@blamejs/exceptd-skills 0.13.89 → 0.13.90

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +912 -0
  6. package/data/atlas-ttps.json +2 -0
  7. package/data/attack-techniques.json +7 -0
  8. package/data/cve-catalog.json +207 -0
  9. package/data/cwe-catalog.json +4 -1
  10. package/data/framework-control-gaps.json +16 -0
  11. package/data/zeroday-lessons.json +100 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -31101,6 +31101,870 @@
31101
31101
  ]
31102
31102
  }
31103
31103
  },
31104
+ "CVE-2025-32444": {
31105
+ "name": "vLLM Mooncake Integration ZeroMQ Deserialization RCE",
31106
+ "rwep": 31,
31107
+ "cvss": 9.8,
31108
+ "cisa_kev": false,
31109
+ "epss_score": null,
31110
+ "referencing_skills": [
31111
+ "kernel-lpe-triage",
31112
+ "ai-attack-surface",
31113
+ "compliance-theater",
31114
+ "ai-c2-detection",
31115
+ "attack-surface-pentest",
31116
+ "dlp-gap-analysis",
31117
+ "ot-ics-security",
31118
+ "coordinated-vuln-disclosure",
31119
+ "sector-energy"
31120
+ ],
31121
+ "chain": {
31122
+ "cwes": [
31123
+ {
31124
+ "id": "CWE-1037",
31125
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
31126
+ "category": "Hardware / Side Channel"
31127
+ },
31128
+ {
31129
+ "id": "CWE-1039",
31130
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
31131
+ "category": "AI/ML"
31132
+ },
31133
+ {
31134
+ "id": "CWE-125",
31135
+ "name": "Out-of-bounds Read",
31136
+ "category": "Memory Safety"
31137
+ },
31138
+ {
31139
+ "id": "CWE-1357",
31140
+ "name": "Reliance on Insufficiently Trustworthy Component",
31141
+ "category": "Supply Chain"
31142
+ },
31143
+ {
31144
+ "id": "CWE-1395",
31145
+ "name": "Dependency on Vulnerable Third-Party Component",
31146
+ "category": "Supply Chain"
31147
+ },
31148
+ {
31149
+ "id": "CWE-1426",
31150
+ "name": "Improper Validation of Generative AI Output",
31151
+ "category": "AI/ML"
31152
+ },
31153
+ {
31154
+ "id": "CWE-200",
31155
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
31156
+ "category": "Information Exposure"
31157
+ },
31158
+ {
31159
+ "id": "CWE-22",
31160
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
31161
+ "category": "Path/Resource"
31162
+ },
31163
+ {
31164
+ "id": "CWE-269",
31165
+ "name": "Improper Privilege Management",
31166
+ "category": "Authorization"
31167
+ },
31168
+ {
31169
+ "id": "CWE-287",
31170
+ "name": "Improper Authentication",
31171
+ "category": "Authentication"
31172
+ },
31173
+ {
31174
+ "id": "CWE-306",
31175
+ "name": "Missing Authentication for Critical Function",
31176
+ "category": "Authentication"
31177
+ },
31178
+ {
31179
+ "id": "CWE-352",
31180
+ "name": "Cross-Site Request Forgery (CSRF)",
31181
+ "category": "Session"
31182
+ },
31183
+ {
31184
+ "id": "CWE-362",
31185
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
31186
+ "category": "Concurrency"
31187
+ },
31188
+ {
31189
+ "id": "CWE-416",
31190
+ "name": "Use After Free",
31191
+ "category": "Memory Safety"
31192
+ },
31193
+ {
31194
+ "id": "CWE-434",
31195
+ "name": "Unrestricted Upload of File with Dangerous Type",
31196
+ "category": "File Handling"
31197
+ },
31198
+ {
31199
+ "id": "CWE-672",
31200
+ "name": "Operation on a Resource after Expiration or Release",
31201
+ "category": "Memory Safety"
31202
+ },
31203
+ {
31204
+ "id": "CWE-732",
31205
+ "name": "Incorrect Permission Assignment for Critical Resource",
31206
+ "category": "Authorization"
31207
+ },
31208
+ {
31209
+ "id": "CWE-78",
31210
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
31211
+ "category": "Injection"
31212
+ },
31213
+ {
31214
+ "id": "CWE-787",
31215
+ "name": "Out-of-bounds Write",
31216
+ "category": "Memory Safety"
31217
+ },
31218
+ {
31219
+ "id": "CWE-79",
31220
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
31221
+ "category": "Injection"
31222
+ },
31223
+ {
31224
+ "id": "CWE-798",
31225
+ "name": "Use of Hard-coded Credentials",
31226
+ "category": "Credentials"
31227
+ },
31228
+ {
31229
+ "id": "CWE-89",
31230
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
31231
+ "category": "Injection"
31232
+ },
31233
+ {
31234
+ "id": "CWE-918",
31235
+ "name": "Server-Side Request Forgery (SSRF)",
31236
+ "category": "Network"
31237
+ },
31238
+ {
31239
+ "id": "CWE-94",
31240
+ "name": "Improper Control of Generation of Code (Code Injection)",
31241
+ "category": "Injection"
31242
+ }
31243
+ ],
31244
+ "atlas": [
31245
+ {
31246
+ "id": "AML.T0010",
31247
+ "name": "ML Supply Chain Compromise",
31248
+ "tactic": "Initial Access"
31249
+ },
31250
+ {
31251
+ "id": "AML.T0016",
31252
+ "name": "Obtain Capabilities: Develop Capabilities",
31253
+ "tactic": "Resource Development"
31254
+ },
31255
+ {
31256
+ "id": "AML.T0017",
31257
+ "name": "Discover ML Model Ontology",
31258
+ "tactic": "Discovery"
31259
+ },
31260
+ {
31261
+ "id": "AML.T0018",
31262
+ "name": "Backdoor ML Model",
31263
+ "tactic": "Persistence"
31264
+ },
31265
+ {
31266
+ "id": "AML.T0020",
31267
+ "name": "Poison Training Data",
31268
+ "tactic": "ML Attack Staging"
31269
+ },
31270
+ {
31271
+ "id": "AML.T0043",
31272
+ "name": "Craft Adversarial Data",
31273
+ "tactic": "ML Attack Staging"
31274
+ },
31275
+ {
31276
+ "id": "AML.T0051",
31277
+ "name": "LLM Prompt Injection",
31278
+ "tactic": "Execution"
31279
+ },
31280
+ {
31281
+ "id": "AML.T0054",
31282
+ "name": "LLM Jailbreak",
31283
+ "tactic": "Defense Evasion"
31284
+ },
31285
+ {
31286
+ "id": "AML.T0096",
31287
+ "name": "AI API as Covert C2 Channel",
31288
+ "tactic": "Command and Control"
31289
+ }
31290
+ ],
31291
+ "d3fend": [
31292
+ {
31293
+ "id": "D3-ASLR",
31294
+ "name": "Address Space Layout Randomization",
31295
+ "tactic": "Harden"
31296
+ },
31297
+ {
31298
+ "id": "D3-CA",
31299
+ "name": "Certificate Analysis",
31300
+ "tactic": "Detect"
31301
+ },
31302
+ {
31303
+ "id": "D3-CSPP",
31304
+ "name": "Client-server Payload Profiling",
31305
+ "tactic": "Detect"
31306
+ },
31307
+ {
31308
+ "id": "D3-DA",
31309
+ "name": "Domain Analysis",
31310
+ "tactic": "Detect"
31311
+ },
31312
+ {
31313
+ "id": "D3-EAL",
31314
+ "name": "Executable Allowlisting",
31315
+ "tactic": "Harden"
31316
+ },
31317
+ {
31318
+ "id": "D3-IOPR",
31319
+ "name": "Input/Output Profiling Resource",
31320
+ "tactic": "Detect"
31321
+ },
31322
+ {
31323
+ "id": "D3-NI",
31324
+ "name": "Network Isolation",
31325
+ "tactic": "Isolate"
31326
+ },
31327
+ {
31328
+ "id": "D3-NTA",
31329
+ "name": "Network Traffic Analysis",
31330
+ "tactic": "Detect"
31331
+ },
31332
+ {
31333
+ "id": "D3-NTPM",
31334
+ "name": "Network Traffic Policy Mapping",
31335
+ "tactic": "Model"
31336
+ },
31337
+ {
31338
+ "id": "D3-PHRA",
31339
+ "name": "Process Hardware Resource Access",
31340
+ "tactic": "Isolate"
31341
+ },
31342
+ {
31343
+ "id": "D3-PSEP",
31344
+ "name": "Process Segment Execution Prevention",
31345
+ "tactic": "Harden"
31346
+ }
31347
+ ],
31348
+ "framework_gaps": [
31349
+ {
31350
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
31351
+ "framework": "ALL",
31352
+ "control_name": "AI Pipeline Integrity"
31353
+ },
31354
+ {
31355
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
31356
+ "framework": "ALL",
31357
+ "control_name": "Prompt Injection as Access Control Failure"
31358
+ },
31359
+ {
31360
+ "id": "CIS-Controls-v8-Control7",
31361
+ "framework": "CIS Controls v8",
31362
+ "control_name": "Continuous Vulnerability Management"
31363
+ },
31364
+ {
31365
+ "id": "CMMC-2.0-Level-2",
31366
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
31367
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
31368
+ },
31369
+ {
31370
+ "id": "FedRAMP-Rev5-Moderate",
31371
+ "framework": "FedRAMP Rev 5 Moderate",
31372
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
31373
+ },
31374
+ {
31375
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
31376
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
31377
+ "control_name": "Access control standard (technical safeguards)"
31378
+ },
31379
+ {
31380
+ "id": "IEC-62443-3-3",
31381
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
31382
+ "control_name": "System security requirements and security levels"
31383
+ },
31384
+ {
31385
+ "id": "ISO-27001-2022-A.8.16",
31386
+ "framework": "ISO/IEC 27001:2022",
31387
+ "control_name": "Monitoring activities"
31388
+ },
31389
+ {
31390
+ "id": "ISO-27001-2022-A.8.28",
31391
+ "framework": "ISO/IEC 27001:2022",
31392
+ "control_name": "Secure coding"
31393
+ },
31394
+ {
31395
+ "id": "ISO-27001-2022-A.8.8",
31396
+ "framework": "ISO/IEC 27001:2022",
31397
+ "control_name": "Management of technical vulnerabilities"
31398
+ },
31399
+ {
31400
+ "id": "ISO-IEC-23894-2023-clause-7",
31401
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
31402
+ "control_name": "AI risk management process"
31403
+ },
31404
+ {
31405
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
31406
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
31407
+ "control_name": "AI risk assessment"
31408
+ },
31409
+ {
31410
+ "id": "NERC-CIP-007-6-R4",
31411
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
31412
+ "control_name": "Security event monitoring"
31413
+ },
31414
+ {
31415
+ "id": "NIS2-Art21-patch-management",
31416
+ "framework": "EU NIS2 Directive",
31417
+ "control_name": "Vulnerability handling and disclosure"
31418
+ },
31419
+ {
31420
+ "id": "NIST-800-115",
31421
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
31422
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
31423
+ },
31424
+ {
31425
+ "id": "NIST-800-218-SSDF",
31426
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
31427
+ "control_name": "Secure Software Development Framework"
31428
+ },
31429
+ {
31430
+ "id": "NIST-800-53-AC-2",
31431
+ "framework": "NIST SP 800-53 Rev 5",
31432
+ "control_name": "Account Management"
31433
+ },
31434
+ {
31435
+ "id": "NIST-800-53-SC-28",
31436
+ "framework": "NIST SP 800-53 Rev 5",
31437
+ "control_name": "Protection of Information at Rest"
31438
+ },
31439
+ {
31440
+ "id": "NIST-800-53-SC-7",
31441
+ "framework": "NIST SP 800-53 Rev 5",
31442
+ "control_name": "Boundary Protection"
31443
+ },
31444
+ {
31445
+ "id": "NIST-800-53-SC-8",
31446
+ "framework": "NIST SP 800-53 Rev 5",
31447
+ "control_name": "Transmission Confidentiality and Integrity"
31448
+ },
31449
+ {
31450
+ "id": "NIST-800-53-SI-2",
31451
+ "framework": "NIST SP 800-53 Rev 5",
31452
+ "control_name": "Flaw Remediation"
31453
+ },
31454
+ {
31455
+ "id": "NIST-800-53-SI-3",
31456
+ "framework": "NIST SP 800-53 Rev 5",
31457
+ "control_name": "Malicious Code Protection"
31458
+ },
31459
+ {
31460
+ "id": "NIST-800-82r3",
31461
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
31462
+ "control_name": "Guide to Operational Technology (OT) Security"
31463
+ },
31464
+ {
31465
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
31466
+ "framework": "OWASP Top 10 for LLM Applications 2025",
31467
+ "control_name": "Prompt Injection"
31468
+ },
31469
+ {
31470
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
31471
+ "framework": "OWASP Top 10 for LLM Applications 2025",
31472
+ "control_name": "Sensitive Information Disclosure"
31473
+ },
31474
+ {
31475
+ "id": "OWASP-Pen-Testing-Guide-v5",
31476
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
31477
+ "control_name": "Web application penetration testing methodology"
31478
+ },
31479
+ {
31480
+ "id": "PCI-DSS-4.0-6.3.3",
31481
+ "framework": "PCI DSS 4.0",
31482
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
31483
+ },
31484
+ {
31485
+ "id": "PTES-Pre-engagement",
31486
+ "framework": "Penetration Testing Execution Standard (PTES)",
31487
+ "control_name": "Pre-engagement Interactions"
31488
+ },
31489
+ {
31490
+ "id": "SOC2-CC6-logical-access",
31491
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
31492
+ "control_name": "Logical and Physical Access Controls"
31493
+ },
31494
+ {
31495
+ "id": "SOC2-CC7-anomaly-detection",
31496
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
31497
+ "control_name": "System Operations — Threat and Vulnerability Management"
31498
+ },
31499
+ {
31500
+ "id": "SOC2-CC9-vendor-management",
31501
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
31502
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
31503
+ }
31504
+ ],
31505
+ "attack_refs": [
31506
+ "T0855",
31507
+ "T0883",
31508
+ "T1041",
31509
+ "T1059",
31510
+ "T1068",
31511
+ "T1071",
31512
+ "T1078",
31513
+ "T1102",
31514
+ "T1133",
31515
+ "T1190",
31516
+ "T1213",
31517
+ "T1530",
31518
+ "T1548.001",
31519
+ "T1566",
31520
+ "T1567",
31521
+ "T1568"
31522
+ ],
31523
+ "rfc_refs": [
31524
+ "RFC-4301",
31525
+ "RFC-4303",
31526
+ "RFC-7296",
31527
+ "RFC-8446",
31528
+ "RFC-9000",
31529
+ "RFC-9114",
31530
+ "RFC-9180",
31531
+ "RFC-9421",
31532
+ "RFC-9458"
31533
+ ]
31534
+ }
31535
+ },
31536
+ "CVE-2025-30202": {
31537
+ "name": "vLLM Distributed XPUB ZeroMQ Socket All-Interface Exposure",
31538
+ "rwep": 27,
31539
+ "cvss": 7.5,
31540
+ "cisa_kev": false,
31541
+ "epss_score": null,
31542
+ "referencing_skills": [
31543
+ "kernel-lpe-triage",
31544
+ "ai-attack-surface",
31545
+ "compliance-theater",
31546
+ "ai-c2-detection",
31547
+ "attack-surface-pentest",
31548
+ "dlp-gap-analysis",
31549
+ "ot-ics-security",
31550
+ "coordinated-vuln-disclosure",
31551
+ "sector-energy"
31552
+ ],
31553
+ "chain": {
31554
+ "cwes": [
31555
+ {
31556
+ "id": "CWE-1037",
31557
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
31558
+ "category": "Hardware / Side Channel"
31559
+ },
31560
+ {
31561
+ "id": "CWE-1039",
31562
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
31563
+ "category": "AI/ML"
31564
+ },
31565
+ {
31566
+ "id": "CWE-125",
31567
+ "name": "Out-of-bounds Read",
31568
+ "category": "Memory Safety"
31569
+ },
31570
+ {
31571
+ "id": "CWE-1357",
31572
+ "name": "Reliance on Insufficiently Trustworthy Component",
31573
+ "category": "Supply Chain"
31574
+ },
31575
+ {
31576
+ "id": "CWE-1395",
31577
+ "name": "Dependency on Vulnerable Third-Party Component",
31578
+ "category": "Supply Chain"
31579
+ },
31580
+ {
31581
+ "id": "CWE-1426",
31582
+ "name": "Improper Validation of Generative AI Output",
31583
+ "category": "AI/ML"
31584
+ },
31585
+ {
31586
+ "id": "CWE-200",
31587
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
31588
+ "category": "Information Exposure"
31589
+ },
31590
+ {
31591
+ "id": "CWE-22",
31592
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
31593
+ "category": "Path/Resource"
31594
+ },
31595
+ {
31596
+ "id": "CWE-269",
31597
+ "name": "Improper Privilege Management",
31598
+ "category": "Authorization"
31599
+ },
31600
+ {
31601
+ "id": "CWE-287",
31602
+ "name": "Improper Authentication",
31603
+ "category": "Authentication"
31604
+ },
31605
+ {
31606
+ "id": "CWE-306",
31607
+ "name": "Missing Authentication for Critical Function",
31608
+ "category": "Authentication"
31609
+ },
31610
+ {
31611
+ "id": "CWE-352",
31612
+ "name": "Cross-Site Request Forgery (CSRF)",
31613
+ "category": "Session"
31614
+ },
31615
+ {
31616
+ "id": "CWE-362",
31617
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
31618
+ "category": "Concurrency"
31619
+ },
31620
+ {
31621
+ "id": "CWE-416",
31622
+ "name": "Use After Free",
31623
+ "category": "Memory Safety"
31624
+ },
31625
+ {
31626
+ "id": "CWE-434",
31627
+ "name": "Unrestricted Upload of File with Dangerous Type",
31628
+ "category": "File Handling"
31629
+ },
31630
+ {
31631
+ "id": "CWE-672",
31632
+ "name": "Operation on a Resource after Expiration or Release",
31633
+ "category": "Memory Safety"
31634
+ },
31635
+ {
31636
+ "id": "CWE-732",
31637
+ "name": "Incorrect Permission Assignment for Critical Resource",
31638
+ "category": "Authorization"
31639
+ },
31640
+ {
31641
+ "id": "CWE-78",
31642
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
31643
+ "category": "Injection"
31644
+ },
31645
+ {
31646
+ "id": "CWE-787",
31647
+ "name": "Out-of-bounds Write",
31648
+ "category": "Memory Safety"
31649
+ },
31650
+ {
31651
+ "id": "CWE-79",
31652
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
31653
+ "category": "Injection"
31654
+ },
31655
+ {
31656
+ "id": "CWE-798",
31657
+ "name": "Use of Hard-coded Credentials",
31658
+ "category": "Credentials"
31659
+ },
31660
+ {
31661
+ "id": "CWE-89",
31662
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
31663
+ "category": "Injection"
31664
+ },
31665
+ {
31666
+ "id": "CWE-918",
31667
+ "name": "Server-Side Request Forgery (SSRF)",
31668
+ "category": "Network"
31669
+ },
31670
+ {
31671
+ "id": "CWE-94",
31672
+ "name": "Improper Control of Generation of Code (Code Injection)",
31673
+ "category": "Injection"
31674
+ }
31675
+ ],
31676
+ "atlas": [
31677
+ {
31678
+ "id": "AML.T0010",
31679
+ "name": "ML Supply Chain Compromise",
31680
+ "tactic": "Initial Access"
31681
+ },
31682
+ {
31683
+ "id": "AML.T0016",
31684
+ "name": "Obtain Capabilities: Develop Capabilities",
31685
+ "tactic": "Resource Development"
31686
+ },
31687
+ {
31688
+ "id": "AML.T0017",
31689
+ "name": "Discover ML Model Ontology",
31690
+ "tactic": "Discovery"
31691
+ },
31692
+ {
31693
+ "id": "AML.T0018",
31694
+ "name": "Backdoor ML Model",
31695
+ "tactic": "Persistence"
31696
+ },
31697
+ {
31698
+ "id": "AML.T0020",
31699
+ "name": "Poison Training Data",
31700
+ "tactic": "ML Attack Staging"
31701
+ },
31702
+ {
31703
+ "id": "AML.T0043",
31704
+ "name": "Craft Adversarial Data",
31705
+ "tactic": "ML Attack Staging"
31706
+ },
31707
+ {
31708
+ "id": "AML.T0051",
31709
+ "name": "LLM Prompt Injection",
31710
+ "tactic": "Execution"
31711
+ },
31712
+ {
31713
+ "id": "AML.T0054",
31714
+ "name": "LLM Jailbreak",
31715
+ "tactic": "Defense Evasion"
31716
+ },
31717
+ {
31718
+ "id": "AML.T0096",
31719
+ "name": "AI API as Covert C2 Channel",
31720
+ "tactic": "Command and Control"
31721
+ }
31722
+ ],
31723
+ "d3fend": [
31724
+ {
31725
+ "id": "D3-ASLR",
31726
+ "name": "Address Space Layout Randomization",
31727
+ "tactic": "Harden"
31728
+ },
31729
+ {
31730
+ "id": "D3-CA",
31731
+ "name": "Certificate Analysis",
31732
+ "tactic": "Detect"
31733
+ },
31734
+ {
31735
+ "id": "D3-CSPP",
31736
+ "name": "Client-server Payload Profiling",
31737
+ "tactic": "Detect"
31738
+ },
31739
+ {
31740
+ "id": "D3-DA",
31741
+ "name": "Domain Analysis",
31742
+ "tactic": "Detect"
31743
+ },
31744
+ {
31745
+ "id": "D3-EAL",
31746
+ "name": "Executable Allowlisting",
31747
+ "tactic": "Harden"
31748
+ },
31749
+ {
31750
+ "id": "D3-IOPR",
31751
+ "name": "Input/Output Profiling Resource",
31752
+ "tactic": "Detect"
31753
+ },
31754
+ {
31755
+ "id": "D3-NI",
31756
+ "name": "Network Isolation",
31757
+ "tactic": "Isolate"
31758
+ },
31759
+ {
31760
+ "id": "D3-NTA",
31761
+ "name": "Network Traffic Analysis",
31762
+ "tactic": "Detect"
31763
+ },
31764
+ {
31765
+ "id": "D3-NTPM",
31766
+ "name": "Network Traffic Policy Mapping",
31767
+ "tactic": "Model"
31768
+ },
31769
+ {
31770
+ "id": "D3-PHRA",
31771
+ "name": "Process Hardware Resource Access",
31772
+ "tactic": "Isolate"
31773
+ },
31774
+ {
31775
+ "id": "D3-PSEP",
31776
+ "name": "Process Segment Execution Prevention",
31777
+ "tactic": "Harden"
31778
+ }
31779
+ ],
31780
+ "framework_gaps": [
31781
+ {
31782
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
31783
+ "framework": "ALL",
31784
+ "control_name": "AI Pipeline Integrity"
31785
+ },
31786
+ {
31787
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
31788
+ "framework": "ALL",
31789
+ "control_name": "Prompt Injection as Access Control Failure"
31790
+ },
31791
+ {
31792
+ "id": "CIS-Controls-v8-Control7",
31793
+ "framework": "CIS Controls v8",
31794
+ "control_name": "Continuous Vulnerability Management"
31795
+ },
31796
+ {
31797
+ "id": "CMMC-2.0-Level-2",
31798
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
31799
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
31800
+ },
31801
+ {
31802
+ "id": "FedRAMP-Rev5-Moderate",
31803
+ "framework": "FedRAMP Rev 5 Moderate",
31804
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
31805
+ },
31806
+ {
31807
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
31808
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
31809
+ "control_name": "Access control standard (technical safeguards)"
31810
+ },
31811
+ {
31812
+ "id": "IEC-62443-3-3",
31813
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
31814
+ "control_name": "System security requirements and security levels"
31815
+ },
31816
+ {
31817
+ "id": "ISO-27001-2022-A.8.16",
31818
+ "framework": "ISO/IEC 27001:2022",
31819
+ "control_name": "Monitoring activities"
31820
+ },
31821
+ {
31822
+ "id": "ISO-27001-2022-A.8.28",
31823
+ "framework": "ISO/IEC 27001:2022",
31824
+ "control_name": "Secure coding"
31825
+ },
31826
+ {
31827
+ "id": "ISO-27001-2022-A.8.8",
31828
+ "framework": "ISO/IEC 27001:2022",
31829
+ "control_name": "Management of technical vulnerabilities"
31830
+ },
31831
+ {
31832
+ "id": "ISO-IEC-23894-2023-clause-7",
31833
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
31834
+ "control_name": "AI risk management process"
31835
+ },
31836
+ {
31837
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
31838
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
31839
+ "control_name": "AI risk assessment"
31840
+ },
31841
+ {
31842
+ "id": "NERC-CIP-007-6-R4",
31843
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
31844
+ "control_name": "Security event monitoring"
31845
+ },
31846
+ {
31847
+ "id": "NIS2-Art21-patch-management",
31848
+ "framework": "EU NIS2 Directive",
31849
+ "control_name": "Vulnerability handling and disclosure"
31850
+ },
31851
+ {
31852
+ "id": "NIST-800-115",
31853
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
31854
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
31855
+ },
31856
+ {
31857
+ "id": "NIST-800-218-SSDF",
31858
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
31859
+ "control_name": "Secure Software Development Framework"
31860
+ },
31861
+ {
31862
+ "id": "NIST-800-53-AC-2",
31863
+ "framework": "NIST SP 800-53 Rev 5",
31864
+ "control_name": "Account Management"
31865
+ },
31866
+ {
31867
+ "id": "NIST-800-53-SC-28",
31868
+ "framework": "NIST SP 800-53 Rev 5",
31869
+ "control_name": "Protection of Information at Rest"
31870
+ },
31871
+ {
31872
+ "id": "NIST-800-53-SC-7",
31873
+ "framework": "NIST SP 800-53 Rev 5",
31874
+ "control_name": "Boundary Protection"
31875
+ },
31876
+ {
31877
+ "id": "NIST-800-53-SC-8",
31878
+ "framework": "NIST SP 800-53 Rev 5",
31879
+ "control_name": "Transmission Confidentiality and Integrity"
31880
+ },
31881
+ {
31882
+ "id": "NIST-800-53-SI-2",
31883
+ "framework": "NIST SP 800-53 Rev 5",
31884
+ "control_name": "Flaw Remediation"
31885
+ },
31886
+ {
31887
+ "id": "NIST-800-53-SI-3",
31888
+ "framework": "NIST SP 800-53 Rev 5",
31889
+ "control_name": "Malicious Code Protection"
31890
+ },
31891
+ {
31892
+ "id": "NIST-800-82r3",
31893
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
31894
+ "control_name": "Guide to Operational Technology (OT) Security"
31895
+ },
31896
+ {
31897
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
31898
+ "framework": "OWASP Top 10 for LLM Applications 2025",
31899
+ "control_name": "Prompt Injection"
31900
+ },
31901
+ {
31902
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
31903
+ "framework": "OWASP Top 10 for LLM Applications 2025",
31904
+ "control_name": "Sensitive Information Disclosure"
31905
+ },
31906
+ {
31907
+ "id": "OWASP-Pen-Testing-Guide-v5",
31908
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
31909
+ "control_name": "Web application penetration testing methodology"
31910
+ },
31911
+ {
31912
+ "id": "PCI-DSS-4.0-6.3.3",
31913
+ "framework": "PCI DSS 4.0",
31914
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
31915
+ },
31916
+ {
31917
+ "id": "PTES-Pre-engagement",
31918
+ "framework": "Penetration Testing Execution Standard (PTES)",
31919
+ "control_name": "Pre-engagement Interactions"
31920
+ },
31921
+ {
31922
+ "id": "SOC2-CC6-logical-access",
31923
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
31924
+ "control_name": "Logical and Physical Access Controls"
31925
+ },
31926
+ {
31927
+ "id": "SOC2-CC7-anomaly-detection",
31928
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
31929
+ "control_name": "System Operations — Threat and Vulnerability Management"
31930
+ },
31931
+ {
31932
+ "id": "SOC2-CC9-vendor-management",
31933
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
31934
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
31935
+ }
31936
+ ],
31937
+ "attack_refs": [
31938
+ "T0855",
31939
+ "T0883",
31940
+ "T1041",
31941
+ "T1059",
31942
+ "T1068",
31943
+ "T1071",
31944
+ "T1078",
31945
+ "T1102",
31946
+ "T1133",
31947
+ "T1190",
31948
+ "T1213",
31949
+ "T1530",
31950
+ "T1548.001",
31951
+ "T1566",
31952
+ "T1567",
31953
+ "T1568"
31954
+ ],
31955
+ "rfc_refs": [
31956
+ "RFC-4301",
31957
+ "RFC-4303",
31958
+ "RFC-7296",
31959
+ "RFC-8446",
31960
+ "RFC-9000",
31961
+ "RFC-9114",
31962
+ "RFC-9180",
31963
+ "RFC-9421",
31964
+ "RFC-9458"
31965
+ ]
31966
+ }
31967
+ },
31104
31968
  "CVE-2026-41091": {
31105
31969
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
31106
31970
  "rwep": 45,
@@ -57501,6 +58365,8 @@
57501
58365
  "CVE-2025-23254",
57502
58366
  "CVE-2025-23266",
57503
58367
  "CVE-2025-30165",
58368
+ "CVE-2025-30202",
58369
+ "CVE-2025-32444",
57504
58370
  "CVE-2025-34291",
57505
58371
  "CVE-2025-38352",
57506
58372
  "CVE-2025-43300",
@@ -57887,6 +58753,8 @@
57887
58753
  "CVE-2025-23254",
57888
58754
  "CVE-2025-23266",
57889
58755
  "CVE-2025-30165",
58756
+ "CVE-2025-30202",
58757
+ "CVE-2025-32444",
57890
58758
  "CVE-2025-34291",
57891
58759
  "CVE-2025-38352",
57892
58760
  "CVE-2025-43300",
@@ -58066,6 +58934,8 @@
58066
58934
  "CVE-2025-23254",
58067
58935
  "CVE-2025-23266",
58068
58936
  "CVE-2025-30165",
58937
+ "CVE-2025-30202",
58938
+ "CVE-2025-32444",
58069
58939
  "CVE-2025-34291",
58070
58940
  "CVE-2025-38352",
58071
58941
  "CVE-2025-43300",
@@ -58259,6 +59129,8 @@
58259
59129
  "CVE-2025-23254",
58260
59130
  "CVE-2025-23266",
58261
59131
  "CVE-2025-30165",
59132
+ "CVE-2025-30202",
59133
+ "CVE-2025-32444",
58262
59134
  "CVE-2025-34291",
58263
59135
  "CVE-2025-38352",
58264
59136
  "CVE-2025-43300",
@@ -58557,6 +59429,8 @@
58557
59429
  "CVE-2025-23254",
58558
59430
  "CVE-2025-23266",
58559
59431
  "CVE-2025-30165",
59432
+ "CVE-2025-30202",
59433
+ "CVE-2025-32444",
58560
59434
  "CVE-2025-34291",
58561
59435
  "CVE-2025-49596",
58562
59436
  "CVE-2025-49844",
@@ -58860,11 +59734,13 @@
58860
59734
  "CVE-2025-27920",
58861
59735
  "CVE-2025-29635",
58862
59736
  "CVE-2025-30165",
59737
+ "CVE-2025-30202",
58863
59738
  "CVE-2025-30397",
58864
59739
  "CVE-2025-31125",
58865
59740
  "CVE-2025-31277",
58866
59741
  "CVE-2025-32432",
58867
59742
  "CVE-2025-32433",
59743
+ "CVE-2025-32444",
58868
59744
  "CVE-2025-32463",
58869
59745
  "CVE-2025-32701",
58870
59746
  "CVE-2025-32706",
@@ -59274,6 +60150,8 @@
59274
60150
  "CVE-2025-14847",
59275
60151
  "CVE-2025-22226",
59276
60152
  "CVE-2025-23266",
60153
+ "CVE-2025-30202",
60154
+ "CVE-2025-32444",
59277
60155
  "CVE-2025-49844",
59278
60156
  "CVE-2025-53767",
59279
60157
  "CVE-2025-53773",
@@ -59648,6 +60526,8 @@
59648
60526
  "CVE-2025-23254",
59649
60527
  "CVE-2025-23266",
59650
60528
  "CVE-2025-30165",
60529
+ "CVE-2025-30202",
60530
+ "CVE-2025-32444",
59651
60531
  "CVE-2025-34291",
59652
60532
  "CVE-2025-38352",
59653
60533
  "CVE-2025-43300",
@@ -60266,6 +61146,8 @@
60266
61146
  "CVE-2025-23254",
60267
61147
  "CVE-2025-23266",
60268
61148
  "CVE-2025-30165",
61149
+ "CVE-2025-30202",
61150
+ "CVE-2025-32444",
60269
61151
  "CVE-2025-34291",
60270
61152
  "CVE-2025-38352",
60271
61153
  "CVE-2025-43300",
@@ -60520,6 +61402,8 @@
60520
61402
  "CVE-2025-23254",
60521
61403
  "CVE-2025-23266",
60522
61404
  "CVE-2025-30165",
61405
+ "CVE-2025-30202",
61406
+ "CVE-2025-32444",
60523
61407
  "CVE-2025-34291",
60524
61408
  "CVE-2025-38352",
60525
61409
  "CVE-2025-43300",
@@ -61204,6 +62088,8 @@
61204
62088
  "CVE-2025-23254",
61205
62089
  "CVE-2025-23266",
61206
62090
  "CVE-2025-30165",
62091
+ "CVE-2025-30202",
62092
+ "CVE-2025-32444",
61207
62093
  "CVE-2025-34291",
61208
62094
  "CVE-2025-38352",
61209
62095
  "CVE-2025-43300",
@@ -61513,11 +62399,13 @@
61513
62399
  "CVE-2025-27920",
61514
62400
  "CVE-2025-29635",
61515
62401
  "CVE-2025-30165",
62402
+ "CVE-2025-30202",
61516
62403
  "CVE-2025-30397",
61517
62404
  "CVE-2025-31125",
61518
62405
  "CVE-2025-31277",
61519
62406
  "CVE-2025-32432",
61520
62407
  "CVE-2025-32433",
62408
+ "CVE-2025-32444",
61521
62409
  "CVE-2025-32463",
61522
62410
  "CVE-2025-32701",
61523
62411
  "CVE-2025-32706",
@@ -61952,11 +62840,13 @@
61952
62840
  "CVE-2025-27920",
61953
62841
  "CVE-2025-29635",
61954
62842
  "CVE-2025-30165",
62843
+ "CVE-2025-30202",
61955
62844
  "CVE-2025-30397",
61956
62845
  "CVE-2025-31125",
61957
62846
  "CVE-2025-31277",
61958
62847
  "CVE-2025-32432",
61959
62848
  "CVE-2025-32433",
62849
+ "CVE-2025-32444",
61960
62850
  "CVE-2025-32463",
61961
62851
  "CVE-2025-32701",
61962
62852
  "CVE-2025-32706",
@@ -62373,6 +63263,8 @@
62373
63263
  "CVE-2025-23254",
62374
63264
  "CVE-2025-23266",
62375
63265
  "CVE-2025-30165",
63266
+ "CVE-2025-30202",
63267
+ "CVE-2025-32444",
62376
63268
  "CVE-2025-34291",
62377
63269
  "CVE-2025-38352",
62378
63270
  "CVE-2025-43300",
@@ -63234,11 +64126,13 @@
63234
64126
  "CVE-2025-27920",
63235
64127
  "CVE-2025-29635",
63236
64128
  "CVE-2025-30165",
64129
+ "CVE-2025-30202",
63237
64130
  "CVE-2025-30397",
63238
64131
  "CVE-2025-31125",
63239
64132
  "CVE-2025-31277",
63240
64133
  "CVE-2025-32432",
63241
64134
  "CVE-2025-32433",
64135
+ "CVE-2025-32444",
63242
64136
  "CVE-2025-32463",
63243
64137
  "CVE-2025-32701",
63244
64138
  "CVE-2025-32706",
@@ -63719,6 +64613,8 @@
63719
64613
  "CVE-2025-23254",
63720
64614
  "CVE-2025-23266",
63721
64615
  "CVE-2025-30165",
64616
+ "CVE-2025-30202",
64617
+ "CVE-2025-32444",
63722
64618
  "CVE-2025-34291",
63723
64619
  "CVE-2025-38352",
63724
64620
  "CVE-2025-43300",
@@ -64109,11 +65005,13 @@
64109
65005
  "CVE-2025-27920",
64110
65006
  "CVE-2025-29635",
64111
65007
  "CVE-2025-30165",
65008
+ "CVE-2025-30202",
64112
65009
  "CVE-2025-30397",
64113
65010
  "CVE-2025-31125",
64114
65011
  "CVE-2025-31277",
64115
65012
  "CVE-2025-32432",
64116
65013
  "CVE-2025-32433",
65014
+ "CVE-2025-32444",
64117
65015
  "CVE-2025-32463",
64118
65016
  "CVE-2025-32701",
64119
65017
  "CVE-2025-32706",
@@ -64609,6 +65507,8 @@
64609
65507
  "CVE-2025-23254",
64610
65508
  "CVE-2025-23266",
64611
65509
  "CVE-2025-30165",
65510
+ "CVE-2025-30202",
65511
+ "CVE-2025-32444",
64612
65512
  "CVE-2025-34291",
64613
65513
  "CVE-2025-38352",
64614
65514
  "CVE-2025-43300",
@@ -65563,6 +66463,8 @@
65563
66463
  "CVE-2025-23254",
65564
66464
  "CVE-2025-23266",
65565
66465
  "CVE-2025-30165",
66466
+ "CVE-2025-30202",
66467
+ "CVE-2025-32444",
65566
66468
  "CVE-2025-34291",
65567
66469
  "CVE-2025-38352",
65568
66470
  "CVE-2025-43300",
@@ -65677,6 +66579,8 @@
65677
66579
  "CVE-2025-23254",
65678
66580
  "CVE-2025-23266",
65679
66581
  "CVE-2025-30165",
66582
+ "CVE-2025-30202",
66583
+ "CVE-2025-32444",
65680
66584
  "CVE-2025-34291",
65681
66585
  "CVE-2025-38352",
65682
66586
  "CVE-2025-43300",
@@ -65864,6 +66768,8 @@
65864
66768
  "CVE-2025-23254",
65865
66769
  "CVE-2025-23266",
65866
66770
  "CVE-2025-30165",
66771
+ "CVE-2025-30202",
66772
+ "CVE-2025-32444",
65867
66773
  "CVE-2025-34291",
65868
66774
  "CVE-2025-49596",
65869
66775
  "CVE-2025-53773",
@@ -66350,11 +67256,13 @@
66350
67256
  "CVE-2025-27920",
66351
67257
  "CVE-2025-29635",
66352
67258
  "CVE-2025-30165",
67259
+ "CVE-2025-30202",
66353
67260
  "CVE-2025-30397",
66354
67261
  "CVE-2025-31125",
66355
67262
  "CVE-2025-31277",
66356
67263
  "CVE-2025-32432",
66357
67264
  "CVE-2025-32433",
67265
+ "CVE-2025-32444",
66358
67266
  "CVE-2025-32463",
66359
67267
  "CVE-2025-32701",
66360
67268
  "CVE-2025-32706",
@@ -66763,6 +67671,8 @@
66763
67671
  "CVE-2025-23254",
66764
67672
  "CVE-2025-23266",
66765
67673
  "CVE-2025-30165",
67674
+ "CVE-2025-30202",
67675
+ "CVE-2025-32444",
66766
67676
  "CVE-2025-34291",
66767
67677
  "CVE-2025-38352",
66768
67678
  "CVE-2025-43300",
@@ -67074,6 +67984,8 @@
67074
67984
  "CVE-2025-23254",
67075
67985
  "CVE-2025-23266",
67076
67986
  "CVE-2025-30165",
67987
+ "CVE-2025-30202",
67988
+ "CVE-2025-32444",
67077
67989
  "CVE-2025-34291",
67078
67990
  "CVE-2025-49596",
67079
67991
  "CVE-2025-53767",