@blamejs/exceptd-skills 0.13.90 → 0.13.92

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +1297 -0
  6. package/data/atlas-ttps.json +3 -0
  7. package/data/attack-techniques.json +6 -0
  8. package/data/cve-catalog.json +310 -0
  9. package/data/cwe-catalog.json +4 -0
  10. package/data/framework-control-gaps.json +24 -0
  11. package/data/zeroday-lessons.json +150 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -31965,6 +31965,1232 @@
31965
31965
  ]
31966
31966
  }
31967
31967
  },
31968
+ "CVE-2024-27132": {
31969
+ "name": "MLflow Recipe Template Injection XSS to Client-Side RCE",
31970
+ "rwep": 29,
31971
+ "cvss": 9.6,
31972
+ "cisa_kev": false,
31973
+ "epss_score": null,
31974
+ "referencing_skills": [
31975
+ "kernel-lpe-triage",
31976
+ "ai-attack-surface",
31977
+ "compliance-theater",
31978
+ "attack-surface-pentest",
31979
+ "ot-ics-security",
31980
+ "coordinated-vuln-disclosure",
31981
+ "sector-energy"
31982
+ ],
31983
+ "chain": {
31984
+ "cwes": [
31985
+ {
31986
+ "id": "CWE-1037",
31987
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
31988
+ "category": "Hardware / Side Channel"
31989
+ },
31990
+ {
31991
+ "id": "CWE-1039",
31992
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
31993
+ "category": "AI/ML"
31994
+ },
31995
+ {
31996
+ "id": "CWE-125",
31997
+ "name": "Out-of-bounds Read",
31998
+ "category": "Memory Safety"
31999
+ },
32000
+ {
32001
+ "id": "CWE-1357",
32002
+ "name": "Reliance on Insufficiently Trustworthy Component",
32003
+ "category": "Supply Chain"
32004
+ },
32005
+ {
32006
+ "id": "CWE-1395",
32007
+ "name": "Dependency on Vulnerable Third-Party Component",
32008
+ "category": "Supply Chain"
32009
+ },
32010
+ {
32011
+ "id": "CWE-1426",
32012
+ "name": "Improper Validation of Generative AI Output",
32013
+ "category": "AI/ML"
32014
+ },
32015
+ {
32016
+ "id": "CWE-22",
32017
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
32018
+ "category": "Path/Resource"
32019
+ },
32020
+ {
32021
+ "id": "CWE-269",
32022
+ "name": "Improper Privilege Management",
32023
+ "category": "Authorization"
32024
+ },
32025
+ {
32026
+ "id": "CWE-287",
32027
+ "name": "Improper Authentication",
32028
+ "category": "Authentication"
32029
+ },
32030
+ {
32031
+ "id": "CWE-306",
32032
+ "name": "Missing Authentication for Critical Function",
32033
+ "category": "Authentication"
32034
+ },
32035
+ {
32036
+ "id": "CWE-352",
32037
+ "name": "Cross-Site Request Forgery (CSRF)",
32038
+ "category": "Session"
32039
+ },
32040
+ {
32041
+ "id": "CWE-362",
32042
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
32043
+ "category": "Concurrency"
32044
+ },
32045
+ {
32046
+ "id": "CWE-416",
32047
+ "name": "Use After Free",
32048
+ "category": "Memory Safety"
32049
+ },
32050
+ {
32051
+ "id": "CWE-434",
32052
+ "name": "Unrestricted Upload of File with Dangerous Type",
32053
+ "category": "File Handling"
32054
+ },
32055
+ {
32056
+ "id": "CWE-672",
32057
+ "name": "Operation on a Resource after Expiration or Release",
32058
+ "category": "Memory Safety"
32059
+ },
32060
+ {
32061
+ "id": "CWE-732",
32062
+ "name": "Incorrect Permission Assignment for Critical Resource",
32063
+ "category": "Authorization"
32064
+ },
32065
+ {
32066
+ "id": "CWE-78",
32067
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
32068
+ "category": "Injection"
32069
+ },
32070
+ {
32071
+ "id": "CWE-787",
32072
+ "name": "Out-of-bounds Write",
32073
+ "category": "Memory Safety"
32074
+ },
32075
+ {
32076
+ "id": "CWE-79",
32077
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
32078
+ "category": "Injection"
32079
+ },
32080
+ {
32081
+ "id": "CWE-798",
32082
+ "name": "Use of Hard-coded Credentials",
32083
+ "category": "Credentials"
32084
+ },
32085
+ {
32086
+ "id": "CWE-89",
32087
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
32088
+ "category": "Injection"
32089
+ },
32090
+ {
32091
+ "id": "CWE-918",
32092
+ "name": "Server-Side Request Forgery (SSRF)",
32093
+ "category": "Network"
32094
+ },
32095
+ {
32096
+ "id": "CWE-94",
32097
+ "name": "Improper Control of Generation of Code (Code Injection)",
32098
+ "category": "Injection"
32099
+ }
32100
+ ],
32101
+ "atlas": [
32102
+ {
32103
+ "id": "AML.T0010",
32104
+ "name": "ML Supply Chain Compromise",
32105
+ "tactic": "Initial Access"
32106
+ },
32107
+ {
32108
+ "id": "AML.T0016",
32109
+ "name": "Obtain Capabilities: Develop Capabilities",
32110
+ "tactic": "Resource Development"
32111
+ },
32112
+ {
32113
+ "id": "AML.T0017",
32114
+ "name": "Discover ML Model Ontology",
32115
+ "tactic": "Discovery"
32116
+ },
32117
+ {
32118
+ "id": "AML.T0018",
32119
+ "name": "Backdoor ML Model",
32120
+ "tactic": "Persistence"
32121
+ },
32122
+ {
32123
+ "id": "AML.T0020",
32124
+ "name": "Poison Training Data",
32125
+ "tactic": "ML Attack Staging"
32126
+ },
32127
+ {
32128
+ "id": "AML.T0043",
32129
+ "name": "Craft Adversarial Data",
32130
+ "tactic": "ML Attack Staging"
32131
+ },
32132
+ {
32133
+ "id": "AML.T0051",
32134
+ "name": "LLM Prompt Injection",
32135
+ "tactic": "Execution"
32136
+ },
32137
+ {
32138
+ "id": "AML.T0054",
32139
+ "name": "LLM Jailbreak",
32140
+ "tactic": "Defense Evasion"
32141
+ },
32142
+ {
32143
+ "id": "AML.T0096",
32144
+ "name": "AI API as Covert C2 Channel",
32145
+ "tactic": "Command and Control"
32146
+ }
32147
+ ],
32148
+ "d3fend": [
32149
+ {
32150
+ "id": "D3-ASLR",
32151
+ "name": "Address Space Layout Randomization",
32152
+ "tactic": "Harden"
32153
+ },
32154
+ {
32155
+ "id": "D3-CSPP",
32156
+ "name": "Client-server Payload Profiling",
32157
+ "tactic": "Detect"
32158
+ },
32159
+ {
32160
+ "id": "D3-EAL",
32161
+ "name": "Executable Allowlisting",
32162
+ "tactic": "Harden"
32163
+ },
32164
+ {
32165
+ "id": "D3-IOPR",
32166
+ "name": "Input/Output Profiling Resource",
32167
+ "tactic": "Detect"
32168
+ },
32169
+ {
32170
+ "id": "D3-NTA",
32171
+ "name": "Network Traffic Analysis",
32172
+ "tactic": "Detect"
32173
+ },
32174
+ {
32175
+ "id": "D3-PHRA",
32176
+ "name": "Process Hardware Resource Access",
32177
+ "tactic": "Isolate"
32178
+ },
32179
+ {
32180
+ "id": "D3-PSEP",
32181
+ "name": "Process Segment Execution Prevention",
32182
+ "tactic": "Harden"
32183
+ }
32184
+ ],
32185
+ "framework_gaps": [
32186
+ {
32187
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
32188
+ "framework": "ALL",
32189
+ "control_name": "AI Pipeline Integrity"
32190
+ },
32191
+ {
32192
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
32193
+ "framework": "ALL",
32194
+ "control_name": "Prompt Injection as Access Control Failure"
32195
+ },
32196
+ {
32197
+ "id": "CIS-Controls-v8-Control7",
32198
+ "framework": "CIS Controls v8",
32199
+ "control_name": "Continuous Vulnerability Management"
32200
+ },
32201
+ {
32202
+ "id": "CMMC-2.0-Level-2",
32203
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
32204
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
32205
+ },
32206
+ {
32207
+ "id": "FedRAMP-Rev5-Moderate",
32208
+ "framework": "FedRAMP Rev 5 Moderate",
32209
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
32210
+ },
32211
+ {
32212
+ "id": "IEC-62443-3-3",
32213
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
32214
+ "control_name": "System security requirements and security levels"
32215
+ },
32216
+ {
32217
+ "id": "ISO-27001-2022-A.8.28",
32218
+ "framework": "ISO/IEC 27001:2022",
32219
+ "control_name": "Secure coding"
32220
+ },
32221
+ {
32222
+ "id": "ISO-27001-2022-A.8.8",
32223
+ "framework": "ISO/IEC 27001:2022",
32224
+ "control_name": "Management of technical vulnerabilities"
32225
+ },
32226
+ {
32227
+ "id": "ISO-IEC-23894-2023-clause-7",
32228
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
32229
+ "control_name": "AI risk management process"
32230
+ },
32231
+ {
32232
+ "id": "NERC-CIP-007-6-R4",
32233
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
32234
+ "control_name": "Security event monitoring"
32235
+ },
32236
+ {
32237
+ "id": "NIS2-Art21-patch-management",
32238
+ "framework": "EU NIS2 Directive",
32239
+ "control_name": "Vulnerability handling and disclosure"
32240
+ },
32241
+ {
32242
+ "id": "NIST-800-115",
32243
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
32244
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
32245
+ },
32246
+ {
32247
+ "id": "NIST-800-218-SSDF",
32248
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
32249
+ "control_name": "Secure Software Development Framework"
32250
+ },
32251
+ {
32252
+ "id": "NIST-800-53-AC-2",
32253
+ "framework": "NIST SP 800-53 Rev 5",
32254
+ "control_name": "Account Management"
32255
+ },
32256
+ {
32257
+ "id": "NIST-800-53-SC-8",
32258
+ "framework": "NIST SP 800-53 Rev 5",
32259
+ "control_name": "Transmission Confidentiality and Integrity"
32260
+ },
32261
+ {
32262
+ "id": "NIST-800-53-SI-2",
32263
+ "framework": "NIST SP 800-53 Rev 5",
32264
+ "control_name": "Flaw Remediation"
32265
+ },
32266
+ {
32267
+ "id": "NIST-800-53-SI-3",
32268
+ "framework": "NIST SP 800-53 Rev 5",
32269
+ "control_name": "Malicious Code Protection"
32270
+ },
32271
+ {
32272
+ "id": "NIST-800-82r3",
32273
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
32274
+ "control_name": "Guide to Operational Technology (OT) Security"
32275
+ },
32276
+ {
32277
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
32278
+ "framework": "OWASP Top 10 for LLM Applications 2025",
32279
+ "control_name": "Prompt Injection"
32280
+ },
32281
+ {
32282
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
32283
+ "framework": "OWASP Top 10 for LLM Applications 2025",
32284
+ "control_name": "Sensitive Information Disclosure"
32285
+ },
32286
+ {
32287
+ "id": "OWASP-Pen-Testing-Guide-v5",
32288
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
32289
+ "control_name": "Web application penetration testing methodology"
32290
+ },
32291
+ {
32292
+ "id": "PCI-DSS-4.0-6.3.3",
32293
+ "framework": "PCI DSS 4.0",
32294
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
32295
+ },
32296
+ {
32297
+ "id": "PTES-Pre-engagement",
32298
+ "framework": "Penetration Testing Execution Standard (PTES)",
32299
+ "control_name": "Pre-engagement Interactions"
32300
+ },
32301
+ {
32302
+ "id": "SOC2-CC6-logical-access",
32303
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
32304
+ "control_name": "Logical and Physical Access Controls"
32305
+ },
32306
+ {
32307
+ "id": "SOC2-CC9-vendor-management",
32308
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
32309
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
32310
+ }
32311
+ ],
32312
+ "attack_refs": [
32313
+ "T0855",
32314
+ "T0883",
32315
+ "T1059",
32316
+ "T1068",
32317
+ "T1078",
32318
+ "T1133",
32319
+ "T1190",
32320
+ "T1548.001",
32321
+ "T1566"
32322
+ ],
32323
+ "rfc_refs": [
32324
+ "RFC-4301",
32325
+ "RFC-4303",
32326
+ "RFC-7296"
32327
+ ]
32328
+ }
32329
+ },
32330
+ "CVE-2024-21575": {
32331
+ "name": "ComfyUI-Impact-Pack Path Traversal Arbitrary File Write to RCE",
32332
+ "rwep": 29,
32333
+ "cvss": 8.6,
32334
+ "cisa_kev": false,
32335
+ "epss_score": null,
32336
+ "referencing_skills": [
32337
+ "kernel-lpe-triage",
32338
+ "ai-attack-surface",
32339
+ "compliance-theater",
32340
+ "ai-c2-detection",
32341
+ "attack-surface-pentest",
32342
+ "dlp-gap-analysis",
32343
+ "ot-ics-security",
32344
+ "coordinated-vuln-disclosure",
32345
+ "sector-energy"
32346
+ ],
32347
+ "chain": {
32348
+ "cwes": [
32349
+ {
32350
+ "id": "CWE-1037",
32351
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
32352
+ "category": "Hardware / Side Channel"
32353
+ },
32354
+ {
32355
+ "id": "CWE-1039",
32356
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
32357
+ "category": "AI/ML"
32358
+ },
32359
+ {
32360
+ "id": "CWE-125",
32361
+ "name": "Out-of-bounds Read",
32362
+ "category": "Memory Safety"
32363
+ },
32364
+ {
32365
+ "id": "CWE-1357",
32366
+ "name": "Reliance on Insufficiently Trustworthy Component",
32367
+ "category": "Supply Chain"
32368
+ },
32369
+ {
32370
+ "id": "CWE-1395",
32371
+ "name": "Dependency on Vulnerable Third-Party Component",
32372
+ "category": "Supply Chain"
32373
+ },
32374
+ {
32375
+ "id": "CWE-1426",
32376
+ "name": "Improper Validation of Generative AI Output",
32377
+ "category": "AI/ML"
32378
+ },
32379
+ {
32380
+ "id": "CWE-200",
32381
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
32382
+ "category": "Information Exposure"
32383
+ },
32384
+ {
32385
+ "id": "CWE-22",
32386
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
32387
+ "category": "Path/Resource"
32388
+ },
32389
+ {
32390
+ "id": "CWE-269",
32391
+ "name": "Improper Privilege Management",
32392
+ "category": "Authorization"
32393
+ },
32394
+ {
32395
+ "id": "CWE-287",
32396
+ "name": "Improper Authentication",
32397
+ "category": "Authentication"
32398
+ },
32399
+ {
32400
+ "id": "CWE-306",
32401
+ "name": "Missing Authentication for Critical Function",
32402
+ "category": "Authentication"
32403
+ },
32404
+ {
32405
+ "id": "CWE-352",
32406
+ "name": "Cross-Site Request Forgery (CSRF)",
32407
+ "category": "Session"
32408
+ },
32409
+ {
32410
+ "id": "CWE-362",
32411
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
32412
+ "category": "Concurrency"
32413
+ },
32414
+ {
32415
+ "id": "CWE-416",
32416
+ "name": "Use After Free",
32417
+ "category": "Memory Safety"
32418
+ },
32419
+ {
32420
+ "id": "CWE-434",
32421
+ "name": "Unrestricted Upload of File with Dangerous Type",
32422
+ "category": "File Handling"
32423
+ },
32424
+ {
32425
+ "id": "CWE-672",
32426
+ "name": "Operation on a Resource after Expiration or Release",
32427
+ "category": "Memory Safety"
32428
+ },
32429
+ {
32430
+ "id": "CWE-732",
32431
+ "name": "Incorrect Permission Assignment for Critical Resource",
32432
+ "category": "Authorization"
32433
+ },
32434
+ {
32435
+ "id": "CWE-78",
32436
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
32437
+ "category": "Injection"
32438
+ },
32439
+ {
32440
+ "id": "CWE-787",
32441
+ "name": "Out-of-bounds Write",
32442
+ "category": "Memory Safety"
32443
+ },
32444
+ {
32445
+ "id": "CWE-79",
32446
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
32447
+ "category": "Injection"
32448
+ },
32449
+ {
32450
+ "id": "CWE-798",
32451
+ "name": "Use of Hard-coded Credentials",
32452
+ "category": "Credentials"
32453
+ },
32454
+ {
32455
+ "id": "CWE-89",
32456
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
32457
+ "category": "Injection"
32458
+ },
32459
+ {
32460
+ "id": "CWE-918",
32461
+ "name": "Server-Side Request Forgery (SSRF)",
32462
+ "category": "Network"
32463
+ },
32464
+ {
32465
+ "id": "CWE-94",
32466
+ "name": "Improper Control of Generation of Code (Code Injection)",
32467
+ "category": "Injection"
32468
+ }
32469
+ ],
32470
+ "atlas": [
32471
+ {
32472
+ "id": "AML.T0010",
32473
+ "name": "ML Supply Chain Compromise",
32474
+ "tactic": "Initial Access"
32475
+ },
32476
+ {
32477
+ "id": "AML.T0016",
32478
+ "name": "Obtain Capabilities: Develop Capabilities",
32479
+ "tactic": "Resource Development"
32480
+ },
32481
+ {
32482
+ "id": "AML.T0017",
32483
+ "name": "Discover ML Model Ontology",
32484
+ "tactic": "Discovery"
32485
+ },
32486
+ {
32487
+ "id": "AML.T0018",
32488
+ "name": "Backdoor ML Model",
32489
+ "tactic": "Persistence"
32490
+ },
32491
+ {
32492
+ "id": "AML.T0020",
32493
+ "name": "Poison Training Data",
32494
+ "tactic": "ML Attack Staging"
32495
+ },
32496
+ {
32497
+ "id": "AML.T0043",
32498
+ "name": "Craft Adversarial Data",
32499
+ "tactic": "ML Attack Staging"
32500
+ },
32501
+ {
32502
+ "id": "AML.T0051",
32503
+ "name": "LLM Prompt Injection",
32504
+ "tactic": "Execution"
32505
+ },
32506
+ {
32507
+ "id": "AML.T0054",
32508
+ "name": "LLM Jailbreak",
32509
+ "tactic": "Defense Evasion"
32510
+ },
32511
+ {
32512
+ "id": "AML.T0096",
32513
+ "name": "AI API as Covert C2 Channel",
32514
+ "tactic": "Command and Control"
32515
+ }
32516
+ ],
32517
+ "d3fend": [
32518
+ {
32519
+ "id": "D3-ASLR",
32520
+ "name": "Address Space Layout Randomization",
32521
+ "tactic": "Harden"
32522
+ },
32523
+ {
32524
+ "id": "D3-CA",
32525
+ "name": "Certificate Analysis",
32526
+ "tactic": "Detect"
32527
+ },
32528
+ {
32529
+ "id": "D3-CSPP",
32530
+ "name": "Client-server Payload Profiling",
32531
+ "tactic": "Detect"
32532
+ },
32533
+ {
32534
+ "id": "D3-DA",
32535
+ "name": "Domain Analysis",
32536
+ "tactic": "Detect"
32537
+ },
32538
+ {
32539
+ "id": "D3-EAL",
32540
+ "name": "Executable Allowlisting",
32541
+ "tactic": "Harden"
32542
+ },
32543
+ {
32544
+ "id": "D3-IOPR",
32545
+ "name": "Input/Output Profiling Resource",
32546
+ "tactic": "Detect"
32547
+ },
32548
+ {
32549
+ "id": "D3-NI",
32550
+ "name": "Network Isolation",
32551
+ "tactic": "Isolate"
32552
+ },
32553
+ {
32554
+ "id": "D3-NTA",
32555
+ "name": "Network Traffic Analysis",
32556
+ "tactic": "Detect"
32557
+ },
32558
+ {
32559
+ "id": "D3-NTPM",
32560
+ "name": "Network Traffic Policy Mapping",
32561
+ "tactic": "Model"
32562
+ },
32563
+ {
32564
+ "id": "D3-PHRA",
32565
+ "name": "Process Hardware Resource Access",
32566
+ "tactic": "Isolate"
32567
+ },
32568
+ {
32569
+ "id": "D3-PSEP",
32570
+ "name": "Process Segment Execution Prevention",
32571
+ "tactic": "Harden"
32572
+ }
32573
+ ],
32574
+ "framework_gaps": [
32575
+ {
32576
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
32577
+ "framework": "ALL",
32578
+ "control_name": "AI Pipeline Integrity"
32579
+ },
32580
+ {
32581
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
32582
+ "framework": "ALL",
32583
+ "control_name": "Prompt Injection as Access Control Failure"
32584
+ },
32585
+ {
32586
+ "id": "CIS-Controls-v8-Control7",
32587
+ "framework": "CIS Controls v8",
32588
+ "control_name": "Continuous Vulnerability Management"
32589
+ },
32590
+ {
32591
+ "id": "CMMC-2.0-Level-2",
32592
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
32593
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
32594
+ },
32595
+ {
32596
+ "id": "FedRAMP-Rev5-Moderate",
32597
+ "framework": "FedRAMP Rev 5 Moderate",
32598
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
32599
+ },
32600
+ {
32601
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
32602
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
32603
+ "control_name": "Access control standard (technical safeguards)"
32604
+ },
32605
+ {
32606
+ "id": "IEC-62443-3-3",
32607
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
32608
+ "control_name": "System security requirements and security levels"
32609
+ },
32610
+ {
32611
+ "id": "ISO-27001-2022-A.8.16",
32612
+ "framework": "ISO/IEC 27001:2022",
32613
+ "control_name": "Monitoring activities"
32614
+ },
32615
+ {
32616
+ "id": "ISO-27001-2022-A.8.28",
32617
+ "framework": "ISO/IEC 27001:2022",
32618
+ "control_name": "Secure coding"
32619
+ },
32620
+ {
32621
+ "id": "ISO-27001-2022-A.8.8",
32622
+ "framework": "ISO/IEC 27001:2022",
32623
+ "control_name": "Management of technical vulnerabilities"
32624
+ },
32625
+ {
32626
+ "id": "ISO-IEC-23894-2023-clause-7",
32627
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
32628
+ "control_name": "AI risk management process"
32629
+ },
32630
+ {
32631
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
32632
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
32633
+ "control_name": "AI risk assessment"
32634
+ },
32635
+ {
32636
+ "id": "NERC-CIP-007-6-R4",
32637
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
32638
+ "control_name": "Security event monitoring"
32639
+ },
32640
+ {
32641
+ "id": "NIS2-Art21-patch-management",
32642
+ "framework": "EU NIS2 Directive",
32643
+ "control_name": "Vulnerability handling and disclosure"
32644
+ },
32645
+ {
32646
+ "id": "NIST-800-115",
32647
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
32648
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
32649
+ },
32650
+ {
32651
+ "id": "NIST-800-218-SSDF",
32652
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
32653
+ "control_name": "Secure Software Development Framework"
32654
+ },
32655
+ {
32656
+ "id": "NIST-800-53-AC-2",
32657
+ "framework": "NIST SP 800-53 Rev 5",
32658
+ "control_name": "Account Management"
32659
+ },
32660
+ {
32661
+ "id": "NIST-800-53-SC-28",
32662
+ "framework": "NIST SP 800-53 Rev 5",
32663
+ "control_name": "Protection of Information at Rest"
32664
+ },
32665
+ {
32666
+ "id": "NIST-800-53-SC-7",
32667
+ "framework": "NIST SP 800-53 Rev 5",
32668
+ "control_name": "Boundary Protection"
32669
+ },
32670
+ {
32671
+ "id": "NIST-800-53-SC-8",
32672
+ "framework": "NIST SP 800-53 Rev 5",
32673
+ "control_name": "Transmission Confidentiality and Integrity"
32674
+ },
32675
+ {
32676
+ "id": "NIST-800-53-SI-2",
32677
+ "framework": "NIST SP 800-53 Rev 5",
32678
+ "control_name": "Flaw Remediation"
32679
+ },
32680
+ {
32681
+ "id": "NIST-800-53-SI-3",
32682
+ "framework": "NIST SP 800-53 Rev 5",
32683
+ "control_name": "Malicious Code Protection"
32684
+ },
32685
+ {
32686
+ "id": "NIST-800-82r3",
32687
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
32688
+ "control_name": "Guide to Operational Technology (OT) Security"
32689
+ },
32690
+ {
32691
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
32692
+ "framework": "OWASP Top 10 for LLM Applications 2025",
32693
+ "control_name": "Prompt Injection"
32694
+ },
32695
+ {
32696
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
32697
+ "framework": "OWASP Top 10 for LLM Applications 2025",
32698
+ "control_name": "Sensitive Information Disclosure"
32699
+ },
32700
+ {
32701
+ "id": "OWASP-Pen-Testing-Guide-v5",
32702
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
32703
+ "control_name": "Web application penetration testing methodology"
32704
+ },
32705
+ {
32706
+ "id": "PCI-DSS-4.0-6.3.3",
32707
+ "framework": "PCI DSS 4.0",
32708
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
32709
+ },
32710
+ {
32711
+ "id": "PTES-Pre-engagement",
32712
+ "framework": "Penetration Testing Execution Standard (PTES)",
32713
+ "control_name": "Pre-engagement Interactions"
32714
+ },
32715
+ {
32716
+ "id": "SOC2-CC6-logical-access",
32717
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
32718
+ "control_name": "Logical and Physical Access Controls"
32719
+ },
32720
+ {
32721
+ "id": "SOC2-CC7-anomaly-detection",
32722
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
32723
+ "control_name": "System Operations — Threat and Vulnerability Management"
32724
+ },
32725
+ {
32726
+ "id": "SOC2-CC9-vendor-management",
32727
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
32728
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
32729
+ }
32730
+ ],
32731
+ "attack_refs": [
32732
+ "T0855",
32733
+ "T0883",
32734
+ "T1041",
32735
+ "T1059",
32736
+ "T1068",
32737
+ "T1071",
32738
+ "T1078",
32739
+ "T1102",
32740
+ "T1133",
32741
+ "T1190",
32742
+ "T1213",
32743
+ "T1530",
32744
+ "T1548.001",
32745
+ "T1566",
32746
+ "T1567",
32747
+ "T1568"
32748
+ ],
32749
+ "rfc_refs": [
32750
+ "RFC-4301",
32751
+ "RFC-4303",
32752
+ "RFC-7296",
32753
+ "RFC-8446",
32754
+ "RFC-9000",
32755
+ "RFC-9114",
32756
+ "RFC-9180",
32757
+ "RFC-9421",
32758
+ "RFC-9458"
32759
+ ]
32760
+ }
32761
+ },
32762
+ "CVE-2024-21576": {
32763
+ "name": "ComfyUI-Bmad-Nodes Workflow Code Injection RCE",
32764
+ "rwep": 29,
32765
+ "cvss": 10,
32766
+ "cisa_kev": false,
32767
+ "epss_score": null,
32768
+ "referencing_skills": [
32769
+ "kernel-lpe-triage",
32770
+ "ai-attack-surface",
32771
+ "compliance-theater",
32772
+ "ai-c2-detection",
32773
+ "attack-surface-pentest",
32774
+ "dlp-gap-analysis",
32775
+ "ot-ics-security",
32776
+ "coordinated-vuln-disclosure",
32777
+ "sector-energy"
32778
+ ],
32779
+ "chain": {
32780
+ "cwes": [
32781
+ {
32782
+ "id": "CWE-1037",
32783
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
32784
+ "category": "Hardware / Side Channel"
32785
+ },
32786
+ {
32787
+ "id": "CWE-1039",
32788
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
32789
+ "category": "AI/ML"
32790
+ },
32791
+ {
32792
+ "id": "CWE-125",
32793
+ "name": "Out-of-bounds Read",
32794
+ "category": "Memory Safety"
32795
+ },
32796
+ {
32797
+ "id": "CWE-1357",
32798
+ "name": "Reliance on Insufficiently Trustworthy Component",
32799
+ "category": "Supply Chain"
32800
+ },
32801
+ {
32802
+ "id": "CWE-1395",
32803
+ "name": "Dependency on Vulnerable Third-Party Component",
32804
+ "category": "Supply Chain"
32805
+ },
32806
+ {
32807
+ "id": "CWE-1426",
32808
+ "name": "Improper Validation of Generative AI Output",
32809
+ "category": "AI/ML"
32810
+ },
32811
+ {
32812
+ "id": "CWE-200",
32813
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
32814
+ "category": "Information Exposure"
32815
+ },
32816
+ {
32817
+ "id": "CWE-22",
32818
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
32819
+ "category": "Path/Resource"
32820
+ },
32821
+ {
32822
+ "id": "CWE-269",
32823
+ "name": "Improper Privilege Management",
32824
+ "category": "Authorization"
32825
+ },
32826
+ {
32827
+ "id": "CWE-287",
32828
+ "name": "Improper Authentication",
32829
+ "category": "Authentication"
32830
+ },
32831
+ {
32832
+ "id": "CWE-306",
32833
+ "name": "Missing Authentication for Critical Function",
32834
+ "category": "Authentication"
32835
+ },
32836
+ {
32837
+ "id": "CWE-352",
32838
+ "name": "Cross-Site Request Forgery (CSRF)",
32839
+ "category": "Session"
32840
+ },
32841
+ {
32842
+ "id": "CWE-362",
32843
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
32844
+ "category": "Concurrency"
32845
+ },
32846
+ {
32847
+ "id": "CWE-416",
32848
+ "name": "Use After Free",
32849
+ "category": "Memory Safety"
32850
+ },
32851
+ {
32852
+ "id": "CWE-434",
32853
+ "name": "Unrestricted Upload of File with Dangerous Type",
32854
+ "category": "File Handling"
32855
+ },
32856
+ {
32857
+ "id": "CWE-672",
32858
+ "name": "Operation on a Resource after Expiration or Release",
32859
+ "category": "Memory Safety"
32860
+ },
32861
+ {
32862
+ "id": "CWE-732",
32863
+ "name": "Incorrect Permission Assignment for Critical Resource",
32864
+ "category": "Authorization"
32865
+ },
32866
+ {
32867
+ "id": "CWE-78",
32868
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
32869
+ "category": "Injection"
32870
+ },
32871
+ {
32872
+ "id": "CWE-787",
32873
+ "name": "Out-of-bounds Write",
32874
+ "category": "Memory Safety"
32875
+ },
32876
+ {
32877
+ "id": "CWE-79",
32878
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
32879
+ "category": "Injection"
32880
+ },
32881
+ {
32882
+ "id": "CWE-798",
32883
+ "name": "Use of Hard-coded Credentials",
32884
+ "category": "Credentials"
32885
+ },
32886
+ {
32887
+ "id": "CWE-89",
32888
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
32889
+ "category": "Injection"
32890
+ },
32891
+ {
32892
+ "id": "CWE-918",
32893
+ "name": "Server-Side Request Forgery (SSRF)",
32894
+ "category": "Network"
32895
+ },
32896
+ {
32897
+ "id": "CWE-94",
32898
+ "name": "Improper Control of Generation of Code (Code Injection)",
32899
+ "category": "Injection"
32900
+ }
32901
+ ],
32902
+ "atlas": [
32903
+ {
32904
+ "id": "AML.T0010",
32905
+ "name": "ML Supply Chain Compromise",
32906
+ "tactic": "Initial Access"
32907
+ },
32908
+ {
32909
+ "id": "AML.T0016",
32910
+ "name": "Obtain Capabilities: Develop Capabilities",
32911
+ "tactic": "Resource Development"
32912
+ },
32913
+ {
32914
+ "id": "AML.T0017",
32915
+ "name": "Discover ML Model Ontology",
32916
+ "tactic": "Discovery"
32917
+ },
32918
+ {
32919
+ "id": "AML.T0018",
32920
+ "name": "Backdoor ML Model",
32921
+ "tactic": "Persistence"
32922
+ },
32923
+ {
32924
+ "id": "AML.T0020",
32925
+ "name": "Poison Training Data",
32926
+ "tactic": "ML Attack Staging"
32927
+ },
32928
+ {
32929
+ "id": "AML.T0043",
32930
+ "name": "Craft Adversarial Data",
32931
+ "tactic": "ML Attack Staging"
32932
+ },
32933
+ {
32934
+ "id": "AML.T0051",
32935
+ "name": "LLM Prompt Injection",
32936
+ "tactic": "Execution"
32937
+ },
32938
+ {
32939
+ "id": "AML.T0054",
32940
+ "name": "LLM Jailbreak",
32941
+ "tactic": "Defense Evasion"
32942
+ },
32943
+ {
32944
+ "id": "AML.T0096",
32945
+ "name": "AI API as Covert C2 Channel",
32946
+ "tactic": "Command and Control"
32947
+ }
32948
+ ],
32949
+ "d3fend": [
32950
+ {
32951
+ "id": "D3-ASLR",
32952
+ "name": "Address Space Layout Randomization",
32953
+ "tactic": "Harden"
32954
+ },
32955
+ {
32956
+ "id": "D3-CA",
32957
+ "name": "Certificate Analysis",
32958
+ "tactic": "Detect"
32959
+ },
32960
+ {
32961
+ "id": "D3-CSPP",
32962
+ "name": "Client-server Payload Profiling",
32963
+ "tactic": "Detect"
32964
+ },
32965
+ {
32966
+ "id": "D3-DA",
32967
+ "name": "Domain Analysis",
32968
+ "tactic": "Detect"
32969
+ },
32970
+ {
32971
+ "id": "D3-EAL",
32972
+ "name": "Executable Allowlisting",
32973
+ "tactic": "Harden"
32974
+ },
32975
+ {
32976
+ "id": "D3-IOPR",
32977
+ "name": "Input/Output Profiling Resource",
32978
+ "tactic": "Detect"
32979
+ },
32980
+ {
32981
+ "id": "D3-NI",
32982
+ "name": "Network Isolation",
32983
+ "tactic": "Isolate"
32984
+ },
32985
+ {
32986
+ "id": "D3-NTA",
32987
+ "name": "Network Traffic Analysis",
32988
+ "tactic": "Detect"
32989
+ },
32990
+ {
32991
+ "id": "D3-NTPM",
32992
+ "name": "Network Traffic Policy Mapping",
32993
+ "tactic": "Model"
32994
+ },
32995
+ {
32996
+ "id": "D3-PHRA",
32997
+ "name": "Process Hardware Resource Access",
32998
+ "tactic": "Isolate"
32999
+ },
33000
+ {
33001
+ "id": "D3-PSEP",
33002
+ "name": "Process Segment Execution Prevention",
33003
+ "tactic": "Harden"
33004
+ }
33005
+ ],
33006
+ "framework_gaps": [
33007
+ {
33008
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
33009
+ "framework": "ALL",
33010
+ "control_name": "AI Pipeline Integrity"
33011
+ },
33012
+ {
33013
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
33014
+ "framework": "ALL",
33015
+ "control_name": "Prompt Injection as Access Control Failure"
33016
+ },
33017
+ {
33018
+ "id": "CIS-Controls-v8-Control7",
33019
+ "framework": "CIS Controls v8",
33020
+ "control_name": "Continuous Vulnerability Management"
33021
+ },
33022
+ {
33023
+ "id": "CMMC-2.0-Level-2",
33024
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
33025
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
33026
+ },
33027
+ {
33028
+ "id": "FedRAMP-Rev5-Moderate",
33029
+ "framework": "FedRAMP Rev 5 Moderate",
33030
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
33031
+ },
33032
+ {
33033
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
33034
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
33035
+ "control_name": "Access control standard (technical safeguards)"
33036
+ },
33037
+ {
33038
+ "id": "IEC-62443-3-3",
33039
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
33040
+ "control_name": "System security requirements and security levels"
33041
+ },
33042
+ {
33043
+ "id": "ISO-27001-2022-A.8.16",
33044
+ "framework": "ISO/IEC 27001:2022",
33045
+ "control_name": "Monitoring activities"
33046
+ },
33047
+ {
33048
+ "id": "ISO-27001-2022-A.8.28",
33049
+ "framework": "ISO/IEC 27001:2022",
33050
+ "control_name": "Secure coding"
33051
+ },
33052
+ {
33053
+ "id": "ISO-27001-2022-A.8.8",
33054
+ "framework": "ISO/IEC 27001:2022",
33055
+ "control_name": "Management of technical vulnerabilities"
33056
+ },
33057
+ {
33058
+ "id": "ISO-IEC-23894-2023-clause-7",
33059
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
33060
+ "control_name": "AI risk management process"
33061
+ },
33062
+ {
33063
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
33064
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
33065
+ "control_name": "AI risk assessment"
33066
+ },
33067
+ {
33068
+ "id": "NERC-CIP-007-6-R4",
33069
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
33070
+ "control_name": "Security event monitoring"
33071
+ },
33072
+ {
33073
+ "id": "NIS2-Art21-patch-management",
33074
+ "framework": "EU NIS2 Directive",
33075
+ "control_name": "Vulnerability handling and disclosure"
33076
+ },
33077
+ {
33078
+ "id": "NIST-800-115",
33079
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
33080
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
33081
+ },
33082
+ {
33083
+ "id": "NIST-800-218-SSDF",
33084
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
33085
+ "control_name": "Secure Software Development Framework"
33086
+ },
33087
+ {
33088
+ "id": "NIST-800-53-AC-2",
33089
+ "framework": "NIST SP 800-53 Rev 5",
33090
+ "control_name": "Account Management"
33091
+ },
33092
+ {
33093
+ "id": "NIST-800-53-SC-28",
33094
+ "framework": "NIST SP 800-53 Rev 5",
33095
+ "control_name": "Protection of Information at Rest"
33096
+ },
33097
+ {
33098
+ "id": "NIST-800-53-SC-7",
33099
+ "framework": "NIST SP 800-53 Rev 5",
33100
+ "control_name": "Boundary Protection"
33101
+ },
33102
+ {
33103
+ "id": "NIST-800-53-SC-8",
33104
+ "framework": "NIST SP 800-53 Rev 5",
33105
+ "control_name": "Transmission Confidentiality and Integrity"
33106
+ },
33107
+ {
33108
+ "id": "NIST-800-53-SI-2",
33109
+ "framework": "NIST SP 800-53 Rev 5",
33110
+ "control_name": "Flaw Remediation"
33111
+ },
33112
+ {
33113
+ "id": "NIST-800-53-SI-3",
33114
+ "framework": "NIST SP 800-53 Rev 5",
33115
+ "control_name": "Malicious Code Protection"
33116
+ },
33117
+ {
33118
+ "id": "NIST-800-82r3",
33119
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
33120
+ "control_name": "Guide to Operational Technology (OT) Security"
33121
+ },
33122
+ {
33123
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
33124
+ "framework": "OWASP Top 10 for LLM Applications 2025",
33125
+ "control_name": "Prompt Injection"
33126
+ },
33127
+ {
33128
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
33129
+ "framework": "OWASP Top 10 for LLM Applications 2025",
33130
+ "control_name": "Sensitive Information Disclosure"
33131
+ },
33132
+ {
33133
+ "id": "OWASP-Pen-Testing-Guide-v5",
33134
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
33135
+ "control_name": "Web application penetration testing methodology"
33136
+ },
33137
+ {
33138
+ "id": "PCI-DSS-4.0-6.3.3",
33139
+ "framework": "PCI DSS 4.0",
33140
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
33141
+ },
33142
+ {
33143
+ "id": "PTES-Pre-engagement",
33144
+ "framework": "Penetration Testing Execution Standard (PTES)",
33145
+ "control_name": "Pre-engagement Interactions"
33146
+ },
33147
+ {
33148
+ "id": "SOC2-CC6-logical-access",
33149
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
33150
+ "control_name": "Logical and Physical Access Controls"
33151
+ },
33152
+ {
33153
+ "id": "SOC2-CC7-anomaly-detection",
33154
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
33155
+ "control_name": "System Operations — Threat and Vulnerability Management"
33156
+ },
33157
+ {
33158
+ "id": "SOC2-CC9-vendor-management",
33159
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
33160
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
33161
+ }
33162
+ ],
33163
+ "attack_refs": [
33164
+ "T0855",
33165
+ "T0883",
33166
+ "T1041",
33167
+ "T1059",
33168
+ "T1068",
33169
+ "T1071",
33170
+ "T1078",
33171
+ "T1102",
33172
+ "T1133",
33173
+ "T1190",
33174
+ "T1213",
33175
+ "T1530",
33176
+ "T1548.001",
33177
+ "T1566",
33178
+ "T1567",
33179
+ "T1568"
33180
+ ],
33181
+ "rfc_refs": [
33182
+ "RFC-4301",
33183
+ "RFC-4303",
33184
+ "RFC-7296",
33185
+ "RFC-8446",
33186
+ "RFC-9000",
33187
+ "RFC-9114",
33188
+ "RFC-9180",
33189
+ "RFC-9421",
33190
+ "RFC-9458"
33191
+ ]
33192
+ }
33193
+ },
31968
33194
  "CVE-2026-41091": {
31969
33195
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
31970
33196
  "rwep": 45,
@@ -58350,6 +59576,9 @@
58350
59576
  "CVE-2024-11393",
58351
59577
  "CVE-2024-11394",
58352
59578
  "CVE-2024-1561",
59579
+ "CVE-2024-21575",
59580
+ "CVE-2024-21576",
59581
+ "CVE-2024-27132",
58353
59582
  "CVE-2024-3094",
58354
59583
  "CVE-2024-3154",
58355
59584
  "CVE-2024-37032",
@@ -58740,6 +59969,9 @@
58740
59969
  "CVE-2024-11393",
58741
59970
  "CVE-2024-11394",
58742
59971
  "CVE-2024-1561",
59972
+ "CVE-2024-21575",
59973
+ "CVE-2024-21576",
59974
+ "CVE-2024-27132",
58743
59975
  "CVE-2024-37032",
58744
59976
  "CVE-2024-39722",
58745
59977
  "CVE-2024-42478",
@@ -58921,6 +60153,9 @@
58921
60153
  "CVE-2024-11393",
58922
60154
  "CVE-2024-11394",
58923
60155
  "CVE-2024-1561",
60156
+ "CVE-2024-21575",
60157
+ "CVE-2024-21576",
60158
+ "CVE-2024-27132",
58924
60159
  "CVE-2024-37032",
58925
60160
  "CVE-2024-39722",
58926
60161
  "CVE-2024-42478",
@@ -59116,6 +60351,9 @@
59116
60351
  "CVE-2024-11393",
59117
60352
  "CVE-2024-11394",
59118
60353
  "CVE-2024-1561",
60354
+ "CVE-2024-21575",
60355
+ "CVE-2024-21576",
60356
+ "CVE-2024-27132",
59119
60357
  "CVE-2024-37032",
59120
60358
  "CVE-2024-39722",
59121
60359
  "CVE-2024-42478",
@@ -59415,6 +60653,9 @@
59415
60653
  "CVE-2024-11393",
59416
60654
  "CVE-2024-11394",
59417
60655
  "CVE-2024-1561",
60656
+ "CVE-2024-21575",
60657
+ "CVE-2024-21576",
60658
+ "CVE-2024-27132",
59418
60659
  "CVE-2024-3094",
59419
60660
  "CVE-2024-3154",
59420
60661
  "CVE-2024-37032",
@@ -59674,7 +60915,10 @@
59674
60915
  "CVE-2024-12987",
59675
60916
  "CVE-2024-1561",
59676
60917
  "CVE-2024-1708",
60918
+ "CVE-2024-21575",
60919
+ "CVE-2024-21576",
59677
60920
  "CVE-2024-21762",
60921
+ "CVE-2024-27132",
59678
60922
  "CVE-2024-27199",
59679
60923
  "CVE-2024-27443",
59680
60924
  "CVE-2024-37032",
@@ -60140,6 +61384,8 @@
60140
61384
  "CVE-2023-51449",
60141
61385
  "CVE-2024-0132",
60142
61386
  "CVE-2024-1561",
61387
+ "CVE-2024-21575",
61388
+ "CVE-2024-21576",
60143
61389
  "CVE-2024-3094",
60144
61390
  "CVE-2024-3154",
60145
61391
  "CVE-2024-40635",
@@ -60511,6 +61757,9 @@
60511
61757
  "CVE-2024-11393",
60512
61758
  "CVE-2024-11394",
60513
61759
  "CVE-2024-1561",
61760
+ "CVE-2024-21575",
61761
+ "CVE-2024-21576",
61762
+ "CVE-2024-27132",
60514
61763
  "CVE-2024-3094",
60515
61764
  "CVE-2024-3154",
60516
61765
  "CVE-2024-37032",
@@ -61131,6 +62380,9 @@
61131
62380
  "CVE-2024-11393",
61132
62381
  "CVE-2024-11394",
61133
62382
  "CVE-2024-1561",
62383
+ "CVE-2024-21575",
62384
+ "CVE-2024-21576",
62385
+ "CVE-2024-27132",
61134
62386
  "CVE-2024-3094",
61135
62387
  "CVE-2024-3154",
61136
62388
  "CVE-2024-37032",
@@ -61389,6 +62641,9 @@
61389
62641
  "CVE-2024-11393",
61390
62642
  "CVE-2024-11394",
61391
62643
  "CVE-2024-1561",
62644
+ "CVE-2024-21575",
62645
+ "CVE-2024-21576",
62646
+ "CVE-2024-27132",
61392
62647
  "CVE-2024-3094",
61393
62648
  "CVE-2024-37032",
61394
62649
  "CVE-2024-39722",
@@ -62073,6 +63328,9 @@
62073
63328
  "CVE-2024-11393",
62074
63329
  "CVE-2024-11394",
62075
63330
  "CVE-2024-1561",
63331
+ "CVE-2024-21575",
63332
+ "CVE-2024-21576",
63333
+ "CVE-2024-27132",
62076
63334
  "CVE-2024-3094",
62077
63335
  "CVE-2024-3154",
62078
63336
  "CVE-2024-37032",
@@ -62339,7 +63597,10 @@
62339
63597
  "CVE-2024-12987",
62340
63598
  "CVE-2024-1561",
62341
63599
  "CVE-2024-1708",
63600
+ "CVE-2024-21575",
63601
+ "CVE-2024-21576",
62342
63602
  "CVE-2024-21762",
63603
+ "CVE-2024-27132",
62343
63604
  "CVE-2024-27199",
62344
63605
  "CVE-2024-27443",
62345
63606
  "CVE-2024-37032",
@@ -62780,7 +64041,10 @@
62780
64041
  "CVE-2024-12987",
62781
64042
  "CVE-2024-1561",
62782
64043
  "CVE-2024-1708",
64044
+ "CVE-2024-21575",
64045
+ "CVE-2024-21576",
62783
64046
  "CVE-2024-21762",
64047
+ "CVE-2024-27132",
62784
64048
  "CVE-2024-27199",
62785
64049
  "CVE-2024-27443",
62786
64050
  "CVE-2024-37032",
@@ -63248,6 +64512,9 @@
63248
64512
  "CVE-2024-11393",
63249
64513
  "CVE-2024-11394",
63250
64514
  "CVE-2024-1561",
64515
+ "CVE-2024-21575",
64516
+ "CVE-2024-21576",
64517
+ "CVE-2024-27132",
63251
64518
  "CVE-2024-3094",
63252
64519
  "CVE-2024-3154",
63253
64520
  "CVE-2024-37032",
@@ -64066,7 +65333,10 @@
64066
65333
  "CVE-2024-12987",
64067
65334
  "CVE-2024-1561",
64068
65335
  "CVE-2024-1708",
65336
+ "CVE-2024-21575",
65337
+ "CVE-2024-21576",
64069
65338
  "CVE-2024-21762",
65339
+ "CVE-2024-27132",
64070
65340
  "CVE-2024-27199",
64071
65341
  "CVE-2024-27443",
64072
65342
  "CVE-2024-37032",
@@ -64598,6 +65868,9 @@
64598
65868
  "CVE-2024-11393",
64599
65869
  "CVE-2024-11394",
64600
65870
  "CVE-2024-1561",
65871
+ "CVE-2024-21575",
65872
+ "CVE-2024-21576",
65873
+ "CVE-2024-27132",
64601
65874
  "CVE-2024-3094",
64602
65875
  "CVE-2024-3154",
64603
65876
  "CVE-2024-37032",
@@ -64942,7 +66215,10 @@
64942
66215
  "CVE-2024-12987",
64943
66216
  "CVE-2024-1561",
64944
66217
  "CVE-2024-1708",
66218
+ "CVE-2024-21575",
66219
+ "CVE-2024-21576",
64945
66220
  "CVE-2024-21762",
66221
+ "CVE-2024-27132",
64946
66222
  "CVE-2024-27199",
64947
66223
  "CVE-2024-27443",
64948
66224
  "CVE-2024-3094",
@@ -65493,6 +66769,9 @@
65493
66769
  "CVE-2024-11393",
65494
66770
  "CVE-2024-11394",
65495
66771
  "CVE-2024-1561",
66772
+ "CVE-2024-21575",
66773
+ "CVE-2024-21576",
66774
+ "CVE-2024-27132",
65496
66775
  "CVE-2024-3094",
65497
66776
  "CVE-2024-3154",
65498
66777
  "CVE-2024-37032",
@@ -66448,6 +67727,9 @@
66448
67727
  "CVE-2024-11393",
66449
67728
  "CVE-2024-11394",
66450
67729
  "CVE-2024-1561",
67730
+ "CVE-2024-21575",
67731
+ "CVE-2024-21576",
67732
+ "CVE-2024-27132",
66451
67733
  "CVE-2024-3094",
66452
67734
  "CVE-2024-3154",
66453
67735
  "CVE-2024-37032",
@@ -66567,6 +67849,9 @@
66567
67849
  "CVE-2024-11393",
66568
67850
  "CVE-2024-11394",
66569
67851
  "CVE-2024-1561",
67852
+ "CVE-2024-21575",
67853
+ "CVE-2024-21576",
67854
+ "CVE-2024-27132",
66570
67855
  "CVE-2024-37032",
66571
67856
  "CVE-2024-39722",
66572
67857
  "CVE-2024-42478",
@@ -66756,6 +68041,9 @@
66756
68041
  "CVE-2024-11393",
66757
68042
  "CVE-2024-11394",
66758
68043
  "CVE-2024-1561",
68044
+ "CVE-2024-21575",
68045
+ "CVE-2024-21576",
68046
+ "CVE-2024-27132",
66759
68047
  "CVE-2024-37032",
66760
68048
  "CVE-2024-39722",
66761
68049
  "CVE-2024-42478",
@@ -67198,7 +68486,10 @@
67198
68486
  "CVE-2024-12987",
67199
68487
  "CVE-2024-1561",
67200
68488
  "CVE-2024-1708",
68489
+ "CVE-2024-21575",
68490
+ "CVE-2024-21576",
67201
68491
  "CVE-2024-21762",
68492
+ "CVE-2024-27132",
67202
68493
  "CVE-2024-27199",
67203
68494
  "CVE-2024-27443",
67204
68495
  "CVE-2024-3094",
@@ -67656,6 +68947,9 @@
67656
68947
  "CVE-2024-11393",
67657
68948
  "CVE-2024-11394",
67658
68949
  "CVE-2024-1561",
68950
+ "CVE-2024-21575",
68951
+ "CVE-2024-21576",
68952
+ "CVE-2024-27132",
67659
68953
  "CVE-2024-3094",
67660
68954
  "CVE-2024-3154",
67661
68955
  "CVE-2024-37032",
@@ -67968,6 +69262,9 @@
67968
69262
  "CVE-2024-11393",
67969
69263
  "CVE-2024-11394",
67970
69264
  "CVE-2024-1561",
69265
+ "CVE-2024-21575",
69266
+ "CVE-2024-21576",
69267
+ "CVE-2024-27132",
67971
69268
  "CVE-2024-3094",
67972
69269
  "CVE-2024-37032",
67973
69270
  "CVE-2024-39722",