@blamejs/exceptd-skills 0.13.84 → 0.13.85
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +770 -0
- package/data/atlas-ttps.json +3 -0
- package/data/attack-techniques.json +4 -0
- package/data/cve-catalog.json +210 -0
- package/data/cwe-catalog.json +3 -0
- package/data/framework-control-gaps.json +16 -0
- package/data/zeroday-lessons.json +100 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
|
@@ -26617,6 +26617,730 @@
|
|
|
26617
26617
|
]
|
|
26618
26618
|
}
|
|
26619
26619
|
},
|
|
26620
|
+
"CVE-2023-43654": {
|
|
26621
|
+
"name": "PyTorch TorchServe Management API SSRF to Remote Code Execution (ShellTorch)",
|
|
26622
|
+
"rwep": 31,
|
|
26623
|
+
"cvss": 9.8,
|
|
26624
|
+
"cisa_kev": false,
|
|
26625
|
+
"epss_score": null,
|
|
26626
|
+
"referencing_skills": [
|
|
26627
|
+
"kernel-lpe-triage",
|
|
26628
|
+
"ai-attack-surface",
|
|
26629
|
+
"compliance-theater",
|
|
26630
|
+
"attack-surface-pentest",
|
|
26631
|
+
"ot-ics-security",
|
|
26632
|
+
"coordinated-vuln-disclosure",
|
|
26633
|
+
"sector-energy"
|
|
26634
|
+
],
|
|
26635
|
+
"chain": {
|
|
26636
|
+
"cwes": [
|
|
26637
|
+
{
|
|
26638
|
+
"id": "CWE-1037",
|
|
26639
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
26640
|
+
"category": "Hardware / Side Channel"
|
|
26641
|
+
},
|
|
26642
|
+
{
|
|
26643
|
+
"id": "CWE-1039",
|
|
26644
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
26645
|
+
"category": "AI/ML"
|
|
26646
|
+
},
|
|
26647
|
+
{
|
|
26648
|
+
"id": "CWE-125",
|
|
26649
|
+
"name": "Out-of-bounds Read",
|
|
26650
|
+
"category": "Memory Safety"
|
|
26651
|
+
},
|
|
26652
|
+
{
|
|
26653
|
+
"id": "CWE-1357",
|
|
26654
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
26655
|
+
"category": "Supply Chain"
|
|
26656
|
+
},
|
|
26657
|
+
{
|
|
26658
|
+
"id": "CWE-1395",
|
|
26659
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
26660
|
+
"category": "Supply Chain"
|
|
26661
|
+
},
|
|
26662
|
+
{
|
|
26663
|
+
"id": "CWE-1426",
|
|
26664
|
+
"name": "Improper Validation of Generative AI Output",
|
|
26665
|
+
"category": "AI/ML"
|
|
26666
|
+
},
|
|
26667
|
+
{
|
|
26668
|
+
"id": "CWE-22",
|
|
26669
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
26670
|
+
"category": "Path/Resource"
|
|
26671
|
+
},
|
|
26672
|
+
{
|
|
26673
|
+
"id": "CWE-269",
|
|
26674
|
+
"name": "Improper Privilege Management",
|
|
26675
|
+
"category": "Authorization"
|
|
26676
|
+
},
|
|
26677
|
+
{
|
|
26678
|
+
"id": "CWE-287",
|
|
26679
|
+
"name": "Improper Authentication",
|
|
26680
|
+
"category": "Authentication"
|
|
26681
|
+
},
|
|
26682
|
+
{
|
|
26683
|
+
"id": "CWE-306",
|
|
26684
|
+
"name": "Missing Authentication for Critical Function",
|
|
26685
|
+
"category": "Authentication"
|
|
26686
|
+
},
|
|
26687
|
+
{
|
|
26688
|
+
"id": "CWE-352",
|
|
26689
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
26690
|
+
"category": "Session"
|
|
26691
|
+
},
|
|
26692
|
+
{
|
|
26693
|
+
"id": "CWE-362",
|
|
26694
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
26695
|
+
"category": "Concurrency"
|
|
26696
|
+
},
|
|
26697
|
+
{
|
|
26698
|
+
"id": "CWE-416",
|
|
26699
|
+
"name": "Use After Free",
|
|
26700
|
+
"category": "Memory Safety"
|
|
26701
|
+
},
|
|
26702
|
+
{
|
|
26703
|
+
"id": "CWE-434",
|
|
26704
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
26705
|
+
"category": "File Handling"
|
|
26706
|
+
},
|
|
26707
|
+
{
|
|
26708
|
+
"id": "CWE-672",
|
|
26709
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
26710
|
+
"category": "Memory Safety"
|
|
26711
|
+
},
|
|
26712
|
+
{
|
|
26713
|
+
"id": "CWE-732",
|
|
26714
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
26715
|
+
"category": "Authorization"
|
|
26716
|
+
},
|
|
26717
|
+
{
|
|
26718
|
+
"id": "CWE-78",
|
|
26719
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
26720
|
+
"category": "Injection"
|
|
26721
|
+
},
|
|
26722
|
+
{
|
|
26723
|
+
"id": "CWE-787",
|
|
26724
|
+
"name": "Out-of-bounds Write",
|
|
26725
|
+
"category": "Memory Safety"
|
|
26726
|
+
},
|
|
26727
|
+
{
|
|
26728
|
+
"id": "CWE-79",
|
|
26729
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
26730
|
+
"category": "Injection"
|
|
26731
|
+
},
|
|
26732
|
+
{
|
|
26733
|
+
"id": "CWE-798",
|
|
26734
|
+
"name": "Use of Hard-coded Credentials",
|
|
26735
|
+
"category": "Credentials"
|
|
26736
|
+
},
|
|
26737
|
+
{
|
|
26738
|
+
"id": "CWE-89",
|
|
26739
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
26740
|
+
"category": "Injection"
|
|
26741
|
+
},
|
|
26742
|
+
{
|
|
26743
|
+
"id": "CWE-918",
|
|
26744
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
26745
|
+
"category": "Network"
|
|
26746
|
+
},
|
|
26747
|
+
{
|
|
26748
|
+
"id": "CWE-94",
|
|
26749
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
26750
|
+
"category": "Injection"
|
|
26751
|
+
}
|
|
26752
|
+
],
|
|
26753
|
+
"atlas": [
|
|
26754
|
+
{
|
|
26755
|
+
"id": "AML.T0010",
|
|
26756
|
+
"name": "ML Supply Chain Compromise",
|
|
26757
|
+
"tactic": "Initial Access"
|
|
26758
|
+
},
|
|
26759
|
+
{
|
|
26760
|
+
"id": "AML.T0016",
|
|
26761
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
26762
|
+
"tactic": "Resource Development"
|
|
26763
|
+
},
|
|
26764
|
+
{
|
|
26765
|
+
"id": "AML.T0017",
|
|
26766
|
+
"name": "Discover ML Model Ontology",
|
|
26767
|
+
"tactic": "Discovery"
|
|
26768
|
+
},
|
|
26769
|
+
{
|
|
26770
|
+
"id": "AML.T0018",
|
|
26771
|
+
"name": "Backdoor ML Model",
|
|
26772
|
+
"tactic": "Persistence"
|
|
26773
|
+
},
|
|
26774
|
+
{
|
|
26775
|
+
"id": "AML.T0020",
|
|
26776
|
+
"name": "Poison Training Data",
|
|
26777
|
+
"tactic": "ML Attack Staging"
|
|
26778
|
+
},
|
|
26779
|
+
{
|
|
26780
|
+
"id": "AML.T0043",
|
|
26781
|
+
"name": "Craft Adversarial Data",
|
|
26782
|
+
"tactic": "ML Attack Staging"
|
|
26783
|
+
},
|
|
26784
|
+
{
|
|
26785
|
+
"id": "AML.T0051",
|
|
26786
|
+
"name": "LLM Prompt Injection",
|
|
26787
|
+
"tactic": "Execution"
|
|
26788
|
+
},
|
|
26789
|
+
{
|
|
26790
|
+
"id": "AML.T0054",
|
|
26791
|
+
"name": "LLM Jailbreak",
|
|
26792
|
+
"tactic": "Defense Evasion"
|
|
26793
|
+
},
|
|
26794
|
+
{
|
|
26795
|
+
"id": "AML.T0096",
|
|
26796
|
+
"name": "AI API as Covert C2 Channel",
|
|
26797
|
+
"tactic": "Command and Control"
|
|
26798
|
+
}
|
|
26799
|
+
],
|
|
26800
|
+
"d3fend": [
|
|
26801
|
+
{
|
|
26802
|
+
"id": "D3-ASLR",
|
|
26803
|
+
"name": "Address Space Layout Randomization",
|
|
26804
|
+
"tactic": "Harden"
|
|
26805
|
+
},
|
|
26806
|
+
{
|
|
26807
|
+
"id": "D3-CSPP",
|
|
26808
|
+
"name": "Client-server Payload Profiling",
|
|
26809
|
+
"tactic": "Detect"
|
|
26810
|
+
},
|
|
26811
|
+
{
|
|
26812
|
+
"id": "D3-EAL",
|
|
26813
|
+
"name": "Executable Allowlisting",
|
|
26814
|
+
"tactic": "Harden"
|
|
26815
|
+
},
|
|
26816
|
+
{
|
|
26817
|
+
"id": "D3-IOPR",
|
|
26818
|
+
"name": "Input/Output Profiling Resource",
|
|
26819
|
+
"tactic": "Detect"
|
|
26820
|
+
},
|
|
26821
|
+
{
|
|
26822
|
+
"id": "D3-NTA",
|
|
26823
|
+
"name": "Network Traffic Analysis",
|
|
26824
|
+
"tactic": "Detect"
|
|
26825
|
+
},
|
|
26826
|
+
{
|
|
26827
|
+
"id": "D3-PHRA",
|
|
26828
|
+
"name": "Process Hardware Resource Access",
|
|
26829
|
+
"tactic": "Isolate"
|
|
26830
|
+
},
|
|
26831
|
+
{
|
|
26832
|
+
"id": "D3-PSEP",
|
|
26833
|
+
"name": "Process Segment Execution Prevention",
|
|
26834
|
+
"tactic": "Harden"
|
|
26835
|
+
}
|
|
26836
|
+
],
|
|
26837
|
+
"framework_gaps": [
|
|
26838
|
+
{
|
|
26839
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
26840
|
+
"framework": "ALL",
|
|
26841
|
+
"control_name": "AI Pipeline Integrity"
|
|
26842
|
+
},
|
|
26843
|
+
{
|
|
26844
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
26845
|
+
"framework": "ALL",
|
|
26846
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
26847
|
+
},
|
|
26848
|
+
{
|
|
26849
|
+
"id": "CIS-Controls-v8-Control7",
|
|
26850
|
+
"framework": "CIS Controls v8",
|
|
26851
|
+
"control_name": "Continuous Vulnerability Management"
|
|
26852
|
+
},
|
|
26853
|
+
{
|
|
26854
|
+
"id": "CMMC-2.0-Level-2",
|
|
26855
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
26856
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
26857
|
+
},
|
|
26858
|
+
{
|
|
26859
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
26860
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
26861
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
26862
|
+
},
|
|
26863
|
+
{
|
|
26864
|
+
"id": "IEC-62443-3-3",
|
|
26865
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
26866
|
+
"control_name": "System security requirements and security levels"
|
|
26867
|
+
},
|
|
26868
|
+
{
|
|
26869
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
26870
|
+
"framework": "ISO/IEC 27001:2022",
|
|
26871
|
+
"control_name": "Secure coding"
|
|
26872
|
+
},
|
|
26873
|
+
{
|
|
26874
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
26875
|
+
"framework": "ISO/IEC 27001:2022",
|
|
26876
|
+
"control_name": "Management of technical vulnerabilities"
|
|
26877
|
+
},
|
|
26878
|
+
{
|
|
26879
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
26880
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
26881
|
+
"control_name": "AI risk management process"
|
|
26882
|
+
},
|
|
26883
|
+
{
|
|
26884
|
+
"id": "NERC-CIP-007-6-R4",
|
|
26885
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
26886
|
+
"control_name": "Security event monitoring"
|
|
26887
|
+
},
|
|
26888
|
+
{
|
|
26889
|
+
"id": "NIS2-Art21-patch-management",
|
|
26890
|
+
"framework": "EU NIS2 Directive",
|
|
26891
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
26892
|
+
},
|
|
26893
|
+
{
|
|
26894
|
+
"id": "NIST-800-115",
|
|
26895
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
26896
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
26897
|
+
},
|
|
26898
|
+
{
|
|
26899
|
+
"id": "NIST-800-218-SSDF",
|
|
26900
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
26901
|
+
"control_name": "Secure Software Development Framework"
|
|
26902
|
+
},
|
|
26903
|
+
{
|
|
26904
|
+
"id": "NIST-800-53-AC-2",
|
|
26905
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
26906
|
+
"control_name": "Account Management"
|
|
26907
|
+
},
|
|
26908
|
+
{
|
|
26909
|
+
"id": "NIST-800-53-SC-8",
|
|
26910
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
26911
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
26912
|
+
},
|
|
26913
|
+
{
|
|
26914
|
+
"id": "NIST-800-53-SI-2",
|
|
26915
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
26916
|
+
"control_name": "Flaw Remediation"
|
|
26917
|
+
},
|
|
26918
|
+
{
|
|
26919
|
+
"id": "NIST-800-53-SI-3",
|
|
26920
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
26921
|
+
"control_name": "Malicious Code Protection"
|
|
26922
|
+
},
|
|
26923
|
+
{
|
|
26924
|
+
"id": "NIST-800-82r3",
|
|
26925
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
26926
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
26927
|
+
},
|
|
26928
|
+
{
|
|
26929
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
26930
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
26931
|
+
"control_name": "Prompt Injection"
|
|
26932
|
+
},
|
|
26933
|
+
{
|
|
26934
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
26935
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
26936
|
+
"control_name": "Sensitive Information Disclosure"
|
|
26937
|
+
},
|
|
26938
|
+
{
|
|
26939
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
26940
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
26941
|
+
"control_name": "Web application penetration testing methodology"
|
|
26942
|
+
},
|
|
26943
|
+
{
|
|
26944
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
26945
|
+
"framework": "PCI DSS 4.0",
|
|
26946
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
26947
|
+
},
|
|
26948
|
+
{
|
|
26949
|
+
"id": "PTES-Pre-engagement",
|
|
26950
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
26951
|
+
"control_name": "Pre-engagement Interactions"
|
|
26952
|
+
},
|
|
26953
|
+
{
|
|
26954
|
+
"id": "SOC2-CC6-logical-access",
|
|
26955
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
26956
|
+
"control_name": "Logical and Physical Access Controls"
|
|
26957
|
+
},
|
|
26958
|
+
{
|
|
26959
|
+
"id": "SOC2-CC9-vendor-management",
|
|
26960
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
26961
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
26962
|
+
}
|
|
26963
|
+
],
|
|
26964
|
+
"attack_refs": [
|
|
26965
|
+
"T0855",
|
|
26966
|
+
"T0883",
|
|
26967
|
+
"T1059",
|
|
26968
|
+
"T1068",
|
|
26969
|
+
"T1078",
|
|
26970
|
+
"T1133",
|
|
26971
|
+
"T1190",
|
|
26972
|
+
"T1548.001",
|
|
26973
|
+
"T1566"
|
|
26974
|
+
],
|
|
26975
|
+
"rfc_refs": [
|
|
26976
|
+
"RFC-4301",
|
|
26977
|
+
"RFC-4303",
|
|
26978
|
+
"RFC-7296"
|
|
26979
|
+
]
|
|
26980
|
+
}
|
|
26981
|
+
},
|
|
26982
|
+
"CVE-2022-1471": {
|
|
26983
|
+
"name": "SnakeYAML Constructor Unsafe Deserialization RCE (ShellTorch chain)",
|
|
26984
|
+
"rwep": 29,
|
|
26985
|
+
"cvss": 9.8,
|
|
26986
|
+
"cisa_kev": false,
|
|
26987
|
+
"epss_score": null,
|
|
26988
|
+
"referencing_skills": [
|
|
26989
|
+
"kernel-lpe-triage",
|
|
26990
|
+
"ai-attack-surface",
|
|
26991
|
+
"compliance-theater",
|
|
26992
|
+
"attack-surface-pentest",
|
|
26993
|
+
"ot-ics-security",
|
|
26994
|
+
"coordinated-vuln-disclosure",
|
|
26995
|
+
"sector-energy"
|
|
26996
|
+
],
|
|
26997
|
+
"chain": {
|
|
26998
|
+
"cwes": [
|
|
26999
|
+
{
|
|
27000
|
+
"id": "CWE-1037",
|
|
27001
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
27002
|
+
"category": "Hardware / Side Channel"
|
|
27003
|
+
},
|
|
27004
|
+
{
|
|
27005
|
+
"id": "CWE-1039",
|
|
27006
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
27007
|
+
"category": "AI/ML"
|
|
27008
|
+
},
|
|
27009
|
+
{
|
|
27010
|
+
"id": "CWE-125",
|
|
27011
|
+
"name": "Out-of-bounds Read",
|
|
27012
|
+
"category": "Memory Safety"
|
|
27013
|
+
},
|
|
27014
|
+
{
|
|
27015
|
+
"id": "CWE-1357",
|
|
27016
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
27017
|
+
"category": "Supply Chain"
|
|
27018
|
+
},
|
|
27019
|
+
{
|
|
27020
|
+
"id": "CWE-1395",
|
|
27021
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
27022
|
+
"category": "Supply Chain"
|
|
27023
|
+
},
|
|
27024
|
+
{
|
|
27025
|
+
"id": "CWE-1426",
|
|
27026
|
+
"name": "Improper Validation of Generative AI Output",
|
|
27027
|
+
"category": "AI/ML"
|
|
27028
|
+
},
|
|
27029
|
+
{
|
|
27030
|
+
"id": "CWE-22",
|
|
27031
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
27032
|
+
"category": "Path/Resource"
|
|
27033
|
+
},
|
|
27034
|
+
{
|
|
27035
|
+
"id": "CWE-269",
|
|
27036
|
+
"name": "Improper Privilege Management",
|
|
27037
|
+
"category": "Authorization"
|
|
27038
|
+
},
|
|
27039
|
+
{
|
|
27040
|
+
"id": "CWE-287",
|
|
27041
|
+
"name": "Improper Authentication",
|
|
27042
|
+
"category": "Authentication"
|
|
27043
|
+
},
|
|
27044
|
+
{
|
|
27045
|
+
"id": "CWE-306",
|
|
27046
|
+
"name": "Missing Authentication for Critical Function",
|
|
27047
|
+
"category": "Authentication"
|
|
27048
|
+
},
|
|
27049
|
+
{
|
|
27050
|
+
"id": "CWE-352",
|
|
27051
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
27052
|
+
"category": "Session"
|
|
27053
|
+
},
|
|
27054
|
+
{
|
|
27055
|
+
"id": "CWE-362",
|
|
27056
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
27057
|
+
"category": "Concurrency"
|
|
27058
|
+
},
|
|
27059
|
+
{
|
|
27060
|
+
"id": "CWE-416",
|
|
27061
|
+
"name": "Use After Free",
|
|
27062
|
+
"category": "Memory Safety"
|
|
27063
|
+
},
|
|
27064
|
+
{
|
|
27065
|
+
"id": "CWE-434",
|
|
27066
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
27067
|
+
"category": "File Handling"
|
|
27068
|
+
},
|
|
27069
|
+
{
|
|
27070
|
+
"id": "CWE-672",
|
|
27071
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
27072
|
+
"category": "Memory Safety"
|
|
27073
|
+
},
|
|
27074
|
+
{
|
|
27075
|
+
"id": "CWE-732",
|
|
27076
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
27077
|
+
"category": "Authorization"
|
|
27078
|
+
},
|
|
27079
|
+
{
|
|
27080
|
+
"id": "CWE-78",
|
|
27081
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
27082
|
+
"category": "Injection"
|
|
27083
|
+
},
|
|
27084
|
+
{
|
|
27085
|
+
"id": "CWE-787",
|
|
27086
|
+
"name": "Out-of-bounds Write",
|
|
27087
|
+
"category": "Memory Safety"
|
|
27088
|
+
},
|
|
27089
|
+
{
|
|
27090
|
+
"id": "CWE-79",
|
|
27091
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
27092
|
+
"category": "Injection"
|
|
27093
|
+
},
|
|
27094
|
+
{
|
|
27095
|
+
"id": "CWE-798",
|
|
27096
|
+
"name": "Use of Hard-coded Credentials",
|
|
27097
|
+
"category": "Credentials"
|
|
27098
|
+
},
|
|
27099
|
+
{
|
|
27100
|
+
"id": "CWE-89",
|
|
27101
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
27102
|
+
"category": "Injection"
|
|
27103
|
+
},
|
|
27104
|
+
{
|
|
27105
|
+
"id": "CWE-918",
|
|
27106
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
27107
|
+
"category": "Network"
|
|
27108
|
+
},
|
|
27109
|
+
{
|
|
27110
|
+
"id": "CWE-94",
|
|
27111
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
27112
|
+
"category": "Injection"
|
|
27113
|
+
}
|
|
27114
|
+
],
|
|
27115
|
+
"atlas": [
|
|
27116
|
+
{
|
|
27117
|
+
"id": "AML.T0010",
|
|
27118
|
+
"name": "ML Supply Chain Compromise",
|
|
27119
|
+
"tactic": "Initial Access"
|
|
27120
|
+
},
|
|
27121
|
+
{
|
|
27122
|
+
"id": "AML.T0016",
|
|
27123
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
27124
|
+
"tactic": "Resource Development"
|
|
27125
|
+
},
|
|
27126
|
+
{
|
|
27127
|
+
"id": "AML.T0017",
|
|
27128
|
+
"name": "Discover ML Model Ontology",
|
|
27129
|
+
"tactic": "Discovery"
|
|
27130
|
+
},
|
|
27131
|
+
{
|
|
27132
|
+
"id": "AML.T0018",
|
|
27133
|
+
"name": "Backdoor ML Model",
|
|
27134
|
+
"tactic": "Persistence"
|
|
27135
|
+
},
|
|
27136
|
+
{
|
|
27137
|
+
"id": "AML.T0020",
|
|
27138
|
+
"name": "Poison Training Data",
|
|
27139
|
+
"tactic": "ML Attack Staging"
|
|
27140
|
+
},
|
|
27141
|
+
{
|
|
27142
|
+
"id": "AML.T0043",
|
|
27143
|
+
"name": "Craft Adversarial Data",
|
|
27144
|
+
"tactic": "ML Attack Staging"
|
|
27145
|
+
},
|
|
27146
|
+
{
|
|
27147
|
+
"id": "AML.T0051",
|
|
27148
|
+
"name": "LLM Prompt Injection",
|
|
27149
|
+
"tactic": "Execution"
|
|
27150
|
+
},
|
|
27151
|
+
{
|
|
27152
|
+
"id": "AML.T0054",
|
|
27153
|
+
"name": "LLM Jailbreak",
|
|
27154
|
+
"tactic": "Defense Evasion"
|
|
27155
|
+
},
|
|
27156
|
+
{
|
|
27157
|
+
"id": "AML.T0096",
|
|
27158
|
+
"name": "AI API as Covert C2 Channel",
|
|
27159
|
+
"tactic": "Command and Control"
|
|
27160
|
+
}
|
|
27161
|
+
],
|
|
27162
|
+
"d3fend": [
|
|
27163
|
+
{
|
|
27164
|
+
"id": "D3-ASLR",
|
|
27165
|
+
"name": "Address Space Layout Randomization",
|
|
27166
|
+
"tactic": "Harden"
|
|
27167
|
+
},
|
|
27168
|
+
{
|
|
27169
|
+
"id": "D3-CSPP",
|
|
27170
|
+
"name": "Client-server Payload Profiling",
|
|
27171
|
+
"tactic": "Detect"
|
|
27172
|
+
},
|
|
27173
|
+
{
|
|
27174
|
+
"id": "D3-EAL",
|
|
27175
|
+
"name": "Executable Allowlisting",
|
|
27176
|
+
"tactic": "Harden"
|
|
27177
|
+
},
|
|
27178
|
+
{
|
|
27179
|
+
"id": "D3-IOPR",
|
|
27180
|
+
"name": "Input/Output Profiling Resource",
|
|
27181
|
+
"tactic": "Detect"
|
|
27182
|
+
},
|
|
27183
|
+
{
|
|
27184
|
+
"id": "D3-NTA",
|
|
27185
|
+
"name": "Network Traffic Analysis",
|
|
27186
|
+
"tactic": "Detect"
|
|
27187
|
+
},
|
|
27188
|
+
{
|
|
27189
|
+
"id": "D3-PHRA",
|
|
27190
|
+
"name": "Process Hardware Resource Access",
|
|
27191
|
+
"tactic": "Isolate"
|
|
27192
|
+
},
|
|
27193
|
+
{
|
|
27194
|
+
"id": "D3-PSEP",
|
|
27195
|
+
"name": "Process Segment Execution Prevention",
|
|
27196
|
+
"tactic": "Harden"
|
|
27197
|
+
}
|
|
27198
|
+
],
|
|
27199
|
+
"framework_gaps": [
|
|
27200
|
+
{
|
|
27201
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
27202
|
+
"framework": "ALL",
|
|
27203
|
+
"control_name": "AI Pipeline Integrity"
|
|
27204
|
+
},
|
|
27205
|
+
{
|
|
27206
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
27207
|
+
"framework": "ALL",
|
|
27208
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
27209
|
+
},
|
|
27210
|
+
{
|
|
27211
|
+
"id": "CIS-Controls-v8-Control7",
|
|
27212
|
+
"framework": "CIS Controls v8",
|
|
27213
|
+
"control_name": "Continuous Vulnerability Management"
|
|
27214
|
+
},
|
|
27215
|
+
{
|
|
27216
|
+
"id": "CMMC-2.0-Level-2",
|
|
27217
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
27218
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
27219
|
+
},
|
|
27220
|
+
{
|
|
27221
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
27222
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
27223
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
27224
|
+
},
|
|
27225
|
+
{
|
|
27226
|
+
"id": "IEC-62443-3-3",
|
|
27227
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
27228
|
+
"control_name": "System security requirements and security levels"
|
|
27229
|
+
},
|
|
27230
|
+
{
|
|
27231
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
27232
|
+
"framework": "ISO/IEC 27001:2022",
|
|
27233
|
+
"control_name": "Secure coding"
|
|
27234
|
+
},
|
|
27235
|
+
{
|
|
27236
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
27237
|
+
"framework": "ISO/IEC 27001:2022",
|
|
27238
|
+
"control_name": "Management of technical vulnerabilities"
|
|
27239
|
+
},
|
|
27240
|
+
{
|
|
27241
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
27242
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
27243
|
+
"control_name": "AI risk management process"
|
|
27244
|
+
},
|
|
27245
|
+
{
|
|
27246
|
+
"id": "NERC-CIP-007-6-R4",
|
|
27247
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
27248
|
+
"control_name": "Security event monitoring"
|
|
27249
|
+
},
|
|
27250
|
+
{
|
|
27251
|
+
"id": "NIS2-Art21-patch-management",
|
|
27252
|
+
"framework": "EU NIS2 Directive",
|
|
27253
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
27254
|
+
},
|
|
27255
|
+
{
|
|
27256
|
+
"id": "NIST-800-115",
|
|
27257
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
27258
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
27259
|
+
},
|
|
27260
|
+
{
|
|
27261
|
+
"id": "NIST-800-218-SSDF",
|
|
27262
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
27263
|
+
"control_name": "Secure Software Development Framework"
|
|
27264
|
+
},
|
|
27265
|
+
{
|
|
27266
|
+
"id": "NIST-800-53-AC-2",
|
|
27267
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27268
|
+
"control_name": "Account Management"
|
|
27269
|
+
},
|
|
27270
|
+
{
|
|
27271
|
+
"id": "NIST-800-53-SC-8",
|
|
27272
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27273
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
27274
|
+
},
|
|
27275
|
+
{
|
|
27276
|
+
"id": "NIST-800-53-SI-2",
|
|
27277
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27278
|
+
"control_name": "Flaw Remediation"
|
|
27279
|
+
},
|
|
27280
|
+
{
|
|
27281
|
+
"id": "NIST-800-53-SI-3",
|
|
27282
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27283
|
+
"control_name": "Malicious Code Protection"
|
|
27284
|
+
},
|
|
27285
|
+
{
|
|
27286
|
+
"id": "NIST-800-82r3",
|
|
27287
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
27288
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
27289
|
+
},
|
|
27290
|
+
{
|
|
27291
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
27292
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
27293
|
+
"control_name": "Prompt Injection"
|
|
27294
|
+
},
|
|
27295
|
+
{
|
|
27296
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
27297
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
27298
|
+
"control_name": "Sensitive Information Disclosure"
|
|
27299
|
+
},
|
|
27300
|
+
{
|
|
27301
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
27302
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
27303
|
+
"control_name": "Web application penetration testing methodology"
|
|
27304
|
+
},
|
|
27305
|
+
{
|
|
27306
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
27307
|
+
"framework": "PCI DSS 4.0",
|
|
27308
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
27309
|
+
},
|
|
27310
|
+
{
|
|
27311
|
+
"id": "PTES-Pre-engagement",
|
|
27312
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
27313
|
+
"control_name": "Pre-engagement Interactions"
|
|
27314
|
+
},
|
|
27315
|
+
{
|
|
27316
|
+
"id": "SOC2-CC6-logical-access",
|
|
27317
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
27318
|
+
"control_name": "Logical and Physical Access Controls"
|
|
27319
|
+
},
|
|
27320
|
+
{
|
|
27321
|
+
"id": "SOC2-CC9-vendor-management",
|
|
27322
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
27323
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
27324
|
+
}
|
|
27325
|
+
],
|
|
27326
|
+
"attack_refs": [
|
|
27327
|
+
"T0855",
|
|
27328
|
+
"T0883",
|
|
27329
|
+
"T1059",
|
|
27330
|
+
"T1068",
|
|
27331
|
+
"T1078",
|
|
27332
|
+
"T1133",
|
|
27333
|
+
"T1190",
|
|
27334
|
+
"T1548.001",
|
|
27335
|
+
"T1566"
|
|
27336
|
+
],
|
|
27337
|
+
"rfc_refs": [
|
|
27338
|
+
"RFC-4301",
|
|
27339
|
+
"RFC-4303",
|
|
27340
|
+
"RFC-7296"
|
|
27341
|
+
]
|
|
27342
|
+
}
|
|
27343
|
+
},
|
|
26620
27344
|
"CVE-2026-41091": {
|
|
26621
27345
|
"name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
|
|
26622
27346
|
"rwep": 45,
|
|
@@ -52992,7 +53716,9 @@
|
|
|
52992
53716
|
},
|
|
52993
53717
|
"related_cves": [
|
|
52994
53718
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
53719
|
+
"CVE-2022-1471",
|
|
52995
53720
|
"CVE-2023-43472",
|
|
53721
|
+
"CVE-2023-43654",
|
|
52996
53722
|
"CVE-2023-48022",
|
|
52997
53723
|
"CVE-2024-0132",
|
|
52998
53724
|
"CVE-2024-3094",
|
|
@@ -53368,7 +54094,9 @@
|
|
|
53368
54094
|
]
|
|
53369
54095
|
},
|
|
53370
54096
|
"related_cves": [
|
|
54097
|
+
"CVE-2022-1471",
|
|
53371
54098
|
"CVE-2023-43472",
|
|
54099
|
+
"CVE-2023-43654",
|
|
53372
54100
|
"CVE-2023-48022",
|
|
53373
54101
|
"CVE-2024-0132",
|
|
53374
54102
|
"CVE-2024-42478",
|
|
@@ -53535,7 +54263,9 @@
|
|
|
53535
54263
|
]
|
|
53536
54264
|
},
|
|
53537
54265
|
"related_cves": [
|
|
54266
|
+
"CVE-2022-1471",
|
|
53538
54267
|
"CVE-2023-43472",
|
|
54268
|
+
"CVE-2023-43654",
|
|
53539
54269
|
"CVE-2023-48022",
|
|
53540
54270
|
"CVE-2024-0132",
|
|
53541
54271
|
"CVE-2024-42478",
|
|
@@ -53716,7 +54446,9 @@
|
|
|
53716
54446
|
]
|
|
53717
54447
|
},
|
|
53718
54448
|
"related_cves": [
|
|
54449
|
+
"CVE-2022-1471",
|
|
53719
54450
|
"CVE-2023-43472",
|
|
54451
|
+
"CVE-2023-43654",
|
|
53720
54452
|
"CVE-2023-48022",
|
|
53721
54453
|
"CVE-2024-0132",
|
|
53722
54454
|
"CVE-2024-42478",
|
|
@@ -54001,7 +54733,9 @@
|
|
|
54001
54733
|
"related_cves": [
|
|
54002
54734
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
54003
54735
|
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
54736
|
+
"CVE-2022-1471",
|
|
54004
54737
|
"CVE-2023-43472",
|
|
54738
|
+
"CVE-2023-43654",
|
|
54005
54739
|
"CVE-2023-48022",
|
|
54006
54740
|
"CVE-2024-0132",
|
|
54007
54741
|
"CVE-2024-3094",
|
|
@@ -54226,6 +54960,7 @@
|
|
|
54226
54960
|
"CVE-2021-39935",
|
|
54227
54961
|
"CVE-2021-43226",
|
|
54228
54962
|
"CVE-2021-43798",
|
|
54963
|
+
"CVE-2022-1471",
|
|
54229
54964
|
"CVE-2022-20775",
|
|
54230
54965
|
"CVE-2022-37055",
|
|
54231
54966
|
"CVE-2022-40799",
|
|
@@ -54241,6 +54976,7 @@
|
|
|
54241
54976
|
"CVE-2023-39780",
|
|
54242
54977
|
"CVE-2023-41974",
|
|
54243
54978
|
"CVE-2023-43000",
|
|
54979
|
+
"CVE-2023-43654",
|
|
54244
54980
|
"CVE-2023-48022",
|
|
54245
54981
|
"CVE-2023-50224",
|
|
54246
54982
|
"CVE-2023-52163",
|
|
@@ -55065,7 +55801,9 @@
|
|
|
55065
55801
|
},
|
|
55066
55802
|
"related_cves": [
|
|
55067
55803
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
55804
|
+
"CVE-2022-1471",
|
|
55068
55805
|
"CVE-2023-43472",
|
|
55806
|
+
"CVE-2023-43654",
|
|
55069
55807
|
"CVE-2023-48022",
|
|
55070
55808
|
"CVE-2024-0132",
|
|
55071
55809
|
"CVE-2024-3094",
|
|
@@ -55671,7 +56409,9 @@
|
|
|
55671
56409
|
},
|
|
55672
56410
|
"related_cves": [
|
|
55673
56411
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
56412
|
+
"CVE-2022-1471",
|
|
55674
56413
|
"CVE-2023-43472",
|
|
56414
|
+
"CVE-2023-43654",
|
|
55675
56415
|
"CVE-2023-48022",
|
|
55676
56416
|
"CVE-2024-0132",
|
|
55677
56417
|
"CVE-2024-3094",
|
|
@@ -55916,6 +56656,8 @@
|
|
|
55916
56656
|
]
|
|
55917
56657
|
},
|
|
55918
56658
|
"related_cves": [
|
|
56659
|
+
"CVE-2022-1471",
|
|
56660
|
+
"CVE-2023-43654",
|
|
55919
56661
|
"CVE-2023-48022",
|
|
55920
56662
|
"CVE-2024-0132",
|
|
55921
56663
|
"CVE-2024-3094",
|
|
@@ -56585,7 +57327,9 @@
|
|
|
56585
57327
|
},
|
|
56586
57328
|
"related_cves": [
|
|
56587
57329
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
57330
|
+
"CVE-2022-1471",
|
|
56588
57331
|
"CVE-2023-43472",
|
|
57332
|
+
"CVE-2023-43654",
|
|
56589
57333
|
"CVE-2023-48022",
|
|
56590
57334
|
"CVE-2024-0132",
|
|
56591
57335
|
"CVE-2024-3094",
|
|
@@ -56817,6 +57561,7 @@
|
|
|
56817
57561
|
"CVE-2021-39935",
|
|
56818
57562
|
"CVE-2021-43226",
|
|
56819
57563
|
"CVE-2021-43798",
|
|
57564
|
+
"CVE-2022-1471",
|
|
56820
57565
|
"CVE-2022-20775",
|
|
56821
57566
|
"CVE-2022-37055",
|
|
56822
57567
|
"CVE-2022-40799",
|
|
@@ -56832,6 +57577,7 @@
|
|
|
56832
57577
|
"CVE-2023-39780",
|
|
56833
57578
|
"CVE-2023-41974",
|
|
56834
57579
|
"CVE-2023-43000",
|
|
57580
|
+
"CVE-2023-43654",
|
|
56835
57581
|
"CVE-2023-48022",
|
|
56836
57582
|
"CVE-2023-50224",
|
|
56837
57583
|
"CVE-2023-52163",
|
|
@@ -57244,6 +57990,7 @@
|
|
|
57244
57990
|
"CVE-2021-39935",
|
|
57245
57991
|
"CVE-2021-43226",
|
|
57246
57992
|
"CVE-2021-43798",
|
|
57993
|
+
"CVE-2022-1471",
|
|
57247
57994
|
"CVE-2022-20775",
|
|
57248
57995
|
"CVE-2022-37055",
|
|
57249
57996
|
"CVE-2022-40799",
|
|
@@ -57259,6 +58006,7 @@
|
|
|
57259
58006
|
"CVE-2023-39780",
|
|
57260
58007
|
"CVE-2023-41974",
|
|
57261
58008
|
"CVE-2023-43000",
|
|
58009
|
+
"CVE-2023-43654",
|
|
57262
58010
|
"CVE-2023-48022",
|
|
57263
58011
|
"CVE-2023-50224",
|
|
57264
58012
|
"CVE-2023-52163",
|
|
@@ -57718,7 +58466,9 @@
|
|
|
57718
58466
|
},
|
|
57719
58467
|
"related_cves": [
|
|
57720
58468
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
58469
|
+
"CVE-2022-1471",
|
|
57721
58470
|
"CVE-2023-43472",
|
|
58471
|
+
"CVE-2023-43654",
|
|
57722
58472
|
"CVE-2023-48022",
|
|
57723
58473
|
"CVE-2024-0132",
|
|
57724
58474
|
"CVE-2024-3094",
|
|
@@ -58502,6 +59252,7 @@
|
|
|
58502
59252
|
"CVE-2021-39935",
|
|
58503
59253
|
"CVE-2021-43226",
|
|
58504
59254
|
"CVE-2021-43798",
|
|
59255
|
+
"CVE-2022-1471",
|
|
58505
59256
|
"CVE-2022-20775",
|
|
58506
59257
|
"CVE-2022-37055",
|
|
58507
59258
|
"CVE-2022-40799",
|
|
@@ -58517,6 +59268,7 @@
|
|
|
58517
59268
|
"CVE-2023-39780",
|
|
58518
59269
|
"CVE-2023-41974",
|
|
58519
59270
|
"CVE-2023-43000",
|
|
59271
|
+
"CVE-2023-43654",
|
|
58520
59272
|
"CVE-2023-48022",
|
|
58521
59273
|
"CVE-2023-50224",
|
|
58522
59274
|
"CVE-2023-52163",
|
|
@@ -59040,7 +59792,9 @@
|
|
|
59040
59792
|
},
|
|
59041
59793
|
"related_cves": [
|
|
59042
59794
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
59795
|
+
"CVE-2022-1471",
|
|
59043
59796
|
"CVE-2023-43472",
|
|
59797
|
+
"CVE-2023-43654",
|
|
59044
59798
|
"CVE-2023-48022",
|
|
59045
59799
|
"CVE-2024-0132",
|
|
59046
59800
|
"CVE-2024-3094",
|
|
@@ -59349,6 +60103,7 @@
|
|
|
59349
60103
|
"CVE-2021-39935",
|
|
59350
60104
|
"CVE-2021-43226",
|
|
59351
60105
|
"CVE-2021-43798",
|
|
60106
|
+
"CVE-2022-1471",
|
|
59352
60107
|
"CVE-2022-20775",
|
|
59353
60108
|
"CVE-2022-37055",
|
|
59354
60109
|
"CVE-2022-40799",
|
|
@@ -59365,6 +60120,7 @@
|
|
|
59365
60120
|
"CVE-2023-41974",
|
|
59366
60121
|
"CVE-2023-43000",
|
|
59367
60122
|
"CVE-2023-43472",
|
|
60123
|
+
"CVE-2023-43654",
|
|
59368
60124
|
"CVE-2023-48022",
|
|
59369
60125
|
"CVE-2023-50224",
|
|
59370
60126
|
"CVE-2023-52163",
|
|
@@ -59908,6 +60664,8 @@
|
|
|
59908
60664
|
},
|
|
59909
60665
|
"related_cves": [
|
|
59910
60666
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
60667
|
+
"CVE-2022-1471",
|
|
60668
|
+
"CVE-2023-43654",
|
|
59911
60669
|
"CVE-2023-48022",
|
|
59912
60670
|
"CVE-2024-0132",
|
|
59913
60671
|
"CVE-2024-3094",
|
|
@@ -60848,7 +61606,9 @@
|
|
|
60848
61606
|
},
|
|
60849
61607
|
"related_cves": [
|
|
60850
61608
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
61609
|
+
"CVE-2022-1471",
|
|
60851
61610
|
"CVE-2023-43472",
|
|
61611
|
+
"CVE-2023-43654",
|
|
60852
61612
|
"CVE-2023-48022",
|
|
60853
61613
|
"CVE-2024-0132",
|
|
60854
61614
|
"CVE-2024-3094",
|
|
@@ -60954,6 +61714,8 @@
|
|
|
60954
61714
|
"rfc_refs": []
|
|
60955
61715
|
},
|
|
60956
61716
|
"related_cves": [
|
|
61717
|
+
"CVE-2022-1471",
|
|
61718
|
+
"CVE-2023-43654",
|
|
60957
61719
|
"CVE-2023-48022",
|
|
60958
61720
|
"CVE-2024-0132",
|
|
60959
61721
|
"CVE-2024-42478",
|
|
@@ -61128,7 +61890,9 @@
|
|
|
61128
61890
|
},
|
|
61129
61891
|
"related_cves": [
|
|
61130
61892
|
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
61893
|
+
"CVE-2022-1471",
|
|
61131
61894
|
"CVE-2023-43472",
|
|
61895
|
+
"CVE-2023-43654",
|
|
61132
61896
|
"CVE-2023-48022",
|
|
61133
61897
|
"CVE-2024-0132",
|
|
61134
61898
|
"CVE-2024-42478",
|
|
@@ -61539,6 +62303,7 @@
|
|
|
61539
62303
|
"CVE-2021-39935",
|
|
61540
62304
|
"CVE-2021-43226",
|
|
61541
62305
|
"CVE-2021-43798",
|
|
62306
|
+
"CVE-2022-1471",
|
|
61542
62307
|
"CVE-2022-20775",
|
|
61543
62308
|
"CVE-2022-37055",
|
|
61544
62309
|
"CVE-2022-40799",
|
|
@@ -61553,6 +62318,7 @@
|
|
|
61553
62318
|
"CVE-2023-39780",
|
|
61554
62319
|
"CVE-2023-41974",
|
|
61555
62320
|
"CVE-2023-43000",
|
|
62321
|
+
"CVE-2023-43654",
|
|
61556
62322
|
"CVE-2023-50224",
|
|
61557
62323
|
"CVE-2023-52163",
|
|
61558
62324
|
"CVE-2024-0769",
|
|
@@ -62000,7 +62766,9 @@
|
|
|
62000
62766
|
},
|
|
62001
62767
|
"related_cves": [
|
|
62002
62768
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
62769
|
+
"CVE-2022-1471",
|
|
62003
62770
|
"CVE-2023-43472",
|
|
62771
|
+
"CVE-2023-43654",
|
|
62004
62772
|
"CVE-2023-48022",
|
|
62005
62773
|
"CVE-2024-0132",
|
|
62006
62774
|
"CVE-2024-3094",
|
|
@@ -62298,7 +63066,9 @@
|
|
|
62298
63066
|
"related_cves": [
|
|
62299
63067
|
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
62300
63068
|
"BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
|
|
63069
|
+
"CVE-2022-1471",
|
|
62301
63070
|
"CVE-2023-43472",
|
|
63071
|
+
"CVE-2023-43654",
|
|
62302
63072
|
"CVE-2023-48022",
|
|
62303
63073
|
"CVE-2024-0132",
|
|
62304
63074
|
"CVE-2024-3094",
|