|
24756
|
+
"name": "Poison Training Data",
|
|
24757
|
+
"tactic": "ML Attack Staging"
|
|
24758
|
+
},
|
|
24759
|
+
{
|
|
24760
|
+
"id": "AML.T0043",
|
|
24761
|
+
"name": "Craft Adversarial Data",
|
|
24762
|
+
"tactic": "ML Attack Staging"
|
|
24763
|
+
},
|
|
24764
|
+
{
|
|
24765
|
+
"id": "AML.T0051",
|
|
24766
|
+
"name": "LLM Prompt Injection",
|
|
24767
|
+
"tactic": "Execution"
|
|
24768
|
+
},
|
|
24769
|
+
{
|
|
24770
|
+
"id": "AML.T0054",
|
|
24771
|
+
"name": "LLM Jailbreak",
|
|
24772
|
+
"tactic": "Defense Evasion"
|
|
24773
|
+
},
|
|
24774
|
+
{
|
|
24775
|
+
"id": "AML.T0096",
|
|
24776
|
+
"name": "AI API as Covert C2 Channel",
|
|
24777
|
+
"tactic": "Command and Control"
|
|
24778
|
+
}
|
|
24779
|
+
],
|
|
24780
|
+
"d3fend": [
|
|
24781
|
+
{
|
|
24782
|
+
"id": "D3-ASLR",
|
|
24783
|
+
"name": "Address Space Layout Randomization",
|
|
24784
|
+
"tactic": "Harden"
|
|
24785
|
+
},
|
|
24786
|
+
{
|
|
24787
|
+
"id": "D3-CSPP",
|
|
24788
|
+
"name": "Client-server Payload Profiling",
|
|
24789
|
+
"tactic": "Detect"
|
|
24790
|
+
},
|
|
24791
|
+
{
|
|
24792
|
+
"id": "D3-EAL",
|
|
24793
|
+
"name": "Executable Allowlisting",
|
|
24794
|
+
"tactic": "Harden"
|
|
24795
|
+
},
|
|
24796
|
+
{
|
|
24797
|
+
"id": "D3-IOPR",
|
|
24798
|
+
"name": "Input/Output Profiling Resource",
|
|
24799
|
+
"tactic": "Detect"
|
|
24800
|
+
},
|
|
24801
|
+
{
|
|
24802
|
+
"id": "D3-NTA",
|
|
24803
|
+
"name": "Network Traffic Analysis",
|
|
24804
|
+
"tactic": "Detect"
|
|
24805
|
+
},
|
|
24806
|
+
{
|
|
24807
|
+
"id": "D3-PHRA",
|
|
24808
|
+
"name": "Process Hardware Resource Access",
|
|
24809
|
+
"tactic": "Isolate"
|
|
24810
|
+
},
|
|
24811
|
+
{
|
|
24812
|
+
"id": "D3-PSEP",
|
|
24813
|
+
"name": "Process Segment Execution Prevention",
|
|
24814
|
+
"tactic": "Harden"
|
|
24815
|
+
}
|
|
24816
|
+
],
|
|
24817
|
+
"framework_gaps": [
|
|
24818
|
+
{
|
|
24819
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
24820
|
+
"framework": "ALL",
|
|
24821
|
+
"control_name": "AI Pipeline Integrity"
|
|
24822
|
+
},
|
|
24823
|
+
{
|
|
24824
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
24825
|
+
"framework": "ALL",
|
|
24826
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
24827
|
+
},
|
|
24828
|
+
{
|
|
24829
|
+
"id": "CIS-Controls-v8-Control7",
|
|
24830
|
+
"framework": "CIS Controls v8",
|
|
24831
|
+
"control_name": "Continuous Vulnerability Management"
|
|
24832
|
+
},
|
|
24833
|
+
{
|
|
24834
|
+
"id": "CMMC-2.0-Level-2",
|
|
24835
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
24836
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
24837
|
+
},
|
|
24838
|
+
{
|
|
24839
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
24840
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
24841
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
24842
|
+
},
|
|
24843
|
+
{
|
|
24844
|
+
"id": "IEC-62443-3-3",
|
|
24845
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
24846
|
+
"control_name": "System security requirements and security levels"
|
|
24847
|
+
},
|
|
24848
|
+
{
|
|
24849
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
24850
|
+
"framework": "ISO/IEC 27001:2022",
|
|
24851
|
+
"control_name": "Secure coding"
|
|
24852
|
+
},
|
|
24853
|
+
{
|
|
24854
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
24855
|
+
"framework": "ISO/IEC 27001:2022",
|
|
24856
|
+
"control_name": "Management of technical vulnerabilities"
|
|
24857
|
+
},
|
|
24858
|
+
{
|
|
24859
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
24860
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
24861
|
+
"control_name": "AI risk management process"
|
|
24862
|
+
},
|
|
24863
|
+
{
|
|
24864
|
+
"id": "NERC-CIP-007-6-R4",
|
|
24865
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
24866
|
+
"control_name": "Security event monitoring"
|
|
24867
|
+
},
|
|
24868
|
+
{
|
|
24869
|
+
"id": "NIS2-Art21-patch-management",
|
|
24870
|
+
"framework": "EU NIS2 Directive",
|
|
24871
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
24872
|
+
},
|
|
24873
|
+
{
|
|
24874
|
+
"id": "NIST-800-115",
|
|
24875
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
24876
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
24877
|
+
},
|
|
24878
|
+
{
|
|
24879
|
+
"id": "NIST-800-218-SSDF",
|
|
24880
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
24881
|
+
"control_name": "Secure Software Development Framework"
|
|
24882
|
+
},
|
|
24883
|
+
{
|
|
24884
|
+
"id": "NIST-800-53-AC-2",
|
|
24885
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
24886
|
+
"control_name": "Account Management"
|
|
24887
|
+
},
|
|
24888
|
+
{
|
|
24889
|
+
"id": "NIST-800-53-SC-8",
|
|
24890
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
24891
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
24892
|
+
},
|
|
24893
|
+
{
|
|
24894
|
+
"id": "NIST-800-53-SI-2",
|
|
24895
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
24896
|
+
"control_name": "Flaw Remediation"
|
|
24897
|
+
},
|
|
24898
|
+
{
|
|
24899
|
+
"id": "NIST-800-53-SI-3",
|
|
24900
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
24901
|
+
"control_name": "Malicious Code Protection"
|
|
24902
|
+
},
|
|
24903
|
+
{
|
|
24904
|
+
"id": "NIST-800-82r3",
|
|
24905
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
24906
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
24907
|
+
},
|
|
24908
|
+
{
|
|
24909
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
24910
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
24911
|
+
"control_name": "Prompt Injection"
|
|
24912
|
+
},
|
|
24913
|
+
{
|
|
24914
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
24915
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
24916
|
+
"control_name": "Sensitive Information Disclosure"
|
|
24917
|
+
},
|
|
24918
|
+
{
|
|
24919
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
24920
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
24921
|
+
"control_name": "Web application penetration testing methodology"
|
|
24922
|
+
},
|
|
24923
|
+
{
|
|
24924
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
24925
|
+
"framework": "PCI DSS 4.0",
|
|
24926
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
24927
|
+
},
|
|
24928
|
+
{
|
|
24929
|
+
"id": "PTES-Pre-engagement",
|
|
24930
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
24931
|
+
"control_name": "Pre-engagement Interactions"
|
|
24932
|
+
},
|
|
24933
|
+
{
|
|
24934
|
+
"id": "SOC2-CC6-logical-access",
|
|
24935
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
24936
|
+
"control_name": "Logical and Physical Access Controls"
|
|
24937
|
+
},
|
|
24938
|
+
{
|
|
24939
|
+
"id": "SOC2-CC9-vendor-management",
|
|
24940
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
24941
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
24942
|
+
}
|
|
24943
|
+
],
|
|
24944
|
+
"attack_refs": [
|
|
24945
|
+
"T0855",
|
|
24946
|
+
"T0883",
|
|
24947
|
+
"T1059",
|
|
24948
|
+
"T1068",
|
|
24949
|
+
"T1078",
|
|
24950
|
+
"T1133",
|
|
24951
|
+
"T1190",
|
|
24952
|
+
"T1548.001",
|
|
24953
|
+
"T1566"
|
|
24954
|
+
],
|
|
24955
|
+
"rfc_refs": [
|
|
24956
|
+
"RFC-4301",
|
|
24957
|
+
"RFC-4303",
|
|
24958
|
+
"RFC-7296"
|
|
24959
|
+
]
|
|
24960
|
+
}
|
|
24961
|
+
},
|
|
24962
|
+
"CVE-2025-8747": {
|
|
24963
|
+
"name": "Keras safe_mode Bypass Model Deserialization Code Execution",
|
|
24964
|
+
"rwep": 31,
|
|
24965
|
+
"cvss": 7.8,
|
|
24966
|
+
"cisa_kev": false,
|
|
24967
|
+
"epss_score": null,
|
|
24968
|
+
"referencing_skills": [
|
|
24969
|
+
"kernel-lpe-triage",
|
|
24970
|
+
"ai-attack-surface",
|
|
24971
|
+
"compliance-theater",
|
|
24972
|
+
"attack-surface-pentest",
|
|
24973
|
+
"ot-ics-security",
|
|
24974
|
+
"coordinated-vuln-disclosure",
|
|
24975
|
+
"sector-energy"
|
|
24976
|
+
],
|
|
24977
|
+
"chain": {
|
|
24978
|
+
"cwes": [
|
|
24979
|
+
{
|
|
24980
|
+
"id": "CWE-1037",
|
|
24981
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
24982
|
+
"category": "Hardware / Side Channel"
|
|
24983
|
+
},
|
|
24984
|
+
{
|
|
24985
|
+
"id": "CWE-1039",
|
|
24986
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
24987
|
+
"category": "AI/ML"
|
|
24988
|
+
},
|
|
24989
|
+
{
|
|
24990
|
+
"id": "CWE-125",
|
|
24991
|
+
"name": "Out-of-bounds Read",
|
|
24992
|
+
"category": "Memory Safety"
|
|
24993
|
+
},
|
|
24994
|
+
{
|
|
24995
|
+
"id": "CWE-1357",
|
|
24996
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
24997
|
+
"category": "Supply Chain"
|
|
24998
|
+
},
|
|
24999
|
+
{
|
|
25000
|
+
"id": "CWE-1395",
|
|
25001
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
25002
|
+
"category": "Supply Chain"
|
|
25003
|
+
},
|
|
25004
|
+
{
|
|
25005
|
+
"id": "CWE-1426",
|
|
25006
|
+
"name": "Improper Validation of Generative AI Output",
|
|
25007
|
+
"category": "AI/ML"
|
|
25008
|
+
},
|
|
25009
|
+
{
|
|
25010
|
+
"id": "CWE-22",
|
|
25011
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
25012
|
+
"category": "Path/Resource"
|
|
25013
|
+
},
|
|
25014
|
+
{
|
|
25015
|
+
"id": "CWE-269",
|
|
25016
|
+
"name": "Improper Privilege Management",
|
|
25017
|
+
"category": "Authorization"
|
|
25018
|
+
},
|
|
25019
|
+
{
|
|
25020
|
+
"id": "CWE-287",
|
|
25021
|
+
"name": "Improper Authentication",
|
|
25022
|
+
"category": "Authentication"
|
|
25023
|
+
},
|
|
25024
|
+
{
|
|
25025
|
+
"id": "CWE-306",
|
|
25026
|
+
"name": "Missing Authentication for Critical Function",
|
|
25027
|
+
"category": "Authentication"
|
|
25028
|
+
},
|
|
25029
|
+
{
|
|
25030
|
+
"id": "CWE-352",
|
|
25031
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
25032
|
+
"category": "Session"
|
|
25033
|
+
},
|
|
25034
|
+
{
|
|
25035
|
+
"id": "CWE-362",
|
|
25036
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
25037
|
+
"category": "Concurrency"
|
|
25038
|
+
},
|
|
25039
|
+
{
|
|
25040
|
+
"id": "CWE-416",
|
|
25041
|
+
"name": "Use After Free",
|
|
25042
|
+
"category": "Memory Safety"
|
|
25043
|
+
},
|
|
25044
|
+
{
|
|
25045
|
+
"id": "CWE-434",
|
|
25046
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
25047
|
+
"category": "File Handling"
|
|
25048
|
+
},
|
|
25049
|
+
{
|
|
25050
|
+
"id": "CWE-672",
|
|
25051
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
25052
|
+
"category": "Memory Safety"
|
|
25053
|
+
},
|
|
25054
|
+
{
|
|
25055
|
+
"id": "CWE-732",
|
|
25056
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
25057
|
+
"category": "Authorization"
|
|
25058
|
+
},
|
|
25059
|
+
{
|
|
25060
|
+
"id": "CWE-78",
|
|
25061
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
25062
|
+
"category": "Injection"
|
|
25063
|
+
},
|
|
25064
|
+
{
|
|
25065
|
+
"id": "CWE-787",
|
|
25066
|
+
"name": "Out-of-bounds Write",
|
|
25067
|
+
"category": "Memory Safety"
|
|
25068
|
+
},
|
|
25069
|
+
{
|
|
25070
|
+
"id": "CWE-79",
|
|
25071
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
25072
|
+
"category": "Injection"
|
|
25073
|
+
},
|
|
25074
|
+
{
|
|
25075
|
+
"id": "CWE-798",
|
|
25076
|
+
"name": "Use of Hard-coded Credentials",
|
|
25077
|
+
"category": "Credentials"
|
|
25078
|
+
},
|
|
25079
|
+
{
|
|
25080
|
+
"id": "CWE-89",
|
|
25081
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
25082
|
+
"category": "Injection"
|
|
25083
|
+
},
|
|
25084
|
+
{
|
|
25085
|
+
"id": "CWE-918",
|
|
25086
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
25087
|
+
"category": "Network"
|
|
25088
|
+
},
|
|
25089
|
+
{
|
|
25090
|
+
"id": "CWE-94",
|
|
25091
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
25092
|
+
"category": "Injection"
|
|
25093
|
+
}
|
|
25094
|
+
],
|
|
25095
|
+
"atlas": [
|
|
25096
|
+
{
|
|
25097
|
+
"id": "AML.T0010",
|
|
25098
|
+
"name": "ML Supply Chain Compromise",
|
|
25099
|
+
"tactic": "Initial Access"
|
|
25100
|
+
},
|
|
25101
|
+
{
|
|
25102
|
+
"id": "AML.T0016",
|
|
25103
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
25104
|
+
"tactic": "Resource Development"
|
|
25105
|
+
},
|
|
25106
|
+
{
|
|
25107
|
+
"id": "AML.T0017",
|
|
25108
|
+
"name": "Discover ML Model Ontology",
|
|
25109
|
+
"tactic": "Discovery"
|
|
25110
|
+
},
|
|
25111
|
+
{
|
|
25112
|
+
"id": "AML.T0018",
|
|
25113
|
+
"name": "Backdoor ML Model",
|
|
25114
|
+
"tactic": "Persistence"
|
|
25115
|
+
},
|
|
25116
|
+
{
|
|
25117
|
+
"id": "AML.T0020",
|
|
25118
|
+
"name": "Poison Training Data",
|
|
25119
|
+
"tactic": "ML Attack Staging"
|
|
25120
|
+
},
|
|
25121
|
+
{
|
|
25122
|
+
"id": "AML.T0043",
|
|
25123
|
+
"name": "Craft Adversarial Data",
|
|
25124
|
+
"tactic": "ML Attack Staging"
|
|
25125
|
+
},
|
|
25126
|
+
{
|
|
25127
|
+
"id": "AML.T0051",
|
|
25128
|
+
"name": "LLM Prompt Injection",
|
|
25129
|
+
"tactic": "Execution"
|
|
25130
|
+
},
|
|
25131
|
+
{
|
|
25132
|
+
"id": "AML.T0054",
|
|
25133
|
+
"name": "LLM Jailbreak",
|
|
25134
|
+
"tactic": "Defense Evasion"
|
|
25135
|
+
},
|
|
25136
|
+
{
|
|
25137
|
+
"id": "AML.T0096",
|
|
25138
|
+
"name": "AI API as Covert C2 Channel",
|
|
25139
|
+
"tactic": "Command and Control"
|
|
25140
|
+
}
|
|
25141
|
+
],
|
|
25142
|
+
"d3fend": [
|
|
25143
|
+
{
|
|
25144
|
+
"id": "D3-ASLR",
|
|
25145
|
+
"name": "Address Space Layout Randomization",
|
|
25146
|
+
"tactic": "Harden"
|
|
25147
|
+
},
|
|
25148
|
+
{
|
|
25149
|
+
"id": "D3-CSPP",
|
|
25150
|
+
"name": "Client-server Payload Profiling",
|
|
25151
|
+
"tactic": "Detect"
|
|
25152
|
+
},
|
|
25153
|
+
{
|
|
25154
|
+
"id": "D3-EAL",
|
|
25155
|
+
"name": "Executable Allowlisting",
|
|
25156
|
+
"tactic": "Harden"
|
|
25157
|
+
},
|
|
25158
|
+
{
|
|
25159
|
+
"id": "D3-IOPR",
|
|
25160
|
+
"name": "Input/Output Profiling Resource",
|
|
25161
|
+
"tactic": "Detect"
|
|
25162
|
+
},
|
|
25163
|
+
{
|
|
25164
|
+
"id": "D3-NTA",
|
|
25165
|
+
"name": "Network Traffic Analysis",
|
|
25166
|
+
"tactic": "Detect"
|
|
25167
|
+
},
|
|
25168
|
+
{
|
|
25169
|
+
"id": "D3-PHRA",
|
|
25170
|
+
"name": "Process Hardware Resource Access",
|
|
25171
|
+
"tactic": "Isolate"
|
|
25172
|
+
},
|
|
25173
|
+
{
|
|
25174
|
+
"id": "D3-PSEP",
|
|
25175
|
+
"name": "Process Segment Execution Prevention",
|
|
25176
|
+
"tactic": "Harden"
|
|
25177
|
+
}
|
|
25178
|
+
],
|
|
25179
|
+
"framework_gaps": [
|
|
25180
|
+
{
|
|
25181
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
25182
|
+
"framework": "ALL",
|
|
25183
|
+
"control_name": "AI Pipeline Integrity"
|
|
25184
|
+
},
|
|
25185
|
+
{
|
|
25186
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
25187
|
+
"framework": "ALL",
|
|
25188
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
25189
|
+
},
|
|
25190
|
+
{
|
|
25191
|
+
"id": "CIS-Controls-v8-Control7",
|
|
25192
|
+
"framework": "CIS Controls v8",
|
|
25193
|
+
"control_name": "Continuous Vulnerability Management"
|
|
25194
|
+
},
|
|
25195
|
+
{
|
|
25196
|
+
"id": "CMMC-2.0-Level-2",
|
|
25197
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
25198
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
25199
|
+
},
|
|
25200
|
+
{
|
|
25201
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
25202
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
25203
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
25204
|
+
},
|
|
25205
|
+
{
|
|
25206
|
+
"id": "IEC-62443-3-3",
|
|
25207
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
25208
|
+
"control_name": "System security requirements and security levels"
|
|
25209
|
+
},
|
|
25210
|
+
{
|
|
25211
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
25212
|
+
"framework": "ISO/IEC 27001:2022",
|
|
25213
|
+
"control_name": "Secure coding"
|
|
25214
|
+
},
|
|
25215
|
+
{
|
|
25216
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
25217
|
+
"framework": "ISO/IEC 27001:2022",
|
|
25218
|
+
"control_name": "Management of technical vulnerabilities"
|
|
25219
|
+
},
|
|
25220
|
+
{
|
|
25221
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
25222
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
25223
|
+
"control_name": "AI risk management process"
|
|
25224
|
+
},
|
|
25225
|
+
{
|
|
25226
|
+
"id": "NERC-CIP-007-6-R4",
|
|
25227
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
25228
|
+
"control_name": "Security event monitoring"
|
|
25229
|
+
},
|
|
25230
|
+
{
|
|
25231
|
+
"id": "NIS2-Art21-patch-management",
|
|
25232
|
+
"framework": "EU NIS2 Directive",
|
|
25233
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
25234
|
+
},
|
|
25235
|
+
{
|
|
25236
|
+
"id": "NIST-800-115",
|
|
25237
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
25238
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
25239
|
+
},
|
|
25240
|
+
{
|
|
25241
|
+
"id": "NIST-800-218-SSDF",
|
|
25242
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
25243
|
+
"control_name": "Secure Software Development Framework"
|
|
25244
|
+
},
|
|
25245
|
+
{
|
|
25246
|
+
"id": "NIST-800-53-AC-2",
|
|
25247
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
25248
|
+
"control_name": "Account Management"
|
|
25249
|
+
},
|
|
25250
|
+
{
|
|
25251
|
+
"id": "NIST-800-53-SC-8",
|
|
25252
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
25253
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
25254
|
+
},
|
|
25255
|
+
{
|
|
25256
|
+
"id": "NIST-800-53-SI-2",
|
|
25257
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
25258
|
+
"control_name": "Flaw Remediation"
|
|
25259
|
+
},
|
|
25260
|
+
{
|
|
25261
|
+
"id": "NIST-800-53-SI-3",
|
|
25262
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
25263
|
+
"control_name": "Malicious Code Protection"
|
|
25264
|
+
},
|
|
25265
|
+
{
|
|
25266
|
+
"id": "NIST-800-82r3",
|
|
25267
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
25268
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
25269
|
+
},
|
|
25270
|
+
{
|
|
25271
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
25272
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
25273
|
+
"control_name": "Prompt Injection"
|
|
25274
|
+
},
|
|
25275
|
+
{
|
|
25276
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
25277
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
25278
|
+
"control_name": "Sensitive Information Disclosure"
|
|
25279
|
+
},
|
|
25280
|
+
{
|
|
25281
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
25282
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
25283
|
+
"control_name": "Web application penetration testing methodology"
|
|
25284
|
+
},
|
|
25285
|
+
{
|
|
25286
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
25287
|
+
"framework": "PCI DSS 4.0",
|
|
25288
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
25289
|
+
},
|
|
25290
|
+
{
|
|
25291
|
+
"id": "PTES-Pre-engagement",
|
|
25292
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
25293
|
+
"control_name": "Pre-engagement Interactions"
|
|
25294
|
+
},
|
|
25295
|
+
{
|
|
25296
|
+
"id": "SOC2-CC6-logical-access",
|
|
25297
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
25298
|
+
"control_name": "Logical and Physical Access Controls"
|
|
25299
|
+
},
|
|
25300
|
+
{
|
|
25301
|
+
"id": "SOC2-CC9-vendor-management",
|
|
25302
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
25303
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
25304
|
+
}
|
|
25305
|
+
],
|
|
25306
|
+
"attack_refs": [
|
|
25307
|
+
"T0855",
|
|
25308
|
+
"T0883",
|
|
25309
|
+
"T1059",
|
|
25310
|
+
"T1068",
|
|
25311
|
+
"T1078",
|
|
25312
|
+
"T1133",
|
|
25313
|
+
"T1190",
|
|
25314
|
+
"T1548.001",
|
|
25315
|
+
"T1566"
|
|
25316
|
+
],
|
|
25317
|
+
"rfc_refs": [
|
|
25318
|
+
"RFC-4301",
|
|
25319
|
+
"RFC-4303",
|
|
25320
|
+
"RFC-7296"
|
|
25321
|
+
]
|
|
25322
|
+
}
|
|
25323
|
+
},
|
|
23768
25324
|
"CVE-2026-41091": {
|
|
23769
25325
|
"name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
|
|
23770
25326
|
"rwep": 45,
|
|
@@ -50142,6 +51698,7 @@
|
|
|
50142
51698
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
50143
51699
|
"CVE-2023-43472",
|
|
50144
51700
|
"CVE-2023-48022",
|
|
51701
|
+
"CVE-2024-0132",
|
|
50145
51702
|
"CVE-2024-3094",
|
|
50146
51703
|
"CVE-2024-3154",
|
|
50147
51704
|
"CVE-2024-50050",
|
|
@@ -50149,7 +51706,9 @@
|
|
|
50149
51706
|
"CVE-2025-10585",
|
|
50150
51707
|
"CVE-2025-1094",
|
|
50151
51708
|
"CVE-2025-14174",
|
|
51709
|
+
"CVE-2025-1550",
|
|
50152
51710
|
"CVE-2025-23254",
|
|
51711
|
+
"CVE-2025-23266",
|
|
50153
51712
|
"CVE-2025-30165",
|
|
50154
51713
|
"CVE-2025-34291",
|
|
50155
51714
|
"CVE-2025-38352",
|
|
@@ -50161,6 +51720,7 @@
|
|
|
50161
51720
|
"CVE-2025-60455",
|
|
50162
51721
|
"CVE-2025-64496",
|
|
50163
51722
|
"CVE-2025-6965",
|
|
51723
|
+
"CVE-2025-8747",
|
|
50164
51724
|
"CVE-2026-0766",
|
|
50165
51725
|
"CVE-2026-22252",
|
|
50166
51726
|
"CVE-2026-22688",
|
|
@@ -50511,12 +52071,15 @@
|
|
|
50511
52071
|
"related_cves": [
|
|
50512
52072
|
"CVE-2023-43472",
|
|
50513
52073
|
"CVE-2023-48022",
|
|
52074
|
+
"CVE-2024-0132",
|
|
50514
52075
|
"CVE-2024-50050",
|
|
50515
52076
|
"CVE-2025-0133",
|
|
50516
52077
|
"CVE-2025-10585",
|
|
50517
52078
|
"CVE-2025-1094",
|
|
50518
52079
|
"CVE-2025-14174",
|
|
52080
|
+
"CVE-2025-1550",
|
|
50519
52081
|
"CVE-2025-23254",
|
|
52082
|
+
"CVE-2025-23266",
|
|
50520
52083
|
"CVE-2025-30165",
|
|
50521
52084
|
"CVE-2025-34291",
|
|
50522
52085
|
"CVE-2025-38352",
|
|
@@ -50526,6 +52089,7 @@
|
|
|
50526
52089
|
"CVE-2025-60455",
|
|
50527
52090
|
"CVE-2025-64496",
|
|
50528
52091
|
"CVE-2025-6965",
|
|
52092
|
+
"CVE-2025-8747",
|
|
50529
52093
|
"CVE-2026-0766",
|
|
50530
52094
|
"CVE-2026-22252",
|
|
50531
52095
|
"CVE-2026-22688",
|
|
@@ -50671,12 +52235,15 @@
|
|
|
50671
52235
|
"related_cves": [
|
|
50672
52236
|
"CVE-2023-43472",
|
|
50673
52237
|
"CVE-2023-48022",
|
|
52238
|
+
"CVE-2024-0132",
|
|
50674
52239
|
"CVE-2024-50050",
|
|
50675
52240
|
"CVE-2025-0133",
|
|
50676
52241
|
"CVE-2025-10585",
|
|
50677
52242
|
"CVE-2025-1094",
|
|
50678
52243
|
"CVE-2025-14174",
|
|
52244
|
+
"CVE-2025-1550",
|
|
50679
52245
|
"CVE-2025-23254",
|
|
52246
|
+
"CVE-2025-23266",
|
|
50680
52247
|
"CVE-2025-30165",
|
|
50681
52248
|
"CVE-2025-34291",
|
|
50682
52249
|
"CVE-2025-38352",
|
|
@@ -50686,6 +52253,7 @@
|
|
|
50686
52253
|
"CVE-2025-60455",
|
|
50687
52254
|
"CVE-2025-64496",
|
|
50688
52255
|
"CVE-2025-6965",
|
|
52256
|
+
"CVE-2025-8747",
|
|
50689
52257
|
"CVE-2026-0766",
|
|
50690
52258
|
"CVE-2026-22252",
|
|
50691
52259
|
"CVE-2026-22688",
|
|
@@ -50845,12 +52413,15 @@
|
|
|
50845
52413
|
"related_cves": [
|
|
50846
52414
|
"CVE-2023-43472",
|
|
50847
52415
|
"CVE-2023-48022",
|
|
52416
|
+
"CVE-2024-0132",
|
|
50848
52417
|
"CVE-2024-50050",
|
|
50849
52418
|
"CVE-2025-0133",
|
|
50850
52419
|
"CVE-2025-10585",
|
|
50851
52420
|
"CVE-2025-1094",
|
|
50852
52421
|
"CVE-2025-14174",
|
|
52422
|
+
"CVE-2025-1550",
|
|
50853
52423
|
"CVE-2025-23254",
|
|
52424
|
+
"CVE-2025-23266",
|
|
50854
52425
|
"CVE-2025-30165",
|
|
50855
52426
|
"CVE-2025-34291",
|
|
50856
52427
|
"CVE-2025-38352",
|
|
@@ -50860,6 +52431,7 @@
|
|
|
50860
52431
|
"CVE-2025-60455",
|
|
50861
52432
|
"CVE-2025-64496",
|
|
50862
52433
|
"CVE-2025-6965",
|
|
52434
|
+
"CVE-2025-8747",
|
|
50863
52435
|
"CVE-2026-0766",
|
|
50864
52436
|
"CVE-2026-22252",
|
|
50865
52437
|
"CVE-2026-22688",
|
|
@@ -51123,13 +52695,16 @@
|
|
|
51123
52695
|
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
51124
52696
|
"CVE-2023-43472",
|
|
51125
52697
|
"CVE-2023-48022",
|
|
52698
|
+
"CVE-2024-0132",
|
|
51126
52699
|
"CVE-2024-3094",
|
|
51127
52700
|
"CVE-2024-3154",
|
|
51128
52701
|
"CVE-2024-50050",
|
|
51129
52702
|
"CVE-2025-0133",
|
|
51130
52703
|
"CVE-2025-1094",
|
|
51131
52704
|
"CVE-2025-11837",
|
|
52705
|
+
"CVE-2025-1550",
|
|
51132
52706
|
"CVE-2025-23254",
|
|
52707
|
+
"CVE-2025-23266",
|
|
51133
52708
|
"CVE-2025-30165",
|
|
51134
52709
|
"CVE-2025-34291",
|
|
51135
52710
|
"CVE-2025-49596",
|
|
@@ -51139,6 +52714,7 @@
|
|
|
51139
52714
|
"CVE-2025-60455",
|
|
51140
52715
|
"CVE-2025-64496",
|
|
51141
52716
|
"CVE-2025-6965",
|
|
52717
|
+
"CVE-2025-8747",
|
|
51142
52718
|
"CVE-2026-0766",
|
|
51143
52719
|
"CVE-2026-22252",
|
|
51144
52720
|
"CVE-2026-22688",
|
|
@@ -51357,6 +52933,7 @@
|
|
|
51357
52933
|
"CVE-2023-48022",
|
|
51358
52934
|
"CVE-2023-50224",
|
|
51359
52935
|
"CVE-2023-52163",
|
|
52936
|
+
"CVE-2024-0132",
|
|
51360
52937
|
"CVE-2024-0769",
|
|
51361
52938
|
"CVE-2024-11182",
|
|
51362
52939
|
"CVE-2024-12987",
|
|
@@ -51387,6 +52964,7 @@
|
|
|
51387
52964
|
"CVE-2025-14174",
|
|
51388
52965
|
"CVE-2025-14611",
|
|
51389
52966
|
"CVE-2025-14733",
|
|
52967
|
+
"CVE-2025-1550",
|
|
51390
52968
|
"CVE-2025-15556",
|
|
51391
52969
|
"CVE-2025-20281",
|
|
51392
52970
|
"CVE-2025-20333",
|
|
@@ -51399,6 +52977,7 @@
|
|
|
51399
52977
|
"CVE-2025-21479",
|
|
51400
52978
|
"CVE-2025-21480",
|
|
51401
52979
|
"CVE-2025-23254",
|
|
52980
|
+
"CVE-2025-23266",
|
|
51402
52981
|
"CVE-2025-24016",
|
|
51403
52982
|
"CVE-2025-24201",
|
|
51404
52983
|
"CVE-2025-24893",
|
|
@@ -51518,6 +53097,7 @@
|
|
|
51518
53097
|
"CVE-2025-7775",
|
|
51519
53098
|
"CVE-2025-8088",
|
|
51520
53099
|
"CVE-2025-8110",
|
|
53100
|
+
"CVE-2025-8747",
|
|
51521
53101
|
"CVE-2025-8875",
|
|
51522
53102
|
"CVE-2025-8876",
|
|
51523
53103
|
"CVE-2025-9242",
|
|
@@ -51811,6 +53391,7 @@
|
|
|
51811
53391
|
"BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
|
|
51812
53392
|
"CVE-2023-43472",
|
|
51813
53393
|
"CVE-2023-48022",
|
|
53394
|
+
"CVE-2024-0132",
|
|
51814
53395
|
"CVE-2024-3094",
|
|
51815
53396
|
"CVE-2024-3154",
|
|
51816
53397
|
"CVE-2024-40635",
|
|
@@ -51818,6 +53399,7 @@
|
|
|
51818
53399
|
"CVE-2025-1094",
|
|
51819
53400
|
"CVE-2025-14847",
|
|
51820
53401
|
"CVE-2025-22226",
|
|
53402
|
+
"CVE-2025-23266",
|
|
51821
53403
|
"CVE-2025-49844",
|
|
51822
53404
|
"CVE-2025-53767",
|
|
51823
53405
|
"CVE-2025-53773",
|
|
@@ -52168,6 +53750,7 @@
|
|
|
52168
53750
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
52169
53751
|
"CVE-2023-43472",
|
|
52170
53752
|
"CVE-2023-48022",
|
|
53753
|
+
"CVE-2024-0132",
|
|
52171
53754
|
"CVE-2024-3094",
|
|
52172
53755
|
"CVE-2024-3154",
|
|
52173
53756
|
"CVE-2024-50050",
|
|
@@ -52175,7 +53758,9 @@
|
|
|
52175
53758
|
"CVE-2025-10585",
|
|
52176
53759
|
"CVE-2025-1094",
|
|
52177
53760
|
"CVE-2025-14174",
|
|
53761
|
+
"CVE-2025-1550",
|
|
52178
53762
|
"CVE-2025-23254",
|
|
53763
|
+
"CVE-2025-23266",
|
|
52179
53764
|
"CVE-2025-30165",
|
|
52180
53765
|
"CVE-2025-34291",
|
|
52181
53766
|
"CVE-2025-38352",
|
|
@@ -52187,6 +53772,7 @@
|
|
|
52187
53772
|
"CVE-2025-60455",
|
|
52188
53773
|
"CVE-2025-64496",
|
|
52189
53774
|
"CVE-2025-6965",
|
|
53775
|
+
"CVE-2025-8747",
|
|
52190
53776
|
"CVE-2026-0766",
|
|
52191
53777
|
"CVE-2026-22252",
|
|
52192
53778
|
"CVE-2026-22688",
|
|
@@ -52767,6 +54353,7 @@
|
|
|
52767
54353
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
52768
54354
|
"CVE-2023-43472",
|
|
52769
54355
|
"CVE-2023-48022",
|
|
54356
|
+
"CVE-2024-0132",
|
|
52770
54357
|
"CVE-2024-3094",
|
|
52771
54358
|
"CVE-2024-3154",
|
|
52772
54359
|
"CVE-2024-50050",
|
|
@@ -52774,7 +54361,9 @@
|
|
|
52774
54361
|
"CVE-2025-10585",
|
|
52775
54362
|
"CVE-2025-1094",
|
|
52776
54363
|
"CVE-2025-14174",
|
|
54364
|
+
"CVE-2025-1550",
|
|
52777
54365
|
"CVE-2025-23254",
|
|
54366
|
+
"CVE-2025-23266",
|
|
52778
54367
|
"CVE-2025-30165",
|
|
52779
54368
|
"CVE-2025-34291",
|
|
52780
54369
|
"CVE-2025-38352",
|
|
@@ -52786,6 +54375,7 @@
|
|
|
52786
54375
|
"CVE-2025-60455",
|
|
52787
54376
|
"CVE-2025-64496",
|
|
52788
54377
|
"CVE-2025-6965",
|
|
54378
|
+
"CVE-2025-8747",
|
|
52789
54379
|
"CVE-2026-0766",
|
|
52790
54380
|
"CVE-2026-22252",
|
|
52791
54381
|
"CVE-2026-22688",
|
|
@@ -53004,12 +54594,15 @@
|
|
|
53004
54594
|
},
|
|
53005
54595
|
"related_cves": [
|
|
53006
54596
|
"CVE-2023-48022",
|
|
54597
|
+
"CVE-2024-0132",
|
|
53007
54598
|
"CVE-2024-3094",
|
|
53008
54599
|
"CVE-2024-50050",
|
|
53009
54600
|
"CVE-2025-10585",
|
|
53010
54601
|
"CVE-2025-1094",
|
|
53011
54602
|
"CVE-2025-14174",
|
|
54603
|
+
"CVE-2025-1550",
|
|
53012
54604
|
"CVE-2025-23254",
|
|
54605
|
+
"CVE-2025-23266",
|
|
53013
54606
|
"CVE-2025-30165",
|
|
53014
54607
|
"CVE-2025-34291",
|
|
53015
54608
|
"CVE-2025-38352",
|
|
@@ -53019,6 +54612,7 @@
|
|
|
53019
54612
|
"CVE-2025-54136",
|
|
53020
54613
|
"CVE-2025-60455",
|
|
53021
54614
|
"CVE-2025-64496",
|
|
54615
|
+
"CVE-2025-8747",
|
|
53022
54616
|
"CVE-2026-0766",
|
|
53023
54617
|
"CVE-2026-22252",
|
|
53024
54618
|
"CVE-2026-22688",
|
|
@@ -53667,6 +55261,7 @@
|
|
|
53667
55261
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
53668
55262
|
"CVE-2023-43472",
|
|
53669
55263
|
"CVE-2023-48022",
|
|
55264
|
+
"CVE-2024-0132",
|
|
53670
55265
|
"CVE-2024-3094",
|
|
53671
55266
|
"CVE-2024-3154",
|
|
53672
55267
|
"CVE-2024-50050",
|
|
@@ -53674,7 +55269,9 @@
|
|
|
53674
55269
|
"CVE-2025-10585",
|
|
53675
55270
|
"CVE-2025-1094",
|
|
53676
55271
|
"CVE-2025-14174",
|
|
55272
|
+
"CVE-2025-1550",
|
|
53677
55273
|
"CVE-2025-23254",
|
|
55274
|
+
"CVE-2025-23266",
|
|
53678
55275
|
"CVE-2025-30165",
|
|
53679
55276
|
"CVE-2025-34291",
|
|
53680
55277
|
"CVE-2025-38352",
|
|
@@ -53686,6 +55283,7 @@
|
|
|
53686
55283
|
"CVE-2025-60455",
|
|
53687
55284
|
"CVE-2025-64496",
|
|
53688
55285
|
"CVE-2025-6965",
|
|
55286
|
+
"CVE-2025-8747",
|
|
53689
55287
|
"CVE-2026-0766",
|
|
53690
55288
|
"CVE-2026-22252",
|
|
53691
55289
|
"CVE-2026-22688",
|
|
@@ -53908,6 +55506,7 @@
|
|
|
53908
55506
|
"CVE-2023-48022",
|
|
53909
55507
|
"CVE-2023-50224",
|
|
53910
55508
|
"CVE-2023-52163",
|
|
55509
|
+
"CVE-2024-0132",
|
|
53911
55510
|
"CVE-2024-0769",
|
|
53912
55511
|
"CVE-2024-11182",
|
|
53913
55512
|
"CVE-2024-12987",
|
|
@@ -53938,6 +55537,7 @@
|
|
|
53938
55537
|
"CVE-2025-14174",
|
|
53939
55538
|
"CVE-2025-14611",
|
|
53940
55539
|
"CVE-2025-14733",
|
|
55540
|
+
"CVE-2025-1550",
|
|
53941
55541
|
"CVE-2025-15556",
|
|
53942
55542
|
"CVE-2025-20281",
|
|
53943
55543
|
"CVE-2025-20333",
|
|
@@ -53950,6 +55550,7 @@
|
|
|
53950
55550
|
"CVE-2025-21479",
|
|
53951
55551
|
"CVE-2025-21480",
|
|
53952
55552
|
"CVE-2025-23254",
|
|
55553
|
+
"CVE-2025-23266",
|
|
53953
55554
|
"CVE-2025-24016",
|
|
53954
55555
|
"CVE-2025-24201",
|
|
53955
55556
|
"CVE-2025-24893",
|
|
@@ -54069,6 +55670,7 @@
|
|
|
54069
55670
|
"CVE-2025-7775",
|
|
54070
55671
|
"CVE-2025-8088",
|
|
54071
55672
|
"CVE-2025-8110",
|
|
55673
|
+
"CVE-2025-8747",
|
|
54072
55674
|
"CVE-2025-8875",
|
|
54073
55675
|
"CVE-2025-8876",
|
|
54074
55676
|
"CVE-2025-9242",
|
|
@@ -54328,6 +55930,7 @@
|
|
|
54328
55930
|
"CVE-2023-48022",
|
|
54329
55931
|
"CVE-2023-50224",
|
|
54330
55932
|
"CVE-2023-52163",
|
|
55933
|
+
"CVE-2024-0132",
|
|
54331
55934
|
"CVE-2024-0769",
|
|
54332
55935
|
"CVE-2024-11182",
|
|
54333
55936
|
"CVE-2024-12987",
|
|
@@ -54358,6 +55961,7 @@
|
|
|
54358
55961
|
"CVE-2025-14174",
|
|
54359
55962
|
"CVE-2025-14611",
|
|
54360
55963
|
"CVE-2025-14733",
|
|
55964
|
+
"CVE-2025-1550",
|
|
54361
55965
|
"CVE-2025-15556",
|
|
54362
55966
|
"CVE-2025-20281",
|
|
54363
55967
|
"CVE-2025-20333",
|
|
@@ -54370,6 +55974,7 @@
|
|
|
54370
55974
|
"CVE-2025-21479",
|
|
54371
55975
|
"CVE-2025-21480",
|
|
54372
55976
|
"CVE-2025-23254",
|
|
55977
|
+
"CVE-2025-23266",
|
|
54373
55978
|
"CVE-2025-24016",
|
|
54374
55979
|
"CVE-2025-24201",
|
|
54375
55980
|
"CVE-2025-24893",
|
|
@@ -54489,6 +56094,7 @@
|
|
|
54489
56094
|
"CVE-2025-7775",
|
|
54490
56095
|
"CVE-2025-8088",
|
|
54491
56096
|
"CVE-2025-8110",
|
|
56097
|
+
"CVE-2025-8747",
|
|
54492
56098
|
"CVE-2025-8875",
|
|
54493
56099
|
"CVE-2025-8876",
|
|
54494
56100
|
"CVE-2025-9242",
|
|
@@ -54779,6 +56385,7 @@
|
|
|
54779
56385
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
54780
56386
|
"CVE-2023-43472",
|
|
54781
56387
|
"CVE-2023-48022",
|
|
56388
|
+
"CVE-2024-0132",
|
|
54782
56389
|
"CVE-2024-3094",
|
|
54783
56390
|
"CVE-2024-3154",
|
|
54784
56391
|
"CVE-2024-50050",
|
|
@@ -54786,7 +56393,9 @@
|
|
|
54786
56393
|
"CVE-2025-10585",
|
|
54787
56394
|
"CVE-2025-1094",
|
|
54788
56395
|
"CVE-2025-14174",
|
|
56396
|
+
"CVE-2025-1550",
|
|
54789
56397
|
"CVE-2025-23254",
|
|
56398
|
+
"CVE-2025-23266",
|
|
54790
56399
|
"CVE-2025-30165",
|
|
54791
56400
|
"CVE-2025-34291",
|
|
54792
56401
|
"CVE-2025-38352",
|
|
@@ -54798,6 +56407,7 @@
|
|
|
54798
56407
|
"CVE-2025-60455",
|
|
54799
56408
|
"CVE-2025-64496",
|
|
54800
56409
|
"CVE-2025-6965",
|
|
56410
|
+
"CVE-2025-8747",
|
|
54801
56411
|
"CVE-2026-0766",
|
|
54802
56412
|
"CVE-2026-22252",
|
|
54803
56413
|
"CVE-2026-22688",
|
|
@@ -55572,6 +57182,7 @@
|
|
|
55572
57182
|
"CVE-2023-48022",
|
|
55573
57183
|
"CVE-2023-50224",
|
|
55574
57184
|
"CVE-2023-52163",
|
|
57185
|
+
"CVE-2024-0132",
|
|
55575
57186
|
"CVE-2024-0769",
|
|
55576
57187
|
"CVE-2024-11182",
|
|
55577
57188
|
"CVE-2024-12987",
|
|
@@ -55602,6 +57213,7 @@
|
|
|
55602
57213
|
"CVE-2025-14174",
|
|
55603
57214
|
"CVE-2025-14611",
|
|
55604
57215
|
"CVE-2025-14733",
|
|
57216
|
+
"CVE-2025-1550",
|
|
55605
57217
|
"CVE-2025-15556",
|
|
55606
57218
|
"CVE-2025-20281",
|
|
55607
57219
|
"CVE-2025-20333",
|
|
@@ -55614,6 +57226,7 @@
|
|
|
55614
57226
|
"CVE-2025-21479",
|
|
55615
57227
|
"CVE-2025-21480",
|
|
55616
57228
|
"CVE-2025-23254",
|
|
57229
|
+
"CVE-2025-23266",
|
|
55617
57230
|
"CVE-2025-24016",
|
|
55618
57231
|
"CVE-2025-24201",
|
|
55619
57232
|
"CVE-2025-24893",
|
|
@@ -55733,6 +57346,7 @@
|
|
|
55733
57346
|
"CVE-2025-7775",
|
|
55734
57347
|
"CVE-2025-8088",
|
|
55735
57348
|
"CVE-2025-8110",
|
|
57349
|
+
"CVE-2025-8747",
|
|
55736
57350
|
"CVE-2025-8875",
|
|
55737
57351
|
"CVE-2025-8876",
|
|
55738
57352
|
"CVE-2025-9242",
|
|
@@ -56087,6 +57701,7 @@
|
|
|
56087
57701
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
56088
57702
|
"CVE-2023-43472",
|
|
56089
57703
|
"CVE-2023-48022",
|
|
57704
|
+
"CVE-2024-0132",
|
|
56090
57705
|
"CVE-2024-3094",
|
|
56091
57706
|
"CVE-2024-3154",
|
|
56092
57707
|
"CVE-2024-50050",
|
|
@@ -56094,7 +57709,9 @@
|
|
|
56094
57709
|
"CVE-2025-10585",
|
|
56095
57710
|
"CVE-2025-1094",
|
|
56096
57711
|
"CVE-2025-14174",
|
|
57712
|
+
"CVE-2025-1550",
|
|
56097
57713
|
"CVE-2025-23254",
|
|
57714
|
+
"CVE-2025-23266",
|
|
56098
57715
|
"CVE-2025-30165",
|
|
56099
57716
|
"CVE-2025-34291",
|
|
56100
57717
|
"CVE-2025-38352",
|
|
@@ -56106,6 +57723,7 @@
|
|
|
56106
57723
|
"CVE-2025-60455",
|
|
56107
57724
|
"CVE-2025-64496",
|
|
56108
57725
|
"CVE-2025-6965",
|
|
57726
|
+
"CVE-2025-8747",
|
|
56109
57727
|
"CVE-2026-0766",
|
|
56110
57728
|
"CVE-2026-22252",
|
|
56111
57729
|
"CVE-2026-22688",
|
|
@@ -56406,6 +58024,7 @@
|
|
|
56406
58024
|
"CVE-2023-48022",
|
|
56407
58025
|
"CVE-2023-50224",
|
|
56408
58026
|
"CVE-2023-52163",
|
|
58027
|
+
"CVE-2024-0132",
|
|
56409
58028
|
"CVE-2024-0769",
|
|
56410
58029
|
"CVE-2024-11182",
|
|
56411
58030
|
"CVE-2024-12987",
|
|
@@ -56439,6 +58058,7 @@
|
|
|
56439
58058
|
"CVE-2025-14174",
|
|
56440
58059
|
"CVE-2025-14611",
|
|
56441
58060
|
"CVE-2025-14733",
|
|
58061
|
+
"CVE-2025-1550",
|
|
56442
58062
|
"CVE-2025-15556",
|
|
56443
58063
|
"CVE-2025-20281",
|
|
56444
58064
|
"CVE-2025-20333",
|
|
@@ -56451,6 +58071,7 @@
|
|
|
56451
58071
|
"CVE-2025-21479",
|
|
56452
58072
|
"CVE-2025-21480",
|
|
56453
58073
|
"CVE-2025-23254",
|
|
58074
|
+
"CVE-2025-23266",
|
|
56454
58075
|
"CVE-2025-24016",
|
|
56455
58076
|
"CVE-2025-24201",
|
|
56456
58077
|
"CVE-2025-24893",
|
|
@@ -56572,6 +58193,7 @@
|
|
|
56572
58193
|
"CVE-2025-7775",
|
|
56573
58194
|
"CVE-2025-8088",
|
|
56574
58195
|
"CVE-2025-8110",
|
|
58196
|
+
"CVE-2025-8747",
|
|
56575
58197
|
"CVE-2025-8875",
|
|
56576
58198
|
"CVE-2025-8876",
|
|
56577
58199
|
"CVE-2025-9242",
|
|
@@ -56940,13 +58562,16 @@
|
|
|
56940
58562
|
"related_cves": [
|
|
56941
58563
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
56942
58564
|
"CVE-2023-48022",
|
|
58565
|
+
"CVE-2024-0132",
|
|
56943
58566
|
"CVE-2024-3094",
|
|
56944
58567
|
"CVE-2024-3154",
|
|
56945
58568
|
"CVE-2024-50050",
|
|
56946
58569
|
"CVE-2025-10585",
|
|
56947
58570
|
"CVE-2025-1094",
|
|
56948
58571
|
"CVE-2025-14174",
|
|
58572
|
+
"CVE-2025-1550",
|
|
56949
58573
|
"CVE-2025-23254",
|
|
58574
|
+
"CVE-2025-23266",
|
|
56950
58575
|
"CVE-2025-30165",
|
|
56951
58576
|
"CVE-2025-34291",
|
|
56952
58577
|
"CVE-2025-38352",
|
|
@@ -56957,6 +58582,7 @@
|
|
|
56957
58582
|
"CVE-2025-54136",
|
|
56958
58583
|
"CVE-2025-60455",
|
|
56959
58584
|
"CVE-2025-64496",
|
|
58585
|
+
"CVE-2025-8747",
|
|
56960
58586
|
"CVE-2026-0766",
|
|
56961
58587
|
"CVE-2026-22252",
|
|
56962
58588
|
"CVE-2026-22688",
|
|
@@ -57874,6 +59500,7 @@
|
|
|
57874
59500
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
57875
59501
|
"CVE-2023-43472",
|
|
57876
59502
|
"CVE-2023-48022",
|
|
59503
|
+
"CVE-2024-0132",
|
|
57877
59504
|
"CVE-2024-3094",
|
|
57878
59505
|
"CVE-2024-3154",
|
|
57879
59506
|
"CVE-2024-50050",
|
|
@@ -57881,7 +59508,9 @@
|
|
|
57881
59508
|
"CVE-2025-10585",
|
|
57882
59509
|
"CVE-2025-1094",
|
|
57883
59510
|
"CVE-2025-14174",
|
|
59511
|
+
"CVE-2025-1550",
|
|
57884
59512
|
"CVE-2025-23254",
|
|
59513
|
+
"CVE-2025-23266",
|
|
57885
59514
|
"CVE-2025-30165",
|
|
57886
59515
|
"CVE-2025-34291",
|
|
57887
59516
|
"CVE-2025-38352",
|
|
@@ -57893,6 +59522,7 @@
|
|
|
57893
59522
|
"CVE-2025-60455",
|
|
57894
59523
|
"CVE-2025-64496",
|
|
57895
59524
|
"CVE-2025-6965",
|
|
59525
|
+
"CVE-2025-8747",
|
|
57896
59526
|
"CVE-2026-0766",
|
|
57897
59527
|
"CVE-2026-22252",
|
|
57898
59528
|
"CVE-2026-22688",
|
|
@@ -57972,11 +59602,14 @@
|
|
|
57972
59602
|
},
|
|
57973
59603
|
"related_cves": [
|
|
57974
59604
|
"CVE-2023-48022",
|
|
59605
|
+
"CVE-2024-0132",
|
|
57975
59606
|
"CVE-2024-50050",
|
|
57976
59607
|
"CVE-2025-10585",
|
|
57977
59608
|
"CVE-2025-1094",
|
|
57978
59609
|
"CVE-2025-14174",
|
|
59610
|
+
"CVE-2025-1550",
|
|
57979
59611
|
"CVE-2025-23254",
|
|
59612
|
+
"CVE-2025-23266",
|
|
57980
59613
|
"CVE-2025-30165",
|
|
57981
59614
|
"CVE-2025-34291",
|
|
57982
59615
|
"CVE-2025-38352",
|
|
@@ -57985,6 +59618,7 @@
|
|
|
57985
59618
|
"CVE-2025-54136",
|
|
57986
59619
|
"CVE-2025-60455",
|
|
57987
59620
|
"CVE-2025-64496",
|
|
59621
|
+
"CVE-2025-8747",
|
|
57988
59622
|
"CVE-2026-0766",
|
|
57989
59623
|
"CVE-2026-22252",
|
|
57990
59624
|
"CVE-2026-22688",
|
|
@@ -58140,11 +59774,14 @@
|
|
|
58140
59774
|
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
58141
59775
|
"CVE-2023-43472",
|
|
58142
59776
|
"CVE-2023-48022",
|
|
59777
|
+
"CVE-2024-0132",
|
|
58143
59778
|
"CVE-2024-50050",
|
|
58144
59779
|
"CVE-2025-0133",
|
|
58145
59780
|
"CVE-2025-1094",
|
|
58146
59781
|
"CVE-2025-11837",
|
|
59782
|
+
"CVE-2025-1550",
|
|
58147
59783
|
"CVE-2025-23254",
|
|
59784
|
+
"CVE-2025-23266",
|
|
58148
59785
|
"CVE-2025-30165",
|
|
58149
59786
|
"CVE-2025-34291",
|
|
58150
59787
|
"CVE-2025-49596",
|
|
@@ -58153,6 +59790,7 @@
|
|
|
58153
59790
|
"CVE-2025-60455",
|
|
58154
59791
|
"CVE-2025-64496",
|
|
58155
59792
|
"CVE-2025-6965",
|
|
59793
|
+
"CVE-2025-8747",
|
|
58156
59794
|
"CVE-2026-0766",
|
|
58157
59795
|
"CVE-2026-22252",
|
|
58158
59796
|
"CVE-2026-22688",
|
|
@@ -58587,6 +60225,7 @@
|
|
|
58587
60225
|
"CVE-2025-14174",
|
|
58588
60226
|
"CVE-2025-14611",
|
|
58589
60227
|
"CVE-2025-14733",
|
|
60228
|
+
"CVE-2025-1550",
|
|
58590
60229
|
"CVE-2025-15556",
|
|
58591
60230
|
"CVE-2025-20281",
|
|
58592
60231
|
"CVE-2025-20333",
|
|
@@ -58713,6 +60352,7 @@
|
|
|
58713
60352
|
"CVE-2025-7775",
|
|
58714
60353
|
"CVE-2025-8088",
|
|
58715
60354
|
"CVE-2025-8110",
|
|
60355
|
+
"CVE-2025-8747",
|
|
58716
60356
|
"CVE-2025-8875",
|
|
58717
60357
|
"CVE-2025-8876",
|
|
58718
60358
|
"CVE-2025-9242",
|
|
@@ -59000,6 +60640,7 @@
|
|
|
59000
60640
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
59001
60641
|
"CVE-2023-43472",
|
|
59002
60642
|
"CVE-2023-48022",
|
|
60643
|
+
"CVE-2024-0132",
|
|
59003
60644
|
"CVE-2024-3094",
|
|
59004
60645
|
"CVE-2024-3154",
|
|
59005
60646
|
"CVE-2024-50050",
|
|
@@ -59007,7 +60648,9 @@
|
|
|
59007
60648
|
"CVE-2025-10585",
|
|
59008
60649
|
"CVE-2025-1094",
|
|
59009
60650
|
"CVE-2025-14174",
|
|
60651
|
+
"CVE-2025-1550",
|
|
59010
60652
|
"CVE-2025-23254",
|
|
60653
|
+
"CVE-2025-23266",
|
|
59011
60654
|
"CVE-2025-30165",
|
|
59012
60655
|
"CVE-2025-34291",
|
|
59013
60656
|
"CVE-2025-38352",
|
|
@@ -59019,6 +60662,7 @@
|
|
|
59019
60662
|
"CVE-2025-60455",
|
|
59020
60663
|
"CVE-2025-64496",
|
|
59021
60664
|
"CVE-2025-6965",
|
|
60665
|
+
"CVE-2025-8747",
|
|
59022
60666
|
"CVE-2026-0766",
|
|
59023
60667
|
"CVE-2026-22252",
|
|
59024
60668
|
"CVE-2026-22688",
|
|
@@ -59291,6 +60935,7 @@
|
|
|
59291
60935
|
"BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
|
|
59292
60936
|
"CVE-2023-43472",
|
|
59293
60937
|
"CVE-2023-48022",
|
|
60938
|
+
"CVE-2024-0132",
|
|
59294
60939
|
"CVE-2024-3094",
|
|
59295
60940
|
"CVE-2024-40635",
|
|
59296
60941
|
"CVE-2024-50050",
|
|
@@ -59298,8 +60943,10 @@
|
|
|
59298
60943
|
"CVE-2025-1094",
|
|
59299
60944
|
"CVE-2025-11837",
|
|
59300
60945
|
"CVE-2025-14847",
|
|
60946
|
+
"CVE-2025-1550",
|
|
59301
60947
|
"CVE-2025-22226",
|
|
59302
60948
|
"CVE-2025-23254",
|
|
60949
|
+
"CVE-2025-23266",
|
|
59303
60950
|
"CVE-2025-30165",
|
|
59304
60951
|
"CVE-2025-34291",
|
|
59305
60952
|
"CVE-2025-49596",
|
|
@@ -59309,6 +60956,7 @@
|
|
|
59309
60956
|
"CVE-2025-60455",
|
|
59310
60957
|
"CVE-2025-64496",
|
|
59311
60958
|
"CVE-2025-6965",
|
|
60959
|
+
"CVE-2025-8747",
|
|
59312
60960
|
"CVE-2026-0766",
|
|
59313
60961
|
"CVE-2026-22252",
|
|
59314
60962
|
"CVE-2026-22688",
|