@blamejs/exceptd-skills 0.13.87 → 0.13.89

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +2310 -0
  6. package/data/atlas-ttps.json +16 -1
  7. package/data/attack-techniques.json +15 -0
  8. package/data/cve-catalog.json +632 -1
  9. package/data/cwe-catalog.json +7 -1
  10. package/data/framework-control-gaps.json +48 -0
  11. package/data/zeroday-lessons.json +300 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -28929,6 +28929,2178 @@
28929
28929
  ]
28930
28930
  }
28931
28931
  },
28932
+ "CVE-2024-11392": {
28933
+ "name": "Hugging Face Transformers MobileViTV2 Deserialization Remote Code Execution",
28934
+ "rwep": 33,
28935
+ "cvss": 8.8,
28936
+ "cisa_kev": false,
28937
+ "epss_score": null,
28938
+ "referencing_skills": [
28939
+ "kernel-lpe-triage",
28940
+ "ai-attack-surface",
28941
+ "compliance-theater",
28942
+ "attack-surface-pentest",
28943
+ "ot-ics-security",
28944
+ "coordinated-vuln-disclosure",
28945
+ "sector-energy"
28946
+ ],
28947
+ "chain": {
28948
+ "cwes": [
28949
+ {
28950
+ "id": "CWE-1037",
28951
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
28952
+ "category": "Hardware / Side Channel"
28953
+ },
28954
+ {
28955
+ "id": "CWE-1039",
28956
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
28957
+ "category": "AI/ML"
28958
+ },
28959
+ {
28960
+ "id": "CWE-125",
28961
+ "name": "Out-of-bounds Read",
28962
+ "category": "Memory Safety"
28963
+ },
28964
+ {
28965
+ "id": "CWE-1357",
28966
+ "name": "Reliance on Insufficiently Trustworthy Component",
28967
+ "category": "Supply Chain"
28968
+ },
28969
+ {
28970
+ "id": "CWE-1395",
28971
+ "name": "Dependency on Vulnerable Third-Party Component",
28972
+ "category": "Supply Chain"
28973
+ },
28974
+ {
28975
+ "id": "CWE-1426",
28976
+ "name": "Improper Validation of Generative AI Output",
28977
+ "category": "AI/ML"
28978
+ },
28979
+ {
28980
+ "id": "CWE-22",
28981
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
28982
+ "category": "Path/Resource"
28983
+ },
28984
+ {
28985
+ "id": "CWE-269",
28986
+ "name": "Improper Privilege Management",
28987
+ "category": "Authorization"
28988
+ },
28989
+ {
28990
+ "id": "CWE-287",
28991
+ "name": "Improper Authentication",
28992
+ "category": "Authentication"
28993
+ },
28994
+ {
28995
+ "id": "CWE-306",
28996
+ "name": "Missing Authentication for Critical Function",
28997
+ "category": "Authentication"
28998
+ },
28999
+ {
29000
+ "id": "CWE-352",
29001
+ "name": "Cross-Site Request Forgery (CSRF)",
29002
+ "category": "Session"
29003
+ },
29004
+ {
29005
+ "id": "CWE-362",
29006
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
29007
+ "category": "Concurrency"
29008
+ },
29009
+ {
29010
+ "id": "CWE-416",
29011
+ "name": "Use After Free",
29012
+ "category": "Memory Safety"
29013
+ },
29014
+ {
29015
+ "id": "CWE-434",
29016
+ "name": "Unrestricted Upload of File with Dangerous Type",
29017
+ "category": "File Handling"
29018
+ },
29019
+ {
29020
+ "id": "CWE-672",
29021
+ "name": "Operation on a Resource after Expiration or Release",
29022
+ "category": "Memory Safety"
29023
+ },
29024
+ {
29025
+ "id": "CWE-732",
29026
+ "name": "Incorrect Permission Assignment for Critical Resource",
29027
+ "category": "Authorization"
29028
+ },
29029
+ {
29030
+ "id": "CWE-78",
29031
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
29032
+ "category": "Injection"
29033
+ },
29034
+ {
29035
+ "id": "CWE-787",
29036
+ "name": "Out-of-bounds Write",
29037
+ "category": "Memory Safety"
29038
+ },
29039
+ {
29040
+ "id": "CWE-79",
29041
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
29042
+ "category": "Injection"
29043
+ },
29044
+ {
29045
+ "id": "CWE-798",
29046
+ "name": "Use of Hard-coded Credentials",
29047
+ "category": "Credentials"
29048
+ },
29049
+ {
29050
+ "id": "CWE-89",
29051
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
29052
+ "category": "Injection"
29053
+ },
29054
+ {
29055
+ "id": "CWE-918",
29056
+ "name": "Server-Side Request Forgery (SSRF)",
29057
+ "category": "Network"
29058
+ },
29059
+ {
29060
+ "id": "CWE-94",
29061
+ "name": "Improper Control of Generation of Code (Code Injection)",
29062
+ "category": "Injection"
29063
+ }
29064
+ ],
29065
+ "atlas": [
29066
+ {
29067
+ "id": "AML.T0010",
29068
+ "name": "ML Supply Chain Compromise",
29069
+ "tactic": "Initial Access"
29070
+ },
29071
+ {
29072
+ "id": "AML.T0016",
29073
+ "name": "Obtain Capabilities: Develop Capabilities",
29074
+ "tactic": "Resource Development"
29075
+ },
29076
+ {
29077
+ "id": "AML.T0017",
29078
+ "name": "Discover ML Model Ontology",
29079
+ "tactic": "Discovery"
29080
+ },
29081
+ {
29082
+ "id": "AML.T0018",
29083
+ "name": "Backdoor ML Model",
29084
+ "tactic": "Persistence"
29085
+ },
29086
+ {
29087
+ "id": "AML.T0020",
29088
+ "name": "Poison Training Data",
29089
+ "tactic": "ML Attack Staging"
29090
+ },
29091
+ {
29092
+ "id": "AML.T0043",
29093
+ "name": "Craft Adversarial Data",
29094
+ "tactic": "ML Attack Staging"
29095
+ },
29096
+ {
29097
+ "id": "AML.T0051",
29098
+ "name": "LLM Prompt Injection",
29099
+ "tactic": "Execution"
29100
+ },
29101
+ {
29102
+ "id": "AML.T0054",
29103
+ "name": "LLM Jailbreak",
29104
+ "tactic": "Defense Evasion"
29105
+ },
29106
+ {
29107
+ "id": "AML.T0096",
29108
+ "name": "AI API as Covert C2 Channel",
29109
+ "tactic": "Command and Control"
29110
+ }
29111
+ ],
29112
+ "d3fend": [
29113
+ {
29114
+ "id": "D3-ASLR",
29115
+ "name": "Address Space Layout Randomization",
29116
+ "tactic": "Harden"
29117
+ },
29118
+ {
29119
+ "id": "D3-CSPP",
29120
+ "name": "Client-server Payload Profiling",
29121
+ "tactic": "Detect"
29122
+ },
29123
+ {
29124
+ "id": "D3-EAL",
29125
+ "name": "Executable Allowlisting",
29126
+ "tactic": "Harden"
29127
+ },
29128
+ {
29129
+ "id": "D3-IOPR",
29130
+ "name": "Input/Output Profiling Resource",
29131
+ "tactic": "Detect"
29132
+ },
29133
+ {
29134
+ "id": "D3-NTA",
29135
+ "name": "Network Traffic Analysis",
29136
+ "tactic": "Detect"
29137
+ },
29138
+ {
29139
+ "id": "D3-PHRA",
29140
+ "name": "Process Hardware Resource Access",
29141
+ "tactic": "Isolate"
29142
+ },
29143
+ {
29144
+ "id": "D3-PSEP",
29145
+ "name": "Process Segment Execution Prevention",
29146
+ "tactic": "Harden"
29147
+ }
29148
+ ],
29149
+ "framework_gaps": [
29150
+ {
29151
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
29152
+ "framework": "ALL",
29153
+ "control_name": "AI Pipeline Integrity"
29154
+ },
29155
+ {
29156
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
29157
+ "framework": "ALL",
29158
+ "control_name": "Prompt Injection as Access Control Failure"
29159
+ },
29160
+ {
29161
+ "id": "CIS-Controls-v8-Control7",
29162
+ "framework": "CIS Controls v8",
29163
+ "control_name": "Continuous Vulnerability Management"
29164
+ },
29165
+ {
29166
+ "id": "CMMC-2.0-Level-2",
29167
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
29168
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
29169
+ },
29170
+ {
29171
+ "id": "FedRAMP-Rev5-Moderate",
29172
+ "framework": "FedRAMP Rev 5 Moderate",
29173
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
29174
+ },
29175
+ {
29176
+ "id": "IEC-62443-3-3",
29177
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
29178
+ "control_name": "System security requirements and security levels"
29179
+ },
29180
+ {
29181
+ "id": "ISO-27001-2022-A.8.28",
29182
+ "framework": "ISO/IEC 27001:2022",
29183
+ "control_name": "Secure coding"
29184
+ },
29185
+ {
29186
+ "id": "ISO-27001-2022-A.8.8",
29187
+ "framework": "ISO/IEC 27001:2022",
29188
+ "control_name": "Management of technical vulnerabilities"
29189
+ },
29190
+ {
29191
+ "id": "ISO-IEC-23894-2023-clause-7",
29192
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
29193
+ "control_name": "AI risk management process"
29194
+ },
29195
+ {
29196
+ "id": "NERC-CIP-007-6-R4",
29197
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
29198
+ "control_name": "Security event monitoring"
29199
+ },
29200
+ {
29201
+ "id": "NIS2-Art21-patch-management",
29202
+ "framework": "EU NIS2 Directive",
29203
+ "control_name": "Vulnerability handling and disclosure"
29204
+ },
29205
+ {
29206
+ "id": "NIST-800-115",
29207
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
29208
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
29209
+ },
29210
+ {
29211
+ "id": "NIST-800-218-SSDF",
29212
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
29213
+ "control_name": "Secure Software Development Framework"
29214
+ },
29215
+ {
29216
+ "id": "NIST-800-53-AC-2",
29217
+ "framework": "NIST SP 800-53 Rev 5",
29218
+ "control_name": "Account Management"
29219
+ },
29220
+ {
29221
+ "id": "NIST-800-53-SC-8",
29222
+ "framework": "NIST SP 800-53 Rev 5",
29223
+ "control_name": "Transmission Confidentiality and Integrity"
29224
+ },
29225
+ {
29226
+ "id": "NIST-800-53-SI-2",
29227
+ "framework": "NIST SP 800-53 Rev 5",
29228
+ "control_name": "Flaw Remediation"
29229
+ },
29230
+ {
29231
+ "id": "NIST-800-53-SI-3",
29232
+ "framework": "NIST SP 800-53 Rev 5",
29233
+ "control_name": "Malicious Code Protection"
29234
+ },
29235
+ {
29236
+ "id": "NIST-800-82r3",
29237
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
29238
+ "control_name": "Guide to Operational Technology (OT) Security"
29239
+ },
29240
+ {
29241
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
29242
+ "framework": "OWASP Top 10 for LLM Applications 2025",
29243
+ "control_name": "Prompt Injection"
29244
+ },
29245
+ {
29246
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
29247
+ "framework": "OWASP Top 10 for LLM Applications 2025",
29248
+ "control_name": "Sensitive Information Disclosure"
29249
+ },
29250
+ {
29251
+ "id": "OWASP-Pen-Testing-Guide-v5",
29252
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
29253
+ "control_name": "Web application penetration testing methodology"
29254
+ },
29255
+ {
29256
+ "id": "PCI-DSS-4.0-6.3.3",
29257
+ "framework": "PCI DSS 4.0",
29258
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
29259
+ },
29260
+ {
29261
+ "id": "PTES-Pre-engagement",
29262
+ "framework": "Penetration Testing Execution Standard (PTES)",
29263
+ "control_name": "Pre-engagement Interactions"
29264
+ },
29265
+ {
29266
+ "id": "SOC2-CC6-logical-access",
29267
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
29268
+ "control_name": "Logical and Physical Access Controls"
29269
+ },
29270
+ {
29271
+ "id": "SOC2-CC9-vendor-management",
29272
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
29273
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
29274
+ }
29275
+ ],
29276
+ "attack_refs": [
29277
+ "T0855",
29278
+ "T0883",
29279
+ "T1059",
29280
+ "T1068",
29281
+ "T1078",
29282
+ "T1133",
29283
+ "T1190",
29284
+ "T1548.001",
29285
+ "T1566"
29286
+ ],
29287
+ "rfc_refs": [
29288
+ "RFC-4301",
29289
+ "RFC-4303",
29290
+ "RFC-7296"
29291
+ ]
29292
+ }
29293
+ },
29294
+ "CVE-2024-11393": {
29295
+ "name": "Hugging Face Transformers MaskFormer Deserialization Remote Code Execution",
29296
+ "rwep": 33,
29297
+ "cvss": 8.8,
29298
+ "cisa_kev": false,
29299
+ "epss_score": null,
29300
+ "referencing_skills": [
29301
+ "kernel-lpe-triage",
29302
+ "ai-attack-surface",
29303
+ "compliance-theater",
29304
+ "attack-surface-pentest",
29305
+ "ot-ics-security",
29306
+ "coordinated-vuln-disclosure",
29307
+ "sector-energy"
29308
+ ],
29309
+ "chain": {
29310
+ "cwes": [
29311
+ {
29312
+ "id": "CWE-1037",
29313
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
29314
+ "category": "Hardware / Side Channel"
29315
+ },
29316
+ {
29317
+ "id": "CWE-1039",
29318
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
29319
+ "category": "AI/ML"
29320
+ },
29321
+ {
29322
+ "id": "CWE-125",
29323
+ "name": "Out-of-bounds Read",
29324
+ "category": "Memory Safety"
29325
+ },
29326
+ {
29327
+ "id": "CWE-1357",
29328
+ "name": "Reliance on Insufficiently Trustworthy Component",
29329
+ "category": "Supply Chain"
29330
+ },
29331
+ {
29332
+ "id": "CWE-1395",
29333
+ "name": "Dependency on Vulnerable Third-Party Component",
29334
+ "category": "Supply Chain"
29335
+ },
29336
+ {
29337
+ "id": "CWE-1426",
29338
+ "name": "Improper Validation of Generative AI Output",
29339
+ "category": "AI/ML"
29340
+ },
29341
+ {
29342
+ "id": "CWE-22",
29343
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
29344
+ "category": "Path/Resource"
29345
+ },
29346
+ {
29347
+ "id": "CWE-269",
29348
+ "name": "Improper Privilege Management",
29349
+ "category": "Authorization"
29350
+ },
29351
+ {
29352
+ "id": "CWE-287",
29353
+ "name": "Improper Authentication",
29354
+ "category": "Authentication"
29355
+ },
29356
+ {
29357
+ "id": "CWE-306",
29358
+ "name": "Missing Authentication for Critical Function",
29359
+ "category": "Authentication"
29360
+ },
29361
+ {
29362
+ "id": "CWE-352",
29363
+ "name": "Cross-Site Request Forgery (CSRF)",
29364
+ "category": "Session"
29365
+ },
29366
+ {
29367
+ "id": "CWE-362",
29368
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
29369
+ "category": "Concurrency"
29370
+ },
29371
+ {
29372
+ "id": "CWE-416",
29373
+ "name": "Use After Free",
29374
+ "category": "Memory Safety"
29375
+ },
29376
+ {
29377
+ "id": "CWE-434",
29378
+ "name": "Unrestricted Upload of File with Dangerous Type",
29379
+ "category": "File Handling"
29380
+ },
29381
+ {
29382
+ "id": "CWE-672",
29383
+ "name": "Operation on a Resource after Expiration or Release",
29384
+ "category": "Memory Safety"
29385
+ },
29386
+ {
29387
+ "id": "CWE-732",
29388
+ "name": "Incorrect Permission Assignment for Critical Resource",
29389
+ "category": "Authorization"
29390
+ },
29391
+ {
29392
+ "id": "CWE-78",
29393
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
29394
+ "category": "Injection"
29395
+ },
29396
+ {
29397
+ "id": "CWE-787",
29398
+ "name": "Out-of-bounds Write",
29399
+ "category": "Memory Safety"
29400
+ },
29401
+ {
29402
+ "id": "CWE-79",
29403
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
29404
+ "category": "Injection"
29405
+ },
29406
+ {
29407
+ "id": "CWE-798",
29408
+ "name": "Use of Hard-coded Credentials",
29409
+ "category": "Credentials"
29410
+ },
29411
+ {
29412
+ "id": "CWE-89",
29413
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
29414
+ "category": "Injection"
29415
+ },
29416
+ {
29417
+ "id": "CWE-918",
29418
+ "name": "Server-Side Request Forgery (SSRF)",
29419
+ "category": "Network"
29420
+ },
29421
+ {
29422
+ "id": "CWE-94",
29423
+ "name": "Improper Control of Generation of Code (Code Injection)",
29424
+ "category": "Injection"
29425
+ }
29426
+ ],
29427
+ "atlas": [
29428
+ {
29429
+ "id": "AML.T0010",
29430
+ "name": "ML Supply Chain Compromise",
29431
+ "tactic": "Initial Access"
29432
+ },
29433
+ {
29434
+ "id": "AML.T0016",
29435
+ "name": "Obtain Capabilities: Develop Capabilities",
29436
+ "tactic": "Resource Development"
29437
+ },
29438
+ {
29439
+ "id": "AML.T0017",
29440
+ "name": "Discover ML Model Ontology",
29441
+ "tactic": "Discovery"
29442
+ },
29443
+ {
29444
+ "id": "AML.T0018",
29445
+ "name": "Backdoor ML Model",
29446
+ "tactic": "Persistence"
29447
+ },
29448
+ {
29449
+ "id": "AML.T0020",
29450
+ "name": "Poison Training Data",
29451
+ "tactic": "ML Attack Staging"
29452
+ },
29453
+ {
29454
+ "id": "AML.T0043",
29455
+ "name": "Craft Adversarial Data",
29456
+ "tactic": "ML Attack Staging"
29457
+ },
29458
+ {
29459
+ "id": "AML.T0051",
29460
+ "name": "LLM Prompt Injection",
29461
+ "tactic": "Execution"
29462
+ },
29463
+ {
29464
+ "id": "AML.T0054",
29465
+ "name": "LLM Jailbreak",
29466
+ "tactic": "Defense Evasion"
29467
+ },
29468
+ {
29469
+ "id": "AML.T0096",
29470
+ "name": "AI API as Covert C2 Channel",
29471
+ "tactic": "Command and Control"
29472
+ }
29473
+ ],
29474
+ "d3fend": [
29475
+ {
29476
+ "id": "D3-ASLR",
29477
+ "name": "Address Space Layout Randomization",
29478
+ "tactic": "Harden"
29479
+ },
29480
+ {
29481
+ "id": "D3-CSPP",
29482
+ "name": "Client-server Payload Profiling",
29483
+ "tactic": "Detect"
29484
+ },
29485
+ {
29486
+ "id": "D3-EAL",
29487
+ "name": "Executable Allowlisting",
29488
+ "tactic": "Harden"
29489
+ },
29490
+ {
29491
+ "id": "D3-IOPR",
29492
+ "name": "Input/Output Profiling Resource",
29493
+ "tactic": "Detect"
29494
+ },
29495
+ {
29496
+ "id": "D3-NTA",
29497
+ "name": "Network Traffic Analysis",
29498
+ "tactic": "Detect"
29499
+ },
29500
+ {
29501
+ "id": "D3-PHRA",
29502
+ "name": "Process Hardware Resource Access",
29503
+ "tactic": "Isolate"
29504
+ },
29505
+ {
29506
+ "id": "D3-PSEP",
29507
+ "name": "Process Segment Execution Prevention",
29508
+ "tactic": "Harden"
29509
+ }
29510
+ ],
29511
+ "framework_gaps": [
29512
+ {
29513
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
29514
+ "framework": "ALL",
29515
+ "control_name": "AI Pipeline Integrity"
29516
+ },
29517
+ {
29518
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
29519
+ "framework": "ALL",
29520
+ "control_name": "Prompt Injection as Access Control Failure"
29521
+ },
29522
+ {
29523
+ "id": "CIS-Controls-v8-Control7",
29524
+ "framework": "CIS Controls v8",
29525
+ "control_name": "Continuous Vulnerability Management"
29526
+ },
29527
+ {
29528
+ "id": "CMMC-2.0-Level-2",
29529
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
29530
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
29531
+ },
29532
+ {
29533
+ "id": "FedRAMP-Rev5-Moderate",
29534
+ "framework": "FedRAMP Rev 5 Moderate",
29535
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
29536
+ },
29537
+ {
29538
+ "id": "IEC-62443-3-3",
29539
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
29540
+ "control_name": "System security requirements and security levels"
29541
+ },
29542
+ {
29543
+ "id": "ISO-27001-2022-A.8.28",
29544
+ "framework": "ISO/IEC 27001:2022",
29545
+ "control_name": "Secure coding"
29546
+ },
29547
+ {
29548
+ "id": "ISO-27001-2022-A.8.8",
29549
+ "framework": "ISO/IEC 27001:2022",
29550
+ "control_name": "Management of technical vulnerabilities"
29551
+ },
29552
+ {
29553
+ "id": "ISO-IEC-23894-2023-clause-7",
29554
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
29555
+ "control_name": "AI risk management process"
29556
+ },
29557
+ {
29558
+ "id": "NERC-CIP-007-6-R4",
29559
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
29560
+ "control_name": "Security event monitoring"
29561
+ },
29562
+ {
29563
+ "id": "NIS2-Art21-patch-management",
29564
+ "framework": "EU NIS2 Directive",
29565
+ "control_name": "Vulnerability handling and disclosure"
29566
+ },
29567
+ {
29568
+ "id": "NIST-800-115",
29569
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
29570
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
29571
+ },
29572
+ {
29573
+ "id": "NIST-800-218-SSDF",
29574
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
29575
+ "control_name": "Secure Software Development Framework"
29576
+ },
29577
+ {
29578
+ "id": "NIST-800-53-AC-2",
29579
+ "framework": "NIST SP 800-53 Rev 5",
29580
+ "control_name": "Account Management"
29581
+ },
29582
+ {
29583
+ "id": "NIST-800-53-SC-8",
29584
+ "framework": "NIST SP 800-53 Rev 5",
29585
+ "control_name": "Transmission Confidentiality and Integrity"
29586
+ },
29587
+ {
29588
+ "id": "NIST-800-53-SI-2",
29589
+ "framework": "NIST SP 800-53 Rev 5",
29590
+ "control_name": "Flaw Remediation"
29591
+ },
29592
+ {
29593
+ "id": "NIST-800-53-SI-3",
29594
+ "framework": "NIST SP 800-53 Rev 5",
29595
+ "control_name": "Malicious Code Protection"
29596
+ },
29597
+ {
29598
+ "id": "NIST-800-82r3",
29599
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
29600
+ "control_name": "Guide to Operational Technology (OT) Security"
29601
+ },
29602
+ {
29603
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
29604
+ "framework": "OWASP Top 10 for LLM Applications 2025",
29605
+ "control_name": "Prompt Injection"
29606
+ },
29607
+ {
29608
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
29609
+ "framework": "OWASP Top 10 for LLM Applications 2025",
29610
+ "control_name": "Sensitive Information Disclosure"
29611
+ },
29612
+ {
29613
+ "id": "OWASP-Pen-Testing-Guide-v5",
29614
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
29615
+ "control_name": "Web application penetration testing methodology"
29616
+ },
29617
+ {
29618
+ "id": "PCI-DSS-4.0-6.3.3",
29619
+ "framework": "PCI DSS 4.0",
29620
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
29621
+ },
29622
+ {
29623
+ "id": "PTES-Pre-engagement",
29624
+ "framework": "Penetration Testing Execution Standard (PTES)",
29625
+ "control_name": "Pre-engagement Interactions"
29626
+ },
29627
+ {
29628
+ "id": "SOC2-CC6-logical-access",
29629
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
29630
+ "control_name": "Logical and Physical Access Controls"
29631
+ },
29632
+ {
29633
+ "id": "SOC2-CC9-vendor-management",
29634
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
29635
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
29636
+ }
29637
+ ],
29638
+ "attack_refs": [
29639
+ "T0855",
29640
+ "T0883",
29641
+ "T1059",
29642
+ "T1068",
29643
+ "T1078",
29644
+ "T1133",
29645
+ "T1190",
29646
+ "T1548.001",
29647
+ "T1566"
29648
+ ],
29649
+ "rfc_refs": [
29650
+ "RFC-4301",
29651
+ "RFC-4303",
29652
+ "RFC-7296"
29653
+ ]
29654
+ }
29655
+ },
29656
+ "CVE-2024-11394": {
29657
+ "name": "Hugging Face Transformers Trax Deserialization Remote Code Execution",
29658
+ "rwep": 33,
29659
+ "cvss": 8.8,
29660
+ "cisa_kev": false,
29661
+ "epss_score": null,
29662
+ "referencing_skills": [
29663
+ "kernel-lpe-triage",
29664
+ "ai-attack-surface",
29665
+ "compliance-theater",
29666
+ "attack-surface-pentest",
29667
+ "ot-ics-security",
29668
+ "coordinated-vuln-disclosure",
29669
+ "sector-energy"
29670
+ ],
29671
+ "chain": {
29672
+ "cwes": [
29673
+ {
29674
+ "id": "CWE-1037",
29675
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
29676
+ "category": "Hardware / Side Channel"
29677
+ },
29678
+ {
29679
+ "id": "CWE-1039",
29680
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
29681
+ "category": "AI/ML"
29682
+ },
29683
+ {
29684
+ "id": "CWE-125",
29685
+ "name": "Out-of-bounds Read",
29686
+ "category": "Memory Safety"
29687
+ },
29688
+ {
29689
+ "id": "CWE-1357",
29690
+ "name": "Reliance on Insufficiently Trustworthy Component",
29691
+ "category": "Supply Chain"
29692
+ },
29693
+ {
29694
+ "id": "CWE-1395",
29695
+ "name": "Dependency on Vulnerable Third-Party Component",
29696
+ "category": "Supply Chain"
29697
+ },
29698
+ {
29699
+ "id": "CWE-1426",
29700
+ "name": "Improper Validation of Generative AI Output",
29701
+ "category": "AI/ML"
29702
+ },
29703
+ {
29704
+ "id": "CWE-22",
29705
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
29706
+ "category": "Path/Resource"
29707
+ },
29708
+ {
29709
+ "id": "CWE-269",
29710
+ "name": "Improper Privilege Management",
29711
+ "category": "Authorization"
29712
+ },
29713
+ {
29714
+ "id": "CWE-287",
29715
+ "name": "Improper Authentication",
29716
+ "category": "Authentication"
29717
+ },
29718
+ {
29719
+ "id": "CWE-306",
29720
+ "name": "Missing Authentication for Critical Function",
29721
+ "category": "Authentication"
29722
+ },
29723
+ {
29724
+ "id": "CWE-352",
29725
+ "name": "Cross-Site Request Forgery (CSRF)",
29726
+ "category": "Session"
29727
+ },
29728
+ {
29729
+ "id": "CWE-362",
29730
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
29731
+ "category": "Concurrency"
29732
+ },
29733
+ {
29734
+ "id": "CWE-416",
29735
+ "name": "Use After Free",
29736
+ "category": "Memory Safety"
29737
+ },
29738
+ {
29739
+ "id": "CWE-434",
29740
+ "name": "Unrestricted Upload of File with Dangerous Type",
29741
+ "category": "File Handling"
29742
+ },
29743
+ {
29744
+ "id": "CWE-672",
29745
+ "name": "Operation on a Resource after Expiration or Release",
29746
+ "category": "Memory Safety"
29747
+ },
29748
+ {
29749
+ "id": "CWE-732",
29750
+ "name": "Incorrect Permission Assignment for Critical Resource",
29751
+ "category": "Authorization"
29752
+ },
29753
+ {
29754
+ "id": "CWE-78",
29755
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
29756
+ "category": "Injection"
29757
+ },
29758
+ {
29759
+ "id": "CWE-787",
29760
+ "name": "Out-of-bounds Write",
29761
+ "category": "Memory Safety"
29762
+ },
29763
+ {
29764
+ "id": "CWE-79",
29765
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
29766
+ "category": "Injection"
29767
+ },
29768
+ {
29769
+ "id": "CWE-798",
29770
+ "name": "Use of Hard-coded Credentials",
29771
+ "category": "Credentials"
29772
+ },
29773
+ {
29774
+ "id": "CWE-89",
29775
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
29776
+ "category": "Injection"
29777
+ },
29778
+ {
29779
+ "id": "CWE-918",
29780
+ "name": "Server-Side Request Forgery (SSRF)",
29781
+ "category": "Network"
29782
+ },
29783
+ {
29784
+ "id": "CWE-94",
29785
+ "name": "Improper Control of Generation of Code (Code Injection)",
29786
+ "category": "Injection"
29787
+ }
29788
+ ],
29789
+ "atlas": [
29790
+ {
29791
+ "id": "AML.T0010",
29792
+ "name": "ML Supply Chain Compromise",
29793
+ "tactic": "Initial Access"
29794
+ },
29795
+ {
29796
+ "id": "AML.T0016",
29797
+ "name": "Obtain Capabilities: Develop Capabilities",
29798
+ "tactic": "Resource Development"
29799
+ },
29800
+ {
29801
+ "id": "AML.T0017",
29802
+ "name": "Discover ML Model Ontology",
29803
+ "tactic": "Discovery"
29804
+ },
29805
+ {
29806
+ "id": "AML.T0018",
29807
+ "name": "Backdoor ML Model",
29808
+ "tactic": "Persistence"
29809
+ },
29810
+ {
29811
+ "id": "AML.T0020",
29812
+ "name": "Poison Training Data",
29813
+ "tactic": "ML Attack Staging"
29814
+ },
29815
+ {
29816
+ "id": "AML.T0043",
29817
+ "name": "Craft Adversarial Data",
29818
+ "tactic": "ML Attack Staging"
29819
+ },
29820
+ {
29821
+ "id": "AML.T0051",
29822
+ "name": "LLM Prompt Injection",
29823
+ "tactic": "Execution"
29824
+ },
29825
+ {
29826
+ "id": "AML.T0054",
29827
+ "name": "LLM Jailbreak",
29828
+ "tactic": "Defense Evasion"
29829
+ },
29830
+ {
29831
+ "id": "AML.T0096",
29832
+ "name": "AI API as Covert C2 Channel",
29833
+ "tactic": "Command and Control"
29834
+ }
29835
+ ],
29836
+ "d3fend": [
29837
+ {
29838
+ "id": "D3-ASLR",
29839
+ "name": "Address Space Layout Randomization",
29840
+ "tactic": "Harden"
29841
+ },
29842
+ {
29843
+ "id": "D3-CSPP",
29844
+ "name": "Client-server Payload Profiling",
29845
+ "tactic": "Detect"
29846
+ },
29847
+ {
29848
+ "id": "D3-EAL",
29849
+ "name": "Executable Allowlisting",
29850
+ "tactic": "Harden"
29851
+ },
29852
+ {
29853
+ "id": "D3-IOPR",
29854
+ "name": "Input/Output Profiling Resource",
29855
+ "tactic": "Detect"
29856
+ },
29857
+ {
29858
+ "id": "D3-NTA",
29859
+ "name": "Network Traffic Analysis",
29860
+ "tactic": "Detect"
29861
+ },
29862
+ {
29863
+ "id": "D3-PHRA",
29864
+ "name": "Process Hardware Resource Access",
29865
+ "tactic": "Isolate"
29866
+ },
29867
+ {
29868
+ "id": "D3-PSEP",
29869
+ "name": "Process Segment Execution Prevention",
29870
+ "tactic": "Harden"
29871
+ }
29872
+ ],
29873
+ "framework_gaps": [
29874
+ {
29875
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
29876
+ "framework": "ALL",
29877
+ "control_name": "AI Pipeline Integrity"
29878
+ },
29879
+ {
29880
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
29881
+ "framework": "ALL",
29882
+ "control_name": "Prompt Injection as Access Control Failure"
29883
+ },
29884
+ {
29885
+ "id": "CIS-Controls-v8-Control7",
29886
+ "framework": "CIS Controls v8",
29887
+ "control_name": "Continuous Vulnerability Management"
29888
+ },
29889
+ {
29890
+ "id": "CMMC-2.0-Level-2",
29891
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
29892
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
29893
+ },
29894
+ {
29895
+ "id": "FedRAMP-Rev5-Moderate",
29896
+ "framework": "FedRAMP Rev 5 Moderate",
29897
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
29898
+ },
29899
+ {
29900
+ "id": "IEC-62443-3-3",
29901
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
29902
+ "control_name": "System security requirements and security levels"
29903
+ },
29904
+ {
29905
+ "id": "ISO-27001-2022-A.8.28",
29906
+ "framework": "ISO/IEC 27001:2022",
29907
+ "control_name": "Secure coding"
29908
+ },
29909
+ {
29910
+ "id": "ISO-27001-2022-A.8.8",
29911
+ "framework": "ISO/IEC 27001:2022",
29912
+ "control_name": "Management of technical vulnerabilities"
29913
+ },
29914
+ {
29915
+ "id": "ISO-IEC-23894-2023-clause-7",
29916
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
29917
+ "control_name": "AI risk management process"
29918
+ },
29919
+ {
29920
+ "id": "NERC-CIP-007-6-R4",
29921
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
29922
+ "control_name": "Security event monitoring"
29923
+ },
29924
+ {
29925
+ "id": "NIS2-Art21-patch-management",
29926
+ "framework": "EU NIS2 Directive",
29927
+ "control_name": "Vulnerability handling and disclosure"
29928
+ },
29929
+ {
29930
+ "id": "NIST-800-115",
29931
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
29932
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
29933
+ },
29934
+ {
29935
+ "id": "NIST-800-218-SSDF",
29936
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
29937
+ "control_name": "Secure Software Development Framework"
29938
+ },
29939
+ {
29940
+ "id": "NIST-800-53-AC-2",
29941
+ "framework": "NIST SP 800-53 Rev 5",
29942
+ "control_name": "Account Management"
29943
+ },
29944
+ {
29945
+ "id": "NIST-800-53-SC-8",
29946
+ "framework": "NIST SP 800-53 Rev 5",
29947
+ "control_name": "Transmission Confidentiality and Integrity"
29948
+ },
29949
+ {
29950
+ "id": "NIST-800-53-SI-2",
29951
+ "framework": "NIST SP 800-53 Rev 5",
29952
+ "control_name": "Flaw Remediation"
29953
+ },
29954
+ {
29955
+ "id": "NIST-800-53-SI-3",
29956
+ "framework": "NIST SP 800-53 Rev 5",
29957
+ "control_name": "Malicious Code Protection"
29958
+ },
29959
+ {
29960
+ "id": "NIST-800-82r3",
29961
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
29962
+ "control_name": "Guide to Operational Technology (OT) Security"
29963
+ },
29964
+ {
29965
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
29966
+ "framework": "OWASP Top 10 for LLM Applications 2025",
29967
+ "control_name": "Prompt Injection"
29968
+ },
29969
+ {
29970
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
29971
+ "framework": "OWASP Top 10 for LLM Applications 2025",
29972
+ "control_name": "Sensitive Information Disclosure"
29973
+ },
29974
+ {
29975
+ "id": "OWASP-Pen-Testing-Guide-v5",
29976
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
29977
+ "control_name": "Web application penetration testing methodology"
29978
+ },
29979
+ {
29980
+ "id": "PCI-DSS-4.0-6.3.3",
29981
+ "framework": "PCI DSS 4.0",
29982
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
29983
+ },
29984
+ {
29985
+ "id": "PTES-Pre-engagement",
29986
+ "framework": "Penetration Testing Execution Standard (PTES)",
29987
+ "control_name": "Pre-engagement Interactions"
29988
+ },
29989
+ {
29990
+ "id": "SOC2-CC6-logical-access",
29991
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
29992
+ "control_name": "Logical and Physical Access Controls"
29993
+ },
29994
+ {
29995
+ "id": "SOC2-CC9-vendor-management",
29996
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
29997
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
29998
+ }
29999
+ ],
30000
+ "attack_refs": [
30001
+ "T0855",
30002
+ "T0883",
30003
+ "T1059",
30004
+ "T1068",
30005
+ "T1078",
30006
+ "T1133",
30007
+ "T1190",
30008
+ "T1548.001",
30009
+ "T1566"
30010
+ ],
30011
+ "rfc_refs": [
30012
+ "RFC-4301",
30013
+ "RFC-4303",
30014
+ "RFC-7296"
30015
+ ]
30016
+ }
30017
+ },
30018
+ "CVE-2026-24213": {
30019
+ "name": "NVIDIA Triton DALI Backend Out-of-Bounds Read",
30020
+ "rwep": 11,
30021
+ "cvss": 9.8,
30022
+ "cisa_kev": false,
30023
+ "epss_score": null,
30024
+ "referencing_skills": [
30025
+ "kernel-lpe-triage",
30026
+ "ai-attack-surface",
30027
+ "compliance-theater",
30028
+ "attack-surface-pentest",
30029
+ "ot-ics-security",
30030
+ "coordinated-vuln-disclosure",
30031
+ "sector-energy"
30032
+ ],
30033
+ "chain": {
30034
+ "cwes": [
30035
+ {
30036
+ "id": "CWE-1037",
30037
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
30038
+ "category": "Hardware / Side Channel"
30039
+ },
30040
+ {
30041
+ "id": "CWE-1039",
30042
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
30043
+ "category": "AI/ML"
30044
+ },
30045
+ {
30046
+ "id": "CWE-125",
30047
+ "name": "Out-of-bounds Read",
30048
+ "category": "Memory Safety"
30049
+ },
30050
+ {
30051
+ "id": "CWE-1357",
30052
+ "name": "Reliance on Insufficiently Trustworthy Component",
30053
+ "category": "Supply Chain"
30054
+ },
30055
+ {
30056
+ "id": "CWE-1395",
30057
+ "name": "Dependency on Vulnerable Third-Party Component",
30058
+ "category": "Supply Chain"
30059
+ },
30060
+ {
30061
+ "id": "CWE-1426",
30062
+ "name": "Improper Validation of Generative AI Output",
30063
+ "category": "AI/ML"
30064
+ },
30065
+ {
30066
+ "id": "CWE-22",
30067
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
30068
+ "category": "Path/Resource"
30069
+ },
30070
+ {
30071
+ "id": "CWE-269",
30072
+ "name": "Improper Privilege Management",
30073
+ "category": "Authorization"
30074
+ },
30075
+ {
30076
+ "id": "CWE-287",
30077
+ "name": "Improper Authentication",
30078
+ "category": "Authentication"
30079
+ },
30080
+ {
30081
+ "id": "CWE-306",
30082
+ "name": "Missing Authentication for Critical Function",
30083
+ "category": "Authentication"
30084
+ },
30085
+ {
30086
+ "id": "CWE-352",
30087
+ "name": "Cross-Site Request Forgery (CSRF)",
30088
+ "category": "Session"
30089
+ },
30090
+ {
30091
+ "id": "CWE-362",
30092
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
30093
+ "category": "Concurrency"
30094
+ },
30095
+ {
30096
+ "id": "CWE-416",
30097
+ "name": "Use After Free",
30098
+ "category": "Memory Safety"
30099
+ },
30100
+ {
30101
+ "id": "CWE-434",
30102
+ "name": "Unrestricted Upload of File with Dangerous Type",
30103
+ "category": "File Handling"
30104
+ },
30105
+ {
30106
+ "id": "CWE-672",
30107
+ "name": "Operation on a Resource after Expiration or Release",
30108
+ "category": "Memory Safety"
30109
+ },
30110
+ {
30111
+ "id": "CWE-732",
30112
+ "name": "Incorrect Permission Assignment for Critical Resource",
30113
+ "category": "Authorization"
30114
+ },
30115
+ {
30116
+ "id": "CWE-78",
30117
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
30118
+ "category": "Injection"
30119
+ },
30120
+ {
30121
+ "id": "CWE-787",
30122
+ "name": "Out-of-bounds Write",
30123
+ "category": "Memory Safety"
30124
+ },
30125
+ {
30126
+ "id": "CWE-79",
30127
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
30128
+ "category": "Injection"
30129
+ },
30130
+ {
30131
+ "id": "CWE-798",
30132
+ "name": "Use of Hard-coded Credentials",
30133
+ "category": "Credentials"
30134
+ },
30135
+ {
30136
+ "id": "CWE-89",
30137
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
30138
+ "category": "Injection"
30139
+ },
30140
+ {
30141
+ "id": "CWE-918",
30142
+ "name": "Server-Side Request Forgery (SSRF)",
30143
+ "category": "Network"
30144
+ },
30145
+ {
30146
+ "id": "CWE-94",
30147
+ "name": "Improper Control of Generation of Code (Code Injection)",
30148
+ "category": "Injection"
30149
+ }
30150
+ ],
30151
+ "atlas": [
30152
+ {
30153
+ "id": "AML.T0010",
30154
+ "name": "ML Supply Chain Compromise",
30155
+ "tactic": "Initial Access"
30156
+ },
30157
+ {
30158
+ "id": "AML.T0016",
30159
+ "name": "Obtain Capabilities: Develop Capabilities",
30160
+ "tactic": "Resource Development"
30161
+ },
30162
+ {
30163
+ "id": "AML.T0017",
30164
+ "name": "Discover ML Model Ontology",
30165
+ "tactic": "Discovery"
30166
+ },
30167
+ {
30168
+ "id": "AML.T0018",
30169
+ "name": "Backdoor ML Model",
30170
+ "tactic": "Persistence"
30171
+ },
30172
+ {
30173
+ "id": "AML.T0020",
30174
+ "name": "Poison Training Data",
30175
+ "tactic": "ML Attack Staging"
30176
+ },
30177
+ {
30178
+ "id": "AML.T0043",
30179
+ "name": "Craft Adversarial Data",
30180
+ "tactic": "ML Attack Staging"
30181
+ },
30182
+ {
30183
+ "id": "AML.T0051",
30184
+ "name": "LLM Prompt Injection",
30185
+ "tactic": "Execution"
30186
+ },
30187
+ {
30188
+ "id": "AML.T0054",
30189
+ "name": "LLM Jailbreak",
30190
+ "tactic": "Defense Evasion"
30191
+ },
30192
+ {
30193
+ "id": "AML.T0096",
30194
+ "name": "AI API as Covert C2 Channel",
30195
+ "tactic": "Command and Control"
30196
+ }
30197
+ ],
30198
+ "d3fend": [
30199
+ {
30200
+ "id": "D3-ASLR",
30201
+ "name": "Address Space Layout Randomization",
30202
+ "tactic": "Harden"
30203
+ },
30204
+ {
30205
+ "id": "D3-CSPP",
30206
+ "name": "Client-server Payload Profiling",
30207
+ "tactic": "Detect"
30208
+ },
30209
+ {
30210
+ "id": "D3-EAL",
30211
+ "name": "Executable Allowlisting",
30212
+ "tactic": "Harden"
30213
+ },
30214
+ {
30215
+ "id": "D3-IOPR",
30216
+ "name": "Input/Output Profiling Resource",
30217
+ "tactic": "Detect"
30218
+ },
30219
+ {
30220
+ "id": "D3-NTA",
30221
+ "name": "Network Traffic Analysis",
30222
+ "tactic": "Detect"
30223
+ },
30224
+ {
30225
+ "id": "D3-PHRA",
30226
+ "name": "Process Hardware Resource Access",
30227
+ "tactic": "Isolate"
30228
+ },
30229
+ {
30230
+ "id": "D3-PSEP",
30231
+ "name": "Process Segment Execution Prevention",
30232
+ "tactic": "Harden"
30233
+ }
30234
+ ],
30235
+ "framework_gaps": [
30236
+ {
30237
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
30238
+ "framework": "ALL",
30239
+ "control_name": "AI Pipeline Integrity"
30240
+ },
30241
+ {
30242
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
30243
+ "framework": "ALL",
30244
+ "control_name": "Prompt Injection as Access Control Failure"
30245
+ },
30246
+ {
30247
+ "id": "CIS-Controls-v8-Control7",
30248
+ "framework": "CIS Controls v8",
30249
+ "control_name": "Continuous Vulnerability Management"
30250
+ },
30251
+ {
30252
+ "id": "CMMC-2.0-Level-2",
30253
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
30254
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
30255
+ },
30256
+ {
30257
+ "id": "FedRAMP-Rev5-Moderate",
30258
+ "framework": "FedRAMP Rev 5 Moderate",
30259
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
30260
+ },
30261
+ {
30262
+ "id": "IEC-62443-3-3",
30263
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
30264
+ "control_name": "System security requirements and security levels"
30265
+ },
30266
+ {
30267
+ "id": "ISO-27001-2022-A.8.28",
30268
+ "framework": "ISO/IEC 27001:2022",
30269
+ "control_name": "Secure coding"
30270
+ },
30271
+ {
30272
+ "id": "ISO-27001-2022-A.8.8",
30273
+ "framework": "ISO/IEC 27001:2022",
30274
+ "control_name": "Management of technical vulnerabilities"
30275
+ },
30276
+ {
30277
+ "id": "ISO-IEC-23894-2023-clause-7",
30278
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
30279
+ "control_name": "AI risk management process"
30280
+ },
30281
+ {
30282
+ "id": "NERC-CIP-007-6-R4",
30283
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
30284
+ "control_name": "Security event monitoring"
30285
+ },
30286
+ {
30287
+ "id": "NIS2-Art21-patch-management",
30288
+ "framework": "EU NIS2 Directive",
30289
+ "control_name": "Vulnerability handling and disclosure"
30290
+ },
30291
+ {
30292
+ "id": "NIST-800-115",
30293
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
30294
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
30295
+ },
30296
+ {
30297
+ "id": "NIST-800-218-SSDF",
30298
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
30299
+ "control_name": "Secure Software Development Framework"
30300
+ },
30301
+ {
30302
+ "id": "NIST-800-53-AC-2",
30303
+ "framework": "NIST SP 800-53 Rev 5",
30304
+ "control_name": "Account Management"
30305
+ },
30306
+ {
30307
+ "id": "NIST-800-53-SC-8",
30308
+ "framework": "NIST SP 800-53 Rev 5",
30309
+ "control_name": "Transmission Confidentiality and Integrity"
30310
+ },
30311
+ {
30312
+ "id": "NIST-800-53-SI-2",
30313
+ "framework": "NIST SP 800-53 Rev 5",
30314
+ "control_name": "Flaw Remediation"
30315
+ },
30316
+ {
30317
+ "id": "NIST-800-53-SI-3",
30318
+ "framework": "NIST SP 800-53 Rev 5",
30319
+ "control_name": "Malicious Code Protection"
30320
+ },
30321
+ {
30322
+ "id": "NIST-800-82r3",
30323
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
30324
+ "control_name": "Guide to Operational Technology (OT) Security"
30325
+ },
30326
+ {
30327
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
30328
+ "framework": "OWASP Top 10 for LLM Applications 2025",
30329
+ "control_name": "Prompt Injection"
30330
+ },
30331
+ {
30332
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
30333
+ "framework": "OWASP Top 10 for LLM Applications 2025",
30334
+ "control_name": "Sensitive Information Disclosure"
30335
+ },
30336
+ {
30337
+ "id": "OWASP-Pen-Testing-Guide-v5",
30338
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
30339
+ "control_name": "Web application penetration testing methodology"
30340
+ },
30341
+ {
30342
+ "id": "PCI-DSS-4.0-6.3.3",
30343
+ "framework": "PCI DSS 4.0",
30344
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
30345
+ },
30346
+ {
30347
+ "id": "PTES-Pre-engagement",
30348
+ "framework": "Penetration Testing Execution Standard (PTES)",
30349
+ "control_name": "Pre-engagement Interactions"
30350
+ },
30351
+ {
30352
+ "id": "SOC2-CC6-logical-access",
30353
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
30354
+ "control_name": "Logical and Physical Access Controls"
30355
+ },
30356
+ {
30357
+ "id": "SOC2-CC9-vendor-management",
30358
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
30359
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
30360
+ }
30361
+ ],
30362
+ "attack_refs": [
30363
+ "T0855",
30364
+ "T0883",
30365
+ "T1059",
30366
+ "T1068",
30367
+ "T1078",
30368
+ "T1133",
30369
+ "T1190",
30370
+ "T1548.001",
30371
+ "T1566"
30372
+ ],
30373
+ "rfc_refs": [
30374
+ "RFC-4301",
30375
+ "RFC-4303",
30376
+ "RFC-7296"
30377
+ ]
30378
+ }
30379
+ },
30380
+ "CVE-2026-24214": {
30381
+ "name": "NVIDIA Triton DALI Backend Integer Overflow",
30382
+ "rwep": 11,
30383
+ "cvss": 9.8,
30384
+ "cisa_kev": false,
30385
+ "epss_score": null,
30386
+ "referencing_skills": [
30387
+ "kernel-lpe-triage",
30388
+ "ai-attack-surface",
30389
+ "compliance-theater",
30390
+ "attack-surface-pentest",
30391
+ "ot-ics-security",
30392
+ "coordinated-vuln-disclosure",
30393
+ "sector-energy"
30394
+ ],
30395
+ "chain": {
30396
+ "cwes": [
30397
+ {
30398
+ "id": "CWE-1037",
30399
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
30400
+ "category": "Hardware / Side Channel"
30401
+ },
30402
+ {
30403
+ "id": "CWE-1039",
30404
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
30405
+ "category": "AI/ML"
30406
+ },
30407
+ {
30408
+ "id": "CWE-125",
30409
+ "name": "Out-of-bounds Read",
30410
+ "category": "Memory Safety"
30411
+ },
30412
+ {
30413
+ "id": "CWE-1357",
30414
+ "name": "Reliance on Insufficiently Trustworthy Component",
30415
+ "category": "Supply Chain"
30416
+ },
30417
+ {
30418
+ "id": "CWE-1395",
30419
+ "name": "Dependency on Vulnerable Third-Party Component",
30420
+ "category": "Supply Chain"
30421
+ },
30422
+ {
30423
+ "id": "CWE-1426",
30424
+ "name": "Improper Validation of Generative AI Output",
30425
+ "category": "AI/ML"
30426
+ },
30427
+ {
30428
+ "id": "CWE-22",
30429
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
30430
+ "category": "Path/Resource"
30431
+ },
30432
+ {
30433
+ "id": "CWE-269",
30434
+ "name": "Improper Privilege Management",
30435
+ "category": "Authorization"
30436
+ },
30437
+ {
30438
+ "id": "CWE-287",
30439
+ "name": "Improper Authentication",
30440
+ "category": "Authentication"
30441
+ },
30442
+ {
30443
+ "id": "CWE-306",
30444
+ "name": "Missing Authentication for Critical Function",
30445
+ "category": "Authentication"
30446
+ },
30447
+ {
30448
+ "id": "CWE-352",
30449
+ "name": "Cross-Site Request Forgery (CSRF)",
30450
+ "category": "Session"
30451
+ },
30452
+ {
30453
+ "id": "CWE-362",
30454
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
30455
+ "category": "Concurrency"
30456
+ },
30457
+ {
30458
+ "id": "CWE-416",
30459
+ "name": "Use After Free",
30460
+ "category": "Memory Safety"
30461
+ },
30462
+ {
30463
+ "id": "CWE-434",
30464
+ "name": "Unrestricted Upload of File with Dangerous Type",
30465
+ "category": "File Handling"
30466
+ },
30467
+ {
30468
+ "id": "CWE-672",
30469
+ "name": "Operation on a Resource after Expiration or Release",
30470
+ "category": "Memory Safety"
30471
+ },
30472
+ {
30473
+ "id": "CWE-732",
30474
+ "name": "Incorrect Permission Assignment for Critical Resource",
30475
+ "category": "Authorization"
30476
+ },
30477
+ {
30478
+ "id": "CWE-78",
30479
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
30480
+ "category": "Injection"
30481
+ },
30482
+ {
30483
+ "id": "CWE-787",
30484
+ "name": "Out-of-bounds Write",
30485
+ "category": "Memory Safety"
30486
+ },
30487
+ {
30488
+ "id": "CWE-79",
30489
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
30490
+ "category": "Injection"
30491
+ },
30492
+ {
30493
+ "id": "CWE-798",
30494
+ "name": "Use of Hard-coded Credentials",
30495
+ "category": "Credentials"
30496
+ },
30497
+ {
30498
+ "id": "CWE-89",
30499
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
30500
+ "category": "Injection"
30501
+ },
30502
+ {
30503
+ "id": "CWE-918",
30504
+ "name": "Server-Side Request Forgery (SSRF)",
30505
+ "category": "Network"
30506
+ },
30507
+ {
30508
+ "id": "CWE-94",
30509
+ "name": "Improper Control of Generation of Code (Code Injection)",
30510
+ "category": "Injection"
30511
+ }
30512
+ ],
30513
+ "atlas": [
30514
+ {
30515
+ "id": "AML.T0010",
30516
+ "name": "ML Supply Chain Compromise",
30517
+ "tactic": "Initial Access"
30518
+ },
30519
+ {
30520
+ "id": "AML.T0016",
30521
+ "name": "Obtain Capabilities: Develop Capabilities",
30522
+ "tactic": "Resource Development"
30523
+ },
30524
+ {
30525
+ "id": "AML.T0017",
30526
+ "name": "Discover ML Model Ontology",
30527
+ "tactic": "Discovery"
30528
+ },
30529
+ {
30530
+ "id": "AML.T0018",
30531
+ "name": "Backdoor ML Model",
30532
+ "tactic": "Persistence"
30533
+ },
30534
+ {
30535
+ "id": "AML.T0020",
30536
+ "name": "Poison Training Data",
30537
+ "tactic": "ML Attack Staging"
30538
+ },
30539
+ {
30540
+ "id": "AML.T0043",
30541
+ "name": "Craft Adversarial Data",
30542
+ "tactic": "ML Attack Staging"
30543
+ },
30544
+ {
30545
+ "id": "AML.T0051",
30546
+ "name": "LLM Prompt Injection",
30547
+ "tactic": "Execution"
30548
+ },
30549
+ {
30550
+ "id": "AML.T0054",
30551
+ "name": "LLM Jailbreak",
30552
+ "tactic": "Defense Evasion"
30553
+ },
30554
+ {
30555
+ "id": "AML.T0096",
30556
+ "name": "AI API as Covert C2 Channel",
30557
+ "tactic": "Command and Control"
30558
+ }
30559
+ ],
30560
+ "d3fend": [
30561
+ {
30562
+ "id": "D3-ASLR",
30563
+ "name": "Address Space Layout Randomization",
30564
+ "tactic": "Harden"
30565
+ },
30566
+ {
30567
+ "id": "D3-CSPP",
30568
+ "name": "Client-server Payload Profiling",
30569
+ "tactic": "Detect"
30570
+ },
30571
+ {
30572
+ "id": "D3-EAL",
30573
+ "name": "Executable Allowlisting",
30574
+ "tactic": "Harden"
30575
+ },
30576
+ {
30577
+ "id": "D3-IOPR",
30578
+ "name": "Input/Output Profiling Resource",
30579
+ "tactic": "Detect"
30580
+ },
30581
+ {
30582
+ "id": "D3-NTA",
30583
+ "name": "Network Traffic Analysis",
30584
+ "tactic": "Detect"
30585
+ },
30586
+ {
30587
+ "id": "D3-PHRA",
30588
+ "name": "Process Hardware Resource Access",
30589
+ "tactic": "Isolate"
30590
+ },
30591
+ {
30592
+ "id": "D3-PSEP",
30593
+ "name": "Process Segment Execution Prevention",
30594
+ "tactic": "Harden"
30595
+ }
30596
+ ],
30597
+ "framework_gaps": [
30598
+ {
30599
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
30600
+ "framework": "ALL",
30601
+ "control_name": "AI Pipeline Integrity"
30602
+ },
30603
+ {
30604
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
30605
+ "framework": "ALL",
30606
+ "control_name": "Prompt Injection as Access Control Failure"
30607
+ },
30608
+ {
30609
+ "id": "CIS-Controls-v8-Control7",
30610
+ "framework": "CIS Controls v8",
30611
+ "control_name": "Continuous Vulnerability Management"
30612
+ },
30613
+ {
30614
+ "id": "CMMC-2.0-Level-2",
30615
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
30616
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
30617
+ },
30618
+ {
30619
+ "id": "FedRAMP-Rev5-Moderate",
30620
+ "framework": "FedRAMP Rev 5 Moderate",
30621
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
30622
+ },
30623
+ {
30624
+ "id": "IEC-62443-3-3",
30625
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
30626
+ "control_name": "System security requirements and security levels"
30627
+ },
30628
+ {
30629
+ "id": "ISO-27001-2022-A.8.28",
30630
+ "framework": "ISO/IEC 27001:2022",
30631
+ "control_name": "Secure coding"
30632
+ },
30633
+ {
30634
+ "id": "ISO-27001-2022-A.8.8",
30635
+ "framework": "ISO/IEC 27001:2022",
30636
+ "control_name": "Management of technical vulnerabilities"
30637
+ },
30638
+ {
30639
+ "id": "ISO-IEC-23894-2023-clause-7",
30640
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
30641
+ "control_name": "AI risk management process"
30642
+ },
30643
+ {
30644
+ "id": "NERC-CIP-007-6-R4",
30645
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
30646
+ "control_name": "Security event monitoring"
30647
+ },
30648
+ {
30649
+ "id": "NIS2-Art21-patch-management",
30650
+ "framework": "EU NIS2 Directive",
30651
+ "control_name": "Vulnerability handling and disclosure"
30652
+ },
30653
+ {
30654
+ "id": "NIST-800-115",
30655
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
30656
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
30657
+ },
30658
+ {
30659
+ "id": "NIST-800-218-SSDF",
30660
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
30661
+ "control_name": "Secure Software Development Framework"
30662
+ },
30663
+ {
30664
+ "id": "NIST-800-53-AC-2",
30665
+ "framework": "NIST SP 800-53 Rev 5",
30666
+ "control_name": "Account Management"
30667
+ },
30668
+ {
30669
+ "id": "NIST-800-53-SC-8",
30670
+ "framework": "NIST SP 800-53 Rev 5",
30671
+ "control_name": "Transmission Confidentiality and Integrity"
30672
+ },
30673
+ {
30674
+ "id": "NIST-800-53-SI-2",
30675
+ "framework": "NIST SP 800-53 Rev 5",
30676
+ "control_name": "Flaw Remediation"
30677
+ },
30678
+ {
30679
+ "id": "NIST-800-53-SI-3",
30680
+ "framework": "NIST SP 800-53 Rev 5",
30681
+ "control_name": "Malicious Code Protection"
30682
+ },
30683
+ {
30684
+ "id": "NIST-800-82r3",
30685
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
30686
+ "control_name": "Guide to Operational Technology (OT) Security"
30687
+ },
30688
+ {
30689
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
30690
+ "framework": "OWASP Top 10 for LLM Applications 2025",
30691
+ "control_name": "Prompt Injection"
30692
+ },
30693
+ {
30694
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
30695
+ "framework": "OWASP Top 10 for LLM Applications 2025",
30696
+ "control_name": "Sensitive Information Disclosure"
30697
+ },
30698
+ {
30699
+ "id": "OWASP-Pen-Testing-Guide-v5",
30700
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
30701
+ "control_name": "Web application penetration testing methodology"
30702
+ },
30703
+ {
30704
+ "id": "PCI-DSS-4.0-6.3.3",
30705
+ "framework": "PCI DSS 4.0",
30706
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
30707
+ },
30708
+ {
30709
+ "id": "PTES-Pre-engagement",
30710
+ "framework": "Penetration Testing Execution Standard (PTES)",
30711
+ "control_name": "Pre-engagement Interactions"
30712
+ },
30713
+ {
30714
+ "id": "SOC2-CC6-logical-access",
30715
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
30716
+ "control_name": "Logical and Physical Access Controls"
30717
+ },
30718
+ {
30719
+ "id": "SOC2-CC9-vendor-management",
30720
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
30721
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
30722
+ }
30723
+ ],
30724
+ "attack_refs": [
30725
+ "T0855",
30726
+ "T0883",
30727
+ "T1059",
30728
+ "T1068",
30729
+ "T1078",
30730
+ "T1133",
30731
+ "T1190",
30732
+ "T1548.001",
30733
+ "T1566"
30734
+ ],
30735
+ "rfc_refs": [
30736
+ "RFC-4301",
30737
+ "RFC-4303",
30738
+ "RFC-7296"
30739
+ ]
30740
+ }
30741
+ },
30742
+ "CVE-2026-24215": {
30743
+ "name": "NVIDIA Triton DALI Backend Uncontrolled Resource Consumption (DoS)",
30744
+ "rwep": 5,
30745
+ "cvss": 7.5,
30746
+ "cisa_kev": false,
30747
+ "epss_score": null,
30748
+ "referencing_skills": [
30749
+ "kernel-lpe-triage",
30750
+ "ai-attack-surface",
30751
+ "compliance-theater",
30752
+ "attack-surface-pentest",
30753
+ "ot-ics-security",
30754
+ "coordinated-vuln-disclosure",
30755
+ "sector-energy"
30756
+ ],
30757
+ "chain": {
30758
+ "cwes": [
30759
+ {
30760
+ "id": "CWE-1037",
30761
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
30762
+ "category": "Hardware / Side Channel"
30763
+ },
30764
+ {
30765
+ "id": "CWE-1039",
30766
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
30767
+ "category": "AI/ML"
30768
+ },
30769
+ {
30770
+ "id": "CWE-125",
30771
+ "name": "Out-of-bounds Read",
30772
+ "category": "Memory Safety"
30773
+ },
30774
+ {
30775
+ "id": "CWE-1357",
30776
+ "name": "Reliance on Insufficiently Trustworthy Component",
30777
+ "category": "Supply Chain"
30778
+ },
30779
+ {
30780
+ "id": "CWE-1395",
30781
+ "name": "Dependency on Vulnerable Third-Party Component",
30782
+ "category": "Supply Chain"
30783
+ },
30784
+ {
30785
+ "id": "CWE-1426",
30786
+ "name": "Improper Validation of Generative AI Output",
30787
+ "category": "AI/ML"
30788
+ },
30789
+ {
30790
+ "id": "CWE-22",
30791
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
30792
+ "category": "Path/Resource"
30793
+ },
30794
+ {
30795
+ "id": "CWE-269",
30796
+ "name": "Improper Privilege Management",
30797
+ "category": "Authorization"
30798
+ },
30799
+ {
30800
+ "id": "CWE-287",
30801
+ "name": "Improper Authentication",
30802
+ "category": "Authentication"
30803
+ },
30804
+ {
30805
+ "id": "CWE-306",
30806
+ "name": "Missing Authentication for Critical Function",
30807
+ "category": "Authentication"
30808
+ },
30809
+ {
30810
+ "id": "CWE-352",
30811
+ "name": "Cross-Site Request Forgery (CSRF)",
30812
+ "category": "Session"
30813
+ },
30814
+ {
30815
+ "id": "CWE-362",
30816
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
30817
+ "category": "Concurrency"
30818
+ },
30819
+ {
30820
+ "id": "CWE-416",
30821
+ "name": "Use After Free",
30822
+ "category": "Memory Safety"
30823
+ },
30824
+ {
30825
+ "id": "CWE-434",
30826
+ "name": "Unrestricted Upload of File with Dangerous Type",
30827
+ "category": "File Handling"
30828
+ },
30829
+ {
30830
+ "id": "CWE-672",
30831
+ "name": "Operation on a Resource after Expiration or Release",
30832
+ "category": "Memory Safety"
30833
+ },
30834
+ {
30835
+ "id": "CWE-732",
30836
+ "name": "Incorrect Permission Assignment for Critical Resource",
30837
+ "category": "Authorization"
30838
+ },
30839
+ {
30840
+ "id": "CWE-78",
30841
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
30842
+ "category": "Injection"
30843
+ },
30844
+ {
30845
+ "id": "CWE-787",
30846
+ "name": "Out-of-bounds Write",
30847
+ "category": "Memory Safety"
30848
+ },
30849
+ {
30850
+ "id": "CWE-79",
30851
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
30852
+ "category": "Injection"
30853
+ },
30854
+ {
30855
+ "id": "CWE-798",
30856
+ "name": "Use of Hard-coded Credentials",
30857
+ "category": "Credentials"
30858
+ },
30859
+ {
30860
+ "id": "CWE-89",
30861
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
30862
+ "category": "Injection"
30863
+ },
30864
+ {
30865
+ "id": "CWE-918",
30866
+ "name": "Server-Side Request Forgery (SSRF)",
30867
+ "category": "Network"
30868
+ },
30869
+ {
30870
+ "id": "CWE-94",
30871
+ "name": "Improper Control of Generation of Code (Code Injection)",
30872
+ "category": "Injection"
30873
+ }
30874
+ ],
30875
+ "atlas": [
30876
+ {
30877
+ "id": "AML.T0010",
30878
+ "name": "ML Supply Chain Compromise",
30879
+ "tactic": "Initial Access"
30880
+ },
30881
+ {
30882
+ "id": "AML.T0016",
30883
+ "name": "Obtain Capabilities: Develop Capabilities",
30884
+ "tactic": "Resource Development"
30885
+ },
30886
+ {
30887
+ "id": "AML.T0017",
30888
+ "name": "Discover ML Model Ontology",
30889
+ "tactic": "Discovery"
30890
+ },
30891
+ {
30892
+ "id": "AML.T0018",
30893
+ "name": "Backdoor ML Model",
30894
+ "tactic": "Persistence"
30895
+ },
30896
+ {
30897
+ "id": "AML.T0020",
30898
+ "name": "Poison Training Data",
30899
+ "tactic": "ML Attack Staging"
30900
+ },
30901
+ {
30902
+ "id": "AML.T0043",
30903
+ "name": "Craft Adversarial Data",
30904
+ "tactic": "ML Attack Staging"
30905
+ },
30906
+ {
30907
+ "id": "AML.T0051",
30908
+ "name": "LLM Prompt Injection",
30909
+ "tactic": "Execution"
30910
+ },
30911
+ {
30912
+ "id": "AML.T0054",
30913
+ "name": "LLM Jailbreak",
30914
+ "tactic": "Defense Evasion"
30915
+ },
30916
+ {
30917
+ "id": "AML.T0096",
30918
+ "name": "AI API as Covert C2 Channel",
30919
+ "tactic": "Command and Control"
30920
+ }
30921
+ ],
30922
+ "d3fend": [
30923
+ {
30924
+ "id": "D3-ASLR",
30925
+ "name": "Address Space Layout Randomization",
30926
+ "tactic": "Harden"
30927
+ },
30928
+ {
30929
+ "id": "D3-CSPP",
30930
+ "name": "Client-server Payload Profiling",
30931
+ "tactic": "Detect"
30932
+ },
30933
+ {
30934
+ "id": "D3-EAL",
30935
+ "name": "Executable Allowlisting",
30936
+ "tactic": "Harden"
30937
+ },
30938
+ {
30939
+ "id": "D3-IOPR",
30940
+ "name": "Input/Output Profiling Resource",
30941
+ "tactic": "Detect"
30942
+ },
30943
+ {
30944
+ "id": "D3-NTA",
30945
+ "name": "Network Traffic Analysis",
30946
+ "tactic": "Detect"
30947
+ },
30948
+ {
30949
+ "id": "D3-PHRA",
30950
+ "name": "Process Hardware Resource Access",
30951
+ "tactic": "Isolate"
30952
+ },
30953
+ {
30954
+ "id": "D3-PSEP",
30955
+ "name": "Process Segment Execution Prevention",
30956
+ "tactic": "Harden"
30957
+ }
30958
+ ],
30959
+ "framework_gaps": [
30960
+ {
30961
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
30962
+ "framework": "ALL",
30963
+ "control_name": "AI Pipeline Integrity"
30964
+ },
30965
+ {
30966
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
30967
+ "framework": "ALL",
30968
+ "control_name": "Prompt Injection as Access Control Failure"
30969
+ },
30970
+ {
30971
+ "id": "CIS-Controls-v8-Control7",
30972
+ "framework": "CIS Controls v8",
30973
+ "control_name": "Continuous Vulnerability Management"
30974
+ },
30975
+ {
30976
+ "id": "CMMC-2.0-Level-2",
30977
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
30978
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
30979
+ },
30980
+ {
30981
+ "id": "FedRAMP-Rev5-Moderate",
30982
+ "framework": "FedRAMP Rev 5 Moderate",
30983
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
30984
+ },
30985
+ {
30986
+ "id": "IEC-62443-3-3",
30987
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
30988
+ "control_name": "System security requirements and security levels"
30989
+ },
30990
+ {
30991
+ "id": "ISO-27001-2022-A.8.28",
30992
+ "framework": "ISO/IEC 27001:2022",
30993
+ "control_name": "Secure coding"
30994
+ },
30995
+ {
30996
+ "id": "ISO-27001-2022-A.8.8",
30997
+ "framework": "ISO/IEC 27001:2022",
30998
+ "control_name": "Management of technical vulnerabilities"
30999
+ },
31000
+ {
31001
+ "id": "ISO-IEC-23894-2023-clause-7",
31002
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
31003
+ "control_name": "AI risk management process"
31004
+ },
31005
+ {
31006
+ "id": "NERC-CIP-007-6-R4",
31007
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
31008
+ "control_name": "Security event monitoring"
31009
+ },
31010
+ {
31011
+ "id": "NIS2-Art21-patch-management",
31012
+ "framework": "EU NIS2 Directive",
31013
+ "control_name": "Vulnerability handling and disclosure"
31014
+ },
31015
+ {
31016
+ "id": "NIST-800-115",
31017
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
31018
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
31019
+ },
31020
+ {
31021
+ "id": "NIST-800-218-SSDF",
31022
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
31023
+ "control_name": "Secure Software Development Framework"
31024
+ },
31025
+ {
31026
+ "id": "NIST-800-53-AC-2",
31027
+ "framework": "NIST SP 800-53 Rev 5",
31028
+ "control_name": "Account Management"
31029
+ },
31030
+ {
31031
+ "id": "NIST-800-53-SC-8",
31032
+ "framework": "NIST SP 800-53 Rev 5",
31033
+ "control_name": "Transmission Confidentiality and Integrity"
31034
+ },
31035
+ {
31036
+ "id": "NIST-800-53-SI-2",
31037
+ "framework": "NIST SP 800-53 Rev 5",
31038
+ "control_name": "Flaw Remediation"
31039
+ },
31040
+ {
31041
+ "id": "NIST-800-53-SI-3",
31042
+ "framework": "NIST SP 800-53 Rev 5",
31043
+ "control_name": "Malicious Code Protection"
31044
+ },
31045
+ {
31046
+ "id": "NIST-800-82r3",
31047
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
31048
+ "control_name": "Guide to Operational Technology (OT) Security"
31049
+ },
31050
+ {
31051
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
31052
+ "framework": "OWASP Top 10 for LLM Applications 2025",
31053
+ "control_name": "Prompt Injection"
31054
+ },
31055
+ {
31056
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
31057
+ "framework": "OWASP Top 10 for LLM Applications 2025",
31058
+ "control_name": "Sensitive Information Disclosure"
31059
+ },
31060
+ {
31061
+ "id": "OWASP-Pen-Testing-Guide-v5",
31062
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
31063
+ "control_name": "Web application penetration testing methodology"
31064
+ },
31065
+ {
31066
+ "id": "PCI-DSS-4.0-6.3.3",
31067
+ "framework": "PCI DSS 4.0",
31068
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
31069
+ },
31070
+ {
31071
+ "id": "PTES-Pre-engagement",
31072
+ "framework": "Penetration Testing Execution Standard (PTES)",
31073
+ "control_name": "Pre-engagement Interactions"
31074
+ },
31075
+ {
31076
+ "id": "SOC2-CC6-logical-access",
31077
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
31078
+ "control_name": "Logical and Physical Access Controls"
31079
+ },
31080
+ {
31081
+ "id": "SOC2-CC9-vendor-management",
31082
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
31083
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
31084
+ }
31085
+ ],
31086
+ "attack_refs": [
31087
+ "T0855",
31088
+ "T0883",
31089
+ "T1059",
31090
+ "T1068",
31091
+ "T1078",
31092
+ "T1133",
31093
+ "T1190",
31094
+ "T1548.001",
31095
+ "T1566"
31096
+ ],
31097
+ "rfc_refs": [
31098
+ "RFC-4301",
31099
+ "RFC-4303",
31100
+ "RFC-7296"
31101
+ ]
31102
+ }
31103
+ },
28932
31104
  "CVE-2026-41091": {
28933
31105
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
28934
31106
  "rwep": 45,
@@ -55310,6 +57482,9 @@
55310
57482
  "CVE-2023-48022",
55311
57483
  "CVE-2023-51449",
55312
57484
  "CVE-2024-0132",
57485
+ "CVE-2024-11392",
57486
+ "CVE-2024-11393",
57487
+ "CVE-2024-11394",
55313
57488
  "CVE-2024-1561",
55314
57489
  "CVE-2024-3094",
55315
57490
  "CVE-2024-3154",
@@ -55342,6 +57517,9 @@
55342
57517
  "CVE-2026-22688",
55343
57518
  "CVE-2026-24206",
55344
57519
  "CVE-2026-24207",
57520
+ "CVE-2026-24213",
57521
+ "CVE-2026-24214",
57522
+ "CVE-2026-24215",
55345
57523
  "CVE-2026-25592",
55346
57524
  "CVE-2026-26015",
55347
57525
  "CVE-2026-30615",
@@ -55692,6 +57870,9 @@
55692
57870
  "CVE-2023-48022",
55693
57871
  "CVE-2023-51449",
55694
57872
  "CVE-2024-0132",
57873
+ "CVE-2024-11392",
57874
+ "CVE-2024-11393",
57875
+ "CVE-2024-11394",
55695
57876
  "CVE-2024-1561",
55696
57877
  "CVE-2024-37032",
55697
57878
  "CVE-2024-39722",
@@ -55720,6 +57901,9 @@
55720
57901
  "CVE-2026-22688",
55721
57902
  "CVE-2026-24206",
55722
57903
  "CVE-2026-24207",
57904
+ "CVE-2026-24213",
57905
+ "CVE-2026-24214",
57906
+ "CVE-2026-24215",
55723
57907
  "CVE-2026-25592",
55724
57908
  "CVE-2026-26015",
55725
57909
  "CVE-2026-30616",
@@ -55865,6 +58049,9 @@
55865
58049
  "CVE-2023-48022",
55866
58050
  "CVE-2023-51449",
55867
58051
  "CVE-2024-0132",
58052
+ "CVE-2024-11392",
58053
+ "CVE-2024-11393",
58054
+ "CVE-2024-11394",
55868
58055
  "CVE-2024-1561",
55869
58056
  "CVE-2024-37032",
55870
58057
  "CVE-2024-39722",
@@ -55893,6 +58080,9 @@
55893
58080
  "CVE-2026-22688",
55894
58081
  "CVE-2026-24206",
55895
58082
  "CVE-2026-24207",
58083
+ "CVE-2026-24213",
58084
+ "CVE-2026-24214",
58085
+ "CVE-2026-24215",
55896
58086
  "CVE-2026-25592",
55897
58087
  "CVE-2026-26015",
55898
58088
  "CVE-2026-30616",
@@ -56052,6 +58242,9 @@
56052
58242
  "CVE-2023-48022",
56053
58243
  "CVE-2023-51449",
56054
58244
  "CVE-2024-0132",
58245
+ "CVE-2024-11392",
58246
+ "CVE-2024-11393",
58247
+ "CVE-2024-11394",
56055
58248
  "CVE-2024-1561",
56056
58249
  "CVE-2024-37032",
56057
58250
  "CVE-2024-39722",
@@ -56080,6 +58273,9 @@
56080
58273
  "CVE-2026-22688",
56081
58274
  "CVE-2026-24206",
56082
58275
  "CVE-2026-24207",
58276
+ "CVE-2026-24213",
58277
+ "CVE-2026-24214",
58278
+ "CVE-2026-24215",
56083
58279
  "CVE-2026-25592",
56084
58280
  "CVE-2026-26015",
56085
58281
  "CVE-2026-30616",
@@ -56343,6 +58539,9 @@
56343
58539
  "CVE-2023-48022",
56344
58540
  "CVE-2023-51449",
56345
58541
  "CVE-2024-0132",
58542
+ "CVE-2024-11392",
58543
+ "CVE-2024-11393",
58544
+ "CVE-2024-11394",
56346
58545
  "CVE-2024-1561",
56347
58546
  "CVE-2024-3094",
56348
58547
  "CVE-2024-3154",
@@ -56373,6 +58572,9 @@
56373
58572
  "CVE-2026-22778",
56374
58573
  "CVE-2026-24206",
56375
58574
  "CVE-2026-24207",
58575
+ "CVE-2026-24213",
58576
+ "CVE-2026-24214",
58577
+ "CVE-2026-24215",
56376
58578
  "CVE-2026-25592",
56377
58579
  "CVE-2026-26015",
56378
58580
  "CVE-2026-30615",
@@ -56592,6 +58794,9 @@
56592
58794
  "CVE-2024-0132",
56593
58795
  "CVE-2024-0769",
56594
58796
  "CVE-2024-11182",
58797
+ "CVE-2024-11392",
58798
+ "CVE-2024-11393",
58799
+ "CVE-2024-11394",
56595
58800
  "CVE-2024-12987",
56596
58801
  "CVE-2024-1561",
56597
58802
  "CVE-2024-1708",
@@ -56795,6 +59000,9 @@
56795
59000
  "CVE-2026-24061",
56796
59001
  "CVE-2026-24206",
56797
59002
  "CVE-2026-24207",
59003
+ "CVE-2026-24213",
59004
+ "CVE-2026-24214",
59005
+ "CVE-2026-24215",
56798
59006
  "CVE-2026-2441",
56799
59007
  "CVE-2026-24423",
56800
59008
  "CVE-2026-24858",
@@ -57421,6 +59629,9 @@
57421
59629
  "CVE-2023-48022",
57422
59630
  "CVE-2023-51449",
57423
59631
  "CVE-2024-0132",
59632
+ "CVE-2024-11392",
59633
+ "CVE-2024-11393",
59634
+ "CVE-2024-11394",
57424
59635
  "CVE-2024-1561",
57425
59636
  "CVE-2024-3094",
57426
59637
  "CVE-2024-3154",
@@ -57453,6 +59664,9 @@
57453
59664
  "CVE-2026-22688",
57454
59665
  "CVE-2026-24206",
57455
59666
  "CVE-2026-24207",
59667
+ "CVE-2026-24213",
59668
+ "CVE-2026-24214",
59669
+ "CVE-2026-24215",
57456
59670
  "CVE-2026-25592",
57457
59671
  "CVE-2026-26015",
57458
59672
  "CVE-2026-30615",
@@ -58033,6 +60247,9 @@
58033
60247
  "CVE-2023-48022",
58034
60248
  "CVE-2023-51449",
58035
60249
  "CVE-2024-0132",
60250
+ "CVE-2024-11392",
60251
+ "CVE-2024-11393",
60252
+ "CVE-2024-11394",
58036
60253
  "CVE-2024-1561",
58037
60254
  "CVE-2024-3094",
58038
60255
  "CVE-2024-3154",
@@ -58065,6 +60282,9 @@
58065
60282
  "CVE-2026-22688",
58066
60283
  "CVE-2026-24206",
58067
60284
  "CVE-2026-24207",
60285
+ "CVE-2026-24213",
60286
+ "CVE-2026-24214",
60287
+ "CVE-2026-24215",
58068
60288
  "CVE-2026-25592",
58069
60289
  "CVE-2026-26015",
58070
60290
  "CVE-2026-30615",
@@ -58283,6 +60503,9 @@
58283
60503
  "CVE-2023-48022",
58284
60504
  "CVE-2023-51449",
58285
60505
  "CVE-2024-0132",
60506
+ "CVE-2024-11392",
60507
+ "CVE-2024-11393",
60508
+ "CVE-2024-11394",
58286
60509
  "CVE-2024-1561",
58287
60510
  "CVE-2024-3094",
58288
60511
  "CVE-2024-37032",
@@ -58311,6 +60534,9 @@
58311
60534
  "CVE-2026-22688",
58312
60535
  "CVE-2026-24206",
58313
60536
  "CVE-2026-24207",
60537
+ "CVE-2026-24213",
60538
+ "CVE-2026-24214",
60539
+ "CVE-2026-24215",
58314
60540
  "CVE-2026-25592",
58315
60541
  "CVE-2026-26015",
58316
60542
  "CVE-2026-30615",
@@ -58959,6 +61185,9 @@
58959
61185
  "CVE-2023-48022",
58960
61186
  "CVE-2023-51449",
58961
61187
  "CVE-2024-0132",
61188
+ "CVE-2024-11392",
61189
+ "CVE-2024-11393",
61190
+ "CVE-2024-11394",
58962
61191
  "CVE-2024-1561",
58963
61192
  "CVE-2024-3094",
58964
61193
  "CVE-2024-3154",
@@ -58991,6 +61220,9 @@
58991
61220
  "CVE-2026-22688",
58992
61221
  "CVE-2026-24206",
58993
61222
  "CVE-2026-24207",
61223
+ "CVE-2026-24213",
61224
+ "CVE-2026-24214",
61225
+ "CVE-2026-24215",
58994
61226
  "CVE-2026-25592",
58995
61227
  "CVE-2026-26015",
58996
61228
  "CVE-2026-30615",
@@ -59215,6 +61447,9 @@
59215
61447
  "CVE-2024-0132",
59216
61448
  "CVE-2024-0769",
59217
61449
  "CVE-2024-11182",
61450
+ "CVE-2024-11392",
61451
+ "CVE-2024-11393",
61452
+ "CVE-2024-11394",
59218
61453
  "CVE-2024-12987",
59219
61454
  "CVE-2024-1561",
59220
61455
  "CVE-2024-1708",
@@ -59418,6 +61653,9 @@
59418
61653
  "CVE-2026-24061",
59419
61654
  "CVE-2026-24206",
59420
61655
  "CVE-2026-24207",
61656
+ "CVE-2026-24213",
61657
+ "CVE-2026-24214",
61658
+ "CVE-2026-24215",
59421
61659
  "CVE-2026-2441",
59422
61660
  "CVE-2026-24423",
59423
61661
  "CVE-2026-24858",
@@ -59648,6 +61886,9 @@
59648
61886
  "CVE-2024-0132",
59649
61887
  "CVE-2024-0769",
59650
61888
  "CVE-2024-11182",
61889
+ "CVE-2024-11392",
61890
+ "CVE-2024-11393",
61891
+ "CVE-2024-11394",
59651
61892
  "CVE-2024-12987",
59652
61893
  "CVE-2024-1561",
59653
61894
  "CVE-2024-1708",
@@ -59851,6 +62092,9 @@
59851
62092
  "CVE-2026-24061",
59852
62093
  "CVE-2026-24206",
59853
62094
  "CVE-2026-24207",
62095
+ "CVE-2026-24213",
62096
+ "CVE-2026-24214",
62097
+ "CVE-2026-24215",
59854
62098
  "CVE-2026-2441",
59855
62099
  "CVE-2026-24423",
59856
62100
  "CVE-2026-24858",
@@ -60110,6 +62354,9 @@
60110
62354
  "CVE-2023-48022",
60111
62355
  "CVE-2023-51449",
60112
62356
  "CVE-2024-0132",
62357
+ "CVE-2024-11392",
62358
+ "CVE-2024-11393",
62359
+ "CVE-2024-11394",
60113
62360
  "CVE-2024-1561",
60114
62361
  "CVE-2024-3094",
60115
62362
  "CVE-2024-3154",
@@ -60142,6 +62389,9 @@
60142
62389
  "CVE-2026-22688",
60143
62390
  "CVE-2026-24206",
60144
62391
  "CVE-2026-24207",
62392
+ "CVE-2026-24213",
62393
+ "CVE-2026-24214",
62394
+ "CVE-2026-24215",
60145
62395
  "CVE-2026-25592",
60146
62396
  "CVE-2026-26015",
60147
62397
  "CVE-2026-30615",
@@ -60918,6 +63168,9 @@
60918
63168
  "CVE-2024-0132",
60919
63169
  "CVE-2024-0769",
60920
63170
  "CVE-2024-11182",
63171
+ "CVE-2024-11392",
63172
+ "CVE-2024-11393",
63173
+ "CVE-2024-11394",
60921
63174
  "CVE-2024-12987",
60922
63175
  "CVE-2024-1561",
60923
63176
  "CVE-2024-1708",
@@ -61121,6 +63374,9 @@
61121
63374
  "CVE-2026-24061",
61122
63375
  "CVE-2026-24206",
61123
63376
  "CVE-2026-24207",
63377
+ "CVE-2026-24213",
63378
+ "CVE-2026-24214",
63379
+ "CVE-2026-24215",
61124
63380
  "CVE-2026-2441",
61125
63381
  "CVE-2026-24423",
61126
63382
  "CVE-2026-24858",
@@ -61444,6 +63700,9 @@
61444
63700
  "CVE-2023-48022",
61445
63701
  "CVE-2023-51449",
61446
63702
  "CVE-2024-0132",
63703
+ "CVE-2024-11392",
63704
+ "CVE-2024-11393",
63705
+ "CVE-2024-11394",
61447
63706
  "CVE-2024-1561",
61448
63707
  "CVE-2024-3094",
61449
63708
  "CVE-2024-3154",
@@ -61476,6 +63735,9 @@
61476
63735
  "CVE-2026-22688",
61477
63736
  "CVE-2026-24206",
61478
63737
  "CVE-2026-24207",
63738
+ "CVE-2026-24213",
63739
+ "CVE-2026-24214",
63740
+ "CVE-2026-24215",
61479
63741
  "CVE-2026-25592",
61480
63742
  "CVE-2026-26015",
61481
63743
  "CVE-2026-30615",
@@ -61778,6 +64040,9 @@
61778
64040
  "CVE-2024-0132",
61779
64041
  "CVE-2024-0769",
61780
64042
  "CVE-2024-11182",
64043
+ "CVE-2024-11392",
64044
+ "CVE-2024-11393",
64045
+ "CVE-2024-11394",
61781
64046
  "CVE-2024-12987",
61782
64047
  "CVE-2024-1561",
61783
64048
  "CVE-2024-1708",
@@ -61986,6 +64251,9 @@
61986
64251
  "CVE-2026-24061",
61987
64252
  "CVE-2026-24206",
61988
64253
  "CVE-2026-24207",
64254
+ "CVE-2026-24213",
64255
+ "CVE-2026-24214",
64256
+ "CVE-2026-24215",
61989
64257
  "CVE-2026-2441",
61990
64258
  "CVE-2026-24423",
61991
64259
  "CVE-2026-24858",
@@ -62323,6 +64591,9 @@
62323
64591
  "CVE-2023-48022",
62324
64592
  "CVE-2023-51449",
62325
64593
  "CVE-2024-0132",
64594
+ "CVE-2024-11392",
64595
+ "CVE-2024-11393",
64596
+ "CVE-2024-11394",
62326
64597
  "CVE-2024-1561",
62327
64598
  "CVE-2024-3094",
62328
64599
  "CVE-2024-3154",
@@ -62353,6 +64624,9 @@
62353
64624
  "CVE-2026-22688",
62354
64625
  "CVE-2026-24206",
62355
64626
  "CVE-2026-24207",
64627
+ "CVE-2026-24213",
64628
+ "CVE-2026-24214",
64629
+ "CVE-2026-24215",
62356
64630
  "CVE-2026-25592",
62357
64631
  "CVE-2026-26015",
62358
64632
  "CVE-2026-30615",
@@ -63270,6 +65544,9 @@
63270
65544
  "CVE-2023-48022",
63271
65545
  "CVE-2023-51449",
63272
65546
  "CVE-2024-0132",
65547
+ "CVE-2024-11392",
65548
+ "CVE-2024-11393",
65549
+ "CVE-2024-11394",
63273
65550
  "CVE-2024-1561",
63274
65551
  "CVE-2024-3094",
63275
65552
  "CVE-2024-3154",
@@ -63302,6 +65579,9 @@
63302
65579
  "CVE-2026-22688",
63303
65580
  "CVE-2026-24206",
63304
65581
  "CVE-2026-24207",
65582
+ "CVE-2026-24213",
65583
+ "CVE-2026-24214",
65584
+ "CVE-2026-24215",
63305
65585
  "CVE-2026-25592",
63306
65586
  "CVE-2026-26015",
63307
65587
  "CVE-2026-30615",
@@ -63381,6 +65661,9 @@
63381
65661
  "CVE-2023-48022",
63382
65662
  "CVE-2023-51449",
63383
65663
  "CVE-2024-0132",
65664
+ "CVE-2024-11392",
65665
+ "CVE-2024-11393",
65666
+ "CVE-2024-11394",
63384
65667
  "CVE-2024-1561",
63385
65668
  "CVE-2024-37032",
63386
65669
  "CVE-2024-39722",
@@ -63407,6 +65690,9 @@
63407
65690
  "CVE-2026-22688",
63408
65691
  "CVE-2026-24206",
63409
65692
  "CVE-2026-24207",
65693
+ "CVE-2026-24213",
65694
+ "CVE-2026-24214",
65695
+ "CVE-2026-24215",
63410
65696
  "CVE-2026-25592",
63411
65697
  "CVE-2026-26015",
63412
65698
  "CVE-2026-30616",
@@ -63562,6 +65848,9 @@
63562
65848
  "CVE-2023-48022",
63563
65849
  "CVE-2023-51449",
63564
65850
  "CVE-2024-0132",
65851
+ "CVE-2024-11392",
65852
+ "CVE-2024-11393",
65853
+ "CVE-2024-11394",
63565
65854
  "CVE-2024-1561",
63566
65855
  "CVE-2024-37032",
63567
65856
  "CVE-2024-39722",
@@ -63589,6 +65878,9 @@
63589
65878
  "CVE-2026-22778",
63590
65879
  "CVE-2026-24206",
63591
65880
  "CVE-2026-24207",
65881
+ "CVE-2026-24213",
65882
+ "CVE-2026-24214",
65883
+ "CVE-2026-24215",
63592
65884
  "CVE-2026-25592",
63593
65885
  "CVE-2026-26015",
63594
65886
  "CVE-2026-30616",
@@ -63994,6 +66286,9 @@
63994
66286
  "CVE-2023-52163",
63995
66287
  "CVE-2024-0769",
63996
66288
  "CVE-2024-11182",
66289
+ "CVE-2024-11392",
66290
+ "CVE-2024-11393",
66291
+ "CVE-2024-11394",
63997
66292
  "CVE-2024-12987",
63998
66293
  "CVE-2024-1561",
63999
66294
  "CVE-2024-1708",
@@ -64188,6 +66483,9 @@
64188
66483
  "CVE-2026-22769",
64189
66484
  "CVE-2026-23760",
64190
66485
  "CVE-2026-24061",
66486
+ "CVE-2026-24213",
66487
+ "CVE-2026-24214",
66488
+ "CVE-2026-24215",
64191
66489
  "CVE-2026-2441",
64192
66490
  "CVE-2026-24423",
64193
66491
  "CVE-2026-24858",
@@ -64446,6 +66744,9 @@
64446
66744
  "CVE-2023-48022",
64447
66745
  "CVE-2023-51449",
64448
66746
  "CVE-2024-0132",
66747
+ "CVE-2024-11392",
66748
+ "CVE-2024-11393",
66749
+ "CVE-2024-11394",
64449
66750
  "CVE-2024-1561",
64450
66751
  "CVE-2024-3094",
64451
66752
  "CVE-2024-3154",
@@ -64478,6 +66779,9 @@
64478
66779
  "CVE-2026-22688",
64479
66780
  "CVE-2026-24206",
64480
66781
  "CVE-2026-24207",
66782
+ "CVE-2026-24213",
66783
+ "CVE-2026-24214",
66784
+ "CVE-2026-24215",
64481
66785
  "CVE-2026-25592",
64482
66786
  "CVE-2026-26015",
64483
66787
  "CVE-2026-30615",
@@ -64750,6 +67054,9 @@
64750
67054
  "CVE-2023-48022",
64751
67055
  "CVE-2023-51449",
64752
67056
  "CVE-2024-0132",
67057
+ "CVE-2024-11392",
67058
+ "CVE-2024-11393",
67059
+ "CVE-2024-11394",
64753
67060
  "CVE-2024-1561",
64754
67061
  "CVE-2024-3094",
64755
67062
  "CVE-2024-37032",
@@ -64782,6 +67089,9 @@
64782
67089
  "CVE-2026-22778",
64783
67090
  "CVE-2026-24206",
64784
67091
  "CVE-2026-24207",
67092
+ "CVE-2026-24213",
67093
+ "CVE-2026-24214",
67094
+ "CVE-2026-24215",
64785
67095
  "CVE-2026-25592",
64786
67096
  "CVE-2026-26015",
64787
67097
  "CVE-2026-30615",