@blamejs/exceptd-skills 0.13.82 → 0.13.84

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +2138 -0
  6. package/data/atlas-ttps.json +13 -2
  7. package/data/attack-techniques.json +14 -1
  8. package/data/cve-catalog.json +527 -1
  9. package/data/cwe-catalog.json +6 -0
  10. package/data/framework-control-gaps.json +40 -0
  11. package/data/zeroday-lessons.json +250 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -24597,6 +24597,2026 @@
24597
24597
  ]
24598
24598
  }
24599
24599
  },
24600
+ "CVE-2025-1550": {
24601
+ "name": "Keras .keras Model Deserialization Arbitrary Code Execution",
24602
+ "rwep": 31,
24603
+ "cvss": 9.8,
24604
+ "cisa_kev": false,
24605
+ "epss_score": null,
24606
+ "referencing_skills": [
24607
+ "kernel-lpe-triage",
24608
+ "ai-attack-surface",
24609
+ "compliance-theater",
24610
+ "attack-surface-pentest",
24611
+ "ot-ics-security",
24612
+ "coordinated-vuln-disclosure",
24613
+ "sector-energy"
24614
+ ],
24615
+ "chain": {
24616
+ "cwes": [
24617
+ {
24618
+ "id": "CWE-1037",
24619
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
24620
+ "category": "Hardware / Side Channel"
24621
+ },
24622
+ {
24623
+ "id": "CWE-1039",
24624
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
24625
+ "category": "AI/ML"
24626
+ },
24627
+ {
24628
+ "id": "CWE-125",
24629
+ "name": "Out-of-bounds Read",
24630
+ "category": "Memory Safety"
24631
+ },
24632
+ {
24633
+ "id": "CWE-1357",
24634
+ "name": "Reliance on Insufficiently Trustworthy Component",
24635
+ "category": "Supply Chain"
24636
+ },
24637
+ {
24638
+ "id": "CWE-1395",
24639
+ "name": "Dependency on Vulnerable Third-Party Component",
24640
+ "category": "Supply Chain"
24641
+ },
24642
+ {
24643
+ "id": "CWE-1426",
24644
+ "name": "Improper Validation of Generative AI Output",
24645
+ "category": "AI/ML"
24646
+ },
24647
+ {
24648
+ "id": "CWE-22",
24649
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
24650
+ "category": "Path/Resource"
24651
+ },
24652
+ {
24653
+ "id": "CWE-269",
24654
+ "name": "Improper Privilege Management",
24655
+ "category": "Authorization"
24656
+ },
24657
+ {
24658
+ "id": "CWE-287",
24659
+ "name": "Improper Authentication",
24660
+ "category": "Authentication"
24661
+ },
24662
+ {
24663
+ "id": "CWE-306",
24664
+ "name": "Missing Authentication for Critical Function",
24665
+ "category": "Authentication"
24666
+ },
24667
+ {
24668
+ "id": "CWE-352",
24669
+ "name": "Cross-Site Request Forgery (CSRF)",
24670
+ "category": "Session"
24671
+ },
24672
+ {
24673
+ "id": "CWE-362",
24674
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
24675
+ "category": "Concurrency"
24676
+ },
24677
+ {
24678
+ "id": "CWE-416",
24679
+ "name": "Use After Free",
24680
+ "category": "Memory Safety"
24681
+ },
24682
+ {
24683
+ "id": "CWE-434",
24684
+ "name": "Unrestricted Upload of File with Dangerous Type",
24685
+ "category": "File Handling"
24686
+ },
24687
+ {
24688
+ "id": "CWE-672",
24689
+ "name": "Operation on a Resource after Expiration or Release",
24690
+ "category": "Memory Safety"
24691
+ },
24692
+ {
24693
+ "id": "CWE-732",
24694
+ "name": "Incorrect Permission Assignment for Critical Resource",
24695
+ "category": "Authorization"
24696
+ },
24697
+ {
24698
+ "id": "CWE-78",
24699
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
24700
+ "category": "Injection"
24701
+ },
24702
+ {
24703
+ "id": "CWE-787",
24704
+ "name": "Out-of-bounds Write",
24705
+ "category": "Memory Safety"
24706
+ },
24707
+ {
24708
+ "id": "CWE-79",
24709
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
24710
+ "category": "Injection"
24711
+ },
24712
+ {
24713
+ "id": "CWE-798",
24714
+ "name": "Use of Hard-coded Credentials",
24715
+ "category": "Credentials"
24716
+ },
24717
+ {
24718
+ "id": "CWE-89",
24719
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
24720
+ "category": "Injection"
24721
+ },
24722
+ {
24723
+ "id": "CWE-918",
24724
+ "name": "Server-Side Request Forgery (SSRF)",
24725
+ "category": "Network"
24726
+ },
24727
+ {
24728
+ "id": "CWE-94",
24729
+ "name": "Improper Control of Generation of Code (Code Injection)",
24730
+ "category": "Injection"
24731
+ }
24732
+ ],
24733
+ "atlas": [
24734
+ {
24735
+ "id": "AML.T0010",
24736
+ "name": "ML Supply Chain Compromise",
24737
+ "tactic": "Initial Access"
24738
+ },
24739
+ {
24740
+ "id": "AML.T0016",
24741
+ "name": "Obtain Capabilities: Develop Capabilities",
24742
+ "tactic": "Resource Development"
24743
+ },
24744
+ {
24745
+ "id": "AML.T0017",
24746
+ "name": "Discover ML Model Ontology",
24747
+ "tactic": "Discovery"
24748
+ },
24749
+ {
24750
+ "id": "AML.T0018",
24751
+ "name": "Backdoor ML Model",
24752
+ "tactic": "Persistence"
24753
+ },
24754
+ {
24755
+ "id": "AML.T0020",
24756
+ "name": "Poison Training Data",
24757
+ "tactic": "ML Attack Staging"
24758
+ },
24759
+ {
24760
+ "id": "AML.T0043",
24761
+ "name": "Craft Adversarial Data",
24762
+ "tactic": "ML Attack Staging"
24763
+ },
24764
+ {
24765
+ "id": "AML.T0051",
24766
+ "name": "LLM Prompt Injection",
24767
+ "tactic": "Execution"
24768
+ },
24769
+ {
24770
+ "id": "AML.T0054",
24771
+ "name": "LLM Jailbreak",
24772
+ "tactic": "Defense Evasion"
24773
+ },
24774
+ {
24775
+ "id": "AML.T0096",
24776
+ "name": "AI API as Covert C2 Channel",
24777
+ "tactic": "Command and Control"
24778
+ }
24779
+ ],
24780
+ "d3fend": [
24781
+ {
24782
+ "id": "D3-ASLR",
24783
+ "name": "Address Space Layout Randomization",
24784
+ "tactic": "Harden"
24785
+ },
24786
+ {
24787
+ "id": "D3-CSPP",
24788
+ "name": "Client-server Payload Profiling",
24789
+ "tactic": "Detect"
24790
+ },
24791
+ {
24792
+ "id": "D3-EAL",
24793
+ "name": "Executable Allowlisting",
24794
+ "tactic": "Harden"
24795
+ },
24796
+ {
24797
+ "id": "D3-IOPR",
24798
+ "name": "Input/Output Profiling Resource",
24799
+ "tactic": "Detect"
24800
+ },
24801
+ {
24802
+ "id": "D3-NTA",
24803
+ "name": "Network Traffic Analysis",
24804
+ "tactic": "Detect"
24805
+ },
24806
+ {
24807
+ "id": "D3-PHRA",
24808
+ "name": "Process Hardware Resource Access",
24809
+ "tactic": "Isolate"
24810
+ },
24811
+ {
24812
+ "id": "D3-PSEP",
24813
+ "name": "Process Segment Execution Prevention",
24814
+ "tactic": "Harden"
24815
+ }
24816
+ ],
24817
+ "framework_gaps": [
24818
+ {
24819
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
24820
+ "framework": "ALL",
24821
+ "control_name": "AI Pipeline Integrity"
24822
+ },
24823
+ {
24824
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
24825
+ "framework": "ALL",
24826
+ "control_name": "Prompt Injection as Access Control Failure"
24827
+ },
24828
+ {
24829
+ "id": "CIS-Controls-v8-Control7",
24830
+ "framework": "CIS Controls v8",
24831
+ "control_name": "Continuous Vulnerability Management"
24832
+ },
24833
+ {
24834
+ "id": "CMMC-2.0-Level-2",
24835
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
24836
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
24837
+ },
24838
+ {
24839
+ "id": "FedRAMP-Rev5-Moderate",
24840
+ "framework": "FedRAMP Rev 5 Moderate",
24841
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
24842
+ },
24843
+ {
24844
+ "id": "IEC-62443-3-3",
24845
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
24846
+ "control_name": "System security requirements and security levels"
24847
+ },
24848
+ {
24849
+ "id": "ISO-27001-2022-A.8.28",
24850
+ "framework": "ISO/IEC 27001:2022",
24851
+ "control_name": "Secure coding"
24852
+ },
24853
+ {
24854
+ "id": "ISO-27001-2022-A.8.8",
24855
+ "framework": "ISO/IEC 27001:2022",
24856
+ "control_name": "Management of technical vulnerabilities"
24857
+ },
24858
+ {
24859
+ "id": "ISO-IEC-23894-2023-clause-7",
24860
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
24861
+ "control_name": "AI risk management process"
24862
+ },
24863
+ {
24864
+ "id": "NERC-CIP-007-6-R4",
24865
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
24866
+ "control_name": "Security event monitoring"
24867
+ },
24868
+ {
24869
+ "id": "NIS2-Art21-patch-management",
24870
+ "framework": "EU NIS2 Directive",
24871
+ "control_name": "Vulnerability handling and disclosure"
24872
+ },
24873
+ {
24874
+ "id": "NIST-800-115",
24875
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
24876
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
24877
+ },
24878
+ {
24879
+ "id": "NIST-800-218-SSDF",
24880
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
24881
+ "control_name": "Secure Software Development Framework"
24882
+ },
24883
+ {
24884
+ "id": "NIST-800-53-AC-2",
24885
+ "framework": "NIST SP 800-53 Rev 5",
24886
+ "control_name": "Account Management"
24887
+ },
24888
+ {
24889
+ "id": "NIST-800-53-SC-8",
24890
+ "framework": "NIST SP 800-53 Rev 5",
24891
+ "control_name": "Transmission Confidentiality and Integrity"
24892
+ },
24893
+ {
24894
+ "id": "NIST-800-53-SI-2",
24895
+ "framework": "NIST SP 800-53 Rev 5",
24896
+ "control_name": "Flaw Remediation"
24897
+ },
24898
+ {
24899
+ "id": "NIST-800-53-SI-3",
24900
+ "framework": "NIST SP 800-53 Rev 5",
24901
+ "control_name": "Malicious Code Protection"
24902
+ },
24903
+ {
24904
+ "id": "NIST-800-82r3",
24905
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
24906
+ "control_name": "Guide to Operational Technology (OT) Security"
24907
+ },
24908
+ {
24909
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
24910
+ "framework": "OWASP Top 10 for LLM Applications 2025",
24911
+ "control_name": "Prompt Injection"
24912
+ },
24913
+ {
24914
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
24915
+ "framework": "OWASP Top 10 for LLM Applications 2025",
24916
+ "control_name": "Sensitive Information Disclosure"
24917
+ },
24918
+ {
24919
+ "id": "OWASP-Pen-Testing-Guide-v5",
24920
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
24921
+ "control_name": "Web application penetration testing methodology"
24922
+ },
24923
+ {
24924
+ "id": "PCI-DSS-4.0-6.3.3",
24925
+ "framework": "PCI DSS 4.0",
24926
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
24927
+ },
24928
+ {
24929
+ "id": "PTES-Pre-engagement",
24930
+ "framework": "Penetration Testing Execution Standard (PTES)",
24931
+ "control_name": "Pre-engagement Interactions"
24932
+ },
24933
+ {
24934
+ "id": "SOC2-CC6-logical-access",
24935
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
24936
+ "control_name": "Logical and Physical Access Controls"
24937
+ },
24938
+ {
24939
+ "id": "SOC2-CC9-vendor-management",
24940
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
24941
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
24942
+ }
24943
+ ],
24944
+ "attack_refs": [
24945
+ "T0855",
24946
+ "T0883",
24947
+ "T1059",
24948
+ "T1068",
24949
+ "T1078",
24950
+ "T1133",
24951
+ "T1190",
24952
+ "T1548.001",
24953
+ "T1566"
24954
+ ],
24955
+ "rfc_refs": [
24956
+ "RFC-4301",
24957
+ "RFC-4303",
24958
+ "RFC-7296"
24959
+ ]
24960
+ }
24961
+ },
24962
+ "CVE-2025-8747": {
24963
+ "name": "Keras safe_mode Bypass Model Deserialization Code Execution",
24964
+ "rwep": 31,
24965
+ "cvss": 7.8,
24966
+ "cisa_kev": false,
24967
+ "epss_score": null,
24968
+ "referencing_skills": [
24969
+ "kernel-lpe-triage",
24970
+ "ai-attack-surface",
24971
+ "compliance-theater",
24972
+ "attack-surface-pentest",
24973
+ "ot-ics-security",
24974
+ "coordinated-vuln-disclosure",
24975
+ "sector-energy"
24976
+ ],
24977
+ "chain": {
24978
+ "cwes": [
24979
+ {
24980
+ "id": "CWE-1037",
24981
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
24982
+ "category": "Hardware / Side Channel"
24983
+ },
24984
+ {
24985
+ "id": "CWE-1039",
24986
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
24987
+ "category": "AI/ML"
24988
+ },
24989
+ {
24990
+ "id": "CWE-125",
24991
+ "name": "Out-of-bounds Read",
24992
+ "category": "Memory Safety"
24993
+ },
24994
+ {
24995
+ "id": "CWE-1357",
24996
+ "name": "Reliance on Insufficiently Trustworthy Component",
24997
+ "category": "Supply Chain"
24998
+ },
24999
+ {
25000
+ "id": "CWE-1395",
25001
+ "name": "Dependency on Vulnerable Third-Party Component",
25002
+ "category": "Supply Chain"
25003
+ },
25004
+ {
25005
+ "id": "CWE-1426",
25006
+ "name": "Improper Validation of Generative AI Output",
25007
+ "category": "AI/ML"
25008
+ },
25009
+ {
25010
+ "id": "CWE-22",
25011
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
25012
+ "category": "Path/Resource"
25013
+ },
25014
+ {
25015
+ "id": "CWE-269",
25016
+ "name": "Improper Privilege Management",
25017
+ "category": "Authorization"
25018
+ },
25019
+ {
25020
+ "id": "CWE-287",
25021
+ "name": "Improper Authentication",
25022
+ "category": "Authentication"
25023
+ },
25024
+ {
25025
+ "id": "CWE-306",
25026
+ "name": "Missing Authentication for Critical Function",
25027
+ "category": "Authentication"
25028
+ },
25029
+ {
25030
+ "id": "CWE-352",
25031
+ "name": "Cross-Site Request Forgery (CSRF)",
25032
+ "category": "Session"
25033
+ },
25034
+ {
25035
+ "id": "CWE-362",
25036
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
25037
+ "category": "Concurrency"
25038
+ },
25039
+ {
25040
+ "id": "CWE-416",
25041
+ "name": "Use After Free",
25042
+ "category": "Memory Safety"
25043
+ },
25044
+ {
25045
+ "id": "CWE-434",
25046
+ "name": "Unrestricted Upload of File with Dangerous Type",
25047
+ "category": "File Handling"
25048
+ },
25049
+ {
25050
+ "id": "CWE-672",
25051
+ "name": "Operation on a Resource after Expiration or Release",
25052
+ "category": "Memory Safety"
25053
+ },
25054
+ {
25055
+ "id": "CWE-732",
25056
+ "name": "Incorrect Permission Assignment for Critical Resource",
25057
+ "category": "Authorization"
25058
+ },
25059
+ {
25060
+ "id": "CWE-78",
25061
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
25062
+ "category": "Injection"
25063
+ },
25064
+ {
25065
+ "id": "CWE-787",
25066
+ "name": "Out-of-bounds Write",
25067
+ "category": "Memory Safety"
25068
+ },
25069
+ {
25070
+ "id": "CWE-79",
25071
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
25072
+ "category": "Injection"
25073
+ },
25074
+ {
25075
+ "id": "CWE-798",
25076
+ "name": "Use of Hard-coded Credentials",
25077
+ "category": "Credentials"
25078
+ },
25079
+ {
25080
+ "id": "CWE-89",
25081
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
25082
+ "category": "Injection"
25083
+ },
25084
+ {
25085
+ "id": "CWE-918",
25086
+ "name": "Server-Side Request Forgery (SSRF)",
25087
+ "category": "Network"
25088
+ },
25089
+ {
25090
+ "id": "CWE-94",
25091
+ "name": "Improper Control of Generation of Code (Code Injection)",
25092
+ "category": "Injection"
25093
+ }
25094
+ ],
25095
+ "atlas": [
25096
+ {
25097
+ "id": "AML.T0010",
25098
+ "name": "ML Supply Chain Compromise",
25099
+ "tactic": "Initial Access"
25100
+ },
25101
+ {
25102
+ "id": "AML.T0016",
25103
+ "name": "Obtain Capabilities: Develop Capabilities",
25104
+ "tactic": "Resource Development"
25105
+ },
25106
+ {
25107
+ "id": "AML.T0017",
25108
+ "name": "Discover ML Model Ontology",
25109
+ "tactic": "Discovery"
25110
+ },
25111
+ {
25112
+ "id": "AML.T0018",
25113
+ "name": "Backdoor ML Model",
25114
+ "tactic": "Persistence"
25115
+ },
25116
+ {
25117
+ "id": "AML.T0020",
25118
+ "name": "Poison Training Data",
25119
+ "tactic": "ML Attack Staging"
25120
+ },
25121
+ {
25122
+ "id": "AML.T0043",
25123
+ "name": "Craft Adversarial Data",
25124
+ "tactic": "ML Attack Staging"
25125
+ },
25126
+ {
25127
+ "id": "AML.T0051",
25128
+ "name": "LLM Prompt Injection",
25129
+ "tactic": "Execution"
25130
+ },
25131
+ {
25132
+ "id": "AML.T0054",
25133
+ "name": "LLM Jailbreak",
25134
+ "tactic": "Defense Evasion"
25135
+ },
25136
+ {
25137
+ "id": "AML.T0096",
25138
+ "name": "AI API as Covert C2 Channel",
25139
+ "tactic": "Command and Control"
25140
+ }
25141
+ ],
25142
+ "d3fend": [
25143
+ {
25144
+ "id": "D3-ASLR",
25145
+ "name": "Address Space Layout Randomization",
25146
+ "tactic": "Harden"
25147
+ },
25148
+ {
25149
+ "id": "D3-CSPP",
25150
+ "name": "Client-server Payload Profiling",
25151
+ "tactic": "Detect"
25152
+ },
25153
+ {
25154
+ "id": "D3-EAL",
25155
+ "name": "Executable Allowlisting",
25156
+ "tactic": "Harden"
25157
+ },
25158
+ {
25159
+ "id": "D3-IOPR",
25160
+ "name": "Input/Output Profiling Resource",
25161
+ "tactic": "Detect"
25162
+ },
25163
+ {
25164
+ "id": "D3-NTA",
25165
+ "name": "Network Traffic Analysis",
25166
+ "tactic": "Detect"
25167
+ },
25168
+ {
25169
+ "id": "D3-PHRA",
25170
+ "name": "Process Hardware Resource Access",
25171
+ "tactic": "Isolate"
25172
+ },
25173
+ {
25174
+ "id": "D3-PSEP",
25175
+ "name": "Process Segment Execution Prevention",
25176
+ "tactic": "Harden"
25177
+ }
25178
+ ],
25179
+ "framework_gaps": [
25180
+ {
25181
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
25182
+ "framework": "ALL",
25183
+ "control_name": "AI Pipeline Integrity"
25184
+ },
25185
+ {
25186
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
25187
+ "framework": "ALL",
25188
+ "control_name": "Prompt Injection as Access Control Failure"
25189
+ },
25190
+ {
25191
+ "id": "CIS-Controls-v8-Control7",
25192
+ "framework": "CIS Controls v8",
25193
+ "control_name": "Continuous Vulnerability Management"
25194
+ },
25195
+ {
25196
+ "id": "CMMC-2.0-Level-2",
25197
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
25198
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
25199
+ },
25200
+ {
25201
+ "id": "FedRAMP-Rev5-Moderate",
25202
+ "framework": "FedRAMP Rev 5 Moderate",
25203
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
25204
+ },
25205
+ {
25206
+ "id": "IEC-62443-3-3",
25207
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
25208
+ "control_name": "System security requirements and security levels"
25209
+ },
25210
+ {
25211
+ "id": "ISO-27001-2022-A.8.28",
25212
+ "framework": "ISO/IEC 27001:2022",
25213
+ "control_name": "Secure coding"
25214
+ },
25215
+ {
25216
+ "id": "ISO-27001-2022-A.8.8",
25217
+ "framework": "ISO/IEC 27001:2022",
25218
+ "control_name": "Management of technical vulnerabilities"
25219
+ },
25220
+ {
25221
+ "id": "ISO-IEC-23894-2023-clause-7",
25222
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
25223
+ "control_name": "AI risk management process"
25224
+ },
25225
+ {
25226
+ "id": "NERC-CIP-007-6-R4",
25227
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
25228
+ "control_name": "Security event monitoring"
25229
+ },
25230
+ {
25231
+ "id": "NIS2-Art21-patch-management",
25232
+ "framework": "EU NIS2 Directive",
25233
+ "control_name": "Vulnerability handling and disclosure"
25234
+ },
25235
+ {
25236
+ "id": "NIST-800-115",
25237
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
25238
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
25239
+ },
25240
+ {
25241
+ "id": "NIST-800-218-SSDF",
25242
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
25243
+ "control_name": "Secure Software Development Framework"
25244
+ },
25245
+ {
25246
+ "id": "NIST-800-53-AC-2",
25247
+ "framework": "NIST SP 800-53 Rev 5",
25248
+ "control_name": "Account Management"
25249
+ },
25250
+ {
25251
+ "id": "NIST-800-53-SC-8",
25252
+ "framework": "NIST SP 800-53 Rev 5",
25253
+ "control_name": "Transmission Confidentiality and Integrity"
25254
+ },
25255
+ {
25256
+ "id": "NIST-800-53-SI-2",
25257
+ "framework": "NIST SP 800-53 Rev 5",
25258
+ "control_name": "Flaw Remediation"
25259
+ },
25260
+ {
25261
+ "id": "NIST-800-53-SI-3",
25262
+ "framework": "NIST SP 800-53 Rev 5",
25263
+ "control_name": "Malicious Code Protection"
25264
+ },
25265
+ {
25266
+ "id": "NIST-800-82r3",
25267
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
25268
+ "control_name": "Guide to Operational Technology (OT) Security"
25269
+ },
25270
+ {
25271
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
25272
+ "framework": "OWASP Top 10 for LLM Applications 2025",
25273
+ "control_name": "Prompt Injection"
25274
+ },
25275
+ {
25276
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
25277
+ "framework": "OWASP Top 10 for LLM Applications 2025",
25278
+ "control_name": "Sensitive Information Disclosure"
25279
+ },
25280
+ {
25281
+ "id": "OWASP-Pen-Testing-Guide-v5",
25282
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
25283
+ "control_name": "Web application penetration testing methodology"
25284
+ },
25285
+ {
25286
+ "id": "PCI-DSS-4.0-6.3.3",
25287
+ "framework": "PCI DSS 4.0",
25288
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
25289
+ },
25290
+ {
25291
+ "id": "PTES-Pre-engagement",
25292
+ "framework": "Penetration Testing Execution Standard (PTES)",
25293
+ "control_name": "Pre-engagement Interactions"
25294
+ },
25295
+ {
25296
+ "id": "SOC2-CC6-logical-access",
25297
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
25298
+ "control_name": "Logical and Physical Access Controls"
25299
+ },
25300
+ {
25301
+ "id": "SOC2-CC9-vendor-management",
25302
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
25303
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
25304
+ }
25305
+ ],
25306
+ "attack_refs": [
25307
+ "T0855",
25308
+ "T0883",
25309
+ "T1059",
25310
+ "T1068",
25311
+ "T1078",
25312
+ "T1133",
25313
+ "T1190",
25314
+ "T1548.001",
25315
+ "T1566"
25316
+ ],
25317
+ "rfc_refs": [
25318
+ "RFC-4301",
25319
+ "RFC-4303",
25320
+ "RFC-7296"
25321
+ ]
25322
+ }
25323
+ },
25324
+ "CVE-2024-42479": {
25325
+ "name": "llama.cpp RPC Backend SET_TENSOR Out-of-Bounds Write RCE",
25326
+ "rwep": 29,
25327
+ "cvss": 9.8,
25328
+ "cisa_kev": false,
25329
+ "epss_score": null,
25330
+ "referencing_skills": [
25331
+ "kernel-lpe-triage",
25332
+ "ai-attack-surface",
25333
+ "compliance-theater",
25334
+ "ai-c2-detection",
25335
+ "attack-surface-pentest",
25336
+ "dlp-gap-analysis",
25337
+ "ot-ics-security",
25338
+ "coordinated-vuln-disclosure",
25339
+ "sector-energy"
25340
+ ],
25341
+ "chain": {
25342
+ "cwes": [
25343
+ {
25344
+ "id": "CWE-1037",
25345
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
25346
+ "category": "Hardware / Side Channel"
25347
+ },
25348
+ {
25349
+ "id": "CWE-1039",
25350
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
25351
+ "category": "AI/ML"
25352
+ },
25353
+ {
25354
+ "id": "CWE-125",
25355
+ "name": "Out-of-bounds Read",
25356
+ "category": "Memory Safety"
25357
+ },
25358
+ {
25359
+ "id": "CWE-1357",
25360
+ "name": "Reliance on Insufficiently Trustworthy Component",
25361
+ "category": "Supply Chain"
25362
+ },
25363
+ {
25364
+ "id": "CWE-1395",
25365
+ "name": "Dependency on Vulnerable Third-Party Component",
25366
+ "category": "Supply Chain"
25367
+ },
25368
+ {
25369
+ "id": "CWE-1426",
25370
+ "name": "Improper Validation of Generative AI Output",
25371
+ "category": "AI/ML"
25372
+ },
25373
+ {
25374
+ "id": "CWE-200",
25375
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
25376
+ "category": "Information Exposure"
25377
+ },
25378
+ {
25379
+ "id": "CWE-22",
25380
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
25381
+ "category": "Path/Resource"
25382
+ },
25383
+ {
25384
+ "id": "CWE-269",
25385
+ "name": "Improper Privilege Management",
25386
+ "category": "Authorization"
25387
+ },
25388
+ {
25389
+ "id": "CWE-287",
25390
+ "name": "Improper Authentication",
25391
+ "category": "Authentication"
25392
+ },
25393
+ {
25394
+ "id": "CWE-306",
25395
+ "name": "Missing Authentication for Critical Function",
25396
+ "category": "Authentication"
25397
+ },
25398
+ {
25399
+ "id": "CWE-352",
25400
+ "name": "Cross-Site Request Forgery (CSRF)",
25401
+ "category": "Session"
25402
+ },
25403
+ {
25404
+ "id": "CWE-362",
25405
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
25406
+ "category": "Concurrency"
25407
+ },
25408
+ {
25409
+ "id": "CWE-416",
25410
+ "name": "Use After Free",
25411
+ "category": "Memory Safety"
25412
+ },
25413
+ {
25414
+ "id": "CWE-434",
25415
+ "name": "Unrestricted Upload of File with Dangerous Type",
25416
+ "category": "File Handling"
25417
+ },
25418
+ {
25419
+ "id": "CWE-672",
25420
+ "name": "Operation on a Resource after Expiration or Release",
25421
+ "category": "Memory Safety"
25422
+ },
25423
+ {
25424
+ "id": "CWE-732",
25425
+ "name": "Incorrect Permission Assignment for Critical Resource",
25426
+ "category": "Authorization"
25427
+ },
25428
+ {
25429
+ "id": "CWE-78",
25430
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
25431
+ "category": "Injection"
25432
+ },
25433
+ {
25434
+ "id": "CWE-787",
25435
+ "name": "Out-of-bounds Write",
25436
+ "category": "Memory Safety"
25437
+ },
25438
+ {
25439
+ "id": "CWE-79",
25440
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
25441
+ "category": "Injection"
25442
+ },
25443
+ {
25444
+ "id": "CWE-798",
25445
+ "name": "Use of Hard-coded Credentials",
25446
+ "category": "Credentials"
25447
+ },
25448
+ {
25449
+ "id": "CWE-89",
25450
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
25451
+ "category": "Injection"
25452
+ },
25453
+ {
25454
+ "id": "CWE-918",
25455
+ "name": "Server-Side Request Forgery (SSRF)",
25456
+ "category": "Network"
25457
+ },
25458
+ {
25459
+ "id": "CWE-94",
25460
+ "name": "Improper Control of Generation of Code (Code Injection)",
25461
+ "category": "Injection"
25462
+ }
25463
+ ],
25464
+ "atlas": [
25465
+ {
25466
+ "id": "AML.T0010",
25467
+ "name": "ML Supply Chain Compromise",
25468
+ "tactic": "Initial Access"
25469
+ },
25470
+ {
25471
+ "id": "AML.T0016",
25472
+ "name": "Obtain Capabilities: Develop Capabilities",
25473
+ "tactic": "Resource Development"
25474
+ },
25475
+ {
25476
+ "id": "AML.T0017",
25477
+ "name": "Discover ML Model Ontology",
25478
+ "tactic": "Discovery"
25479
+ },
25480
+ {
25481
+ "id": "AML.T0018",
25482
+ "name": "Backdoor ML Model",
25483
+ "tactic": "Persistence"
25484
+ },
25485
+ {
25486
+ "id": "AML.T0020",
25487
+ "name": "Poison Training Data",
25488
+ "tactic": "ML Attack Staging"
25489
+ },
25490
+ {
25491
+ "id": "AML.T0043",
25492
+ "name": "Craft Adversarial Data",
25493
+ "tactic": "ML Attack Staging"
25494
+ },
25495
+ {
25496
+ "id": "AML.T0051",
25497
+ "name": "LLM Prompt Injection",
25498
+ "tactic": "Execution"
25499
+ },
25500
+ {
25501
+ "id": "AML.T0054",
25502
+ "name": "LLM Jailbreak",
25503
+ "tactic": "Defense Evasion"
25504
+ },
25505
+ {
25506
+ "id": "AML.T0096",
25507
+ "name": "AI API as Covert C2 Channel",
25508
+ "tactic": "Command and Control"
25509
+ }
25510
+ ],
25511
+ "d3fend": [
25512
+ {
25513
+ "id": "D3-ASLR",
25514
+ "name": "Address Space Layout Randomization",
25515
+ "tactic": "Harden"
25516
+ },
25517
+ {
25518
+ "id": "D3-CA",
25519
+ "name": "Certificate Analysis",
25520
+ "tactic": "Detect"
25521
+ },
25522
+ {
25523
+ "id": "D3-CSPP",
25524
+ "name": "Client-server Payload Profiling",
25525
+ "tactic": "Detect"
25526
+ },
25527
+ {
25528
+ "id": "D3-DA",
25529
+ "name": "Domain Analysis",
25530
+ "tactic": "Detect"
25531
+ },
25532
+ {
25533
+ "id": "D3-EAL",
25534
+ "name": "Executable Allowlisting",
25535
+ "tactic": "Harden"
25536
+ },
25537
+ {
25538
+ "id": "D3-IOPR",
25539
+ "name": "Input/Output Profiling Resource",
25540
+ "tactic": "Detect"
25541
+ },
25542
+ {
25543
+ "id": "D3-NI",
25544
+ "name": "Network Isolation",
25545
+ "tactic": "Isolate"
25546
+ },
25547
+ {
25548
+ "id": "D3-NTA",
25549
+ "name": "Network Traffic Analysis",
25550
+ "tactic": "Detect"
25551
+ },
25552
+ {
25553
+ "id": "D3-NTPM",
25554
+ "name": "Network Traffic Policy Mapping",
25555
+ "tactic": "Model"
25556
+ },
25557
+ {
25558
+ "id": "D3-PHRA",
25559
+ "name": "Process Hardware Resource Access",
25560
+ "tactic": "Isolate"
25561
+ },
25562
+ {
25563
+ "id": "D3-PSEP",
25564
+ "name": "Process Segment Execution Prevention",
25565
+ "tactic": "Harden"
25566
+ }
25567
+ ],
25568
+ "framework_gaps": [
25569
+ {
25570
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
25571
+ "framework": "ALL",
25572
+ "control_name": "AI Pipeline Integrity"
25573
+ },
25574
+ {
25575
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
25576
+ "framework": "ALL",
25577
+ "control_name": "Prompt Injection as Access Control Failure"
25578
+ },
25579
+ {
25580
+ "id": "CIS-Controls-v8-Control7",
25581
+ "framework": "CIS Controls v8",
25582
+ "control_name": "Continuous Vulnerability Management"
25583
+ },
25584
+ {
25585
+ "id": "CMMC-2.0-Level-2",
25586
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
25587
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
25588
+ },
25589
+ {
25590
+ "id": "FedRAMP-Rev5-Moderate",
25591
+ "framework": "FedRAMP Rev 5 Moderate",
25592
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
25593
+ },
25594
+ {
25595
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
25596
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
25597
+ "control_name": "Access control standard (technical safeguards)"
25598
+ },
25599
+ {
25600
+ "id": "IEC-62443-3-3",
25601
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
25602
+ "control_name": "System security requirements and security levels"
25603
+ },
25604
+ {
25605
+ "id": "ISO-27001-2022-A.8.16",
25606
+ "framework": "ISO/IEC 27001:2022",
25607
+ "control_name": "Monitoring activities"
25608
+ },
25609
+ {
25610
+ "id": "ISO-27001-2022-A.8.28",
25611
+ "framework": "ISO/IEC 27001:2022",
25612
+ "control_name": "Secure coding"
25613
+ },
25614
+ {
25615
+ "id": "ISO-27001-2022-A.8.8",
25616
+ "framework": "ISO/IEC 27001:2022",
25617
+ "control_name": "Management of technical vulnerabilities"
25618
+ },
25619
+ {
25620
+ "id": "ISO-IEC-23894-2023-clause-7",
25621
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
25622
+ "control_name": "AI risk management process"
25623
+ },
25624
+ {
25625
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
25626
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
25627
+ "control_name": "AI risk assessment"
25628
+ },
25629
+ {
25630
+ "id": "NERC-CIP-007-6-R4",
25631
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
25632
+ "control_name": "Security event monitoring"
25633
+ },
25634
+ {
25635
+ "id": "NIS2-Art21-patch-management",
25636
+ "framework": "EU NIS2 Directive",
25637
+ "control_name": "Vulnerability handling and disclosure"
25638
+ },
25639
+ {
25640
+ "id": "NIST-800-115",
25641
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
25642
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
25643
+ },
25644
+ {
25645
+ "id": "NIST-800-218-SSDF",
25646
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
25647
+ "control_name": "Secure Software Development Framework"
25648
+ },
25649
+ {
25650
+ "id": "NIST-800-53-AC-2",
25651
+ "framework": "NIST SP 800-53 Rev 5",
25652
+ "control_name": "Account Management"
25653
+ },
25654
+ {
25655
+ "id": "NIST-800-53-SC-28",
25656
+ "framework": "NIST SP 800-53 Rev 5",
25657
+ "control_name": "Protection of Information at Rest"
25658
+ },
25659
+ {
25660
+ "id": "NIST-800-53-SC-7",
25661
+ "framework": "NIST SP 800-53 Rev 5",
25662
+ "control_name": "Boundary Protection"
25663
+ },
25664
+ {
25665
+ "id": "NIST-800-53-SC-8",
25666
+ "framework": "NIST SP 800-53 Rev 5",
25667
+ "control_name": "Transmission Confidentiality and Integrity"
25668
+ },
25669
+ {
25670
+ "id": "NIST-800-53-SI-2",
25671
+ "framework": "NIST SP 800-53 Rev 5",
25672
+ "control_name": "Flaw Remediation"
25673
+ },
25674
+ {
25675
+ "id": "NIST-800-53-SI-3",
25676
+ "framework": "NIST SP 800-53 Rev 5",
25677
+ "control_name": "Malicious Code Protection"
25678
+ },
25679
+ {
25680
+ "id": "NIST-800-82r3",
25681
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
25682
+ "control_name": "Guide to Operational Technology (OT) Security"
25683
+ },
25684
+ {
25685
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
25686
+ "framework": "OWASP Top 10 for LLM Applications 2025",
25687
+ "control_name": "Prompt Injection"
25688
+ },
25689
+ {
25690
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
25691
+ "framework": "OWASP Top 10 for LLM Applications 2025",
25692
+ "control_name": "Sensitive Information Disclosure"
25693
+ },
25694
+ {
25695
+ "id": "OWASP-Pen-Testing-Guide-v5",
25696
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
25697
+ "control_name": "Web application penetration testing methodology"
25698
+ },
25699
+ {
25700
+ "id": "PCI-DSS-4.0-6.3.3",
25701
+ "framework": "PCI DSS 4.0",
25702
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
25703
+ },
25704
+ {
25705
+ "id": "PTES-Pre-engagement",
25706
+ "framework": "Penetration Testing Execution Standard (PTES)",
25707
+ "control_name": "Pre-engagement Interactions"
25708
+ },
25709
+ {
25710
+ "id": "SOC2-CC6-logical-access",
25711
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
25712
+ "control_name": "Logical and Physical Access Controls"
25713
+ },
25714
+ {
25715
+ "id": "SOC2-CC7-anomaly-detection",
25716
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
25717
+ "control_name": "System Operations — Threat and Vulnerability Management"
25718
+ },
25719
+ {
25720
+ "id": "SOC2-CC9-vendor-management",
25721
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
25722
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
25723
+ }
25724
+ ],
25725
+ "attack_refs": [
25726
+ "T0855",
25727
+ "T0883",
25728
+ "T1041",
25729
+ "T1059",
25730
+ "T1068",
25731
+ "T1071",
25732
+ "T1078",
25733
+ "T1102",
25734
+ "T1133",
25735
+ "T1190",
25736
+ "T1213",
25737
+ "T1530",
25738
+ "T1548.001",
25739
+ "T1566",
25740
+ "T1567",
25741
+ "T1568"
25742
+ ],
25743
+ "rfc_refs": [
25744
+ "RFC-4301",
25745
+ "RFC-4303",
25746
+ "RFC-7296",
25747
+ "RFC-8446",
25748
+ "RFC-9000",
25749
+ "RFC-9114",
25750
+ "RFC-9180",
25751
+ "RFC-9421",
25752
+ "RFC-9458"
25753
+ ]
25754
+ }
25755
+ },
25756
+ "CVE-2024-42478": {
25757
+ "name": "llama.cpp RPC Backend GET_TENSOR Out-of-Bounds Read",
25758
+ "rwep": 29,
25759
+ "cvss": 9.8,
25760
+ "cisa_kev": false,
25761
+ "epss_score": null,
25762
+ "referencing_skills": [
25763
+ "kernel-lpe-triage",
25764
+ "ai-attack-surface",
25765
+ "compliance-theater",
25766
+ "ai-c2-detection",
25767
+ "attack-surface-pentest",
25768
+ "dlp-gap-analysis",
25769
+ "ot-ics-security",
25770
+ "coordinated-vuln-disclosure",
25771
+ "sector-energy"
25772
+ ],
25773
+ "chain": {
25774
+ "cwes": [
25775
+ {
25776
+ "id": "CWE-1037",
25777
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
25778
+ "category": "Hardware / Side Channel"
25779
+ },
25780
+ {
25781
+ "id": "CWE-1039",
25782
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
25783
+ "category": "AI/ML"
25784
+ },
25785
+ {
25786
+ "id": "CWE-125",
25787
+ "name": "Out-of-bounds Read",
25788
+ "category": "Memory Safety"
25789
+ },
25790
+ {
25791
+ "id": "CWE-1357",
25792
+ "name": "Reliance on Insufficiently Trustworthy Component",
25793
+ "category": "Supply Chain"
25794
+ },
25795
+ {
25796
+ "id": "CWE-1395",
25797
+ "name": "Dependency on Vulnerable Third-Party Component",
25798
+ "category": "Supply Chain"
25799
+ },
25800
+ {
25801
+ "id": "CWE-1426",
25802
+ "name": "Improper Validation of Generative AI Output",
25803
+ "category": "AI/ML"
25804
+ },
25805
+ {
25806
+ "id": "CWE-200",
25807
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
25808
+ "category": "Information Exposure"
25809
+ },
25810
+ {
25811
+ "id": "CWE-22",
25812
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
25813
+ "category": "Path/Resource"
25814
+ },
25815
+ {
25816
+ "id": "CWE-269",
25817
+ "name": "Improper Privilege Management",
25818
+ "category": "Authorization"
25819
+ },
25820
+ {
25821
+ "id": "CWE-287",
25822
+ "name": "Improper Authentication",
25823
+ "category": "Authentication"
25824
+ },
25825
+ {
25826
+ "id": "CWE-306",
25827
+ "name": "Missing Authentication for Critical Function",
25828
+ "category": "Authentication"
25829
+ },
25830
+ {
25831
+ "id": "CWE-352",
25832
+ "name": "Cross-Site Request Forgery (CSRF)",
25833
+ "category": "Session"
25834
+ },
25835
+ {
25836
+ "id": "CWE-362",
25837
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
25838
+ "category": "Concurrency"
25839
+ },
25840
+ {
25841
+ "id": "CWE-416",
25842
+ "name": "Use After Free",
25843
+ "category": "Memory Safety"
25844
+ },
25845
+ {
25846
+ "id": "CWE-434",
25847
+ "name": "Unrestricted Upload of File with Dangerous Type",
25848
+ "category": "File Handling"
25849
+ },
25850
+ {
25851
+ "id": "CWE-672",
25852
+ "name": "Operation on a Resource after Expiration or Release",
25853
+ "category": "Memory Safety"
25854
+ },
25855
+ {
25856
+ "id": "CWE-732",
25857
+ "name": "Incorrect Permission Assignment for Critical Resource",
25858
+ "category": "Authorization"
25859
+ },
25860
+ {
25861
+ "id": "CWE-78",
25862
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
25863
+ "category": "Injection"
25864
+ },
25865
+ {
25866
+ "id": "CWE-787",
25867
+ "name": "Out-of-bounds Write",
25868
+ "category": "Memory Safety"
25869
+ },
25870
+ {
25871
+ "id": "CWE-79",
25872
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
25873
+ "category": "Injection"
25874
+ },
25875
+ {
25876
+ "id": "CWE-798",
25877
+ "name": "Use of Hard-coded Credentials",
25878
+ "category": "Credentials"
25879
+ },
25880
+ {
25881
+ "id": "CWE-89",
25882
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
25883
+ "category": "Injection"
25884
+ },
25885
+ {
25886
+ "id": "CWE-918",
25887
+ "name": "Server-Side Request Forgery (SSRF)",
25888
+ "category": "Network"
25889
+ },
25890
+ {
25891
+ "id": "CWE-94",
25892
+ "name": "Improper Control of Generation of Code (Code Injection)",
25893
+ "category": "Injection"
25894
+ }
25895
+ ],
25896
+ "atlas": [
25897
+ {
25898
+ "id": "AML.T0010",
25899
+ "name": "ML Supply Chain Compromise",
25900
+ "tactic": "Initial Access"
25901
+ },
25902
+ {
25903
+ "id": "AML.T0016",
25904
+ "name": "Obtain Capabilities: Develop Capabilities",
25905
+ "tactic": "Resource Development"
25906
+ },
25907
+ {
25908
+ "id": "AML.T0017",
25909
+ "name": "Discover ML Model Ontology",
25910
+ "tactic": "Discovery"
25911
+ },
25912
+ {
25913
+ "id": "AML.T0018",
25914
+ "name": "Backdoor ML Model",
25915
+ "tactic": "Persistence"
25916
+ },
25917
+ {
25918
+ "id": "AML.T0020",
25919
+ "name": "Poison Training Data",
25920
+ "tactic": "ML Attack Staging"
25921
+ },
25922
+ {
25923
+ "id": "AML.T0043",
25924
+ "name": "Craft Adversarial Data",
25925
+ "tactic": "ML Attack Staging"
25926
+ },
25927
+ {
25928
+ "id": "AML.T0051",
25929
+ "name": "LLM Prompt Injection",
25930
+ "tactic": "Execution"
25931
+ },
25932
+ {
25933
+ "id": "AML.T0054",
25934
+ "name": "LLM Jailbreak",
25935
+ "tactic": "Defense Evasion"
25936
+ },
25937
+ {
25938
+ "id": "AML.T0096",
25939
+ "name": "AI API as Covert C2 Channel",
25940
+ "tactic": "Command and Control"
25941
+ }
25942
+ ],
25943
+ "d3fend": [
25944
+ {
25945
+ "id": "D3-ASLR",
25946
+ "name": "Address Space Layout Randomization",
25947
+ "tactic": "Harden"
25948
+ },
25949
+ {
25950
+ "id": "D3-CA",
25951
+ "name": "Certificate Analysis",
25952
+ "tactic": "Detect"
25953
+ },
25954
+ {
25955
+ "id": "D3-CSPP",
25956
+ "name": "Client-server Payload Profiling",
25957
+ "tactic": "Detect"
25958
+ },
25959
+ {
25960
+ "id": "D3-DA",
25961
+ "name": "Domain Analysis",
25962
+ "tactic": "Detect"
25963
+ },
25964
+ {
25965
+ "id": "D3-EAL",
25966
+ "name": "Executable Allowlisting",
25967
+ "tactic": "Harden"
25968
+ },
25969
+ {
25970
+ "id": "D3-IOPR",
25971
+ "name": "Input/Output Profiling Resource",
25972
+ "tactic": "Detect"
25973
+ },
25974
+ {
25975
+ "id": "D3-NI",
25976
+ "name": "Network Isolation",
25977
+ "tactic": "Isolate"
25978
+ },
25979
+ {
25980
+ "id": "D3-NTA",
25981
+ "name": "Network Traffic Analysis",
25982
+ "tactic": "Detect"
25983
+ },
25984
+ {
25985
+ "id": "D3-NTPM",
25986
+ "name": "Network Traffic Policy Mapping",
25987
+ "tactic": "Model"
25988
+ },
25989
+ {
25990
+ "id": "D3-PHRA",
25991
+ "name": "Process Hardware Resource Access",
25992
+ "tactic": "Isolate"
25993
+ },
25994
+ {
25995
+ "id": "D3-PSEP",
25996
+ "name": "Process Segment Execution Prevention",
25997
+ "tactic": "Harden"
25998
+ }
25999
+ ],
26000
+ "framework_gaps": [
26001
+ {
26002
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
26003
+ "framework": "ALL",
26004
+ "control_name": "AI Pipeline Integrity"
26005
+ },
26006
+ {
26007
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
26008
+ "framework": "ALL",
26009
+ "control_name": "Prompt Injection as Access Control Failure"
26010
+ },
26011
+ {
26012
+ "id": "CIS-Controls-v8-Control7",
26013
+ "framework": "CIS Controls v8",
26014
+ "control_name": "Continuous Vulnerability Management"
26015
+ },
26016
+ {
26017
+ "id": "CMMC-2.0-Level-2",
26018
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
26019
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
26020
+ },
26021
+ {
26022
+ "id": "FedRAMP-Rev5-Moderate",
26023
+ "framework": "FedRAMP Rev 5 Moderate",
26024
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
26025
+ },
26026
+ {
26027
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
26028
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
26029
+ "control_name": "Access control standard (technical safeguards)"
26030
+ },
26031
+ {
26032
+ "id": "IEC-62443-3-3",
26033
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
26034
+ "control_name": "System security requirements and security levels"
26035
+ },
26036
+ {
26037
+ "id": "ISO-27001-2022-A.8.16",
26038
+ "framework": "ISO/IEC 27001:2022",
26039
+ "control_name": "Monitoring activities"
26040
+ },
26041
+ {
26042
+ "id": "ISO-27001-2022-A.8.28",
26043
+ "framework": "ISO/IEC 27001:2022",
26044
+ "control_name": "Secure coding"
26045
+ },
26046
+ {
26047
+ "id": "ISO-27001-2022-A.8.8",
26048
+ "framework": "ISO/IEC 27001:2022",
26049
+ "control_name": "Management of technical vulnerabilities"
26050
+ },
26051
+ {
26052
+ "id": "ISO-IEC-23894-2023-clause-7",
26053
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
26054
+ "control_name": "AI risk management process"
26055
+ },
26056
+ {
26057
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
26058
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
26059
+ "control_name": "AI risk assessment"
26060
+ },
26061
+ {
26062
+ "id": "NERC-CIP-007-6-R4",
26063
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
26064
+ "control_name": "Security event monitoring"
26065
+ },
26066
+ {
26067
+ "id": "NIS2-Art21-patch-management",
26068
+ "framework": "EU NIS2 Directive",
26069
+ "control_name": "Vulnerability handling and disclosure"
26070
+ },
26071
+ {
26072
+ "id": "NIST-800-115",
26073
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
26074
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
26075
+ },
26076
+ {
26077
+ "id": "NIST-800-218-SSDF",
26078
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
26079
+ "control_name": "Secure Software Development Framework"
26080
+ },
26081
+ {
26082
+ "id": "NIST-800-53-AC-2",
26083
+ "framework": "NIST SP 800-53 Rev 5",
26084
+ "control_name": "Account Management"
26085
+ },
26086
+ {
26087
+ "id": "NIST-800-53-SC-28",
26088
+ "framework": "NIST SP 800-53 Rev 5",
26089
+ "control_name": "Protection of Information at Rest"
26090
+ },
26091
+ {
26092
+ "id": "NIST-800-53-SC-7",
26093
+ "framework": "NIST SP 800-53 Rev 5",
26094
+ "control_name": "Boundary Protection"
26095
+ },
26096
+ {
26097
+ "id": "NIST-800-53-SC-8",
26098
+ "framework": "NIST SP 800-53 Rev 5",
26099
+ "control_name": "Transmission Confidentiality and Integrity"
26100
+ },
26101
+ {
26102
+ "id": "NIST-800-53-SI-2",
26103
+ "framework": "NIST SP 800-53 Rev 5",
26104
+ "control_name": "Flaw Remediation"
26105
+ },
26106
+ {
26107
+ "id": "NIST-800-53-SI-3",
26108
+ "framework": "NIST SP 800-53 Rev 5",
26109
+ "control_name": "Malicious Code Protection"
26110
+ },
26111
+ {
26112
+ "id": "NIST-800-82r3",
26113
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
26114
+ "control_name": "Guide to Operational Technology (OT) Security"
26115
+ },
26116
+ {
26117
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
26118
+ "framework": "OWASP Top 10 for LLM Applications 2025",
26119
+ "control_name": "Prompt Injection"
26120
+ },
26121
+ {
26122
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
26123
+ "framework": "OWASP Top 10 for LLM Applications 2025",
26124
+ "control_name": "Sensitive Information Disclosure"
26125
+ },
26126
+ {
26127
+ "id": "OWASP-Pen-Testing-Guide-v5",
26128
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
26129
+ "control_name": "Web application penetration testing methodology"
26130
+ },
26131
+ {
26132
+ "id": "PCI-DSS-4.0-6.3.3",
26133
+ "framework": "PCI DSS 4.0",
26134
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
26135
+ },
26136
+ {
26137
+ "id": "PTES-Pre-engagement",
26138
+ "framework": "Penetration Testing Execution Standard (PTES)",
26139
+ "control_name": "Pre-engagement Interactions"
26140
+ },
26141
+ {
26142
+ "id": "SOC2-CC6-logical-access",
26143
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
26144
+ "control_name": "Logical and Physical Access Controls"
26145
+ },
26146
+ {
26147
+ "id": "SOC2-CC7-anomaly-detection",
26148
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
26149
+ "control_name": "System Operations — Threat and Vulnerability Management"
26150
+ },
26151
+ {
26152
+ "id": "SOC2-CC9-vendor-management",
26153
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
26154
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
26155
+ }
26156
+ ],
26157
+ "attack_refs": [
26158
+ "T0855",
26159
+ "T0883",
26160
+ "T1041",
26161
+ "T1059",
26162
+ "T1068",
26163
+ "T1071",
26164
+ "T1078",
26165
+ "T1102",
26166
+ "T1133",
26167
+ "T1190",
26168
+ "T1213",
26169
+ "T1530",
26170
+ "T1548.001",
26171
+ "T1566",
26172
+ "T1567",
26173
+ "T1568"
26174
+ ],
26175
+ "rfc_refs": [
26176
+ "RFC-4301",
26177
+ "RFC-4303",
26178
+ "RFC-7296",
26179
+ "RFC-8446",
26180
+ "RFC-9000",
26181
+ "RFC-9114",
26182
+ "RFC-9180",
26183
+ "RFC-9421",
26184
+ "RFC-9458"
26185
+ ]
26186
+ }
26187
+ },
26188
+ "CVE-2026-34159": {
26189
+ "name": "llama.cpp RPC Backend GRAPH_COMPUTE deserialize_tensor Bounds Bypass RCE",
26190
+ "rwep": 29,
26191
+ "cvss": 9.8,
26192
+ "cisa_kev": false,
26193
+ "epss_score": null,
26194
+ "referencing_skills": [
26195
+ "kernel-lpe-triage",
26196
+ "ai-attack-surface",
26197
+ "compliance-theater",
26198
+ "ai-c2-detection",
26199
+ "attack-surface-pentest",
26200
+ "dlp-gap-analysis",
26201
+ "ot-ics-security",
26202
+ "coordinated-vuln-disclosure",
26203
+ "sector-energy"
26204
+ ],
26205
+ "chain": {
26206
+ "cwes": [
26207
+ {
26208
+ "id": "CWE-1037",
26209
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
26210
+ "category": "Hardware / Side Channel"
26211
+ },
26212
+ {
26213
+ "id": "CWE-1039",
26214
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
26215
+ "category": "AI/ML"
26216
+ },
26217
+ {
26218
+ "id": "CWE-125",
26219
+ "name": "Out-of-bounds Read",
26220
+ "category": "Memory Safety"
26221
+ },
26222
+ {
26223
+ "id": "CWE-1357",
26224
+ "name": "Reliance on Insufficiently Trustworthy Component",
26225
+ "category": "Supply Chain"
26226
+ },
26227
+ {
26228
+ "id": "CWE-1395",
26229
+ "name": "Dependency on Vulnerable Third-Party Component",
26230
+ "category": "Supply Chain"
26231
+ },
26232
+ {
26233
+ "id": "CWE-1426",
26234
+ "name": "Improper Validation of Generative AI Output",
26235
+ "category": "AI/ML"
26236
+ },
26237
+ {
26238
+ "id": "CWE-200",
26239
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
26240
+ "category": "Information Exposure"
26241
+ },
26242
+ {
26243
+ "id": "CWE-22",
26244
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
26245
+ "category": "Path/Resource"
26246
+ },
26247
+ {
26248
+ "id": "CWE-269",
26249
+ "name": "Improper Privilege Management",
26250
+ "category": "Authorization"
26251
+ },
26252
+ {
26253
+ "id": "CWE-287",
26254
+ "name": "Improper Authentication",
26255
+ "category": "Authentication"
26256
+ },
26257
+ {
26258
+ "id": "CWE-306",
26259
+ "name": "Missing Authentication for Critical Function",
26260
+ "category": "Authentication"
26261
+ },
26262
+ {
26263
+ "id": "CWE-352",
26264
+ "name": "Cross-Site Request Forgery (CSRF)",
26265
+ "category": "Session"
26266
+ },
26267
+ {
26268
+ "id": "CWE-362",
26269
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
26270
+ "category": "Concurrency"
26271
+ },
26272
+ {
26273
+ "id": "CWE-416",
26274
+ "name": "Use After Free",
26275
+ "category": "Memory Safety"
26276
+ },
26277
+ {
26278
+ "id": "CWE-434",
26279
+ "name": "Unrestricted Upload of File with Dangerous Type",
26280
+ "category": "File Handling"
26281
+ },
26282
+ {
26283
+ "id": "CWE-672",
26284
+ "name": "Operation on a Resource after Expiration or Release",
26285
+ "category": "Memory Safety"
26286
+ },
26287
+ {
26288
+ "id": "CWE-732",
26289
+ "name": "Incorrect Permission Assignment for Critical Resource",
26290
+ "category": "Authorization"
26291
+ },
26292
+ {
26293
+ "id": "CWE-78",
26294
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
26295
+ "category": "Injection"
26296
+ },
26297
+ {
26298
+ "id": "CWE-787",
26299
+ "name": "Out-of-bounds Write",
26300
+ "category": "Memory Safety"
26301
+ },
26302
+ {
26303
+ "id": "CWE-79",
26304
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
26305
+ "category": "Injection"
26306
+ },
26307
+ {
26308
+ "id": "CWE-798",
26309
+ "name": "Use of Hard-coded Credentials",
26310
+ "category": "Credentials"
26311
+ },
26312
+ {
26313
+ "id": "CWE-89",
26314
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
26315
+ "category": "Injection"
26316
+ },
26317
+ {
26318
+ "id": "CWE-918",
26319
+ "name": "Server-Side Request Forgery (SSRF)",
26320
+ "category": "Network"
26321
+ },
26322
+ {
26323
+ "id": "CWE-94",
26324
+ "name": "Improper Control of Generation of Code (Code Injection)",
26325
+ "category": "Injection"
26326
+ }
26327
+ ],
26328
+ "atlas": [
26329
+ {
26330
+ "id": "AML.T0010",
26331
+ "name": "ML Supply Chain Compromise",
26332
+ "tactic": "Initial Access"
26333
+ },
26334
+ {
26335
+ "id": "AML.T0016",
26336
+ "name": "Obtain Capabilities: Develop Capabilities",
26337
+ "tactic": "Resource Development"
26338
+ },
26339
+ {
26340
+ "id": "AML.T0017",
26341
+ "name": "Discover ML Model Ontology",
26342
+ "tactic": "Discovery"
26343
+ },
26344
+ {
26345
+ "id": "AML.T0018",
26346
+ "name": "Backdoor ML Model",
26347
+ "tactic": "Persistence"
26348
+ },
26349
+ {
26350
+ "id": "AML.T0020",
26351
+ "name": "Poison Training Data",
26352
+ "tactic": "ML Attack Staging"
26353
+ },
26354
+ {
26355
+ "id": "AML.T0043",
26356
+ "name": "Craft Adversarial Data",
26357
+ "tactic": "ML Attack Staging"
26358
+ },
26359
+ {
26360
+ "id": "AML.T0051",
26361
+ "name": "LLM Prompt Injection",
26362
+ "tactic": "Execution"
26363
+ },
26364
+ {
26365
+ "id": "AML.T0054",
26366
+ "name": "LLM Jailbreak",
26367
+ "tactic": "Defense Evasion"
26368
+ },
26369
+ {
26370
+ "id": "AML.T0096",
26371
+ "name": "AI API as Covert C2 Channel",
26372
+ "tactic": "Command and Control"
26373
+ }
26374
+ ],
26375
+ "d3fend": [
26376
+ {
26377
+ "id": "D3-ASLR",
26378
+ "name": "Address Space Layout Randomization",
26379
+ "tactic": "Harden"
26380
+ },
26381
+ {
26382
+ "id": "D3-CA",
26383
+ "name": "Certificate Analysis",
26384
+ "tactic": "Detect"
26385
+ },
26386
+ {
26387
+ "id": "D3-CSPP",
26388
+ "name": "Client-server Payload Profiling",
26389
+ "tactic": "Detect"
26390
+ },
26391
+ {
26392
+ "id": "D3-DA",
26393
+ "name": "Domain Analysis",
26394
+ "tactic": "Detect"
26395
+ },
26396
+ {
26397
+ "id": "D3-EAL",
26398
+ "name": "Executable Allowlisting",
26399
+ "tactic": "Harden"
26400
+ },
26401
+ {
26402
+ "id": "D3-IOPR",
26403
+ "name": "Input/Output Profiling Resource",
26404
+ "tactic": "Detect"
26405
+ },
26406
+ {
26407
+ "id": "D3-NI",
26408
+ "name": "Network Isolation",
26409
+ "tactic": "Isolate"
26410
+ },
26411
+ {
26412
+ "id": "D3-NTA",
26413
+ "name": "Network Traffic Analysis",
26414
+ "tactic": "Detect"
26415
+ },
26416
+ {
26417
+ "id": "D3-NTPM",
26418
+ "name": "Network Traffic Policy Mapping",
26419
+ "tactic": "Model"
26420
+ },
26421
+ {
26422
+ "id": "D3-PHRA",
26423
+ "name": "Process Hardware Resource Access",
26424
+ "tactic": "Isolate"
26425
+ },
26426
+ {
26427
+ "id": "D3-PSEP",
26428
+ "name": "Process Segment Execution Prevention",
26429
+ "tactic": "Harden"
26430
+ }
26431
+ ],
26432
+ "framework_gaps": [
26433
+ {
26434
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
26435
+ "framework": "ALL",
26436
+ "control_name": "AI Pipeline Integrity"
26437
+ },
26438
+ {
26439
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
26440
+ "framework": "ALL",
26441
+ "control_name": "Prompt Injection as Access Control Failure"
26442
+ },
26443
+ {
26444
+ "id": "CIS-Controls-v8-Control7",
26445
+ "framework": "CIS Controls v8",
26446
+ "control_name": "Continuous Vulnerability Management"
26447
+ },
26448
+ {
26449
+ "id": "CMMC-2.0-Level-2",
26450
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
26451
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
26452
+ },
26453
+ {
26454
+ "id": "FedRAMP-Rev5-Moderate",
26455
+ "framework": "FedRAMP Rev 5 Moderate",
26456
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
26457
+ },
26458
+ {
26459
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
26460
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
26461
+ "control_name": "Access control standard (technical safeguards)"
26462
+ },
26463
+ {
26464
+ "id": "IEC-62443-3-3",
26465
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
26466
+ "control_name": "System security requirements and security levels"
26467
+ },
26468
+ {
26469
+ "id": "ISO-27001-2022-A.8.16",
26470
+ "framework": "ISO/IEC 27001:2022",
26471
+ "control_name": "Monitoring activities"
26472
+ },
26473
+ {
26474
+ "id": "ISO-27001-2022-A.8.28",
26475
+ "framework": "ISO/IEC 27001:2022",
26476
+ "control_name": "Secure coding"
26477
+ },
26478
+ {
26479
+ "id": "ISO-27001-2022-A.8.8",
26480
+ "framework": "ISO/IEC 27001:2022",
26481
+ "control_name": "Management of technical vulnerabilities"
26482
+ },
26483
+ {
26484
+ "id": "ISO-IEC-23894-2023-clause-7",
26485
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
26486
+ "control_name": "AI risk management process"
26487
+ },
26488
+ {
26489
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
26490
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
26491
+ "control_name": "AI risk assessment"
26492
+ },
26493
+ {
26494
+ "id": "NERC-CIP-007-6-R4",
26495
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
26496
+ "control_name": "Security event monitoring"
26497
+ },
26498
+ {
26499
+ "id": "NIS2-Art21-patch-management",
26500
+ "framework": "EU NIS2 Directive",
26501
+ "control_name": "Vulnerability handling and disclosure"
26502
+ },
26503
+ {
26504
+ "id": "NIST-800-115",
26505
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
26506
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
26507
+ },
26508
+ {
26509
+ "id": "NIST-800-218-SSDF",
26510
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
26511
+ "control_name": "Secure Software Development Framework"
26512
+ },
26513
+ {
26514
+ "id": "NIST-800-53-AC-2",
26515
+ "framework": "NIST SP 800-53 Rev 5",
26516
+ "control_name": "Account Management"
26517
+ },
26518
+ {
26519
+ "id": "NIST-800-53-SC-28",
26520
+ "framework": "NIST SP 800-53 Rev 5",
26521
+ "control_name": "Protection of Information at Rest"
26522
+ },
26523
+ {
26524
+ "id": "NIST-800-53-SC-7",
26525
+ "framework": "NIST SP 800-53 Rev 5",
26526
+ "control_name": "Boundary Protection"
26527
+ },
26528
+ {
26529
+ "id": "NIST-800-53-SC-8",
26530
+ "framework": "NIST SP 800-53 Rev 5",
26531
+ "control_name": "Transmission Confidentiality and Integrity"
26532
+ },
26533
+ {
26534
+ "id": "NIST-800-53-SI-2",
26535
+ "framework": "NIST SP 800-53 Rev 5",
26536
+ "control_name": "Flaw Remediation"
26537
+ },
26538
+ {
26539
+ "id": "NIST-800-53-SI-3",
26540
+ "framework": "NIST SP 800-53 Rev 5",
26541
+ "control_name": "Malicious Code Protection"
26542
+ },
26543
+ {
26544
+ "id": "NIST-800-82r3",
26545
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
26546
+ "control_name": "Guide to Operational Technology (OT) Security"
26547
+ },
26548
+ {
26549
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
26550
+ "framework": "OWASP Top 10 for LLM Applications 2025",
26551
+ "control_name": "Prompt Injection"
26552
+ },
26553
+ {
26554
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
26555
+ "framework": "OWASP Top 10 for LLM Applications 2025",
26556
+ "control_name": "Sensitive Information Disclosure"
26557
+ },
26558
+ {
26559
+ "id": "OWASP-Pen-Testing-Guide-v5",
26560
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
26561
+ "control_name": "Web application penetration testing methodology"
26562
+ },
26563
+ {
26564
+ "id": "PCI-DSS-4.0-6.3.3",
26565
+ "framework": "PCI DSS 4.0",
26566
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
26567
+ },
26568
+ {
26569
+ "id": "PTES-Pre-engagement",
26570
+ "framework": "Penetration Testing Execution Standard (PTES)",
26571
+ "control_name": "Pre-engagement Interactions"
26572
+ },
26573
+ {
26574
+ "id": "SOC2-CC6-logical-access",
26575
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
26576
+ "control_name": "Logical and Physical Access Controls"
26577
+ },
26578
+ {
26579
+ "id": "SOC2-CC7-anomaly-detection",
26580
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
26581
+ "control_name": "System Operations — Threat and Vulnerability Management"
26582
+ },
26583
+ {
26584
+ "id": "SOC2-CC9-vendor-management",
26585
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
26586
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
26587
+ }
26588
+ ],
26589
+ "attack_refs": [
26590
+ "T0855",
26591
+ "T0883",
26592
+ "T1041",
26593
+ "T1059",
26594
+ "T1068",
26595
+ "T1071",
26596
+ "T1078",
26597
+ "T1102",
26598
+ "T1133",
26599
+ "T1190",
26600
+ "T1213",
26601
+ "T1530",
26602
+ "T1548.001",
26603
+ "T1566",
26604
+ "T1567",
26605
+ "T1568"
26606
+ ],
26607
+ "rfc_refs": [
26608
+ "RFC-4301",
26609
+ "RFC-4303",
26610
+ "RFC-7296",
26611
+ "RFC-8446",
26612
+ "RFC-9000",
26613
+ "RFC-9114",
26614
+ "RFC-9180",
26615
+ "RFC-9421",
26616
+ "RFC-9458"
26617
+ ]
26618
+ }
26619
+ },
24600
26620
  "CVE-2026-41091": {
24601
26621
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
24602
26622
  "rwep": 45,
@@ -50977,11 +52997,14 @@
50977
52997
  "CVE-2024-0132",
50978
52998
  "CVE-2024-3094",
50979
52999
  "CVE-2024-3154",
53000
+ "CVE-2024-42478",
53001
+ "CVE-2024-42479",
50980
53002
  "CVE-2024-50050",
50981
53003
  "CVE-2025-0133",
50982
53004
  "CVE-2025-10585",
50983
53005
  "CVE-2025-1094",
50984
53006
  "CVE-2025-14174",
53007
+ "CVE-2025-1550",
50985
53008
  "CVE-2025-23254",
50986
53009
  "CVE-2025-23266",
50987
53010
  "CVE-2025-30165",
@@ -50995,6 +53018,7 @@
50995
53018
  "CVE-2025-60455",
50996
53019
  "CVE-2025-64496",
50997
53020
  "CVE-2025-6965",
53021
+ "CVE-2025-8747",
50998
53022
  "CVE-2026-0766",
50999
53023
  "CVE-2026-22252",
51000
53024
  "CVE-2026-22688",
@@ -51009,6 +53033,7 @@
51009
53033
  "CVE-2026-30624",
51010
53034
  "CVE-2026-30625",
51011
53035
  "CVE-2026-31431",
53036
+ "CVE-2026-34159",
51012
53037
  "CVE-2026-34926",
51013
53038
  "CVE-2026-39884",
51014
53039
  "CVE-2026-40933",
@@ -51346,11 +53371,14 @@
51346
53371
  "CVE-2023-43472",
51347
53372
  "CVE-2023-48022",
51348
53373
  "CVE-2024-0132",
53374
+ "CVE-2024-42478",
53375
+ "CVE-2024-42479",
51349
53376
  "CVE-2024-50050",
51350
53377
  "CVE-2025-0133",
51351
53378
  "CVE-2025-10585",
51352
53379
  "CVE-2025-1094",
51353
53380
  "CVE-2025-14174",
53381
+ "CVE-2025-1550",
51354
53382
  "CVE-2025-23254",
51355
53383
  "CVE-2025-23266",
51356
53384
  "CVE-2025-30165",
@@ -51362,6 +53390,7 @@
51362
53390
  "CVE-2025-60455",
51363
53391
  "CVE-2025-64496",
51364
53392
  "CVE-2025-6965",
53393
+ "CVE-2025-8747",
51365
53394
  "CVE-2026-0766",
51366
53395
  "CVE-2026-22252",
51367
53396
  "CVE-2026-22688",
@@ -51375,6 +53404,7 @@
51375
53404
  "CVE-2026-30624",
51376
53405
  "CVE-2026-30625",
51377
53406
  "CVE-2026-31431",
53407
+ "CVE-2026-34159",
51378
53408
  "CVE-2026-34926",
51379
53409
  "CVE-2026-39884",
51380
53410
  "CVE-2026-40933",
@@ -51508,11 +53538,14 @@
51508
53538
  "CVE-2023-43472",
51509
53539
  "CVE-2023-48022",
51510
53540
  "CVE-2024-0132",
53541
+ "CVE-2024-42478",
53542
+ "CVE-2024-42479",
51511
53543
  "CVE-2024-50050",
51512
53544
  "CVE-2025-0133",
51513
53545
  "CVE-2025-10585",
51514
53546
  "CVE-2025-1094",
51515
53547
  "CVE-2025-14174",
53548
+ "CVE-2025-1550",
51516
53549
  "CVE-2025-23254",
51517
53550
  "CVE-2025-23266",
51518
53551
  "CVE-2025-30165",
@@ -51524,6 +53557,7 @@
51524
53557
  "CVE-2025-60455",
51525
53558
  "CVE-2025-64496",
51526
53559
  "CVE-2025-6965",
53560
+ "CVE-2025-8747",
51527
53561
  "CVE-2026-0766",
51528
53562
  "CVE-2026-22252",
51529
53563
  "CVE-2026-22688",
@@ -51537,6 +53571,7 @@
51537
53571
  "CVE-2026-30624",
51538
53572
  "CVE-2026-30625",
51539
53573
  "CVE-2026-31431",
53574
+ "CVE-2026-34159",
51540
53575
  "CVE-2026-34926",
51541
53576
  "CVE-2026-39884",
51542
53577
  "CVE-2026-40933",
@@ -51684,11 +53719,14 @@
51684
53719
  "CVE-2023-43472",
51685
53720
  "CVE-2023-48022",
51686
53721
  "CVE-2024-0132",
53722
+ "CVE-2024-42478",
53723
+ "CVE-2024-42479",
51687
53724
  "CVE-2024-50050",
51688
53725
  "CVE-2025-0133",
51689
53726
  "CVE-2025-10585",
51690
53727
  "CVE-2025-1094",
51691
53728
  "CVE-2025-14174",
53729
+ "CVE-2025-1550",
51692
53730
  "CVE-2025-23254",
51693
53731
  "CVE-2025-23266",
51694
53732
  "CVE-2025-30165",
@@ -51700,6 +53738,7 @@
51700
53738
  "CVE-2025-60455",
51701
53739
  "CVE-2025-64496",
51702
53740
  "CVE-2025-6965",
53741
+ "CVE-2025-8747",
51703
53742
  "CVE-2026-0766",
51704
53743
  "CVE-2026-22252",
51705
53744
  "CVE-2026-22688",
@@ -51713,6 +53752,7 @@
51713
53752
  "CVE-2026-30624",
51714
53753
  "CVE-2026-30625",
51715
53754
  "CVE-2026-31431",
53755
+ "CVE-2026-34159",
51716
53756
  "CVE-2026-34926",
51717
53757
  "CVE-2026-39884",
51718
53758
  "CVE-2026-40933",
@@ -51966,10 +54006,13 @@
51966
54006
  "CVE-2024-0132",
51967
54007
  "CVE-2024-3094",
51968
54008
  "CVE-2024-3154",
54009
+ "CVE-2024-42478",
54010
+ "CVE-2024-42479",
51969
54011
  "CVE-2024-50050",
51970
54012
  "CVE-2025-0133",
51971
54013
  "CVE-2025-1094",
51972
54014
  "CVE-2025-11837",
54015
+ "CVE-2025-1550",
51973
54016
  "CVE-2025-23254",
51974
54017
  "CVE-2025-23266",
51975
54018
  "CVE-2025-30165",
@@ -51981,6 +54024,7 @@
51981
54024
  "CVE-2025-60455",
51982
54025
  "CVE-2025-64496",
51983
54026
  "CVE-2025-6965",
54027
+ "CVE-2025-8747",
51984
54028
  "CVE-2026-0766",
51985
54029
  "CVE-2026-22252",
51986
54030
  "CVE-2026-22688",
@@ -51997,6 +54041,7 @@
51997
54041
  "CVE-2026-30625",
51998
54042
  "CVE-2026-32202",
51999
54043
  "CVE-2026-33825",
54044
+ "CVE-2026-34159",
52000
54045
  "CVE-2026-39884",
52001
54046
  "CVE-2026-40933",
52002
54047
  "CVE-2026-42208",
@@ -52209,6 +54254,8 @@
52209
54254
  "CVE-2024-27443",
52210
54255
  "CVE-2024-37079",
52211
54256
  "CVE-2024-42009",
54257
+ "CVE-2024-42478",
54258
+ "CVE-2024-42479",
52212
54259
  "CVE-2024-43468",
52213
54260
  "CVE-2024-50050",
52214
54261
  "CVE-2024-54085",
@@ -52230,6 +54277,7 @@
52230
54277
  "CVE-2025-14174",
52231
54278
  "CVE-2025-14611",
52232
54279
  "CVE-2025-14733",
54280
+ "CVE-2025-1550",
52233
54281
  "CVE-2025-15556",
52234
54282
  "CVE-2025-20281",
52235
54283
  "CVE-2025-20333",
@@ -52362,6 +54410,7 @@
52362
54410
  "CVE-2025-7775",
52363
54411
  "CVE-2025-8088",
52364
54412
  "CVE-2025-8110",
54413
+ "CVE-2025-8747",
52365
54414
  "CVE-2025-8875",
52366
54415
  "CVE-2025-8876",
52367
54416
  "CVE-2025-9242",
@@ -52416,6 +54465,7 @@
52416
54465
  "CVE-2026-33017",
52417
54466
  "CVE-2026-33634",
52418
54467
  "CVE-2026-33825",
54468
+ "CVE-2026-34159",
52419
54469
  "CVE-2026-34197",
52420
54470
  "CVE-2026-34621",
52421
54471
  "CVE-2026-34926",
@@ -52659,6 +54709,8 @@
52659
54709
  "CVE-2024-3094",
52660
54710
  "CVE-2024-3154",
52661
54711
  "CVE-2024-40635",
54712
+ "CVE-2024-42478",
54713
+ "CVE-2024-42479",
52662
54714
  "CVE-2025-0133",
52663
54715
  "CVE-2025-1094",
52664
54716
  "CVE-2025-14847",
@@ -52670,6 +54722,7 @@
52670
54722
  "CVE-2025-6965",
52671
54723
  "CVE-2026-30615",
52672
54724
  "CVE-2026-30623",
54725
+ "CVE-2026-34159",
52673
54726
  "CVE-2026-39884",
52674
54727
  "CVE-2026-42208",
52675
54728
  "CVE-2026-42897",
@@ -53017,11 +55070,14 @@
53017
55070
  "CVE-2024-0132",
53018
55071
  "CVE-2024-3094",
53019
55072
  "CVE-2024-3154",
55073
+ "CVE-2024-42478",
55074
+ "CVE-2024-42479",
53020
55075
  "CVE-2024-50050",
53021
55076
  "CVE-2025-0133",
53022
55077
  "CVE-2025-10585",
53023
55078
  "CVE-2025-1094",
53024
55079
  "CVE-2025-14174",
55080
+ "CVE-2025-1550",
53025
55081
  "CVE-2025-23254",
53026
55082
  "CVE-2025-23266",
53027
55083
  "CVE-2025-30165",
@@ -53035,6 +55091,7 @@
53035
55091
  "CVE-2025-60455",
53036
55092
  "CVE-2025-64496",
53037
55093
  "CVE-2025-6965",
55094
+ "CVE-2025-8747",
53038
55095
  "CVE-2026-0766",
53039
55096
  "CVE-2026-22252",
53040
55097
  "CVE-2026-22688",
@@ -53049,6 +55106,7 @@
53049
55106
  "CVE-2026-30624",
53050
55107
  "CVE-2026-30625",
53051
55108
  "CVE-2026-31431",
55109
+ "CVE-2026-34159",
53052
55110
  "CVE-2026-34926",
53053
55111
  "CVE-2026-39884",
53054
55112
  "CVE-2026-40933",
@@ -53618,11 +55676,14 @@
53618
55676
  "CVE-2024-0132",
53619
55677
  "CVE-2024-3094",
53620
55678
  "CVE-2024-3154",
55679
+ "CVE-2024-42478",
55680
+ "CVE-2024-42479",
53621
55681
  "CVE-2024-50050",
53622
55682
  "CVE-2025-0133",
53623
55683
  "CVE-2025-10585",
53624
55684
  "CVE-2025-1094",
53625
55685
  "CVE-2025-14174",
55686
+ "CVE-2025-1550",
53626
55687
  "CVE-2025-23254",
53627
55688
  "CVE-2025-23266",
53628
55689
  "CVE-2025-30165",
@@ -53636,6 +55697,7 @@
53636
55697
  "CVE-2025-60455",
53637
55698
  "CVE-2025-64496",
53638
55699
  "CVE-2025-6965",
55700
+ "CVE-2025-8747",
53639
55701
  "CVE-2026-0766",
53640
55702
  "CVE-2026-22252",
53641
55703
  "CVE-2026-22688",
@@ -53650,6 +55712,7 @@
53650
55712
  "CVE-2026-30624",
53651
55713
  "CVE-2026-30625",
53652
55714
  "CVE-2026-31431",
55715
+ "CVE-2026-34159",
53653
55716
  "CVE-2026-34926",
53654
55717
  "CVE-2026-39884",
53655
55718
  "CVE-2026-40933",
@@ -53856,10 +55919,13 @@
53856
55919
  "CVE-2023-48022",
53857
55920
  "CVE-2024-0132",
53858
55921
  "CVE-2024-3094",
55922
+ "CVE-2024-42478",
55923
+ "CVE-2024-42479",
53859
55924
  "CVE-2024-50050",
53860
55925
  "CVE-2025-10585",
53861
55926
  "CVE-2025-1094",
53862
55927
  "CVE-2025-14174",
55928
+ "CVE-2025-1550",
53863
55929
  "CVE-2025-23254",
53864
55930
  "CVE-2025-23266",
53865
55931
  "CVE-2025-30165",
@@ -53871,6 +55937,7 @@
53871
55937
  "CVE-2025-54136",
53872
55938
  "CVE-2025-60455",
53873
55939
  "CVE-2025-64496",
55940
+ "CVE-2025-8747",
53874
55941
  "CVE-2026-0766",
53875
55942
  "CVE-2026-22252",
53876
55943
  "CVE-2026-22688",
@@ -53884,6 +55951,7 @@
53884
55951
  "CVE-2026-30624",
53885
55952
  "CVE-2026-30625",
53886
55953
  "CVE-2026-31431",
55954
+ "CVE-2026-34159",
53887
55955
  "CVE-2026-34926",
53888
55956
  "CVE-2026-39884",
53889
55957
  "CVE-2026-40933",
@@ -54522,11 +56590,14 @@
54522
56590
  "CVE-2024-0132",
54523
56591
  "CVE-2024-3094",
54524
56592
  "CVE-2024-3154",
56593
+ "CVE-2024-42478",
56594
+ "CVE-2024-42479",
54525
56595
  "CVE-2024-50050",
54526
56596
  "CVE-2025-0133",
54527
56597
  "CVE-2025-10585",
54528
56598
  "CVE-2025-1094",
54529
56599
  "CVE-2025-14174",
56600
+ "CVE-2025-1550",
54530
56601
  "CVE-2025-23254",
54531
56602
  "CVE-2025-23266",
54532
56603
  "CVE-2025-30165",
@@ -54540,6 +56611,7 @@
54540
56611
  "CVE-2025-60455",
54541
56612
  "CVE-2025-64496",
54542
56613
  "CVE-2025-6965",
56614
+ "CVE-2025-8747",
54543
56615
  "CVE-2026-0766",
54544
56616
  "CVE-2026-22252",
54545
56617
  "CVE-2026-22688",
@@ -54554,6 +56626,7 @@
54554
56626
  "CVE-2026-30624",
54555
56627
  "CVE-2026-30625",
54556
56628
  "CVE-2026-31431",
56629
+ "CVE-2026-34159",
54557
56630
  "CVE-2026-34926",
54558
56631
  "CVE-2026-39884",
54559
56632
  "CVE-2026-40933",
@@ -54772,6 +56845,8 @@
54772
56845
  "CVE-2024-27443",
54773
56846
  "CVE-2024-37079",
54774
56847
  "CVE-2024-42009",
56848
+ "CVE-2024-42478",
56849
+ "CVE-2024-42479",
54775
56850
  "CVE-2024-43468",
54776
56851
  "CVE-2024-50050",
54777
56852
  "CVE-2024-54085",
@@ -54793,6 +56868,7 @@
54793
56868
  "CVE-2025-14174",
54794
56869
  "CVE-2025-14611",
54795
56870
  "CVE-2025-14733",
56871
+ "CVE-2025-1550",
54796
56872
  "CVE-2025-15556",
54797
56873
  "CVE-2025-20281",
54798
56874
  "CVE-2025-20333",
@@ -54925,6 +57001,7 @@
54925
57001
  "CVE-2025-7775",
54926
57002
  "CVE-2025-8088",
54927
57003
  "CVE-2025-8110",
57004
+ "CVE-2025-8747",
54928
57005
  "CVE-2025-8875",
54929
57006
  "CVE-2025-8876",
54930
57007
  "CVE-2025-9242",
@@ -54979,6 +57056,7 @@
54979
57056
  "CVE-2026-33017",
54980
57057
  "CVE-2026-33634",
54981
57058
  "CVE-2026-33825",
57059
+ "CVE-2026-34159",
54982
57060
  "CVE-2026-34197",
54983
57061
  "CVE-2026-34621",
54984
57062
  "CVE-2026-34926",
@@ -55194,6 +57272,8 @@
55194
57272
  "CVE-2024-27443",
55195
57273
  "CVE-2024-37079",
55196
57274
  "CVE-2024-42009",
57275
+ "CVE-2024-42478",
57276
+ "CVE-2024-42479",
55197
57277
  "CVE-2024-43468",
55198
57278
  "CVE-2024-50050",
55199
57279
  "CVE-2024-54085",
@@ -55215,6 +57295,7 @@
55215
57295
  "CVE-2025-14174",
55216
57296
  "CVE-2025-14611",
55217
57297
  "CVE-2025-14733",
57298
+ "CVE-2025-1550",
55218
57299
  "CVE-2025-15556",
55219
57300
  "CVE-2025-20281",
55220
57301
  "CVE-2025-20333",
@@ -55347,6 +57428,7 @@
55347
57428
  "CVE-2025-7775",
55348
57429
  "CVE-2025-8088",
55349
57430
  "CVE-2025-8110",
57431
+ "CVE-2025-8747",
55350
57432
  "CVE-2025-8875",
55351
57433
  "CVE-2025-8876",
55352
57434
  "CVE-2025-9242",
@@ -55401,6 +57483,7 @@
55401
57483
  "CVE-2026-33017",
55402
57484
  "CVE-2026-33634",
55403
57485
  "CVE-2026-33825",
57486
+ "CVE-2026-34159",
55404
57487
  "CVE-2026-34197",
55405
57488
  "CVE-2026-34621",
55406
57489
  "CVE-2026-34926",
@@ -55640,11 +57723,14 @@
55640
57723
  "CVE-2024-0132",
55641
57724
  "CVE-2024-3094",
55642
57725
  "CVE-2024-3154",
57726
+ "CVE-2024-42478",
57727
+ "CVE-2024-42479",
55643
57728
  "CVE-2024-50050",
55644
57729
  "CVE-2025-0133",
55645
57730
  "CVE-2025-10585",
55646
57731
  "CVE-2025-1094",
55647
57732
  "CVE-2025-14174",
57733
+ "CVE-2025-1550",
55648
57734
  "CVE-2025-23254",
55649
57735
  "CVE-2025-23266",
55650
57736
  "CVE-2025-30165",
@@ -55658,6 +57744,7 @@
55658
57744
  "CVE-2025-60455",
55659
57745
  "CVE-2025-64496",
55660
57746
  "CVE-2025-6965",
57747
+ "CVE-2025-8747",
55661
57748
  "CVE-2026-0766",
55662
57749
  "CVE-2026-22252",
55663
57750
  "CVE-2026-22688",
@@ -55672,6 +57759,7 @@
55672
57759
  "CVE-2026-30624",
55673
57760
  "CVE-2026-30625",
55674
57761
  "CVE-2026-31431",
57762
+ "CVE-2026-34159",
55675
57763
  "CVE-2026-34926",
55676
57764
  "CVE-2026-39884",
55677
57765
  "CVE-2026-40933",
@@ -56442,6 +58530,8 @@
56442
58530
  "CVE-2024-27443",
56443
58531
  "CVE-2024-37079",
56444
58532
  "CVE-2024-42009",
58533
+ "CVE-2024-42478",
58534
+ "CVE-2024-42479",
56445
58535
  "CVE-2024-43468",
56446
58536
  "CVE-2024-50050",
56447
58537
  "CVE-2024-54085",
@@ -56463,6 +58553,7 @@
56463
58553
  "CVE-2025-14174",
56464
58554
  "CVE-2025-14611",
56465
58555
  "CVE-2025-14733",
58556
+ "CVE-2025-1550",
56466
58557
  "CVE-2025-15556",
56467
58558
  "CVE-2025-20281",
56468
58559
  "CVE-2025-20333",
@@ -56595,6 +58686,7 @@
56595
58686
  "CVE-2025-7775",
56596
58687
  "CVE-2025-8088",
56597
58688
  "CVE-2025-8110",
58689
+ "CVE-2025-8747",
56598
58690
  "CVE-2025-8875",
56599
58691
  "CVE-2025-8876",
56600
58692
  "CVE-2025-9242",
@@ -56649,6 +58741,7 @@
56649
58741
  "CVE-2026-33017",
56650
58742
  "CVE-2026-33634",
56651
58743
  "CVE-2026-33825",
58744
+ "CVE-2026-34159",
56652
58745
  "CVE-2026-34197",
56653
58746
  "CVE-2026-34621",
56654
58747
  "CVE-2026-34926",
@@ -56952,11 +59045,14 @@
56952
59045
  "CVE-2024-0132",
56953
59046
  "CVE-2024-3094",
56954
59047
  "CVE-2024-3154",
59048
+ "CVE-2024-42478",
59049
+ "CVE-2024-42479",
56955
59050
  "CVE-2024-50050",
56956
59051
  "CVE-2025-0133",
56957
59052
  "CVE-2025-10585",
56958
59053
  "CVE-2025-1094",
56959
59054
  "CVE-2025-14174",
59055
+ "CVE-2025-1550",
56960
59056
  "CVE-2025-23254",
56961
59057
  "CVE-2025-23266",
56962
59058
  "CVE-2025-30165",
@@ -56970,6 +59066,7 @@
56970
59066
  "CVE-2025-60455",
56971
59067
  "CVE-2025-64496",
56972
59068
  "CVE-2025-6965",
59069
+ "CVE-2025-8747",
56973
59070
  "CVE-2026-0766",
56974
59071
  "CVE-2026-22252",
56975
59072
  "CVE-2026-22688",
@@ -56984,6 +59081,7 @@
56984
59081
  "CVE-2026-30624",
56985
59082
  "CVE-2026-30625",
56986
59083
  "CVE-2026-31431",
59084
+ "CVE-2026-34159",
56987
59085
  "CVE-2026-34926",
56988
59086
  "CVE-2026-39884",
56989
59087
  "CVE-2026-40933",
@@ -57282,6 +59380,8 @@
57282
59380
  "CVE-2024-3154",
57283
59381
  "CVE-2024-37079",
57284
59382
  "CVE-2024-42009",
59383
+ "CVE-2024-42478",
59384
+ "CVE-2024-42479",
57285
59385
  "CVE-2024-43468",
57286
59386
  "CVE-2024-50050",
57287
59387
  "CVE-2024-54085",
@@ -57304,6 +59404,7 @@
57304
59404
  "CVE-2025-14174",
57305
59405
  "CVE-2025-14611",
57306
59406
  "CVE-2025-14733",
59407
+ "CVE-2025-1550",
57307
59408
  "CVE-2025-15556",
57308
59409
  "CVE-2025-20281",
57309
59410
  "CVE-2025-20333",
@@ -57438,6 +59539,7 @@
57438
59539
  "CVE-2025-7775",
57439
59540
  "CVE-2025-8088",
57440
59541
  "CVE-2025-8110",
59542
+ "CVE-2025-8747",
57441
59543
  "CVE-2025-8875",
57442
59544
  "CVE-2025-8876",
57443
59545
  "CVE-2025-9242",
@@ -57494,6 +59596,7 @@
57494
59596
  "CVE-2026-33017",
57495
59597
  "CVE-2026-33634",
57496
59598
  "CVE-2026-33825",
59599
+ "CVE-2026-34159",
57497
59600
  "CVE-2026-34197",
57498
59601
  "CVE-2026-34621",
57499
59602
  "CVE-2026-34926",
@@ -57809,10 +59912,13 @@
57809
59912
  "CVE-2024-0132",
57810
59913
  "CVE-2024-3094",
57811
59914
  "CVE-2024-3154",
59915
+ "CVE-2024-42478",
59916
+ "CVE-2024-42479",
57812
59917
  "CVE-2024-50050",
57813
59918
  "CVE-2025-10585",
57814
59919
  "CVE-2025-1094",
57815
59920
  "CVE-2025-14174",
59921
+ "CVE-2025-1550",
57816
59922
  "CVE-2025-23254",
57817
59923
  "CVE-2025-23266",
57818
59924
  "CVE-2025-30165",
@@ -57825,6 +59931,7 @@
57825
59931
  "CVE-2025-54136",
57826
59932
  "CVE-2025-60455",
57827
59933
  "CVE-2025-64496",
59934
+ "CVE-2025-8747",
57828
59935
  "CVE-2026-0766",
57829
59936
  "CVE-2026-22252",
57830
59937
  "CVE-2026-22688",
@@ -57838,6 +59945,7 @@
57838
59945
  "CVE-2026-30624",
57839
59946
  "CVE-2026-30625",
57840
59947
  "CVE-2026-31431",
59948
+ "CVE-2026-34159",
57841
59949
  "CVE-2026-34926",
57842
59950
  "CVE-2026-39884",
57843
59951
  "CVE-2026-40933",
@@ -58745,11 +60853,14 @@
58745
60853
  "CVE-2024-0132",
58746
60854
  "CVE-2024-3094",
58747
60855
  "CVE-2024-3154",
60856
+ "CVE-2024-42478",
60857
+ "CVE-2024-42479",
58748
60858
  "CVE-2024-50050",
58749
60859
  "CVE-2025-0133",
58750
60860
  "CVE-2025-10585",
58751
60861
  "CVE-2025-1094",
58752
60862
  "CVE-2025-14174",
60863
+ "CVE-2025-1550",
58753
60864
  "CVE-2025-23254",
58754
60865
  "CVE-2025-23266",
58755
60866
  "CVE-2025-30165",
@@ -58763,6 +60874,7 @@
58763
60874
  "CVE-2025-60455",
58764
60875
  "CVE-2025-64496",
58765
60876
  "CVE-2025-6965",
60877
+ "CVE-2025-8747",
58766
60878
  "CVE-2026-0766",
58767
60879
  "CVE-2026-22252",
58768
60880
  "CVE-2026-22688",
@@ -58777,6 +60889,7 @@
58777
60889
  "CVE-2026-30624",
58778
60890
  "CVE-2026-30625",
58779
60891
  "CVE-2026-31431",
60892
+ "CVE-2026-34159",
58780
60893
  "CVE-2026-34926",
58781
60894
  "CVE-2026-39884",
58782
60895
  "CVE-2026-40933",
@@ -58843,10 +60956,13 @@
58843
60956
  "related_cves": [
58844
60957
  "CVE-2023-48022",
58845
60958
  "CVE-2024-0132",
60959
+ "CVE-2024-42478",
60960
+ "CVE-2024-42479",
58846
60961
  "CVE-2024-50050",
58847
60962
  "CVE-2025-10585",
58848
60963
  "CVE-2025-1094",
58849
60964
  "CVE-2025-14174",
60965
+ "CVE-2025-1550",
58850
60966
  "CVE-2025-23254",
58851
60967
  "CVE-2025-23266",
58852
60968
  "CVE-2025-30165",
@@ -58857,6 +60973,7 @@
58857
60973
  "CVE-2025-54136",
58858
60974
  "CVE-2025-60455",
58859
60975
  "CVE-2025-64496",
60976
+ "CVE-2025-8747",
58860
60977
  "CVE-2026-0766",
58861
60978
  "CVE-2026-22252",
58862
60979
  "CVE-2026-22688",
@@ -58869,6 +60986,7 @@
58869
60986
  "CVE-2026-30624",
58870
60987
  "CVE-2026-30625",
58871
60988
  "CVE-2026-31431",
60989
+ "CVE-2026-34159",
58872
60990
  "CVE-2026-34926",
58873
60991
  "CVE-2026-39884",
58874
60992
  "CVE-2026-40933",
@@ -59013,10 +61131,13 @@
59013
61131
  "CVE-2023-43472",
59014
61132
  "CVE-2023-48022",
59015
61133
  "CVE-2024-0132",
61134
+ "CVE-2024-42478",
61135
+ "CVE-2024-42479",
59016
61136
  "CVE-2024-50050",
59017
61137
  "CVE-2025-0133",
59018
61138
  "CVE-2025-1094",
59019
61139
  "CVE-2025-11837",
61140
+ "CVE-2025-1550",
59020
61141
  "CVE-2025-23254",
59021
61142
  "CVE-2025-23266",
59022
61143
  "CVE-2025-30165",
@@ -59027,6 +61148,7 @@
59027
61148
  "CVE-2025-60455",
59028
61149
  "CVE-2025-64496",
59029
61150
  "CVE-2025-6965",
61151
+ "CVE-2025-8747",
59030
61152
  "CVE-2026-0766",
59031
61153
  "CVE-2026-22252",
59032
61154
  "CVE-2026-22688",
@@ -59042,6 +61164,7 @@
59042
61164
  "CVE-2026-30625",
59043
61165
  "CVE-2026-32202",
59044
61166
  "CVE-2026-33825",
61167
+ "CVE-2026-34159",
59045
61168
  "CVE-2026-39884",
59046
61169
  "CVE-2026-40933",
59047
61170
  "CVE-2026-42208"
@@ -59442,6 +61565,8 @@
59442
61565
  "CVE-2024-3094",
59443
61566
  "CVE-2024-37079",
59444
61567
  "CVE-2024-42009",
61568
+ "CVE-2024-42478",
61569
+ "CVE-2024-42479",
59445
61570
  "CVE-2024-43468",
59446
61571
  "CVE-2024-50050",
59447
61572
  "CVE-2024-54085",
@@ -59461,6 +61586,7 @@
59461
61586
  "CVE-2025-14174",
59462
61587
  "CVE-2025-14611",
59463
61588
  "CVE-2025-14733",
61589
+ "CVE-2025-1550",
59464
61590
  "CVE-2025-15556",
59465
61591
  "CVE-2025-20281",
59466
61592
  "CVE-2025-20333",
@@ -59587,6 +61713,7 @@
59587
61713
  "CVE-2025-7775",
59588
61714
  "CVE-2025-8088",
59589
61715
  "CVE-2025-8110",
61716
+ "CVE-2025-8747",
59590
61717
  "CVE-2025-8875",
59591
61718
  "CVE-2025-8876",
59592
61719
  "CVE-2025-9242",
@@ -59638,6 +61765,7 @@
59638
61765
  "CVE-2026-32201",
59639
61766
  "CVE-2026-33017",
59640
61767
  "CVE-2026-33634",
61768
+ "CVE-2026-34159",
59641
61769
  "CVE-2026-34197",
59642
61770
  "CVE-2026-34621",
59643
61771
  "CVE-2026-34926",
@@ -59877,11 +62005,14 @@
59877
62005
  "CVE-2024-0132",
59878
62006
  "CVE-2024-3094",
59879
62007
  "CVE-2024-3154",
62008
+ "CVE-2024-42478",
62009
+ "CVE-2024-42479",
59880
62010
  "CVE-2024-50050",
59881
62011
  "CVE-2025-0133",
59882
62012
  "CVE-2025-10585",
59883
62013
  "CVE-2025-1094",
59884
62014
  "CVE-2025-14174",
62015
+ "CVE-2025-1550",
59885
62016
  "CVE-2025-23254",
59886
62017
  "CVE-2025-23266",
59887
62018
  "CVE-2025-30165",
@@ -59895,6 +62026,7 @@
59895
62026
  "CVE-2025-60455",
59896
62027
  "CVE-2025-64496",
59897
62028
  "CVE-2025-6965",
62029
+ "CVE-2025-8747",
59898
62030
  "CVE-2026-0766",
59899
62031
  "CVE-2026-22252",
59900
62032
  "CVE-2026-22688",
@@ -59909,6 +62041,7 @@
59909
62041
  "CVE-2026-30624",
59910
62042
  "CVE-2026-30625",
59911
62043
  "CVE-2026-31431",
62044
+ "CVE-2026-34159",
59912
62045
  "CVE-2026-34926",
59913
62046
  "CVE-2026-39884",
59914
62047
  "CVE-2026-40933",
@@ -60170,11 +62303,14 @@
60170
62303
  "CVE-2024-0132",
60171
62304
  "CVE-2024-3094",
60172
62305
  "CVE-2024-40635",
62306
+ "CVE-2024-42478",
62307
+ "CVE-2024-42479",
60173
62308
  "CVE-2024-50050",
60174
62309
  "CVE-2025-0133",
60175
62310
  "CVE-2025-1094",
60176
62311
  "CVE-2025-11837",
60177
62312
  "CVE-2025-14847",
62313
+ "CVE-2025-1550",
60178
62314
  "CVE-2025-22226",
60179
62315
  "CVE-2025-23254",
60180
62316
  "CVE-2025-23266",
@@ -60187,6 +62323,7 @@
60187
62323
  "CVE-2025-60455",
60188
62324
  "CVE-2025-64496",
60189
62325
  "CVE-2025-6965",
62326
+ "CVE-2025-8747",
60190
62327
  "CVE-2026-0766",
60191
62328
  "CVE-2026-22252",
60192
62329
  "CVE-2026-22688",
@@ -60203,6 +62340,7 @@
60203
62340
  "CVE-2026-30625",
60204
62341
  "CVE-2026-32202",
60205
62342
  "CVE-2026-33825",
62343
+ "CVE-2026-34159",
60206
62344
  "CVE-2026-39884",
60207
62345
  "CVE-2026-40933",
60208
62346
  "CVE-2026-42208",