@blamejs/exceptd-skills 0.13.92 → 0.13.93

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +770 -0
  6. package/data/atlas-ttps.json +4 -0
  7. package/data/attack-techniques.json +4 -0
  8. package/data/cve-catalog.json +210 -0
  9. package/data/cwe-catalog.json +2 -0
  10. package/data/framework-control-gaps.json +16 -0
  11. package/data/zeroday-lessons.json +100 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -33191,6 +33191,730 @@
33191
33191
  ]
33192
33192
  }
33193
33193
  },
33194
+ "CVE-2024-21513": {
33195
+ "name": "LangChain-Experimental VectorSQLDatabaseChain Code Execution",
33196
+ "rwep": 27,
33197
+ "cvss": 8.5,
33198
+ "cisa_kev": false,
33199
+ "epss_score": null,
33200
+ "referencing_skills": [
33201
+ "kernel-lpe-triage",
33202
+ "ai-attack-surface",
33203
+ "compliance-theater",
33204
+ "attack-surface-pentest",
33205
+ "ot-ics-security",
33206
+ "coordinated-vuln-disclosure",
33207
+ "sector-energy"
33208
+ ],
33209
+ "chain": {
33210
+ "cwes": [
33211
+ {
33212
+ "id": "CWE-1037",
33213
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
33214
+ "category": "Hardware / Side Channel"
33215
+ },
33216
+ {
33217
+ "id": "CWE-1039",
33218
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
33219
+ "category": "AI/ML"
33220
+ },
33221
+ {
33222
+ "id": "CWE-125",
33223
+ "name": "Out-of-bounds Read",
33224
+ "category": "Memory Safety"
33225
+ },
33226
+ {
33227
+ "id": "CWE-1357",
33228
+ "name": "Reliance on Insufficiently Trustworthy Component",
33229
+ "category": "Supply Chain"
33230
+ },
33231
+ {
33232
+ "id": "CWE-1395",
33233
+ "name": "Dependency on Vulnerable Third-Party Component",
33234
+ "category": "Supply Chain"
33235
+ },
33236
+ {
33237
+ "id": "CWE-1426",
33238
+ "name": "Improper Validation of Generative AI Output",
33239
+ "category": "AI/ML"
33240
+ },
33241
+ {
33242
+ "id": "CWE-22",
33243
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
33244
+ "category": "Path/Resource"
33245
+ },
33246
+ {
33247
+ "id": "CWE-269",
33248
+ "name": "Improper Privilege Management",
33249
+ "category": "Authorization"
33250
+ },
33251
+ {
33252
+ "id": "CWE-287",
33253
+ "name": "Improper Authentication",
33254
+ "category": "Authentication"
33255
+ },
33256
+ {
33257
+ "id": "CWE-306",
33258
+ "name": "Missing Authentication for Critical Function",
33259
+ "category": "Authentication"
33260
+ },
33261
+ {
33262
+ "id": "CWE-352",
33263
+ "name": "Cross-Site Request Forgery (CSRF)",
33264
+ "category": "Session"
33265
+ },
33266
+ {
33267
+ "id": "CWE-362",
33268
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
33269
+ "category": "Concurrency"
33270
+ },
33271
+ {
33272
+ "id": "CWE-416",
33273
+ "name": "Use After Free",
33274
+ "category": "Memory Safety"
33275
+ },
33276
+ {
33277
+ "id": "CWE-434",
33278
+ "name": "Unrestricted Upload of File with Dangerous Type",
33279
+ "category": "File Handling"
33280
+ },
33281
+ {
33282
+ "id": "CWE-672",
33283
+ "name": "Operation on a Resource after Expiration or Release",
33284
+ "category": "Memory Safety"
33285
+ },
33286
+ {
33287
+ "id": "CWE-732",
33288
+ "name": "Incorrect Permission Assignment for Critical Resource",
33289
+ "category": "Authorization"
33290
+ },
33291
+ {
33292
+ "id": "CWE-78",
33293
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
33294
+ "category": "Injection"
33295
+ },
33296
+ {
33297
+ "id": "CWE-787",
33298
+ "name": "Out-of-bounds Write",
33299
+ "category": "Memory Safety"
33300
+ },
33301
+ {
33302
+ "id": "CWE-79",
33303
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
33304
+ "category": "Injection"
33305
+ },
33306
+ {
33307
+ "id": "CWE-798",
33308
+ "name": "Use of Hard-coded Credentials",
33309
+ "category": "Credentials"
33310
+ },
33311
+ {
33312
+ "id": "CWE-89",
33313
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
33314
+ "category": "Injection"
33315
+ },
33316
+ {
33317
+ "id": "CWE-918",
33318
+ "name": "Server-Side Request Forgery (SSRF)",
33319
+ "category": "Network"
33320
+ },
33321
+ {
33322
+ "id": "CWE-94",
33323
+ "name": "Improper Control of Generation of Code (Code Injection)",
33324
+ "category": "Injection"
33325
+ }
33326
+ ],
33327
+ "atlas": [
33328
+ {
33329
+ "id": "AML.T0010",
33330
+ "name": "ML Supply Chain Compromise",
33331
+ "tactic": "Initial Access"
33332
+ },
33333
+ {
33334
+ "id": "AML.T0016",
33335
+ "name": "Obtain Capabilities: Develop Capabilities",
33336
+ "tactic": "Resource Development"
33337
+ },
33338
+ {
33339
+ "id": "AML.T0017",
33340
+ "name": "Discover ML Model Ontology",
33341
+ "tactic": "Discovery"
33342
+ },
33343
+ {
33344
+ "id": "AML.T0018",
33345
+ "name": "Backdoor ML Model",
33346
+ "tactic": "Persistence"
33347
+ },
33348
+ {
33349
+ "id": "AML.T0020",
33350
+ "name": "Poison Training Data",
33351
+ "tactic": "ML Attack Staging"
33352
+ },
33353
+ {
33354
+ "id": "AML.T0043",
33355
+ "name": "Craft Adversarial Data",
33356
+ "tactic": "ML Attack Staging"
33357
+ },
33358
+ {
33359
+ "id": "AML.T0051",
33360
+ "name": "LLM Prompt Injection",
33361
+ "tactic": "Execution"
33362
+ },
33363
+ {
33364
+ "id": "AML.T0054",
33365
+ "name": "LLM Jailbreak",
33366
+ "tactic": "Defense Evasion"
33367
+ },
33368
+ {
33369
+ "id": "AML.T0096",
33370
+ "name": "AI API as Covert C2 Channel",
33371
+ "tactic": "Command and Control"
33372
+ }
33373
+ ],
33374
+ "d3fend": [
33375
+ {
33376
+ "id": "D3-ASLR",
33377
+ "name": "Address Space Layout Randomization",
33378
+ "tactic": "Harden"
33379
+ },
33380
+ {
33381
+ "id": "D3-CSPP",
33382
+ "name": "Client-server Payload Profiling",
33383
+ "tactic": "Detect"
33384
+ },
33385
+ {
33386
+ "id": "D3-EAL",
33387
+ "name": "Executable Allowlisting",
33388
+ "tactic": "Harden"
33389
+ },
33390
+ {
33391
+ "id": "D3-IOPR",
33392
+ "name": "Input/Output Profiling Resource",
33393
+ "tactic": "Detect"
33394
+ },
33395
+ {
33396
+ "id": "D3-NTA",
33397
+ "name": "Network Traffic Analysis",
33398
+ "tactic": "Detect"
33399
+ },
33400
+ {
33401
+ "id": "D3-PHRA",
33402
+ "name": "Process Hardware Resource Access",
33403
+ "tactic": "Isolate"
33404
+ },
33405
+ {
33406
+ "id": "D3-PSEP",
33407
+ "name": "Process Segment Execution Prevention",
33408
+ "tactic": "Harden"
33409
+ }
33410
+ ],
33411
+ "framework_gaps": [
33412
+ {
33413
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
33414
+ "framework": "ALL",
33415
+ "control_name": "AI Pipeline Integrity"
33416
+ },
33417
+ {
33418
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
33419
+ "framework": "ALL",
33420
+ "control_name": "Prompt Injection as Access Control Failure"
33421
+ },
33422
+ {
33423
+ "id": "CIS-Controls-v8-Control7",
33424
+ "framework": "CIS Controls v8",
33425
+ "control_name": "Continuous Vulnerability Management"
33426
+ },
33427
+ {
33428
+ "id": "CMMC-2.0-Level-2",
33429
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
33430
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
33431
+ },
33432
+ {
33433
+ "id": "FedRAMP-Rev5-Moderate",
33434
+ "framework": "FedRAMP Rev 5 Moderate",
33435
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
33436
+ },
33437
+ {
33438
+ "id": "IEC-62443-3-3",
33439
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
33440
+ "control_name": "System security requirements and security levels"
33441
+ },
33442
+ {
33443
+ "id": "ISO-27001-2022-A.8.28",
33444
+ "framework": "ISO/IEC 27001:2022",
33445
+ "control_name": "Secure coding"
33446
+ },
33447
+ {
33448
+ "id": "ISO-27001-2022-A.8.8",
33449
+ "framework": "ISO/IEC 27001:2022",
33450
+ "control_name": "Management of technical vulnerabilities"
33451
+ },
33452
+ {
33453
+ "id": "ISO-IEC-23894-2023-clause-7",
33454
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
33455
+ "control_name": "AI risk management process"
33456
+ },
33457
+ {
33458
+ "id": "NERC-CIP-007-6-R4",
33459
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
33460
+ "control_name": "Security event monitoring"
33461
+ },
33462
+ {
33463
+ "id": "NIS2-Art21-patch-management",
33464
+ "framework": "EU NIS2 Directive",
33465
+ "control_name": "Vulnerability handling and disclosure"
33466
+ },
33467
+ {
33468
+ "id": "NIST-800-115",
33469
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
33470
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
33471
+ },
33472
+ {
33473
+ "id": "NIST-800-218-SSDF",
33474
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
33475
+ "control_name": "Secure Software Development Framework"
33476
+ },
33477
+ {
33478
+ "id": "NIST-800-53-AC-2",
33479
+ "framework": "NIST SP 800-53 Rev 5",
33480
+ "control_name": "Account Management"
33481
+ },
33482
+ {
33483
+ "id": "NIST-800-53-SC-8",
33484
+ "framework": "NIST SP 800-53 Rev 5",
33485
+ "control_name": "Transmission Confidentiality and Integrity"
33486
+ },
33487
+ {
33488
+ "id": "NIST-800-53-SI-2",
33489
+ "framework": "NIST SP 800-53 Rev 5",
33490
+ "control_name": "Flaw Remediation"
33491
+ },
33492
+ {
33493
+ "id": "NIST-800-53-SI-3",
33494
+ "framework": "NIST SP 800-53 Rev 5",
33495
+ "control_name": "Malicious Code Protection"
33496
+ },
33497
+ {
33498
+ "id": "NIST-800-82r3",
33499
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
33500
+ "control_name": "Guide to Operational Technology (OT) Security"
33501
+ },
33502
+ {
33503
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
33504
+ "framework": "OWASP Top 10 for LLM Applications 2025",
33505
+ "control_name": "Prompt Injection"
33506
+ },
33507
+ {
33508
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
33509
+ "framework": "OWASP Top 10 for LLM Applications 2025",
33510
+ "control_name": "Sensitive Information Disclosure"
33511
+ },
33512
+ {
33513
+ "id": "OWASP-Pen-Testing-Guide-v5",
33514
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
33515
+ "control_name": "Web application penetration testing methodology"
33516
+ },
33517
+ {
33518
+ "id": "PCI-DSS-4.0-6.3.3",
33519
+ "framework": "PCI DSS 4.0",
33520
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
33521
+ },
33522
+ {
33523
+ "id": "PTES-Pre-engagement",
33524
+ "framework": "Penetration Testing Execution Standard (PTES)",
33525
+ "control_name": "Pre-engagement Interactions"
33526
+ },
33527
+ {
33528
+ "id": "SOC2-CC6-logical-access",
33529
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
33530
+ "control_name": "Logical and Physical Access Controls"
33531
+ },
33532
+ {
33533
+ "id": "SOC2-CC9-vendor-management",
33534
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
33535
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
33536
+ }
33537
+ ],
33538
+ "attack_refs": [
33539
+ "T0855",
33540
+ "T0883",
33541
+ "T1059",
33542
+ "T1068",
33543
+ "T1078",
33544
+ "T1133",
33545
+ "T1190",
33546
+ "T1548.001",
33547
+ "T1566"
33548
+ ],
33549
+ "rfc_refs": [
33550
+ "RFC-4301",
33551
+ "RFC-4303",
33552
+ "RFC-7296"
33553
+ ]
33554
+ }
33555
+ },
33556
+ "CVE-2023-44467": {
33557
+ "name": "LangChain-Experimental PALChain dunder-import Code Execution (CVE-2023-36258 bypass)",
33558
+ "rwep": 27,
33559
+ "cvss": 9.8,
33560
+ "cisa_kev": false,
33561
+ "epss_score": null,
33562
+ "referencing_skills": [
33563
+ "kernel-lpe-triage",
33564
+ "ai-attack-surface",
33565
+ "compliance-theater",
33566
+ "attack-surface-pentest",
33567
+ "ot-ics-security",
33568
+ "coordinated-vuln-disclosure",
33569
+ "sector-energy"
33570
+ ],
33571
+ "chain": {
33572
+ "cwes": [
33573
+ {
33574
+ "id": "CWE-1037",
33575
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
33576
+ "category": "Hardware / Side Channel"
33577
+ },
33578
+ {
33579
+ "id": "CWE-1039",
33580
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
33581
+ "category": "AI/ML"
33582
+ },
33583
+ {
33584
+ "id": "CWE-125",
33585
+ "name": "Out-of-bounds Read",
33586
+ "category": "Memory Safety"
33587
+ },
33588
+ {
33589
+ "id": "CWE-1357",
33590
+ "name": "Reliance on Insufficiently Trustworthy Component",
33591
+ "category": "Supply Chain"
33592
+ },
33593
+ {
33594
+ "id": "CWE-1395",
33595
+ "name": "Dependency on Vulnerable Third-Party Component",
33596
+ "category": "Supply Chain"
33597
+ },
33598
+ {
33599
+ "id": "CWE-1426",
33600
+ "name": "Improper Validation of Generative AI Output",
33601
+ "category": "AI/ML"
33602
+ },
33603
+ {
33604
+ "id": "CWE-22",
33605
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
33606
+ "category": "Path/Resource"
33607
+ },
33608
+ {
33609
+ "id": "CWE-269",
33610
+ "name": "Improper Privilege Management",
33611
+ "category": "Authorization"
33612
+ },
33613
+ {
33614
+ "id": "CWE-287",
33615
+ "name": "Improper Authentication",
33616
+ "category": "Authentication"
33617
+ },
33618
+ {
33619
+ "id": "CWE-306",
33620
+ "name": "Missing Authentication for Critical Function",
33621
+ "category": "Authentication"
33622
+ },
33623
+ {
33624
+ "id": "CWE-352",
33625
+ "name": "Cross-Site Request Forgery (CSRF)",
33626
+ "category": "Session"
33627
+ },
33628
+ {
33629
+ "id": "CWE-362",
33630
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
33631
+ "category": "Concurrency"
33632
+ },
33633
+ {
33634
+ "id": "CWE-416",
33635
+ "name": "Use After Free",
33636
+ "category": "Memory Safety"
33637
+ },
33638
+ {
33639
+ "id": "CWE-434",
33640
+ "name": "Unrestricted Upload of File with Dangerous Type",
33641
+ "category": "File Handling"
33642
+ },
33643
+ {
33644
+ "id": "CWE-672",
33645
+ "name": "Operation on a Resource after Expiration or Release",
33646
+ "category": "Memory Safety"
33647
+ },
33648
+ {
33649
+ "id": "CWE-732",
33650
+ "name": "Incorrect Permission Assignment for Critical Resource",
33651
+ "category": "Authorization"
33652
+ },
33653
+ {
33654
+ "id": "CWE-78",
33655
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
33656
+ "category": "Injection"
33657
+ },
33658
+ {
33659
+ "id": "CWE-787",
33660
+ "name": "Out-of-bounds Write",
33661
+ "category": "Memory Safety"
33662
+ },
33663
+ {
33664
+ "id": "CWE-79",
33665
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
33666
+ "category": "Injection"
33667
+ },
33668
+ {
33669
+ "id": "CWE-798",
33670
+ "name": "Use of Hard-coded Credentials",
33671
+ "category": "Credentials"
33672
+ },
33673
+ {
33674
+ "id": "CWE-89",
33675
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
33676
+ "category": "Injection"
33677
+ },
33678
+ {
33679
+ "id": "CWE-918",
33680
+ "name": "Server-Side Request Forgery (SSRF)",
33681
+ "category": "Network"
33682
+ },
33683
+ {
33684
+ "id": "CWE-94",
33685
+ "name": "Improper Control of Generation of Code (Code Injection)",
33686
+ "category": "Injection"
33687
+ }
33688
+ ],
33689
+ "atlas": [
33690
+ {
33691
+ "id": "AML.T0010",
33692
+ "name": "ML Supply Chain Compromise",
33693
+ "tactic": "Initial Access"
33694
+ },
33695
+ {
33696
+ "id": "AML.T0016",
33697
+ "name": "Obtain Capabilities: Develop Capabilities",
33698
+ "tactic": "Resource Development"
33699
+ },
33700
+ {
33701
+ "id": "AML.T0017",
33702
+ "name": "Discover ML Model Ontology",
33703
+ "tactic": "Discovery"
33704
+ },
33705
+ {
33706
+ "id": "AML.T0018",
33707
+ "name": "Backdoor ML Model",
33708
+ "tactic": "Persistence"
33709
+ },
33710
+ {
33711
+ "id": "AML.T0020",
33712
+ "name": "Poison Training Data",
33713
+ "tactic": "ML Attack Staging"
33714
+ },
33715
+ {
33716
+ "id": "AML.T0043",
33717
+ "name": "Craft Adversarial Data",
33718
+ "tactic": "ML Attack Staging"
33719
+ },
33720
+ {
33721
+ "id": "AML.T0051",
33722
+ "name": "LLM Prompt Injection",
33723
+ "tactic": "Execution"
33724
+ },
33725
+ {
33726
+ "id": "AML.T0054",
33727
+ "name": "LLM Jailbreak",
33728
+ "tactic": "Defense Evasion"
33729
+ },
33730
+ {
33731
+ "id": "AML.T0096",
33732
+ "name": "AI API as Covert C2 Channel",
33733
+ "tactic": "Command and Control"
33734
+ }
33735
+ ],
33736
+ "d3fend": [
33737
+ {
33738
+ "id": "D3-ASLR",
33739
+ "name": "Address Space Layout Randomization",
33740
+ "tactic": "Harden"
33741
+ },
33742
+ {
33743
+ "id": "D3-CSPP",
33744
+ "name": "Client-server Payload Profiling",
33745
+ "tactic": "Detect"
33746
+ },
33747
+ {
33748
+ "id": "D3-EAL",
33749
+ "name": "Executable Allowlisting",
33750
+ "tactic": "Harden"
33751
+ },
33752
+ {
33753
+ "id": "D3-IOPR",
33754
+ "name": "Input/Output Profiling Resource",
33755
+ "tactic": "Detect"
33756
+ },
33757
+ {
33758
+ "id": "D3-NTA",
33759
+ "name": "Network Traffic Analysis",
33760
+ "tactic": "Detect"
33761
+ },
33762
+ {
33763
+ "id": "D3-PHRA",
33764
+ "name": "Process Hardware Resource Access",
33765
+ "tactic": "Isolate"
33766
+ },
33767
+ {
33768
+ "id": "D3-PSEP",
33769
+ "name": "Process Segment Execution Prevention",
33770
+ "tactic": "Harden"
33771
+ }
33772
+ ],
33773
+ "framework_gaps": [
33774
+ {
33775
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
33776
+ "framework": "ALL",
33777
+ "control_name": "AI Pipeline Integrity"
33778
+ },
33779
+ {
33780
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
33781
+ "framework": "ALL",
33782
+ "control_name": "Prompt Injection as Access Control Failure"
33783
+ },
33784
+ {
33785
+ "id": "CIS-Controls-v8-Control7",
33786
+ "framework": "CIS Controls v8",
33787
+ "control_name": "Continuous Vulnerability Management"
33788
+ },
33789
+ {
33790
+ "id": "CMMC-2.0-Level-2",
33791
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
33792
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
33793
+ },
33794
+ {
33795
+ "id": "FedRAMP-Rev5-Moderate",
33796
+ "framework": "FedRAMP Rev 5 Moderate",
33797
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
33798
+ },
33799
+ {
33800
+ "id": "IEC-62443-3-3",
33801
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
33802
+ "control_name": "System security requirements and security levels"
33803
+ },
33804
+ {
33805
+ "id": "ISO-27001-2022-A.8.28",
33806
+ "framework": "ISO/IEC 27001:2022",
33807
+ "control_name": "Secure coding"
33808
+ },
33809
+ {
33810
+ "id": "ISO-27001-2022-A.8.8",
33811
+ "framework": "ISO/IEC 27001:2022",
33812
+ "control_name": "Management of technical vulnerabilities"
33813
+ },
33814
+ {
33815
+ "id": "ISO-IEC-23894-2023-clause-7",
33816
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
33817
+ "control_name": "AI risk management process"
33818
+ },
33819
+ {
33820
+ "id": "NERC-CIP-007-6-R4",
33821
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
33822
+ "control_name": "Security event monitoring"
33823
+ },
33824
+ {
33825
+ "id": "NIS2-Art21-patch-management",
33826
+ "framework": "EU NIS2 Directive",
33827
+ "control_name": "Vulnerability handling and disclosure"
33828
+ },
33829
+ {
33830
+ "id": "NIST-800-115",
33831
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
33832
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
33833
+ },
33834
+ {
33835
+ "id": "NIST-800-218-SSDF",
33836
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
33837
+ "control_name": "Secure Software Development Framework"
33838
+ },
33839
+ {
33840
+ "id": "NIST-800-53-AC-2",
33841
+ "framework": "NIST SP 800-53 Rev 5",
33842
+ "control_name": "Account Management"
33843
+ },
33844
+ {
33845
+ "id": "NIST-800-53-SC-8",
33846
+ "framework": "NIST SP 800-53 Rev 5",
33847
+ "control_name": "Transmission Confidentiality and Integrity"
33848
+ },
33849
+ {
33850
+ "id": "NIST-800-53-SI-2",
33851
+ "framework": "NIST SP 800-53 Rev 5",
33852
+ "control_name": "Flaw Remediation"
33853
+ },
33854
+ {
33855
+ "id": "NIST-800-53-SI-3",
33856
+ "framework": "NIST SP 800-53 Rev 5",
33857
+ "control_name": "Malicious Code Protection"
33858
+ },
33859
+ {
33860
+ "id": "NIST-800-82r3",
33861
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
33862
+ "control_name": "Guide to Operational Technology (OT) Security"
33863
+ },
33864
+ {
33865
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
33866
+ "framework": "OWASP Top 10 for LLM Applications 2025",
33867
+ "control_name": "Prompt Injection"
33868
+ },
33869
+ {
33870
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
33871
+ "framework": "OWASP Top 10 for LLM Applications 2025",
33872
+ "control_name": "Sensitive Information Disclosure"
33873
+ },
33874
+ {
33875
+ "id": "OWASP-Pen-Testing-Guide-v5",
33876
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
33877
+ "control_name": "Web application penetration testing methodology"
33878
+ },
33879
+ {
33880
+ "id": "PCI-DSS-4.0-6.3.3",
33881
+ "framework": "PCI DSS 4.0",
33882
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
33883
+ },
33884
+ {
33885
+ "id": "PTES-Pre-engagement",
33886
+ "framework": "Penetration Testing Execution Standard (PTES)",
33887
+ "control_name": "Pre-engagement Interactions"
33888
+ },
33889
+ {
33890
+ "id": "SOC2-CC6-logical-access",
33891
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
33892
+ "control_name": "Logical and Physical Access Controls"
33893
+ },
33894
+ {
33895
+ "id": "SOC2-CC9-vendor-management",
33896
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
33897
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
33898
+ }
33899
+ ],
33900
+ "attack_refs": [
33901
+ "T0855",
33902
+ "T0883",
33903
+ "T1059",
33904
+ "T1068",
33905
+ "T1078",
33906
+ "T1133",
33907
+ "T1190",
33908
+ "T1548.001",
33909
+ "T1566"
33910
+ ],
33911
+ "rfc_refs": [
33912
+ "RFC-4301",
33913
+ "RFC-4303",
33914
+ "RFC-7296"
33915
+ ]
33916
+ }
33917
+ },
33194
33918
  "CVE-2026-41091": {
33195
33919
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
33196
33920
  "rwep": 45,
@@ -59569,6 +60293,7 @@
59569
60293
  "CVE-2022-1471",
59570
60294
  "CVE-2023-43472",
59571
60295
  "CVE-2023-43654",
60296
+ "CVE-2023-44467",
59572
60297
  "CVE-2023-48022",
59573
60298
  "CVE-2023-51449",
59574
60299
  "CVE-2024-0132",
@@ -59576,6 +60301,7 @@
59576
60301
  "CVE-2024-11393",
59577
60302
  "CVE-2024-11394",
59578
60303
  "CVE-2024-1561",
60304
+ "CVE-2024-21513",
59579
60305
  "CVE-2024-21575",
59580
60306
  "CVE-2024-21576",
59581
60307
  "CVE-2024-27132",
@@ -59962,6 +60688,7 @@
59962
60688
  "CVE-2022-1471",
59963
60689
  "CVE-2023-43472",
59964
60690
  "CVE-2023-43654",
60691
+ "CVE-2023-44467",
59965
60692
  "CVE-2023-48022",
59966
60693
  "CVE-2023-51449",
59967
60694
  "CVE-2024-0132",
@@ -59969,6 +60696,7 @@
59969
60696
  "CVE-2024-11393",
59970
60697
  "CVE-2024-11394",
59971
60698
  "CVE-2024-1561",
60699
+ "CVE-2024-21513",
59972
60700
  "CVE-2024-21575",
59973
60701
  "CVE-2024-21576",
59974
60702
  "CVE-2024-27132",
@@ -60146,6 +60874,7 @@
60146
60874
  "CVE-2022-1471",
60147
60875
  "CVE-2023-43472",
60148
60876
  "CVE-2023-43654",
60877
+ "CVE-2023-44467",
60149
60878
  "CVE-2023-48022",
60150
60879
  "CVE-2023-51449",
60151
60880
  "CVE-2024-0132",
@@ -60153,6 +60882,7 @@
60153
60882
  "CVE-2024-11393",
60154
60883
  "CVE-2024-11394",
60155
60884
  "CVE-2024-1561",
60885
+ "CVE-2024-21513",
60156
60886
  "CVE-2024-21575",
60157
60887
  "CVE-2024-21576",
60158
60888
  "CVE-2024-27132",
@@ -60344,6 +61074,7 @@
60344
61074
  "CVE-2022-1471",
60345
61075
  "CVE-2023-43472",
60346
61076
  "CVE-2023-43654",
61077
+ "CVE-2023-44467",
60347
61078
  "CVE-2023-48022",
60348
61079
  "CVE-2023-51449",
60349
61080
  "CVE-2024-0132",
@@ -60351,6 +61082,7 @@
60351
61082
  "CVE-2024-11393",
60352
61083
  "CVE-2024-11394",
60353
61084
  "CVE-2024-1561",
61085
+ "CVE-2024-21513",
60354
61086
  "CVE-2024-21575",
60355
61087
  "CVE-2024-21576",
60356
61088
  "CVE-2024-27132",
@@ -60646,6 +61378,7 @@
60646
61378
  "CVE-2022-1471",
60647
61379
  "CVE-2023-43472",
60648
61380
  "CVE-2023-43654",
61381
+ "CVE-2023-44467",
60649
61382
  "CVE-2023-48022",
60650
61383
  "CVE-2023-51449",
60651
61384
  "CVE-2024-0132",
@@ -60653,6 +61386,7 @@
60653
61386
  "CVE-2024-11393",
60654
61387
  "CVE-2024-11394",
60655
61388
  "CVE-2024-1561",
61389
+ "CVE-2024-21513",
60656
61390
  "CVE-2024-21575",
60657
61391
  "CVE-2024-21576",
60658
61392
  "CVE-2024-27132",
@@ -60902,6 +61636,7 @@
60902
61636
  "CVE-2023-41974",
60903
61637
  "CVE-2023-43000",
60904
61638
  "CVE-2023-43654",
61639
+ "CVE-2023-44467",
60905
61640
  "CVE-2023-48022",
60906
61641
  "CVE-2023-50224",
60907
61642
  "CVE-2023-51449",
@@ -60915,6 +61650,7 @@
60915
61650
  "CVE-2024-12987",
60916
61651
  "CVE-2024-1561",
60917
61652
  "CVE-2024-1708",
61653
+ "CVE-2024-21513",
60918
61654
  "CVE-2024-21575",
60919
61655
  "CVE-2024-21576",
60920
61656
  "CVE-2024-21762",
@@ -61750,6 +62486,7 @@
61750
62486
  "CVE-2022-1471",
61751
62487
  "CVE-2023-43472",
61752
62488
  "CVE-2023-43654",
62489
+ "CVE-2023-44467",
61753
62490
  "CVE-2023-48022",
61754
62491
  "CVE-2023-51449",
61755
62492
  "CVE-2024-0132",
@@ -61757,6 +62494,7 @@
61757
62494
  "CVE-2024-11393",
61758
62495
  "CVE-2024-11394",
61759
62496
  "CVE-2024-1561",
62497
+ "CVE-2024-21513",
61760
62498
  "CVE-2024-21575",
61761
62499
  "CVE-2024-21576",
61762
62500
  "CVE-2024-27132",
@@ -62373,6 +63111,7 @@
62373
63111
  "CVE-2022-1471",
62374
63112
  "CVE-2023-43472",
62375
63113
  "CVE-2023-43654",
63114
+ "CVE-2023-44467",
62376
63115
  "CVE-2023-48022",
62377
63116
  "CVE-2023-51449",
62378
63117
  "CVE-2024-0132",
@@ -62380,6 +63119,7 @@
62380
63119
  "CVE-2024-11393",
62381
63120
  "CVE-2024-11394",
62382
63121
  "CVE-2024-1561",
63122
+ "CVE-2024-21513",
62383
63123
  "CVE-2024-21575",
62384
63124
  "CVE-2024-21576",
62385
63125
  "CVE-2024-27132",
@@ -62634,6 +63374,7 @@
62634
63374
  "related_cves": [
62635
63375
  "CVE-2022-1471",
62636
63376
  "CVE-2023-43654",
63377
+ "CVE-2023-44467",
62637
63378
  "CVE-2023-48022",
62638
63379
  "CVE-2023-51449",
62639
63380
  "CVE-2024-0132",
@@ -62641,6 +63382,7 @@
62641
63382
  "CVE-2024-11393",
62642
63383
  "CVE-2024-11394",
62643
63384
  "CVE-2024-1561",
63385
+ "CVE-2024-21513",
62644
63386
  "CVE-2024-21575",
62645
63387
  "CVE-2024-21576",
62646
63388
  "CVE-2024-27132",
@@ -63321,6 +64063,7 @@
63321
64063
  "CVE-2022-1471",
63322
64064
  "CVE-2023-43472",
63323
64065
  "CVE-2023-43654",
64066
+ "CVE-2023-44467",
63324
64067
  "CVE-2023-48022",
63325
64068
  "CVE-2023-51449",
63326
64069
  "CVE-2024-0132",
@@ -63328,6 +64071,7 @@
63328
64071
  "CVE-2024-11393",
63329
64072
  "CVE-2024-11394",
63330
64073
  "CVE-2024-1561",
64074
+ "CVE-2024-21513",
63331
64075
  "CVE-2024-21575",
63332
64076
  "CVE-2024-21576",
63333
64077
  "CVE-2024-27132",
@@ -63584,6 +64328,7 @@
63584
64328
  "CVE-2023-41974",
63585
64329
  "CVE-2023-43000",
63586
64330
  "CVE-2023-43654",
64331
+ "CVE-2023-44467",
63587
64332
  "CVE-2023-48022",
63588
64333
  "CVE-2023-50224",
63589
64334
  "CVE-2023-51449",
@@ -63597,6 +64342,7 @@
63597
64342
  "CVE-2024-12987",
63598
64343
  "CVE-2024-1561",
63599
64344
  "CVE-2024-1708",
64345
+ "CVE-2024-21513",
63600
64346
  "CVE-2024-21575",
63601
64347
  "CVE-2024-21576",
63602
64348
  "CVE-2024-21762",
@@ -64028,6 +64774,7 @@
64028
64774
  "CVE-2023-41974",
64029
64775
  "CVE-2023-43000",
64030
64776
  "CVE-2023-43654",
64777
+ "CVE-2023-44467",
64031
64778
  "CVE-2023-48022",
64032
64779
  "CVE-2023-50224",
64033
64780
  "CVE-2023-51449",
@@ -64041,6 +64788,7 @@
64041
64788
  "CVE-2024-12987",
64042
64789
  "CVE-2024-1561",
64043
64790
  "CVE-2024-1708",
64791
+ "CVE-2024-21513",
64044
64792
  "CVE-2024-21575",
64045
64793
  "CVE-2024-21576",
64046
64794
  "CVE-2024-21762",
@@ -64505,6 +65253,7 @@
64505
65253
  "CVE-2022-1471",
64506
65254
  "CVE-2023-43472",
64507
65255
  "CVE-2023-43654",
65256
+ "CVE-2023-44467",
64508
65257
  "CVE-2023-48022",
64509
65258
  "CVE-2023-51449",
64510
65259
  "CVE-2024-0132",
@@ -64512,6 +65261,7 @@
64512
65261
  "CVE-2024-11393",
64513
65262
  "CVE-2024-11394",
64514
65263
  "CVE-2024-1561",
65264
+ "CVE-2024-21513",
64515
65265
  "CVE-2024-21575",
64516
65266
  "CVE-2024-21576",
64517
65267
  "CVE-2024-27132",
@@ -65320,6 +66070,7 @@
65320
66070
  "CVE-2023-41974",
65321
66071
  "CVE-2023-43000",
65322
66072
  "CVE-2023-43654",
66073
+ "CVE-2023-44467",
65323
66074
  "CVE-2023-48022",
65324
66075
  "CVE-2023-50224",
65325
66076
  "CVE-2023-51449",
@@ -65333,6 +66084,7 @@
65333
66084
  "CVE-2024-12987",
65334
66085
  "CVE-2024-1561",
65335
66086
  "CVE-2024-1708",
66087
+ "CVE-2024-21513",
65336
66088
  "CVE-2024-21575",
65337
66089
  "CVE-2024-21576",
65338
66090
  "CVE-2024-21762",
@@ -65861,6 +66613,7 @@
65861
66613
  "CVE-2022-1471",
65862
66614
  "CVE-2023-43472",
65863
66615
  "CVE-2023-43654",
66616
+ "CVE-2023-44467",
65864
66617
  "CVE-2023-48022",
65865
66618
  "CVE-2023-51449",
65866
66619
  "CVE-2024-0132",
@@ -65868,6 +66621,7 @@
65868
66621
  "CVE-2024-11393",
65869
66622
  "CVE-2024-11394",
65870
66623
  "CVE-2024-1561",
66624
+ "CVE-2024-21513",
65871
66625
  "CVE-2024-21575",
65872
66626
  "CVE-2024-21576",
65873
66627
  "CVE-2024-27132",
@@ -66202,6 +66956,7 @@
66202
66956
  "CVE-2023-43000",
66203
66957
  "CVE-2023-43472",
66204
66958
  "CVE-2023-43654",
66959
+ "CVE-2023-44467",
66205
66960
  "CVE-2023-48022",
66206
66961
  "CVE-2023-50224",
66207
66962
  "CVE-2023-51449",
@@ -66215,6 +66970,7 @@
66215
66970
  "CVE-2024-12987",
66216
66971
  "CVE-2024-1561",
66217
66972
  "CVE-2024-1708",
66973
+ "CVE-2024-21513",
66218
66974
  "CVE-2024-21575",
66219
66975
  "CVE-2024-21576",
66220
66976
  "CVE-2024-21762",
@@ -66762,6 +67518,7 @@
66762
67518
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
66763
67519
  "CVE-2022-1471",
66764
67520
  "CVE-2023-43654",
67521
+ "CVE-2023-44467",
66765
67522
  "CVE-2023-48022",
66766
67523
  "CVE-2023-51449",
66767
67524
  "CVE-2024-0132",
@@ -66769,6 +67526,7 @@
66769
67526
  "CVE-2024-11393",
66770
67527
  "CVE-2024-11394",
66771
67528
  "CVE-2024-1561",
67529
+ "CVE-2024-21513",
66772
67530
  "CVE-2024-21575",
66773
67531
  "CVE-2024-21576",
66774
67532
  "CVE-2024-27132",
@@ -67720,6 +68478,7 @@
67720
68478
  "CVE-2022-1471",
67721
68479
  "CVE-2023-43472",
67722
68480
  "CVE-2023-43654",
68481
+ "CVE-2023-44467",
67723
68482
  "CVE-2023-48022",
67724
68483
  "CVE-2023-51449",
67725
68484
  "CVE-2024-0132",
@@ -67727,6 +68486,7 @@
67727
68486
  "CVE-2024-11393",
67728
68487
  "CVE-2024-11394",
67729
68488
  "CVE-2024-1561",
68489
+ "CVE-2024-21513",
67730
68490
  "CVE-2024-21575",
67731
68491
  "CVE-2024-21576",
67732
68492
  "CVE-2024-27132",
@@ -67842,6 +68602,7 @@
67842
68602
  "related_cves": [
67843
68603
  "CVE-2022-1471",
67844
68604
  "CVE-2023-43654",
68605
+ "CVE-2023-44467",
67845
68606
  "CVE-2023-48022",
67846
68607
  "CVE-2023-51449",
67847
68608
  "CVE-2024-0132",
@@ -67849,6 +68610,7 @@
67849
68610
  "CVE-2024-11393",
67850
68611
  "CVE-2024-11394",
67851
68612
  "CVE-2024-1561",
68613
+ "CVE-2024-21513",
67852
68614
  "CVE-2024-21575",
67853
68615
  "CVE-2024-21576",
67854
68616
  "CVE-2024-27132",
@@ -68034,6 +68796,7 @@
68034
68796
  "CVE-2022-1471",
68035
68797
  "CVE-2023-43472",
68036
68798
  "CVE-2023-43654",
68799
+ "CVE-2023-44467",
68037
68800
  "CVE-2023-48022",
68038
68801
  "CVE-2023-51449",
68039
68802
  "CVE-2024-0132",
@@ -68041,6 +68804,7 @@
68041
68804
  "CVE-2024-11393",
68042
68805
  "CVE-2024-11394",
68043
68806
  "CVE-2024-1561",
68807
+ "CVE-2024-21513",
68044
68808
  "CVE-2024-21575",
68045
68809
  "CVE-2024-21576",
68046
68810
  "CVE-2024-27132",
@@ -68475,6 +69239,7 @@
68475
69239
  "CVE-2023-41974",
68476
69240
  "CVE-2023-43000",
68477
69241
  "CVE-2023-43654",
69242
+ "CVE-2023-44467",
68478
69243
  "CVE-2023-50224",
68479
69244
  "CVE-2023-51449",
68480
69245
  "CVE-2023-52163",
@@ -68486,6 +69251,7 @@
68486
69251
  "CVE-2024-12987",
68487
69252
  "CVE-2024-1561",
68488
69253
  "CVE-2024-1708",
69254
+ "CVE-2024-21513",
68489
69255
  "CVE-2024-21575",
68490
69256
  "CVE-2024-21576",
68491
69257
  "CVE-2024-21762",
@@ -68940,6 +69706,7 @@
68940
69706
  "CVE-2022-1471",
68941
69707
  "CVE-2023-43472",
68942
69708
  "CVE-2023-43654",
69709
+ "CVE-2023-44467",
68943
69710
  "CVE-2023-48022",
68944
69711
  "CVE-2023-51449",
68945
69712
  "CVE-2024-0132",
@@ -68947,6 +69714,7 @@
68947
69714
  "CVE-2024-11393",
68948
69715
  "CVE-2024-11394",
68949
69716
  "CVE-2024-1561",
69717
+ "CVE-2024-21513",
68950
69718
  "CVE-2024-21575",
68951
69719
  "CVE-2024-21576",
68952
69720
  "CVE-2024-27132",
@@ -69255,6 +70023,7 @@
69255
70023
  "CVE-2022-1471",
69256
70024
  "CVE-2023-43472",
69257
70025
  "CVE-2023-43654",
70026
+ "CVE-2023-44467",
69258
70027
  "CVE-2023-48022",
69259
70028
  "CVE-2023-51449",
69260
70029
  "CVE-2024-0132",
@@ -69262,6 +70031,7 @@
69262
70031
  "CVE-2024-11393",
69263
70032
  "CVE-2024-11394",
69264
70033
  "CVE-2024-1561",
70034
+ "CVE-2024-21513",
69265
70035
  "CVE-2024-21575",
69266
70036
  "CVE-2024-21576",
69267
70037
  "CVE-2024-27132",