@blamejs/exceptd-skills 0.13.89 → 0.13.91
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +1297 -0
- package/data/atlas-ttps.json +3 -0
- package/data/attack-techniques.json +9 -0
- package/data/cve-catalog.json +311 -0
- package/data/cwe-catalog.json +6 -1
- package/data/framework-control-gaps.json +24 -0
- package/data/zeroday-lessons.json +150 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
|
@@ -31101,6 +31101,1232 @@
|
|
|
31101
31101
|
]
|
|
31102
31102
|
}
|
|
31103
31103
|
},
|
|
31104
|
+
"CVE-2025-32444": {
|
|
31105
|
+
"name": "vLLM Mooncake Integration ZeroMQ Deserialization RCE",
|
|
31106
|
+
"rwep": 31,
|
|
31107
|
+
"cvss": 9.8,
|
|
31108
|
+
"cisa_kev": false,
|
|
31109
|
+
"epss_score": null,
|
|
31110
|
+
"referencing_skills": [
|
|
31111
|
+
"kernel-lpe-triage",
|
|
31112
|
+
"ai-attack-surface",
|
|
31113
|
+
"compliance-theater",
|
|
31114
|
+
"ai-c2-detection",
|
|
31115
|
+
"attack-surface-pentest",
|
|
31116
|
+
"dlp-gap-analysis",
|
|
31117
|
+
"ot-ics-security",
|
|
31118
|
+
"coordinated-vuln-disclosure",
|
|
31119
|
+
"sector-energy"
|
|
31120
|
+
],
|
|
31121
|
+
"chain": {
|
|
31122
|
+
"cwes": [
|
|
31123
|
+
{
|
|
31124
|
+
"id": "CWE-1037",
|
|
31125
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
31126
|
+
"category": "Hardware / Side Channel"
|
|
31127
|
+
},
|
|
31128
|
+
{
|
|
31129
|
+
"id": "CWE-1039",
|
|
31130
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
31131
|
+
"category": "AI/ML"
|
|
31132
|
+
},
|
|
31133
|
+
{
|
|
31134
|
+
"id": "CWE-125",
|
|
31135
|
+
"name": "Out-of-bounds Read",
|
|
31136
|
+
"category": "Memory Safety"
|
|
31137
|
+
},
|
|
31138
|
+
{
|
|
31139
|
+
"id": "CWE-1357",
|
|
31140
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
31141
|
+
"category": "Supply Chain"
|
|
31142
|
+
},
|
|
31143
|
+
{
|
|
31144
|
+
"id": "CWE-1395",
|
|
31145
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
31146
|
+
"category": "Supply Chain"
|
|
31147
|
+
},
|
|
31148
|
+
{
|
|
31149
|
+
"id": "CWE-1426",
|
|
31150
|
+
"name": "Improper Validation of Generative AI Output",
|
|
31151
|
+
"category": "AI/ML"
|
|
31152
|
+
},
|
|
31153
|
+
{
|
|
31154
|
+
"id": "CWE-200",
|
|
31155
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
31156
|
+
"category": "Information Exposure"
|
|
31157
|
+
},
|
|
31158
|
+
{
|
|
31159
|
+
"id": "CWE-22",
|
|
31160
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
31161
|
+
"category": "Path/Resource"
|
|
31162
|
+
},
|
|
31163
|
+
{
|
|
31164
|
+
"id": "CWE-269",
|
|
31165
|
+
"name": "Improper Privilege Management",
|
|
31166
|
+
"category": "Authorization"
|
|
31167
|
+
},
|
|
31168
|
+
{
|
|
31169
|
+
"id": "CWE-287",
|
|
31170
|
+
"name": "Improper Authentication",
|
|
31171
|
+
"category": "Authentication"
|
|
31172
|
+
},
|
|
31173
|
+
{
|
|
31174
|
+
"id": "CWE-306",
|
|
31175
|
+
"name": "Missing Authentication for Critical Function",
|
|
31176
|
+
"category": "Authentication"
|
|
31177
|
+
},
|
|
31178
|
+
{
|
|
31179
|
+
"id": "CWE-352",
|
|
31180
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
31181
|
+
"category": "Session"
|
|
31182
|
+
},
|
|
31183
|
+
{
|
|
31184
|
+
"id": "CWE-362",
|
|
31185
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
31186
|
+
"category": "Concurrency"
|
|
31187
|
+
},
|
|
31188
|
+
{
|
|
31189
|
+
"id": "CWE-416",
|
|
31190
|
+
"name": "Use After Free",
|
|
31191
|
+
"category": "Memory Safety"
|
|
31192
|
+
},
|
|
31193
|
+
{
|
|
31194
|
+
"id": "CWE-434",
|
|
31195
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
31196
|
+
"category": "File Handling"
|
|
31197
|
+
},
|
|
31198
|
+
{
|
|
31199
|
+
"id": "CWE-672",
|
|
31200
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
31201
|
+
"category": "Memory Safety"
|
|
31202
|
+
},
|
|
31203
|
+
{
|
|
31204
|
+
"id": "CWE-732",
|
|
31205
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
31206
|
+
"category": "Authorization"
|
|
31207
|
+
},
|
|
31208
|
+
{
|
|
31209
|
+
"id": "CWE-78",
|
|
31210
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
31211
|
+
"category": "Injection"
|
|
31212
|
+
},
|
|
31213
|
+
{
|
|
31214
|
+
"id": "CWE-787",
|
|
31215
|
+
"name": "Out-of-bounds Write",
|
|
31216
|
+
"category": "Memory Safety"
|
|
31217
|
+
},
|
|
31218
|
+
{
|
|
31219
|
+
"id": "CWE-79",
|
|
31220
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
31221
|
+
"category": "Injection"
|
|
31222
|
+
},
|
|
31223
|
+
{
|
|
31224
|
+
"id": "CWE-798",
|
|
31225
|
+
"name": "Use of Hard-coded Credentials",
|
|
31226
|
+
"category": "Credentials"
|
|
31227
|
+
},
|
|
31228
|
+
{
|
|
31229
|
+
"id": "CWE-89",
|
|
31230
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
31231
|
+
"category": "Injection"
|
|
31232
|
+
},
|
|
31233
|
+
{
|
|
31234
|
+
"id": "CWE-918",
|
|
31235
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
31236
|
+
"category": "Network"
|
|
31237
|
+
},
|
|
31238
|
+
{
|
|
31239
|
+
"id": "CWE-94",
|
|
31240
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
31241
|
+
"category": "Injection"
|
|
31242
|
+
}
|
|
31243
|
+
],
|
|
31244
|
+
"atlas": [
|
|
31245
|
+
{
|
|
31246
|
+
"id": "AML.T0010",
|
|
31247
|
+
"name": "ML Supply Chain Compromise",
|
|
31248
|
+
"tactic": "Initial Access"
|
|
31249
|
+
},
|
|
31250
|
+
{
|
|
31251
|
+
"id": "AML.T0016",
|
|
31252
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
31253
|
+
"tactic": "Resource Development"
|
|
31254
|
+
},
|
|
31255
|
+
{
|
|
31256
|
+
"id": "AML.T0017",
|
|
31257
|
+
"name": "Discover ML Model Ontology",
|
|
31258
|
+
"tactic": "Discovery"
|
|
31259
|
+
},
|
|
31260
|
+
{
|
|
31261
|
+
"id": "AML.T0018",
|
|
31262
|
+
"name": "Backdoor ML Model",
|
|
31263
|
+
"tactic": "Persistence"
|
|
31264
|
+
},
|
|
31265
|
+
{
|
|
31266
|
+
"id": "AML.T0020",
|
|
31267
|
+
"name": "Poison Training Data",
|
|
31268
|
+
"tactic": "ML Attack Staging"
|
|
31269
|
+
},
|
|
31270
|
+
{
|
|
31271
|
+
"id": "AML.T0043",
|
|
31272
|
+
"name": "Craft Adversarial Data",
|
|
31273
|
+
"tactic": "ML Attack Staging"
|
|
31274
|
+
},
|
|
31275
|
+
{
|
|
31276
|
+
"id": "AML.T0051",
|
|
31277
|
+
"name": "LLM Prompt Injection",
|
|
31278
|
+
"tactic": "Execution"
|
|
31279
|
+
},
|
|
31280
|
+
{
|
|
31281
|
+
"id": "AML.T0054",
|
|
31282
|
+
"name": "LLM Jailbreak",
|
|
31283
|
+
"tactic": "Defense Evasion"
|
|
31284
|
+
},
|
|
31285
|
+
{
|
|
31286
|
+
"id": "AML.T0096",
|
|
31287
|
+
"name": "AI API as Covert C2 Channel",
|
|
31288
|
+
"tactic": "Command and Control"
|
|
31289
|
+
}
|
|
31290
|
+
],
|
|
31291
|
+
"d3fend": [
|
|
31292
|
+
{
|
|
31293
|
+
"id": "D3-ASLR",
|
|
31294
|
+
"name": "Address Space Layout Randomization",
|
|
31295
|
+
"tactic": "Harden"
|
|
31296
|
+
},
|
|
31297
|
+
{
|
|
31298
|
+
"id": "D3-CA",
|
|
31299
|
+
"name": "Certificate Analysis",
|
|
31300
|
+
"tactic": "Detect"
|
|
31301
|
+
},
|
|
31302
|
+
{
|
|
31303
|
+
"id": "D3-CSPP",
|
|
31304
|
+
"name": "Client-server Payload Profiling",
|
|
31305
|
+
"tactic": "Detect"
|
|
31306
|
+
},
|
|
31307
|
+
{
|
|
31308
|
+
"id": "D3-DA",
|
|
31309
|
+
"name": "Domain Analysis",
|
|
31310
|
+
"tactic": "Detect"
|
|
31311
|
+
},
|
|
31312
|
+
{
|
|
31313
|
+
"id": "D3-EAL",
|
|
31314
|
+
"name": "Executable Allowlisting",
|
|
31315
|
+
"tactic": "Harden"
|
|
31316
|
+
},
|
|
31317
|
+
{
|
|
31318
|
+
"id": "D3-IOPR",
|
|
31319
|
+
"name": "Input/Output Profiling Resource",
|
|
31320
|
+
"tactic": "Detect"
|
|
31321
|
+
},
|
|
31322
|
+
{
|
|
31323
|
+
"id": "D3-NI",
|
|
31324
|
+
"name": "Network Isolation",
|
|
31325
|
+
"tactic": "Isolate"
|
|
31326
|
+
},
|
|
31327
|
+
{
|
|
31328
|
+
"id": "D3-NTA",
|
|
31329
|
+
"name": "Network Traffic Analysis",
|
|
31330
|
+
"tactic": "Detect"
|
|
31331
|
+
},
|
|
31332
|
+
{
|
|
31333
|
+
"id": "D3-NTPM",
|
|
31334
|
+
"name": "Network Traffic Policy Mapping",
|
|
31335
|
+
"tactic": "Model"
|
|
31336
|
+
},
|
|
31337
|
+
{
|
|
31338
|
+
"id": "D3-PHRA",
|
|
31339
|
+
"name": "Process Hardware Resource Access",
|
|
31340
|
+
"tactic": "Isolate"
|
|
31341
|
+
},
|
|
31342
|
+
{
|
|
31343
|
+
"id": "D3-PSEP",
|
|
31344
|
+
"name": "Process Segment Execution Prevention",
|
|
31345
|
+
"tactic": "Harden"
|
|
31346
|
+
}
|
|
31347
|
+
],
|
|
31348
|
+
"framework_gaps": [
|
|
31349
|
+
{
|
|
31350
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
31351
|
+
"framework": "ALL",
|
|
31352
|
+
"control_name": "AI Pipeline Integrity"
|
|
31353
|
+
},
|
|
31354
|
+
{
|
|
31355
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
31356
|
+
"framework": "ALL",
|
|
31357
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
31358
|
+
},
|
|
31359
|
+
{
|
|
31360
|
+
"id": "CIS-Controls-v8-Control7",
|
|
31361
|
+
"framework": "CIS Controls v8",
|
|
31362
|
+
"control_name": "Continuous Vulnerability Management"
|
|
31363
|
+
},
|
|
31364
|
+
{
|
|
31365
|
+
"id": "CMMC-2.0-Level-2",
|
|
31366
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
31367
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
31368
|
+
},
|
|
31369
|
+
{
|
|
31370
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
31371
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
31372
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
31373
|
+
},
|
|
31374
|
+
{
|
|
31375
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
31376
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
31377
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
31378
|
+
},
|
|
31379
|
+
{
|
|
31380
|
+
"id": "IEC-62443-3-3",
|
|
31381
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
31382
|
+
"control_name": "System security requirements and security levels"
|
|
31383
|
+
},
|
|
31384
|
+
{
|
|
31385
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
31386
|
+
"framework": "ISO/IEC 27001:2022",
|
|
31387
|
+
"control_name": "Monitoring activities"
|
|
31388
|
+
},
|
|
31389
|
+
{
|
|
31390
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
31391
|
+
"framework": "ISO/IEC 27001:2022",
|
|
31392
|
+
"control_name": "Secure coding"
|
|
31393
|
+
},
|
|
31394
|
+
{
|
|
31395
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
31396
|
+
"framework": "ISO/IEC 27001:2022",
|
|
31397
|
+
"control_name": "Management of technical vulnerabilities"
|
|
31398
|
+
},
|
|
31399
|
+
{
|
|
31400
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
31401
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
31402
|
+
"control_name": "AI risk management process"
|
|
31403
|
+
},
|
|
31404
|
+
{
|
|
31405
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
31406
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
31407
|
+
"control_name": "AI risk assessment"
|
|
31408
|
+
},
|
|
31409
|
+
{
|
|
31410
|
+
"id": "NERC-CIP-007-6-R4",
|
|
31411
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
31412
|
+
"control_name": "Security event monitoring"
|
|
31413
|
+
},
|
|
31414
|
+
{
|
|
31415
|
+
"id": "NIS2-Art21-patch-management",
|
|
31416
|
+
"framework": "EU NIS2 Directive",
|
|
31417
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
31418
|
+
},
|
|
31419
|
+
{
|
|
31420
|
+
"id": "NIST-800-115",
|
|
31421
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
31422
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
31423
|
+
},
|
|
31424
|
+
{
|
|
31425
|
+
"id": "NIST-800-218-SSDF",
|
|
31426
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
31427
|
+
"control_name": "Secure Software Development Framework"
|
|
31428
|
+
},
|
|
31429
|
+
{
|
|
31430
|
+
"id": "NIST-800-53-AC-2",
|
|
31431
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
31432
|
+
"control_name": "Account Management"
|
|
31433
|
+
},
|
|
31434
|
+
{
|
|
31435
|
+
"id": "NIST-800-53-SC-28",
|
|
31436
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
31437
|
+
"control_name": "Protection of Information at Rest"
|
|
31438
|
+
},
|
|
31439
|
+
{
|
|
31440
|
+
"id": "NIST-800-53-SC-7",
|
|
31441
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
31442
|
+
"control_name": "Boundary Protection"
|
|
31443
|
+
},
|
|
31444
|
+
{
|
|
31445
|
+
"id": "NIST-800-53-SC-8",
|
|
31446
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
31447
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
31448
|
+
},
|
|
31449
|
+
{
|
|
31450
|
+
"id": "NIST-800-53-SI-2",
|
|
31451
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
31452
|
+
"control_name": "Flaw Remediation"
|
|
31453
|
+
},
|
|
31454
|
+
{
|
|
31455
|
+
"id": "NIST-800-53-SI-3",
|
|
31456
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
31457
|
+
"control_name": "Malicious Code Protection"
|
|
31458
|
+
},
|
|
31459
|
+
{
|
|
31460
|
+
"id": "NIST-800-82r3",
|
|
31461
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
31462
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
31463
|
+
},
|
|
31464
|
+
{
|
|
31465
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
31466
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
31467
|
+
"control_name": "Prompt Injection"
|
|
31468
|
+
},
|
|
31469
|
+
{
|
|
31470
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
31471
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
31472
|
+
"control_name": "Sensitive Information Disclosure"
|
|
31473
|
+
},
|
|
31474
|
+
{
|
|
31475
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
31476
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
31477
|
+
"control_name": "Web application penetration testing methodology"
|
|
31478
|
+
},
|
|
31479
|
+
{
|
|
31480
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
31481
|
+
"framework": "PCI DSS 4.0",
|
|
31482
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
31483
|
+
},
|
|
31484
|
+
{
|
|
31485
|
+
"id": "PTES-Pre-engagement",
|
|
31486
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
31487
|
+
"control_name": "Pre-engagement Interactions"
|
|
31488
|
+
},
|
|
31489
|
+
{
|
|
31490
|
+
"id": "SOC2-CC6-logical-access",
|
|
31491
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
31492
|
+
"control_name": "Logical and Physical Access Controls"
|
|
31493
|
+
},
|
|
31494
|
+
{
|
|
31495
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
31496
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
31497
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
31498
|
+
},
|
|
31499
|
+
{
|
|
31500
|
+
"id": "SOC2-CC9-vendor-management",
|
|
31501
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
31502
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
31503
|
+
}
|
|
31504
|
+
],
|
|
31505
|
+
"attack_refs": [
|
|
31506
|
+
"T0855",
|
|
31507
|
+
"T0883",
|
|
31508
|
+
"T1041",
|
|
31509
|
+
"T1059",
|
|
31510
|
+
"T1068",
|
|
31511
|
+
"T1071",
|
|
31512
|
+
"T1078",
|
|
31513
|
+
"T1102",
|
|
31514
|
+
"T1133",
|
|
31515
|
+
"T1190",
|
|
31516
|
+
"T1213",
|
|
31517
|
+
"T1530",
|
|
31518
|
+
"T1548.001",
|
|
31519
|
+
"T1566",
|
|
31520
|
+
"T1567",
|
|
31521
|
+
"T1568"
|
|
31522
|
+
],
|
|
31523
|
+
"rfc_refs": [
|
|
31524
|
+
"RFC-4301",
|
|
31525
|
+
"RFC-4303",
|
|
31526
|
+
"RFC-7296",
|
|
31527
|
+
"RFC-8446",
|
|
31528
|
+
"RFC-9000",
|
|
31529
|
+
"RFC-9114",
|
|
31530
|
+
"RFC-9180",
|
|
31531
|
+
"RFC-9421",
|
|
31532
|
+
"RFC-9458"
|
|
31533
|
+
]
|
|
31534
|
+
}
|
|
31535
|
+
},
|
|
31536
|
+
"CVE-2025-30202": {
|
|
31537
|
+
"name": "vLLM Distributed XPUB ZeroMQ Socket All-Interface Exposure",
|
|
31538
|
+
"rwep": 27,
|
|
31539
|
+
"cvss": 7.5,
|
|
31540
|
+
"cisa_kev": false,
|
|
31541
|
+
"epss_score": null,
|
|
31542
|
+
"referencing_skills": [
|
|
31543
|
+
"kernel-lpe-triage",
|
|
31544
|
+
"ai-attack-surface",
|
|
31545
|
+
"compliance-theater",
|
|
31546
|
+
"ai-c2-detection",
|
|
31547
|
+
"attack-surface-pentest",
|
|
31548
|
+
"dlp-gap-analysis",
|
|
31549
|
+
"ot-ics-security",
|
|
31550
|
+
"coordinated-vuln-disclosure",
|
|
31551
|
+
"sector-energy"
|
|
31552
|
+
],
|
|
31553
|
+
"chain": {
|
|
31554
|
+
"cwes": [
|
|
31555
|
+
{
|
|
31556
|
+
"id": "CWE-1037",
|
|
31557
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
31558
|
+
"category": "Hardware / Side Channel"
|
|
31559
|
+
},
|
|
31560
|
+
{
|
|
31561
|
+
"id": "CWE-1039",
|
|
31562
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
31563
|
+
"category": "AI/ML"
|
|
31564
|
+
},
|
|
31565
|
+
{
|
|
31566
|
+
"id": "CWE-125",
|
|
31567
|
+
"name": "Out-of-bounds Read",
|
|
31568
|
+
"category": "Memory Safety"
|
|
31569
|
+
},
|
|
31570
|
+
{
|
|
31571
|
+
"id": "CWE-1357",
|
|
31572
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
31573
|
+
"category": "Supply Chain"
|
|
31574
|
+
},
|
|
31575
|
+
{
|
|
31576
|
+
"id": "CWE-1395",
|
|
31577
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
31578
|
+
"category": "Supply Chain"
|
|
31579
|
+
},
|
|
31580
|
+
{
|
|
31581
|
+
"id": "CWE-1426",
|
|
31582
|
+
"name": "Improper Validation of Generative AI Output",
|
|
31583
|
+
"category": "AI/ML"
|
|
31584
|
+
},
|
|
31585
|
+
{
|
|
31586
|
+
"id": "CWE-200",
|
|
31587
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
31588
|
+
"category": "Information Exposure"
|
|
31589
|
+
},
|
|
31590
|
+
{
|
|
31591
|
+
"id": "CWE-22",
|
|
31592
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
31593
|
+
"category": "Path/Resource"
|
|
31594
|
+
},
|
|
31595
|
+
{
|
|
31596
|
+
"id": "CWE-269",
|
|
31597
|
+
"name": "Improper Privilege Management",
|
|
31598
|
+
"category": "Authorization"
|
|
31599
|
+
},
|
|
31600
|
+
{
|
|
31601
|
+
"id": "CWE-287",
|
|
31602
|
+
"name": "Improper Authentication",
|
|
31603
|
+
"category": "Authentication"
|
|
31604
|
+
},
|
|
31605
|
+
{
|
|
31606
|
+
"id": "CWE-306",
|
|
31607
|
+
"name": "Missing Authentication for Critical Function",
|
|
31608
|
+
"category": "Authentication"
|
|
31609
|
+
},
|
|
31610
|
+
{
|
|
31611
|
+
"id": "CWE-352",
|
|
31612
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
31613
|
+
"category": "Session"
|
|
31614
|
+
},
|
|
31615
|
+
{
|
|
31616
|
+
"id": "CWE-362",
|
|
31617
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
31618
|
+
"category": "Concurrency"
|
|
31619
|
+
},
|
|
31620
|
+
{
|
|
31621
|
+
"id": "CWE-416",
|
|
31622
|
+
"name": "Use After Free",
|
|
31623
|
+
"category": "Memory Safety"
|
|
31624
|
+
},
|
|
31625
|
+
{
|
|
31626
|
+
"id": "CWE-434",
|
|
31627
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
31628
|
+
"category": "File Handling"
|
|
31629
|
+
},
|
|
31630
|
+
{
|
|
31631
|
+
"id": "CWE-672",
|
|
31632
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
31633
|
+
"category": "Memory Safety"
|
|
31634
|
+
},
|
|
31635
|
+
{
|
|
31636
|
+
"id": "CWE-732",
|
|
31637
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
31638
|
+
"category": "Authorization"
|
|
31639
|
+
},
|
|
31640
|
+
{
|
|
31641
|
+
"id": "CWE-78",
|
|
31642
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
31643
|
+
"category": "Injection"
|
|
31644
|
+
},
|
|
31645
|
+
{
|
|
31646
|
+
"id": "CWE-787",
|
|
31647
|
+
"name": "Out-of-bounds Write",
|
|
31648
|
+
"category": "Memory Safety"
|
|
31649
|
+
},
|
|
31650
|
+
{
|
|
31651
|
+
"id": "CWE-79",
|
|
31652
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
31653
|
+
"category": "Injection"
|
|
31654
|
+
},
|
|
31655
|
+
{
|
|
31656
|
+
"id": "CWE-798",
|
|
31657
|
+
"name": "Use of Hard-coded Credentials",
|
|
31658
|
+
"category": "Credentials"
|
|
31659
|
+
},
|
|
31660
|
+
{
|
|
31661
|
+
"id": "CWE-89",
|
|
31662
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
31663
|
+
"category": "Injection"
|
|
31664
|
+
},
|
|
31665
|
+
{
|
|
31666
|
+
"id": "CWE-918",
|
|
31667
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
31668
|
+
"category": "Network"
|
|
31669
|
+
},
|
|
31670
|
+
{
|
|
31671
|
+
"id": "CWE-94",
|
|
31672
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
31673
|
+
"category": "Injection"
|
|
31674
|
+
}
|
|
31675
|
+
],
|
|
31676
|
+
"atlas": [
|
|
31677
|
+
{
|
|
31678
|
+
"id": "AML.T0010",
|
|
31679
|
+
"name": "ML Supply Chain Compromise",
|
|
31680
|
+
"tactic": "Initial Access"
|
|
31681
|
+
},
|
|
31682
|
+
{
|
|
31683
|
+
"id": "AML.T0016",
|
|
31684
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
31685
|
+
"tactic": "Resource Development"
|
|
31686
|
+
},
|
|
31687
|
+
{
|
|
31688
|
+
"id": "AML.T0017",
|
|
31689
|
+
"name": "Discover ML Model Ontology",
|
|
31690
|
+
"tactic": "Discovery"
|
|
31691
|
+
},
|
|
31692
|
+
{
|
|
31693
|
+
"id": "AML.T0018",
|
|
31694
|
+
"name": "Backdoor ML Model",
|
|
31695
|
+
"tactic": "Persistence"
|
|
31696
|
+
},
|
|
31697
|
+
{
|
|
31698
|
+
"id": "AML.T0020",
|
|
31699
|
+
"name": "Poison Training Data",
|
|
31700
|
+
"tactic": "ML Attack Staging"
|
|
31701
|
+
},
|
|
31702
|
+
{
|
|
31703
|
+
"id": "AML.T0043",
|
|
31704
|
+
"name": "Craft Adversarial Data",
|
|
31705
|
+
"tactic": "ML Attack Staging"
|
|
31706
|
+
},
|
|
31707
|
+
{
|
|
31708
|
+
"id": "AML.T0051",
|
|
31709
|
+
"name": "LLM Prompt Injection",
|
|
31710
|
+
"tactic": "Execution"
|
|
31711
|
+
},
|
|
31712
|
+
{
|
|
31713
|
+
"id": "AML.T0054",
|
|
31714
|
+
"name": "LLM Jailbreak",
|
|
31715
|
+
"tactic": "Defense Evasion"
|
|
31716
|
+
},
|
|
31717
|
+
{
|
|
31718
|
+
"id": "AML.T0096",
|
|
31719
|
+
"name": "AI API as Covert C2 Channel",
|
|
31720
|
+
"tactic": "Command and Control"
|
|
31721
|
+
}
|
|
31722
|
+
],
|
|
31723
|
+
"d3fend": [
|
|
31724
|
+
{
|
|
31725
|
+
"id": "D3-ASLR",
|
|
31726
|
+
"name": "Address Space Layout Randomization",
|
|
31727
|
+
"tactic": "Harden"
|
|
31728
|
+
},
|
|
31729
|
+
{
|
|
31730
|
+
"id": "D3-CA",
|
|
31731
|
+
"name": "Certificate Analysis",
|
|
31732
|
+
"tactic": "Detect"
|
|
31733
|
+
},
|
|
31734
|
+
{
|
|
31735
|
+
"id": "D3-CSPP",
|
|
31736
|
+
"name": "Client-server Payload Profiling",
|
|
31737
|
+
"tactic": "Detect"
|
|
31738
|
+
},
|
|
31739
|
+
{
|
|
31740
|
+
"id": "D3-DA",
|
|
31741
|
+
"name": "Domain Analysis",
|
|
31742
|
+
"tactic": "Detect"
|
|
31743
|
+
},
|
|
31744
|
+
{
|
|
31745
|
+
"id": "D3-EAL",
|
|
31746
|
+
"name": "Executable Allowlisting",
|
|
31747
|
+
"tactic": "Harden"
|
|
31748
|
+
},
|
|
31749
|
+
{
|
|
31750
|
+
"id": "D3-IOPR",
|
|
31751
|
+
"name": "Input/Output Profiling Resource",
|
|
31752
|
+
"tactic": "Detect"
|
|
31753
|
+
},
|
|
31754
|
+
{
|
|
31755
|
+
"id": "D3-NI",
|
|
31756
|
+
"name": "Network Isolation",
|
|
31757
|
+
"tactic": "Isolate"
|
|
31758
|
+
},
|
|
31759
|
+
{
|
|
31760
|
+
"id": "D3-NTA",
|
|
31761
|
+
"name": "Network Traffic Analysis",
|
|
31762
|
+
"tactic": "Detect"
|
|
31763
|
+
},
|
|
31764
|
+
{
|
|
31765
|
+
"id": "D3-NTPM",
|
|
31766
|
+
"name": "Network Traffic Policy Mapping",
|
|
31767
|
+
"tactic": "Model"
|
|
31768
|
+
},
|
|
31769
|
+
{
|
|
31770
|
+
"id": "D3-PHRA",
|
|
31771
|
+
"name": "Process Hardware Resource Access",
|
|
31772
|
+
"tactic": "Isolate"
|
|
31773
|
+
},
|
|
31774
|
+
{
|
|
31775
|
+
"id": "D3-PSEP",
|
|
31776
|
+
"name": "Process Segment Execution Prevention",
|
|
31777
|
+
"tactic": "Harden"
|
|
31778
|
+
}
|
|
31779
|
+
],
|
|
31780
|
+
"framework_gaps": [
|
|
31781
|
+
{
|
|
31782
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
31783
|
+
"framework": "ALL",
|
|
31784
|
+
"control_name": "AI Pipeline Integrity"
|
|
31785
|
+
},
|
|
31786
|
+
{
|
|
31787
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
31788
|
+
"framework": "ALL",
|
|
31789
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
31790
|
+
},
|
|
31791
|
+
{
|
|
31792
|
+
"id": "CIS-Controls-v8-Control7",
|
|
31793
|
+
"framework": "CIS Controls v8",
|
|
31794
|
+
"control_name": "Continuous Vulnerability Management"
|
|
31795
|
+
},
|
|
31796
|
+
{
|
|
31797
|
+
"id": "CMMC-2.0-Level-2",
|
|
31798
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
31799
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
31800
|
+
},
|
|
31801
|
+
{
|
|
31802
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
31803
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
31804
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
31805
|
+
},
|
|
31806
|
+
{
|
|
31807
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
31808
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
31809
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
31810
|
+
},
|
|
31811
|
+
{
|
|
31812
|
+
"id": "IEC-62443-3-3",
|
|
31813
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
31814
|
+
"control_name": "System security requirements and security levels"
|
|
31815
|
+
},
|
|
31816
|
+
{
|
|
31817
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
31818
|
+
"framework": "ISO/IEC 27001:2022",
|
|
31819
|
+
"control_name": "Monitoring activities"
|
|
31820
|
+
},
|
|
31821
|
+
{
|
|
31822
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
31823
|
+
"framework": "ISO/IEC 27001:2022",
|
|
31824
|
+
"control_name": "Secure coding"
|
|
31825
|
+
},
|
|
31826
|
+
{
|
|
31827
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
31828
|
+
"framework": "ISO/IEC 27001:2022",
|
|
31829
|
+
"control_name": "Management of technical vulnerabilities"
|
|
31830
|
+
},
|
|
31831
|
+
{
|
|
31832
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
31833
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
31834
|
+
"control_name": "AI risk management process"
|
|
31835
|
+
},
|
|
31836
|
+
{
|
|
31837
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
31838
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
31839
|
+
"control_name": "AI risk assessment"
|
|
31840
|
+
},
|
|
31841
|
+
{
|
|
31842
|
+
"id": "NERC-CIP-007-6-R4",
|
|
31843
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
31844
|
+
"control_name": "Security event monitoring"
|
|
31845
|
+
},
|
|
31846
|
+
{
|
|
31847
|
+
"id": "NIS2-Art21-patch-management",
|
|
31848
|
+
"framework": "EU NIS2 Directive",
|
|
31849
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
31850
|
+
},
|
|
31851
|
+
{
|
|
31852
|
+
"id": "NIST-800-115",
|
|
31853
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
31854
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
31855
|
+
},
|
|
31856
|
+
{
|
|
31857
|
+
"id": "NIST-800-218-SSDF",
|
|
31858
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
31859
|
+
"control_name": "Secure Software Development Framework"
|
|
31860
|
+
},
|
|
31861
|
+
{
|
|
31862
|
+
"id": "NIST-800-53-AC-2",
|
|
31863
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
31864
|
+
"control_name": "Account Management"
|
|
31865
|
+
},
|
|
31866
|
+
{
|
|
31867
|
+
"id": "NIST-800-53-SC-28",
|
|
31868
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
31869
|
+
"control_name": "Protection of Information at Rest"
|
|
31870
|
+
},
|
|
31871
|
+
{
|
|
31872
|
+
"id": "NIST-800-53-SC-7",
|
|
31873
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
31874
|
+
"control_name": "Boundary Protection"
|
|
31875
|
+
},
|
|
31876
|
+
{
|
|
31877
|
+
"id": "NIST-800-53-SC-8",
|
|
31878
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
31879
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
31880
|
+
},
|
|
31881
|
+
{
|
|
31882
|
+
"id": "NIST-800-53-SI-2",
|
|
31883
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
31884
|
+
"control_name": "Flaw Remediation"
|
|
31885
|
+
},
|
|
31886
|
+
{
|
|
31887
|
+
"id": "NIST-800-53-SI-3",
|
|
31888
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
31889
|
+
"control_name": "Malicious Code Protection"
|
|
31890
|
+
},
|
|
31891
|
+
{
|
|
31892
|
+
"id": "NIST-800-82r3",
|
|
31893
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
31894
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
31895
|
+
},
|
|
31896
|
+
{
|
|
31897
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
31898
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
31899
|
+
"control_name": "Prompt Injection"
|
|
31900
|
+
},
|
|
31901
|
+
{
|
|
31902
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
31903
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
31904
|
+
"control_name": "Sensitive Information Disclosure"
|
|
31905
|
+
},
|
|
31906
|
+
{
|
|
31907
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
31908
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
31909
|
+
"control_name": "Web application penetration testing methodology"
|
|
31910
|
+
},
|
|
31911
|
+
{
|
|
31912
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
31913
|
+
"framework": "PCI DSS 4.0",
|
|
31914
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
31915
|
+
},
|
|
31916
|
+
{
|
|
31917
|
+
"id": "PTES-Pre-engagement",
|
|
31918
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
31919
|
+
"control_name": "Pre-engagement Interactions"
|
|
31920
|
+
},
|
|
31921
|
+
{
|
|
31922
|
+
"id": "SOC2-CC6-logical-access",
|
|
31923
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
31924
|
+
"control_name": "Logical and Physical Access Controls"
|
|
31925
|
+
},
|
|
31926
|
+
{
|
|
31927
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
31928
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
31929
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
31930
|
+
},
|
|
31931
|
+
{
|
|
31932
|
+
"id": "SOC2-CC9-vendor-management",
|
|
31933
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
31934
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
31935
|
+
}
|
|
31936
|
+
],
|
|
31937
|
+
"attack_refs": [
|
|
31938
|
+
"T0855",
|
|
31939
|
+
"T0883",
|
|
31940
|
+
"T1041",
|
|
31941
|
+
"T1059",
|
|
31942
|
+
"T1068",
|
|
31943
|
+
"T1071",
|
|
31944
|
+
"T1078",
|
|
31945
|
+
"T1102",
|
|
31946
|
+
"T1133",
|
|
31947
|
+
"T1190",
|
|
31948
|
+
"T1213",
|
|
31949
|
+
"T1530",
|
|
31950
|
+
"T1548.001",
|
|
31951
|
+
"T1566",
|
|
31952
|
+
"T1567",
|
|
31953
|
+
"T1568"
|
|
31954
|
+
],
|
|
31955
|
+
"rfc_refs": [
|
|
31956
|
+
"RFC-4301",
|
|
31957
|
+
"RFC-4303",
|
|
31958
|
+
"RFC-7296",
|
|
31959
|
+
"RFC-8446",
|
|
31960
|
+
"RFC-9000",
|
|
31961
|
+
"RFC-9114",
|
|
31962
|
+
"RFC-9180",
|
|
31963
|
+
"RFC-9421",
|
|
31964
|
+
"RFC-9458"
|
|
31965
|
+
]
|
|
31966
|
+
}
|
|
31967
|
+
},
|
|
31968
|
+
"CVE-2024-27132": {
|
|
31969
|
+
"name": "MLflow Recipe Template Injection XSS to Client-Side RCE",
|
|
31970
|
+
"rwep": 29,
|
|
31971
|
+
"cvss": 9.6,
|
|
31972
|
+
"cisa_kev": false,
|
|
31973
|
+
"epss_score": null,
|
|
31974
|
+
"referencing_skills": [
|
|
31975
|
+
"kernel-lpe-triage",
|
|
31976
|
+
"ai-attack-surface",
|
|
31977
|
+
"compliance-theater",
|
|
31978
|
+
"attack-surface-pentest",
|
|
31979
|
+
"ot-ics-security",
|
|
31980
|
+
"coordinated-vuln-disclosure",
|
|
31981
|
+
"sector-energy"
|
|
31982
|
+
],
|
|
31983
|
+
"chain": {
|
|
31984
|
+
"cwes": [
|
|
31985
|
+
{
|
|
31986
|
+
"id": "CWE-1037",
|
|
31987
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
31988
|
+
"category": "Hardware / Side Channel"
|
|
31989
|
+
},
|
|
31990
|
+
{
|
|
31991
|
+
"id": "CWE-1039",
|
|
31992
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
31993
|
+
"category": "AI/ML"
|
|
31994
|
+
},
|
|
31995
|
+
{
|
|
31996
|
+
"id": "CWE-125",
|
|
31997
|
+
"name": "Out-of-bounds Read",
|
|
31998
|
+
"category": "Memory Safety"
|
|
31999
|
+
},
|
|
32000
|
+
{
|
|
32001
|
+
"id": "CWE-1357",
|
|
32002
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
32003
|
+
"category": "Supply Chain"
|
|
32004
|
+
},
|
|
32005
|
+
{
|
|
32006
|
+
"id": "CWE-1395",
|
|
32007
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
32008
|
+
"category": "Supply Chain"
|
|
32009
|
+
},
|
|
32010
|
+
{
|
|
32011
|
+
"id": "CWE-1426",
|
|
32012
|
+
"name": "Improper Validation of Generative AI Output",
|
|
32013
|
+
"category": "AI/ML"
|
|
32014
|
+
},
|
|
32015
|
+
{
|
|
32016
|
+
"id": "CWE-22",
|
|
32017
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
32018
|
+
"category": "Path/Resource"
|
|
32019
|
+
},
|
|
32020
|
+
{
|
|
32021
|
+
"id": "CWE-269",
|
|
32022
|
+
"name": "Improper Privilege Management",
|
|
32023
|
+
"category": "Authorization"
|
|
32024
|
+
},
|
|
32025
|
+
{
|
|
32026
|
+
"id": "CWE-287",
|
|
32027
|
+
"name": "Improper Authentication",
|
|
32028
|
+
"category": "Authentication"
|
|
32029
|
+
},
|
|
32030
|
+
{
|
|
32031
|
+
"id": "CWE-306",
|
|
32032
|
+
"name": "Missing Authentication for Critical Function",
|
|
32033
|
+
"category": "Authentication"
|
|
32034
|
+
},
|
|
32035
|
+
{
|
|
32036
|
+
"id": "CWE-352",
|
|
32037
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
32038
|
+
"category": "Session"
|
|
32039
|
+
},
|
|
32040
|
+
{
|
|
32041
|
+
"id": "CWE-362",
|
|
32042
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
32043
|
+
"category": "Concurrency"
|
|
32044
|
+
},
|
|
32045
|
+
{
|
|
32046
|
+
"id": "CWE-416",
|
|
32047
|
+
"name": "Use After Free",
|
|
32048
|
+
"category": "Memory Safety"
|
|
32049
|
+
},
|
|
32050
|
+
{
|
|
32051
|
+
"id": "CWE-434",
|
|
32052
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
32053
|
+
"category": "File Handling"
|
|
32054
|
+
},
|
|
32055
|
+
{
|
|
32056
|
+
"id": "CWE-672",
|
|
32057
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
32058
|
+
"category": "Memory Safety"
|
|
32059
|
+
},
|
|
32060
|
+
{
|
|
32061
|
+
"id": "CWE-732",
|
|
32062
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
32063
|
+
"category": "Authorization"
|
|
32064
|
+
},
|
|
32065
|
+
{
|
|
32066
|
+
"id": "CWE-78",
|
|
32067
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
32068
|
+
"category": "Injection"
|
|
32069
|
+
},
|
|
32070
|
+
{
|
|
32071
|
+
"id": "CWE-787",
|
|
32072
|
+
"name": "Out-of-bounds Write",
|
|
32073
|
+
"category": "Memory Safety"
|
|
32074
|
+
},
|
|
32075
|
+
{
|
|
32076
|
+
"id": "CWE-79",
|
|
32077
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
32078
|
+
"category": "Injection"
|
|
32079
|
+
},
|
|
32080
|
+
{
|
|
32081
|
+
"id": "CWE-798",
|
|
32082
|
+
"name": "Use of Hard-coded Credentials",
|
|
32083
|
+
"category": "Credentials"
|
|
32084
|
+
},
|
|
32085
|
+
{
|
|
32086
|
+
"id": "CWE-89",
|
|
32087
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
32088
|
+
"category": "Injection"
|
|
32089
|
+
},
|
|
32090
|
+
{
|
|
32091
|
+
"id": "CWE-918",
|
|
32092
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
32093
|
+
"category": "Network"
|
|
32094
|
+
},
|
|
32095
|
+
{
|
|
32096
|
+
"id": "CWE-94",
|
|
32097
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
32098
|
+
"category": "Injection"
|
|
32099
|
+
}
|
|
32100
|
+
],
|
|
32101
|
+
"atlas": [
|
|
32102
|
+
{
|
|
32103
|
+
"id": "AML.T0010",
|
|
32104
|
+
"name": "ML Supply Chain Compromise",
|
|
32105
|
+
"tactic": "Initial Access"
|
|
32106
|
+
},
|
|
32107
|
+
{
|
|
32108
|
+
"id": "AML.T0016",
|
|
32109
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
32110
|
+
"tactic": "Resource Development"
|
|
32111
|
+
},
|
|
32112
|
+
{
|
|
32113
|
+
"id": "AML.T0017",
|
|
32114
|
+
"name": "Discover ML Model Ontology",
|
|
32115
|
+
"tactic": "Discovery"
|
|
32116
|
+
},
|
|
32117
|
+
{
|
|
32118
|
+
"id": "AML.T0018",
|
|
32119
|
+
"name": "Backdoor ML Model",
|
|
32120
|
+
"tactic": "Persistence"
|
|
32121
|
+
},
|
|
32122
|
+
{
|
|
32123
|
+
"id": "AML.T0020",
|
|
32124
|
+
"name": "Poison Training Data",
|
|
32125
|
+
"tactic": "ML Attack Staging"
|
|
32126
|
+
},
|
|
32127
|
+
{
|
|
32128
|
+
"id": "AML.T0043",
|
|
32129
|
+
"name": "Craft Adversarial Data",
|
|
32130
|
+
"tactic": "ML Attack Staging"
|
|
32131
|
+
},
|
|
32132
|
+
{
|
|
32133
|
+
"id": "AML.T0051",
|
|
32134
|
+
"name": "LLM Prompt Injection",
|
|
32135
|
+
"tactic": "Execution"
|
|
32136
|
+
},
|
|
32137
|
+
{
|
|
32138
|
+
"id": "AML.T0054",
|
|
32139
|
+
"name": "LLM Jailbreak",
|
|
32140
|
+
"tactic": "Defense Evasion"
|
|
32141
|
+
},
|
|
32142
|
+
{
|
|
32143
|
+
"id": "AML.T0096",
|
|
32144
|
+
"name": "AI API as Covert C2 Channel",
|
|
32145
|
+
"tactic": "Command and Control"
|
|
32146
|
+
}
|
|
32147
|
+
],
|
|
32148
|
+
"d3fend": [
|
|
32149
|
+
{
|
|
32150
|
+
"id": "D3-ASLR",
|
|
32151
|
+
"name": "Address Space Layout Randomization",
|
|
32152
|
+
"tactic": "Harden"
|
|
32153
|
+
},
|
|
32154
|
+
{
|
|
32155
|
+
"id": "D3-CSPP",
|
|
32156
|
+
"name": "Client-server Payload Profiling",
|
|
32157
|
+
"tactic": "Detect"
|
|
32158
|
+
},
|
|
32159
|
+
{
|
|
32160
|
+
"id": "D3-EAL",
|
|
32161
|
+
"name": "Executable Allowlisting",
|
|
32162
|
+
"tactic": "Harden"
|
|
32163
|
+
},
|
|
32164
|
+
{
|
|
32165
|
+
"id": "D3-IOPR",
|
|
32166
|
+
"name": "Input/Output Profiling Resource",
|
|
32167
|
+
"tactic": "Detect"
|
|
32168
|
+
},
|
|
32169
|
+
{
|
|
32170
|
+
"id": "D3-NTA",
|
|
32171
|
+
"name": "Network Traffic Analysis",
|
|
32172
|
+
"tactic": "Detect"
|
|
32173
|
+
},
|
|
32174
|
+
{
|
|
32175
|
+
"id": "D3-PHRA",
|
|
32176
|
+
"name": "Process Hardware Resource Access",
|
|
32177
|
+
"tactic": "Isolate"
|
|
32178
|
+
},
|
|
32179
|
+
{
|
|
32180
|
+
"id": "D3-PSEP",
|
|
32181
|
+
"name": "Process Segment Execution Prevention",
|
|
32182
|
+
"tactic": "Harden"
|
|
32183
|
+
}
|
|
32184
|
+
],
|
|
32185
|
+
"framework_gaps": [
|
|
32186
|
+
{
|
|
32187
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
32188
|
+
"framework": "ALL",
|
|
32189
|
+
"control_name": "AI Pipeline Integrity"
|
|
32190
|
+
},
|
|
32191
|
+
{
|
|
32192
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
32193
|
+
"framework": "ALL",
|
|
32194
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
32195
|
+
},
|
|
32196
|
+
{
|
|
32197
|
+
"id": "CIS-Controls-v8-Control7",
|
|
32198
|
+
"framework": "CIS Controls v8",
|
|
32199
|
+
"control_name": "Continuous Vulnerability Management"
|
|
32200
|
+
},
|
|
32201
|
+
{
|
|
32202
|
+
"id": "CMMC-2.0-Level-2",
|
|
32203
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
32204
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
32205
|
+
},
|
|
32206
|
+
{
|
|
32207
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
32208
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
32209
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
32210
|
+
},
|
|
32211
|
+
{
|
|
32212
|
+
"id": "IEC-62443-3-3",
|
|
32213
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
32214
|
+
"control_name": "System security requirements and security levels"
|
|
32215
|
+
},
|
|
32216
|
+
{
|
|
32217
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
32218
|
+
"framework": "ISO/IEC 27001:2022",
|
|
32219
|
+
"control_name": "Secure coding"
|
|
32220
|
+
},
|
|
32221
|
+
{
|
|
32222
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
32223
|
+
"framework": "ISO/IEC 27001:2022",
|
|
32224
|
+
"control_name": "Management of technical vulnerabilities"
|
|
32225
|
+
},
|
|
32226
|
+
{
|
|
32227
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
32228
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
32229
|
+
"control_name": "AI risk management process"
|
|
32230
|
+
},
|
|
32231
|
+
{
|
|
32232
|
+
"id": "NERC-CIP-007-6-R4",
|
|
32233
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
32234
|
+
"control_name": "Security event monitoring"
|
|
32235
|
+
},
|
|
32236
|
+
{
|
|
32237
|
+
"id": "NIS2-Art21-patch-management",
|
|
32238
|
+
"framework": "EU NIS2 Directive",
|
|
32239
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
32240
|
+
},
|
|
32241
|
+
{
|
|
32242
|
+
"id": "NIST-800-115",
|
|
32243
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
32244
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
32245
|
+
},
|
|
32246
|
+
{
|
|
32247
|
+
"id": "NIST-800-218-SSDF",
|
|
32248
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
32249
|
+
"control_name": "Secure Software Development Framework"
|
|
32250
|
+
},
|
|
32251
|
+
{
|
|
32252
|
+
"id": "NIST-800-53-AC-2",
|
|
32253
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
32254
|
+
"control_name": "Account Management"
|
|
32255
|
+
},
|
|
32256
|
+
{
|
|
32257
|
+
"id": "NIST-800-53-SC-8",
|
|
32258
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
32259
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
32260
|
+
},
|
|
32261
|
+
{
|
|
32262
|
+
"id": "NIST-800-53-SI-2",
|
|
32263
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
32264
|
+
"control_name": "Flaw Remediation"
|
|
32265
|
+
},
|
|
32266
|
+
{
|
|
32267
|
+
"id": "NIST-800-53-SI-3",
|
|
32268
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
32269
|
+
"control_name": "Malicious Code Protection"
|
|
32270
|
+
},
|
|
32271
|
+
{
|
|
32272
|
+
"id": "NIST-800-82r3",
|
|
32273
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
32274
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
32275
|
+
},
|
|
32276
|
+
{
|
|
32277
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
32278
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
32279
|
+
"control_name": "Prompt Injection"
|
|
32280
|
+
},
|
|
32281
|
+
{
|
|
32282
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
32283
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
32284
|
+
"control_name": "Sensitive Information Disclosure"
|
|
32285
|
+
},
|
|
32286
|
+
{
|
|
32287
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
32288
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
32289
|
+
"control_name": "Web application penetration testing methodology"
|
|
32290
|
+
},
|
|
32291
|
+
{
|
|
32292
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
32293
|
+
"framework": "PCI DSS 4.0",
|
|
32294
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
32295
|
+
},
|
|
32296
|
+
{
|
|
32297
|
+
"id": "PTES-Pre-engagement",
|
|
32298
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
32299
|
+
"control_name": "Pre-engagement Interactions"
|
|
32300
|
+
},
|
|
32301
|
+
{
|
|
32302
|
+
"id": "SOC2-CC6-logical-access",
|
|
32303
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
32304
|
+
"control_name": "Logical and Physical Access Controls"
|
|
32305
|
+
},
|
|
32306
|
+
{
|
|
32307
|
+
"id": "SOC2-CC9-vendor-management",
|
|
32308
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
32309
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
32310
|
+
}
|
|
32311
|
+
],
|
|
32312
|
+
"attack_refs": [
|
|
32313
|
+
"T0855",
|
|
32314
|
+
"T0883",
|
|
32315
|
+
"T1059",
|
|
32316
|
+
"T1068",
|
|
32317
|
+
"T1078",
|
|
32318
|
+
"T1133",
|
|
32319
|
+
"T1190",
|
|
32320
|
+
"T1548.001",
|
|
32321
|
+
"T1566"
|
|
32322
|
+
],
|
|
32323
|
+
"rfc_refs": [
|
|
32324
|
+
"RFC-4301",
|
|
32325
|
+
"RFC-4303",
|
|
32326
|
+
"RFC-7296"
|
|
32327
|
+
]
|
|
32328
|
+
}
|
|
32329
|
+
},
|
|
31104
32330
|
"CVE-2026-41091": {
|
|
31105
32331
|
"name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
|
|
31106
32332
|
"rwep": 45,
|
|
@@ -57486,6 +58712,7 @@
|
|
|
57486
58712
|
"CVE-2024-11393",
|
|
57487
58713
|
"CVE-2024-11394",
|
|
57488
58714
|
"CVE-2024-1561",
|
|
58715
|
+
"CVE-2024-27132",
|
|
57489
58716
|
"CVE-2024-3094",
|
|
57490
58717
|
"CVE-2024-3154",
|
|
57491
58718
|
"CVE-2024-37032",
|
|
@@ -57501,6 +58728,8 @@
|
|
|
57501
58728
|
"CVE-2025-23254",
|
|
57502
58729
|
"CVE-2025-23266",
|
|
57503
58730
|
"CVE-2025-30165",
|
|
58731
|
+
"CVE-2025-30202",
|
|
58732
|
+
"CVE-2025-32444",
|
|
57504
58733
|
"CVE-2025-34291",
|
|
57505
58734
|
"CVE-2025-38352",
|
|
57506
58735
|
"CVE-2025-43300",
|
|
@@ -57874,6 +59103,7 @@
|
|
|
57874
59103
|
"CVE-2024-11393",
|
|
57875
59104
|
"CVE-2024-11394",
|
|
57876
59105
|
"CVE-2024-1561",
|
|
59106
|
+
"CVE-2024-27132",
|
|
57877
59107
|
"CVE-2024-37032",
|
|
57878
59108
|
"CVE-2024-39722",
|
|
57879
59109
|
"CVE-2024-42478",
|
|
@@ -57887,6 +59117,8 @@
|
|
|
57887
59117
|
"CVE-2025-23254",
|
|
57888
59118
|
"CVE-2025-23266",
|
|
57889
59119
|
"CVE-2025-30165",
|
|
59120
|
+
"CVE-2025-30202",
|
|
59121
|
+
"CVE-2025-32444",
|
|
57890
59122
|
"CVE-2025-34291",
|
|
57891
59123
|
"CVE-2025-38352",
|
|
57892
59124
|
"CVE-2025-43300",
|
|
@@ -58053,6 +59285,7 @@
|
|
|
58053
59285
|
"CVE-2024-11393",
|
|
58054
59286
|
"CVE-2024-11394",
|
|
58055
59287
|
"CVE-2024-1561",
|
|
59288
|
+
"CVE-2024-27132",
|
|
58056
59289
|
"CVE-2024-37032",
|
|
58057
59290
|
"CVE-2024-39722",
|
|
58058
59291
|
"CVE-2024-42478",
|
|
@@ -58066,6 +59299,8 @@
|
|
|
58066
59299
|
"CVE-2025-23254",
|
|
58067
59300
|
"CVE-2025-23266",
|
|
58068
59301
|
"CVE-2025-30165",
|
|
59302
|
+
"CVE-2025-30202",
|
|
59303
|
+
"CVE-2025-32444",
|
|
58069
59304
|
"CVE-2025-34291",
|
|
58070
59305
|
"CVE-2025-38352",
|
|
58071
59306
|
"CVE-2025-43300",
|
|
@@ -58246,6 +59481,7 @@
|
|
|
58246
59481
|
"CVE-2024-11393",
|
|
58247
59482
|
"CVE-2024-11394",
|
|
58248
59483
|
"CVE-2024-1561",
|
|
59484
|
+
"CVE-2024-27132",
|
|
58249
59485
|
"CVE-2024-37032",
|
|
58250
59486
|
"CVE-2024-39722",
|
|
58251
59487
|
"CVE-2024-42478",
|
|
@@ -58259,6 +59495,8 @@
|
|
|
58259
59495
|
"CVE-2025-23254",
|
|
58260
59496
|
"CVE-2025-23266",
|
|
58261
59497
|
"CVE-2025-30165",
|
|
59498
|
+
"CVE-2025-30202",
|
|
59499
|
+
"CVE-2025-32444",
|
|
58262
59500
|
"CVE-2025-34291",
|
|
58263
59501
|
"CVE-2025-38352",
|
|
58264
59502
|
"CVE-2025-43300",
|
|
@@ -58543,6 +59781,7 @@
|
|
|
58543
59781
|
"CVE-2024-11393",
|
|
58544
59782
|
"CVE-2024-11394",
|
|
58545
59783
|
"CVE-2024-1561",
|
|
59784
|
+
"CVE-2024-27132",
|
|
58546
59785
|
"CVE-2024-3094",
|
|
58547
59786
|
"CVE-2024-3154",
|
|
58548
59787
|
"CVE-2024-37032",
|
|
@@ -58557,6 +59796,8 @@
|
|
|
58557
59796
|
"CVE-2025-23254",
|
|
58558
59797
|
"CVE-2025-23266",
|
|
58559
59798
|
"CVE-2025-30165",
|
|
59799
|
+
"CVE-2025-30202",
|
|
59800
|
+
"CVE-2025-32444",
|
|
58560
59801
|
"CVE-2025-34291",
|
|
58561
59802
|
"CVE-2025-49596",
|
|
58562
59803
|
"CVE-2025-49844",
|
|
@@ -58801,6 +60042,7 @@
|
|
|
58801
60042
|
"CVE-2024-1561",
|
|
58802
60043
|
"CVE-2024-1708",
|
|
58803
60044
|
"CVE-2024-21762",
|
|
60045
|
+
"CVE-2024-27132",
|
|
58804
60046
|
"CVE-2024-27199",
|
|
58805
60047
|
"CVE-2024-27443",
|
|
58806
60048
|
"CVE-2024-37032",
|
|
@@ -58860,11 +60102,13 @@
|
|
|
58860
60102
|
"CVE-2025-27920",
|
|
58861
60103
|
"CVE-2025-29635",
|
|
58862
60104
|
"CVE-2025-30165",
|
|
60105
|
+
"CVE-2025-30202",
|
|
58863
60106
|
"CVE-2025-30397",
|
|
58864
60107
|
"CVE-2025-31125",
|
|
58865
60108
|
"CVE-2025-31277",
|
|
58866
60109
|
"CVE-2025-32432",
|
|
58867
60110
|
"CVE-2025-32433",
|
|
60111
|
+
"CVE-2025-32444",
|
|
58868
60112
|
"CVE-2025-32463",
|
|
58869
60113
|
"CVE-2025-32701",
|
|
58870
60114
|
"CVE-2025-32706",
|
|
@@ -59274,6 +60518,8 @@
|
|
|
59274
60518
|
"CVE-2025-14847",
|
|
59275
60519
|
"CVE-2025-22226",
|
|
59276
60520
|
"CVE-2025-23266",
|
|
60521
|
+
"CVE-2025-30202",
|
|
60522
|
+
"CVE-2025-32444",
|
|
59277
60523
|
"CVE-2025-49844",
|
|
59278
60524
|
"CVE-2025-53767",
|
|
59279
60525
|
"CVE-2025-53773",
|
|
@@ -59633,6 +60879,7 @@
|
|
|
59633
60879
|
"CVE-2024-11393",
|
|
59634
60880
|
"CVE-2024-11394",
|
|
59635
60881
|
"CVE-2024-1561",
|
|
60882
|
+
"CVE-2024-27132",
|
|
59636
60883
|
"CVE-2024-3094",
|
|
59637
60884
|
"CVE-2024-3154",
|
|
59638
60885
|
"CVE-2024-37032",
|
|
@@ -59648,6 +60895,8 @@
|
|
|
59648
60895
|
"CVE-2025-23254",
|
|
59649
60896
|
"CVE-2025-23266",
|
|
59650
60897
|
"CVE-2025-30165",
|
|
60898
|
+
"CVE-2025-30202",
|
|
60899
|
+
"CVE-2025-32444",
|
|
59651
60900
|
"CVE-2025-34291",
|
|
59652
60901
|
"CVE-2025-38352",
|
|
59653
60902
|
"CVE-2025-43300",
|
|
@@ -60251,6 +61500,7 @@
|
|
|
60251
61500
|
"CVE-2024-11393",
|
|
60252
61501
|
"CVE-2024-11394",
|
|
60253
61502
|
"CVE-2024-1561",
|
|
61503
|
+
"CVE-2024-27132",
|
|
60254
61504
|
"CVE-2024-3094",
|
|
60255
61505
|
"CVE-2024-3154",
|
|
60256
61506
|
"CVE-2024-37032",
|
|
@@ -60266,6 +61516,8 @@
|
|
|
60266
61516
|
"CVE-2025-23254",
|
|
60267
61517
|
"CVE-2025-23266",
|
|
60268
61518
|
"CVE-2025-30165",
|
|
61519
|
+
"CVE-2025-30202",
|
|
61520
|
+
"CVE-2025-32444",
|
|
60269
61521
|
"CVE-2025-34291",
|
|
60270
61522
|
"CVE-2025-38352",
|
|
60271
61523
|
"CVE-2025-43300",
|
|
@@ -60507,6 +61759,7 @@
|
|
|
60507
61759
|
"CVE-2024-11393",
|
|
60508
61760
|
"CVE-2024-11394",
|
|
60509
61761
|
"CVE-2024-1561",
|
|
61762
|
+
"CVE-2024-27132",
|
|
60510
61763
|
"CVE-2024-3094",
|
|
60511
61764
|
"CVE-2024-37032",
|
|
60512
61765
|
"CVE-2024-39722",
|
|
@@ -60520,6 +61773,8 @@
|
|
|
60520
61773
|
"CVE-2025-23254",
|
|
60521
61774
|
"CVE-2025-23266",
|
|
60522
61775
|
"CVE-2025-30165",
|
|
61776
|
+
"CVE-2025-30202",
|
|
61777
|
+
"CVE-2025-32444",
|
|
60523
61778
|
"CVE-2025-34291",
|
|
60524
61779
|
"CVE-2025-38352",
|
|
60525
61780
|
"CVE-2025-43300",
|
|
@@ -61189,6 +62444,7 @@
|
|
|
61189
62444
|
"CVE-2024-11393",
|
|
61190
62445
|
"CVE-2024-11394",
|
|
61191
62446
|
"CVE-2024-1561",
|
|
62447
|
+
"CVE-2024-27132",
|
|
61192
62448
|
"CVE-2024-3094",
|
|
61193
62449
|
"CVE-2024-3154",
|
|
61194
62450
|
"CVE-2024-37032",
|
|
@@ -61204,6 +62460,8 @@
|
|
|
61204
62460
|
"CVE-2025-23254",
|
|
61205
62461
|
"CVE-2025-23266",
|
|
61206
62462
|
"CVE-2025-30165",
|
|
62463
|
+
"CVE-2025-30202",
|
|
62464
|
+
"CVE-2025-32444",
|
|
61207
62465
|
"CVE-2025-34291",
|
|
61208
62466
|
"CVE-2025-38352",
|
|
61209
62467
|
"CVE-2025-43300",
|
|
@@ -61454,6 +62712,7 @@
|
|
|
61454
62712
|
"CVE-2024-1561",
|
|
61455
62713
|
"CVE-2024-1708",
|
|
61456
62714
|
"CVE-2024-21762",
|
|
62715
|
+
"CVE-2024-27132",
|
|
61457
62716
|
"CVE-2024-27199",
|
|
61458
62717
|
"CVE-2024-27443",
|
|
61459
62718
|
"CVE-2024-37032",
|
|
@@ -61513,11 +62772,13 @@
|
|
|
61513
62772
|
"CVE-2025-27920",
|
|
61514
62773
|
"CVE-2025-29635",
|
|
61515
62774
|
"CVE-2025-30165",
|
|
62775
|
+
"CVE-2025-30202",
|
|
61516
62776
|
"CVE-2025-30397",
|
|
61517
62777
|
"CVE-2025-31125",
|
|
61518
62778
|
"CVE-2025-31277",
|
|
61519
62779
|
"CVE-2025-32432",
|
|
61520
62780
|
"CVE-2025-32433",
|
|
62781
|
+
"CVE-2025-32444",
|
|
61521
62782
|
"CVE-2025-32463",
|
|
61522
62783
|
"CVE-2025-32701",
|
|
61523
62784
|
"CVE-2025-32706",
|
|
@@ -61893,6 +63154,7 @@
|
|
|
61893
63154
|
"CVE-2024-1561",
|
|
61894
63155
|
"CVE-2024-1708",
|
|
61895
63156
|
"CVE-2024-21762",
|
|
63157
|
+
"CVE-2024-27132",
|
|
61896
63158
|
"CVE-2024-27199",
|
|
61897
63159
|
"CVE-2024-27443",
|
|
61898
63160
|
"CVE-2024-37032",
|
|
@@ -61952,11 +63214,13 @@
|
|
|
61952
63214
|
"CVE-2025-27920",
|
|
61953
63215
|
"CVE-2025-29635",
|
|
61954
63216
|
"CVE-2025-30165",
|
|
63217
|
+
"CVE-2025-30202",
|
|
61955
63218
|
"CVE-2025-30397",
|
|
61956
63219
|
"CVE-2025-31125",
|
|
61957
63220
|
"CVE-2025-31277",
|
|
61958
63221
|
"CVE-2025-32432",
|
|
61959
63222
|
"CVE-2025-32433",
|
|
63223
|
+
"CVE-2025-32444",
|
|
61960
63224
|
"CVE-2025-32463",
|
|
61961
63225
|
"CVE-2025-32701",
|
|
61962
63226
|
"CVE-2025-32706",
|
|
@@ -62358,6 +63622,7 @@
|
|
|
62358
63622
|
"CVE-2024-11393",
|
|
62359
63623
|
"CVE-2024-11394",
|
|
62360
63624
|
"CVE-2024-1561",
|
|
63625
|
+
"CVE-2024-27132",
|
|
62361
63626
|
"CVE-2024-3094",
|
|
62362
63627
|
"CVE-2024-3154",
|
|
62363
63628
|
"CVE-2024-37032",
|
|
@@ -62373,6 +63638,8 @@
|
|
|
62373
63638
|
"CVE-2025-23254",
|
|
62374
63639
|
"CVE-2025-23266",
|
|
62375
63640
|
"CVE-2025-30165",
|
|
63641
|
+
"CVE-2025-30202",
|
|
63642
|
+
"CVE-2025-32444",
|
|
62376
63643
|
"CVE-2025-34291",
|
|
62377
63644
|
"CVE-2025-38352",
|
|
62378
63645
|
"CVE-2025-43300",
|
|
@@ -63175,6 +64442,7 @@
|
|
|
63175
64442
|
"CVE-2024-1561",
|
|
63176
64443
|
"CVE-2024-1708",
|
|
63177
64444
|
"CVE-2024-21762",
|
|
64445
|
+
"CVE-2024-27132",
|
|
63178
64446
|
"CVE-2024-27199",
|
|
63179
64447
|
"CVE-2024-27443",
|
|
63180
64448
|
"CVE-2024-37032",
|
|
@@ -63234,11 +64502,13 @@
|
|
|
63234
64502
|
"CVE-2025-27920",
|
|
63235
64503
|
"CVE-2025-29635",
|
|
63236
64504
|
"CVE-2025-30165",
|
|
64505
|
+
"CVE-2025-30202",
|
|
63237
64506
|
"CVE-2025-30397",
|
|
63238
64507
|
"CVE-2025-31125",
|
|
63239
64508
|
"CVE-2025-31277",
|
|
63240
64509
|
"CVE-2025-32432",
|
|
63241
64510
|
"CVE-2025-32433",
|
|
64511
|
+
"CVE-2025-32444",
|
|
63242
64512
|
"CVE-2025-32463",
|
|
63243
64513
|
"CVE-2025-32701",
|
|
63244
64514
|
"CVE-2025-32706",
|
|
@@ -63704,6 +64974,7 @@
|
|
|
63704
64974
|
"CVE-2024-11393",
|
|
63705
64975
|
"CVE-2024-11394",
|
|
63706
64976
|
"CVE-2024-1561",
|
|
64977
|
+
"CVE-2024-27132",
|
|
63707
64978
|
"CVE-2024-3094",
|
|
63708
64979
|
"CVE-2024-3154",
|
|
63709
64980
|
"CVE-2024-37032",
|
|
@@ -63719,6 +64990,8 @@
|
|
|
63719
64990
|
"CVE-2025-23254",
|
|
63720
64991
|
"CVE-2025-23266",
|
|
63721
64992
|
"CVE-2025-30165",
|
|
64993
|
+
"CVE-2025-30202",
|
|
64994
|
+
"CVE-2025-32444",
|
|
63722
64995
|
"CVE-2025-34291",
|
|
63723
64996
|
"CVE-2025-38352",
|
|
63724
64997
|
"CVE-2025-43300",
|
|
@@ -64047,6 +65320,7 @@
|
|
|
64047
65320
|
"CVE-2024-1561",
|
|
64048
65321
|
"CVE-2024-1708",
|
|
64049
65322
|
"CVE-2024-21762",
|
|
65323
|
+
"CVE-2024-27132",
|
|
64050
65324
|
"CVE-2024-27199",
|
|
64051
65325
|
"CVE-2024-27443",
|
|
64052
65326
|
"CVE-2024-3094",
|
|
@@ -64109,11 +65383,13 @@
|
|
|
64109
65383
|
"CVE-2025-27920",
|
|
64110
65384
|
"CVE-2025-29635",
|
|
64111
65385
|
"CVE-2025-30165",
|
|
65386
|
+
"CVE-2025-30202",
|
|
64112
65387
|
"CVE-2025-30397",
|
|
64113
65388
|
"CVE-2025-31125",
|
|
64114
65389
|
"CVE-2025-31277",
|
|
64115
65390
|
"CVE-2025-32432",
|
|
64116
65391
|
"CVE-2025-32433",
|
|
65392
|
+
"CVE-2025-32444",
|
|
64117
65393
|
"CVE-2025-32463",
|
|
64118
65394
|
"CVE-2025-32701",
|
|
64119
65395
|
"CVE-2025-32706",
|
|
@@ -64595,6 +65871,7 @@
|
|
|
64595
65871
|
"CVE-2024-11393",
|
|
64596
65872
|
"CVE-2024-11394",
|
|
64597
65873
|
"CVE-2024-1561",
|
|
65874
|
+
"CVE-2024-27132",
|
|
64598
65875
|
"CVE-2024-3094",
|
|
64599
65876
|
"CVE-2024-3154",
|
|
64600
65877
|
"CVE-2024-37032",
|
|
@@ -64609,6 +65886,8 @@
|
|
|
64609
65886
|
"CVE-2025-23254",
|
|
64610
65887
|
"CVE-2025-23266",
|
|
64611
65888
|
"CVE-2025-30165",
|
|
65889
|
+
"CVE-2025-30202",
|
|
65890
|
+
"CVE-2025-32444",
|
|
64612
65891
|
"CVE-2025-34291",
|
|
64613
65892
|
"CVE-2025-38352",
|
|
64614
65893
|
"CVE-2025-43300",
|
|
@@ -65548,6 +66827,7 @@
|
|
|
65548
66827
|
"CVE-2024-11393",
|
|
65549
66828
|
"CVE-2024-11394",
|
|
65550
66829
|
"CVE-2024-1561",
|
|
66830
|
+
"CVE-2024-27132",
|
|
65551
66831
|
"CVE-2024-3094",
|
|
65552
66832
|
"CVE-2024-3154",
|
|
65553
66833
|
"CVE-2024-37032",
|
|
@@ -65563,6 +66843,8 @@
|
|
|
65563
66843
|
"CVE-2025-23254",
|
|
65564
66844
|
"CVE-2025-23266",
|
|
65565
66845
|
"CVE-2025-30165",
|
|
66846
|
+
"CVE-2025-30202",
|
|
66847
|
+
"CVE-2025-32444",
|
|
65566
66848
|
"CVE-2025-34291",
|
|
65567
66849
|
"CVE-2025-38352",
|
|
65568
66850
|
"CVE-2025-43300",
|
|
@@ -65665,6 +66947,7 @@
|
|
|
65665
66947
|
"CVE-2024-11393",
|
|
65666
66948
|
"CVE-2024-11394",
|
|
65667
66949
|
"CVE-2024-1561",
|
|
66950
|
+
"CVE-2024-27132",
|
|
65668
66951
|
"CVE-2024-37032",
|
|
65669
66952
|
"CVE-2024-39722",
|
|
65670
66953
|
"CVE-2024-42478",
|
|
@@ -65677,6 +66960,8 @@
|
|
|
65677
66960
|
"CVE-2025-23254",
|
|
65678
66961
|
"CVE-2025-23266",
|
|
65679
66962
|
"CVE-2025-30165",
|
|
66963
|
+
"CVE-2025-30202",
|
|
66964
|
+
"CVE-2025-32444",
|
|
65680
66965
|
"CVE-2025-34291",
|
|
65681
66966
|
"CVE-2025-38352",
|
|
65682
66967
|
"CVE-2025-43300",
|
|
@@ -65852,6 +67137,7 @@
|
|
|
65852
67137
|
"CVE-2024-11393",
|
|
65853
67138
|
"CVE-2024-11394",
|
|
65854
67139
|
"CVE-2024-1561",
|
|
67140
|
+
"CVE-2024-27132",
|
|
65855
67141
|
"CVE-2024-37032",
|
|
65856
67142
|
"CVE-2024-39722",
|
|
65857
67143
|
"CVE-2024-42478",
|
|
@@ -65864,6 +67150,8 @@
|
|
|
65864
67150
|
"CVE-2025-23254",
|
|
65865
67151
|
"CVE-2025-23266",
|
|
65866
67152
|
"CVE-2025-30165",
|
|
67153
|
+
"CVE-2025-30202",
|
|
67154
|
+
"CVE-2025-32444",
|
|
65867
67155
|
"CVE-2025-34291",
|
|
65868
67156
|
"CVE-2025-49596",
|
|
65869
67157
|
"CVE-2025-53773",
|
|
@@ -66293,6 +67581,7 @@
|
|
|
66293
67581
|
"CVE-2024-1561",
|
|
66294
67582
|
"CVE-2024-1708",
|
|
66295
67583
|
"CVE-2024-21762",
|
|
67584
|
+
"CVE-2024-27132",
|
|
66296
67585
|
"CVE-2024-27199",
|
|
66297
67586
|
"CVE-2024-27443",
|
|
66298
67587
|
"CVE-2024-3094",
|
|
@@ -66350,11 +67639,13 @@
|
|
|
66350
67639
|
"CVE-2025-27920",
|
|
66351
67640
|
"CVE-2025-29635",
|
|
66352
67641
|
"CVE-2025-30165",
|
|
67642
|
+
"CVE-2025-30202",
|
|
66353
67643
|
"CVE-2025-30397",
|
|
66354
67644
|
"CVE-2025-31125",
|
|
66355
67645
|
"CVE-2025-31277",
|
|
66356
67646
|
"CVE-2025-32432",
|
|
66357
67647
|
"CVE-2025-32433",
|
|
67648
|
+
"CVE-2025-32444",
|
|
66358
67649
|
"CVE-2025-32463",
|
|
66359
67650
|
"CVE-2025-32701",
|
|
66360
67651
|
"CVE-2025-32706",
|
|
@@ -66748,6 +68039,7 @@
|
|
|
66748
68039
|
"CVE-2024-11393",
|
|
66749
68040
|
"CVE-2024-11394",
|
|
66750
68041
|
"CVE-2024-1561",
|
|
68042
|
+
"CVE-2024-27132",
|
|
66751
68043
|
"CVE-2024-3094",
|
|
66752
68044
|
"CVE-2024-3154",
|
|
66753
68045
|
"CVE-2024-37032",
|
|
@@ -66763,6 +68055,8 @@
|
|
|
66763
68055
|
"CVE-2025-23254",
|
|
66764
68056
|
"CVE-2025-23266",
|
|
66765
68057
|
"CVE-2025-30165",
|
|
68058
|
+
"CVE-2025-30202",
|
|
68059
|
+
"CVE-2025-32444",
|
|
66766
68060
|
"CVE-2025-34291",
|
|
66767
68061
|
"CVE-2025-38352",
|
|
66768
68062
|
"CVE-2025-43300",
|
|
@@ -67058,6 +68352,7 @@
|
|
|
67058
68352
|
"CVE-2024-11393",
|
|
67059
68353
|
"CVE-2024-11394",
|
|
67060
68354
|
"CVE-2024-1561",
|
|
68355
|
+
"CVE-2024-27132",
|
|
67061
68356
|
"CVE-2024-3094",
|
|
67062
68357
|
"CVE-2024-37032",
|
|
67063
68358
|
"CVE-2024-39722",
|
|
@@ -67074,6 +68369,8 @@
|
|
|
67074
68369
|
"CVE-2025-23254",
|
|
67075
68370
|
"CVE-2025-23266",
|
|
67076
68371
|
"CVE-2025-30165",
|
|
68372
|
+
"CVE-2025-30202",
|
|
68373
|
+
"CVE-2025-32444",
|
|
67077
68374
|
"CVE-2025-34291",
|
|
67078
68375
|
"CVE-2025-49596",
|
|
67079
68376
|
"CVE-2025-53767",
|