@blamejs/exceptd-skills 0.13.92 → 0.13.94

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +1155 -0
  6. package/data/atlas-ttps.json +5 -0
  7. package/data/attack-techniques.json +6 -0
  8. package/data/cve-catalog.json +313 -0
  9. package/data/cwe-catalog.json +3 -0
  10. package/data/framework-control-gaps.json +24 -0
  11. package/data/zeroday-lessons.json +150 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -33191,6 +33191,1092 @@
33191
33191
  ]
33192
33192
  }
33193
33193
  },
33194
+ "CVE-2024-21513": {
33195
+ "name": "LangChain-Experimental VectorSQLDatabaseChain Code Execution",
33196
+ "rwep": 27,
33197
+ "cvss": 8.5,
33198
+ "cisa_kev": false,
33199
+ "epss_score": null,
33200
+ "referencing_skills": [
33201
+ "kernel-lpe-triage",
33202
+ "ai-attack-surface",
33203
+ "compliance-theater",
33204
+ "attack-surface-pentest",
33205
+ "ot-ics-security",
33206
+ "coordinated-vuln-disclosure",
33207
+ "sector-energy"
33208
+ ],
33209
+ "chain": {
33210
+ "cwes": [
33211
+ {
33212
+ "id": "CWE-1037",
33213
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
33214
+ "category": "Hardware / Side Channel"
33215
+ },
33216
+ {
33217
+ "id": "CWE-1039",
33218
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
33219
+ "category": "AI/ML"
33220
+ },
33221
+ {
33222
+ "id": "CWE-125",
33223
+ "name": "Out-of-bounds Read",
33224
+ "category": "Memory Safety"
33225
+ },
33226
+ {
33227
+ "id": "CWE-1357",
33228
+ "name": "Reliance on Insufficiently Trustworthy Component",
33229
+ "category": "Supply Chain"
33230
+ },
33231
+ {
33232
+ "id": "CWE-1395",
33233
+ "name": "Dependency on Vulnerable Third-Party Component",
33234
+ "category": "Supply Chain"
33235
+ },
33236
+ {
33237
+ "id": "CWE-1426",
33238
+ "name": "Improper Validation of Generative AI Output",
33239
+ "category": "AI/ML"
33240
+ },
33241
+ {
33242
+ "id": "CWE-22",
33243
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
33244
+ "category": "Path/Resource"
33245
+ },
33246
+ {
33247
+ "id": "CWE-269",
33248
+ "name": "Improper Privilege Management",
33249
+ "category": "Authorization"
33250
+ },
33251
+ {
33252
+ "id": "CWE-287",
33253
+ "name": "Improper Authentication",
33254
+ "category": "Authentication"
33255
+ },
33256
+ {
33257
+ "id": "CWE-306",
33258
+ "name": "Missing Authentication for Critical Function",
33259
+ "category": "Authentication"
33260
+ },
33261
+ {
33262
+ "id": "CWE-352",
33263
+ "name": "Cross-Site Request Forgery (CSRF)",
33264
+ "category": "Session"
33265
+ },
33266
+ {
33267
+ "id": "CWE-362",
33268
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
33269
+ "category": "Concurrency"
33270
+ },
33271
+ {
33272
+ "id": "CWE-416",
33273
+ "name": "Use After Free",
33274
+ "category": "Memory Safety"
33275
+ },
33276
+ {
33277
+ "id": "CWE-434",
33278
+ "name": "Unrestricted Upload of File with Dangerous Type",
33279
+ "category": "File Handling"
33280
+ },
33281
+ {
33282
+ "id": "CWE-672",
33283
+ "name": "Operation on a Resource after Expiration or Release",
33284
+ "category": "Memory Safety"
33285
+ },
33286
+ {
33287
+ "id": "CWE-732",
33288
+ "name": "Incorrect Permission Assignment for Critical Resource",
33289
+ "category": "Authorization"
33290
+ },
33291
+ {
33292
+ "id": "CWE-78",
33293
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
33294
+ "category": "Injection"
33295
+ },
33296
+ {
33297
+ "id": "CWE-787",
33298
+ "name": "Out-of-bounds Write",
33299
+ "category": "Memory Safety"
33300
+ },
33301
+ {
33302
+ "id": "CWE-79",
33303
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
33304
+ "category": "Injection"
33305
+ },
33306
+ {
33307
+ "id": "CWE-798",
33308
+ "name": "Use of Hard-coded Credentials",
33309
+ "category": "Credentials"
33310
+ },
33311
+ {
33312
+ "id": "CWE-89",
33313
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
33314
+ "category": "Injection"
33315
+ },
33316
+ {
33317
+ "id": "CWE-918",
33318
+ "name": "Server-Side Request Forgery (SSRF)",
33319
+ "category": "Network"
33320
+ },
33321
+ {
33322
+ "id": "CWE-94",
33323
+ "name": "Improper Control of Generation of Code (Code Injection)",
33324
+ "category": "Injection"
33325
+ }
33326
+ ],
33327
+ "atlas": [
33328
+ {
33329
+ "id": "AML.T0010",
33330
+ "name": "ML Supply Chain Compromise",
33331
+ "tactic": "Initial Access"
33332
+ },
33333
+ {
33334
+ "id": "AML.T0016",
33335
+ "name": "Obtain Capabilities: Develop Capabilities",
33336
+ "tactic": "Resource Development"
33337
+ },
33338
+ {
33339
+ "id": "AML.T0017",
33340
+ "name": "Discover ML Model Ontology",
33341
+ "tactic": "Discovery"
33342
+ },
33343
+ {
33344
+ "id": "AML.T0018",
33345
+ "name": "Backdoor ML Model",
33346
+ "tactic": "Persistence"
33347
+ },
33348
+ {
33349
+ "id": "AML.T0020",
33350
+ "name": "Poison Training Data",
33351
+ "tactic": "ML Attack Staging"
33352
+ },
33353
+ {
33354
+ "id": "AML.T0043",
33355
+ "name": "Craft Adversarial Data",
33356
+ "tactic": "ML Attack Staging"
33357
+ },
33358
+ {
33359
+ "id": "AML.T0051",
33360
+ "name": "LLM Prompt Injection",
33361
+ "tactic": "Execution"
33362
+ },
33363
+ {
33364
+ "id": "AML.T0054",
33365
+ "name": "LLM Jailbreak",
33366
+ "tactic": "Defense Evasion"
33367
+ },
33368
+ {
33369
+ "id": "AML.T0096",
33370
+ "name": "AI API as Covert C2 Channel",
33371
+ "tactic": "Command and Control"
33372
+ }
33373
+ ],
33374
+ "d3fend": [
33375
+ {
33376
+ "id": "D3-ASLR",
33377
+ "name": "Address Space Layout Randomization",
33378
+ "tactic": "Harden"
33379
+ },
33380
+ {
33381
+ "id": "D3-CSPP",
33382
+ "name": "Client-server Payload Profiling",
33383
+ "tactic": "Detect"
33384
+ },
33385
+ {
33386
+ "id": "D3-EAL",
33387
+ "name": "Executable Allowlisting",
33388
+ "tactic": "Harden"
33389
+ },
33390
+ {
33391
+ "id": "D3-IOPR",
33392
+ "name": "Input/Output Profiling Resource",
33393
+ "tactic": "Detect"
33394
+ },
33395
+ {
33396
+ "id": "D3-NTA",
33397
+ "name": "Network Traffic Analysis",
33398
+ "tactic": "Detect"
33399
+ },
33400
+ {
33401
+ "id": "D3-PHRA",
33402
+ "name": "Process Hardware Resource Access",
33403
+ "tactic": "Isolate"
33404
+ },
33405
+ {
33406
+ "id": "D3-PSEP",
33407
+ "name": "Process Segment Execution Prevention",
33408
+ "tactic": "Harden"
33409
+ }
33410
+ ],
33411
+ "framework_gaps": [
33412
+ {
33413
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
33414
+ "framework": "ALL",
33415
+ "control_name": "AI Pipeline Integrity"
33416
+ },
33417
+ {
33418
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
33419
+ "framework": "ALL",
33420
+ "control_name": "Prompt Injection as Access Control Failure"
33421
+ },
33422
+ {
33423
+ "id": "CIS-Controls-v8-Control7",
33424
+ "framework": "CIS Controls v8",
33425
+ "control_name": "Continuous Vulnerability Management"
33426
+ },
33427
+ {
33428
+ "id": "CMMC-2.0-Level-2",
33429
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
33430
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
33431
+ },
33432
+ {
33433
+ "id": "FedRAMP-Rev5-Moderate",
33434
+ "framework": "FedRAMP Rev 5 Moderate",
33435
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
33436
+ },
33437
+ {
33438
+ "id": "IEC-62443-3-3",
33439
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
33440
+ "control_name": "System security requirements and security levels"
33441
+ },
33442
+ {
33443
+ "id": "ISO-27001-2022-A.8.28",
33444
+ "framework": "ISO/IEC 27001:2022",
33445
+ "control_name": "Secure coding"
33446
+ },
33447
+ {
33448
+ "id": "ISO-27001-2022-A.8.8",
33449
+ "framework": "ISO/IEC 27001:2022",
33450
+ "control_name": "Management of technical vulnerabilities"
33451
+ },
33452
+ {
33453
+ "id": "ISO-IEC-23894-2023-clause-7",
33454
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
33455
+ "control_name": "AI risk management process"
33456
+ },
33457
+ {
33458
+ "id": "NERC-CIP-007-6-R4",
33459
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
33460
+ "control_name": "Security event monitoring"
33461
+ },
33462
+ {
33463
+ "id": "NIS2-Art21-patch-management",
33464
+ "framework": "EU NIS2 Directive",
33465
+ "control_name": "Vulnerability handling and disclosure"
33466
+ },
33467
+ {
33468
+ "id": "NIST-800-115",
33469
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
33470
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
33471
+ },
33472
+ {
33473
+ "id": "NIST-800-218-SSDF",
33474
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
33475
+ "control_name": "Secure Software Development Framework"
33476
+ },
33477
+ {
33478
+ "id": "NIST-800-53-AC-2",
33479
+ "framework": "NIST SP 800-53 Rev 5",
33480
+ "control_name": "Account Management"
33481
+ },
33482
+ {
33483
+ "id": "NIST-800-53-SC-8",
33484
+ "framework": "NIST SP 800-53 Rev 5",
33485
+ "control_name": "Transmission Confidentiality and Integrity"
33486
+ },
33487
+ {
33488
+ "id": "NIST-800-53-SI-2",
33489
+ "framework": "NIST SP 800-53 Rev 5",
33490
+ "control_name": "Flaw Remediation"
33491
+ },
33492
+ {
33493
+ "id": "NIST-800-53-SI-3",
33494
+ "framework": "NIST SP 800-53 Rev 5",
33495
+ "control_name": "Malicious Code Protection"
33496
+ },
33497
+ {
33498
+ "id": "NIST-800-82r3",
33499
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
33500
+ "control_name": "Guide to Operational Technology (OT) Security"
33501
+ },
33502
+ {
33503
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
33504
+ "framework": "OWASP Top 10 for LLM Applications 2025",
33505
+ "control_name": "Prompt Injection"
33506
+ },
33507
+ {
33508
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
33509
+ "framework": "OWASP Top 10 for LLM Applications 2025",
33510
+ "control_name": "Sensitive Information Disclosure"
33511
+ },
33512
+ {
33513
+ "id": "OWASP-Pen-Testing-Guide-v5",
33514
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
33515
+ "control_name": "Web application penetration testing methodology"
33516
+ },
33517
+ {
33518
+ "id": "PCI-DSS-4.0-6.3.3",
33519
+ "framework": "PCI DSS 4.0",
33520
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
33521
+ },
33522
+ {
33523
+ "id": "PTES-Pre-engagement",
33524
+ "framework": "Penetration Testing Execution Standard (PTES)",
33525
+ "control_name": "Pre-engagement Interactions"
33526
+ },
33527
+ {
33528
+ "id": "SOC2-CC6-logical-access",
33529
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
33530
+ "control_name": "Logical and Physical Access Controls"
33531
+ },
33532
+ {
33533
+ "id": "SOC2-CC9-vendor-management",
33534
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
33535
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
33536
+ }
33537
+ ],
33538
+ "attack_refs": [
33539
+ "T0855",
33540
+ "T0883",
33541
+ "T1059",
33542
+ "T1068",
33543
+ "T1078",
33544
+ "T1133",
33545
+ "T1190",
33546
+ "T1548.001",
33547
+ "T1566"
33548
+ ],
33549
+ "rfc_refs": [
33550
+ "RFC-4301",
33551
+ "RFC-4303",
33552
+ "RFC-7296"
33553
+ ]
33554
+ }
33555
+ },
33556
+ "CVE-2023-44467": {
33557
+ "name": "LangChain-Experimental PALChain dunder-import Code Execution (CVE-2023-36258 bypass)",
33558
+ "rwep": 27,
33559
+ "cvss": 9.8,
33560
+ "cisa_kev": false,
33561
+ "epss_score": null,
33562
+ "referencing_skills": [
33563
+ "kernel-lpe-triage",
33564
+ "ai-attack-surface",
33565
+ "compliance-theater",
33566
+ "attack-surface-pentest",
33567
+ "ot-ics-security",
33568
+ "coordinated-vuln-disclosure",
33569
+ "sector-energy"
33570
+ ],
33571
+ "chain": {
33572
+ "cwes": [
33573
+ {
33574
+ "id": "CWE-1037",
33575
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
33576
+ "category": "Hardware / Side Channel"
33577
+ },
33578
+ {
33579
+ "id": "CWE-1039",
33580
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
33581
+ "category": "AI/ML"
33582
+ },
33583
+ {
33584
+ "id": "CWE-125",
33585
+ "name": "Out-of-bounds Read",
33586
+ "category": "Memory Safety"
33587
+ },
33588
+ {
33589
+ "id": "CWE-1357",
33590
+ "name": "Reliance on Insufficiently Trustworthy Component",
33591
+ "category": "Supply Chain"
33592
+ },
33593
+ {
33594
+ "id": "CWE-1395",
33595
+ "name": "Dependency on Vulnerable Third-Party Component",
33596
+ "category": "Supply Chain"
33597
+ },
33598
+ {
33599
+ "id": "CWE-1426",
33600
+ "name": "Improper Validation of Generative AI Output",
33601
+ "category": "AI/ML"
33602
+ },
33603
+ {
33604
+ "id": "CWE-22",
33605
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
33606
+ "category": "Path/Resource"
33607
+ },
33608
+ {
33609
+ "id": "CWE-269",
33610
+ "name": "Improper Privilege Management",
33611
+ "category": "Authorization"
33612
+ },
33613
+ {
33614
+ "id": "CWE-287",
33615
+ "name": "Improper Authentication",
33616
+ "category": "Authentication"
33617
+ },
33618
+ {
33619
+ "id": "CWE-306",
33620
+ "name": "Missing Authentication for Critical Function",
33621
+ "category": "Authentication"
33622
+ },
33623
+ {
33624
+ "id": "CWE-352",
33625
+ "name": "Cross-Site Request Forgery (CSRF)",
33626
+ "category": "Session"
33627
+ },
33628
+ {
33629
+ "id": "CWE-362",
33630
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
33631
+ "category": "Concurrency"
33632
+ },
33633
+ {
33634
+ "id": "CWE-416",
33635
+ "name": "Use After Free",
33636
+ "category": "Memory Safety"
33637
+ },
33638
+ {
33639
+ "id": "CWE-434",
33640
+ "name": "Unrestricted Upload of File with Dangerous Type",
33641
+ "category": "File Handling"
33642
+ },
33643
+ {
33644
+ "id": "CWE-672",
33645
+ "name": "Operation on a Resource after Expiration or Release",
33646
+ "category": "Memory Safety"
33647
+ },
33648
+ {
33649
+ "id": "CWE-732",
33650
+ "name": "Incorrect Permission Assignment for Critical Resource",
33651
+ "category": "Authorization"
33652
+ },
33653
+ {
33654
+ "id": "CWE-78",
33655
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
33656
+ "category": "Injection"
33657
+ },
33658
+ {
33659
+ "id": "CWE-787",
33660
+ "name": "Out-of-bounds Write",
33661
+ "category": "Memory Safety"
33662
+ },
33663
+ {
33664
+ "id": "CWE-79",
33665
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
33666
+ "category": "Injection"
33667
+ },
33668
+ {
33669
+ "id": "CWE-798",
33670
+ "name": "Use of Hard-coded Credentials",
33671
+ "category": "Credentials"
33672
+ },
33673
+ {
33674
+ "id": "CWE-89",
33675
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
33676
+ "category": "Injection"
33677
+ },
33678
+ {
33679
+ "id": "CWE-918",
33680
+ "name": "Server-Side Request Forgery (SSRF)",
33681
+ "category": "Network"
33682
+ },
33683
+ {
33684
+ "id": "CWE-94",
33685
+ "name": "Improper Control of Generation of Code (Code Injection)",
33686
+ "category": "Injection"
33687
+ }
33688
+ ],
33689
+ "atlas": [
33690
+ {
33691
+ "id": "AML.T0010",
33692
+ "name": "ML Supply Chain Compromise",
33693
+ "tactic": "Initial Access"
33694
+ },
33695
+ {
33696
+ "id": "AML.T0016",
33697
+ "name": "Obtain Capabilities: Develop Capabilities",
33698
+ "tactic": "Resource Development"
33699
+ },
33700
+ {
33701
+ "id": "AML.T0017",
33702
+ "name": "Discover ML Model Ontology",
33703
+ "tactic": "Discovery"
33704
+ },
33705
+ {
33706
+ "id": "AML.T0018",
33707
+ "name": "Backdoor ML Model",
33708
+ "tactic": "Persistence"
33709
+ },
33710
+ {
33711
+ "id": "AML.T0020",
33712
+ "name": "Poison Training Data",
33713
+ "tactic": "ML Attack Staging"
33714
+ },
33715
+ {
33716
+ "id": "AML.T0043",
33717
+ "name": "Craft Adversarial Data",
33718
+ "tactic": "ML Attack Staging"
33719
+ },
33720
+ {
33721
+ "id": "AML.T0051",
33722
+ "name": "LLM Prompt Injection",
33723
+ "tactic": "Execution"
33724
+ },
33725
+ {
33726
+ "id": "AML.T0054",
33727
+ "name": "LLM Jailbreak",
33728
+ "tactic": "Defense Evasion"
33729
+ },
33730
+ {
33731
+ "id": "AML.T0096",
33732
+ "name": "AI API as Covert C2 Channel",
33733
+ "tactic": "Command and Control"
33734
+ }
33735
+ ],
33736
+ "d3fend": [
33737
+ {
33738
+ "id": "D3-ASLR",
33739
+ "name": "Address Space Layout Randomization",
33740
+ "tactic": "Harden"
33741
+ },
33742
+ {
33743
+ "id": "D3-CSPP",
33744
+ "name": "Client-server Payload Profiling",
33745
+ "tactic": "Detect"
33746
+ },
33747
+ {
33748
+ "id": "D3-EAL",
33749
+ "name": "Executable Allowlisting",
33750
+ "tactic": "Harden"
33751
+ },
33752
+ {
33753
+ "id": "D3-IOPR",
33754
+ "name": "Input/Output Profiling Resource",
33755
+ "tactic": "Detect"
33756
+ },
33757
+ {
33758
+ "id": "D3-NTA",
33759
+ "name": "Network Traffic Analysis",
33760
+ "tactic": "Detect"
33761
+ },
33762
+ {
33763
+ "id": "D3-PHRA",
33764
+ "name": "Process Hardware Resource Access",
33765
+ "tactic": "Isolate"
33766
+ },
33767
+ {
33768
+ "id": "D3-PSEP",
33769
+ "name": "Process Segment Execution Prevention",
33770
+ "tactic": "Harden"
33771
+ }
33772
+ ],
33773
+ "framework_gaps": [
33774
+ {
33775
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
33776
+ "framework": "ALL",
33777
+ "control_name": "AI Pipeline Integrity"
33778
+ },
33779
+ {
33780
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
33781
+ "framework": "ALL",
33782
+ "control_name": "Prompt Injection as Access Control Failure"
33783
+ },
33784
+ {
33785
+ "id": "CIS-Controls-v8-Control7",
33786
+ "framework": "CIS Controls v8",
33787
+ "control_name": "Continuous Vulnerability Management"
33788
+ },
33789
+ {
33790
+ "id": "CMMC-2.0-Level-2",
33791
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
33792
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
33793
+ },
33794
+ {
33795
+ "id": "FedRAMP-Rev5-Moderate",
33796
+ "framework": "FedRAMP Rev 5 Moderate",
33797
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
33798
+ },
33799
+ {
33800
+ "id": "IEC-62443-3-3",
33801
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
33802
+ "control_name": "System security requirements and security levels"
33803
+ },
33804
+ {
33805
+ "id": "ISO-27001-2022-A.8.28",
33806
+ "framework": "ISO/IEC 27001:2022",
33807
+ "control_name": "Secure coding"
33808
+ },
33809
+ {
33810
+ "id": "ISO-27001-2022-A.8.8",
33811
+ "framework": "ISO/IEC 27001:2022",
33812
+ "control_name": "Management of technical vulnerabilities"
33813
+ },
33814
+ {
33815
+ "id": "ISO-IEC-23894-2023-clause-7",
33816
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
33817
+ "control_name": "AI risk management process"
33818
+ },
33819
+ {
33820
+ "id": "NERC-CIP-007-6-R4",
33821
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
33822
+ "control_name": "Security event monitoring"
33823
+ },
33824
+ {
33825
+ "id": "NIS2-Art21-patch-management",
33826
+ "framework": "EU NIS2 Directive",
33827
+ "control_name": "Vulnerability handling and disclosure"
33828
+ },
33829
+ {
33830
+ "id": "NIST-800-115",
33831
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
33832
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
33833
+ },
33834
+ {
33835
+ "id": "NIST-800-218-SSDF",
33836
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
33837
+ "control_name": "Secure Software Development Framework"
33838
+ },
33839
+ {
33840
+ "id": "NIST-800-53-AC-2",
33841
+ "framework": "NIST SP 800-53 Rev 5",
33842
+ "control_name": "Account Management"
33843
+ },
33844
+ {
33845
+ "id": "NIST-800-53-SC-8",
33846
+ "framework": "NIST SP 800-53 Rev 5",
33847
+ "control_name": "Transmission Confidentiality and Integrity"
33848
+ },
33849
+ {
33850
+ "id": "NIST-800-53-SI-2",
33851
+ "framework": "NIST SP 800-53 Rev 5",
33852
+ "control_name": "Flaw Remediation"
33853
+ },
33854
+ {
33855
+ "id": "NIST-800-53-SI-3",
33856
+ "framework": "NIST SP 800-53 Rev 5",
33857
+ "control_name": "Malicious Code Protection"
33858
+ },
33859
+ {
33860
+ "id": "NIST-800-82r3",
33861
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
33862
+ "control_name": "Guide to Operational Technology (OT) Security"
33863
+ },
33864
+ {
33865
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
33866
+ "framework": "OWASP Top 10 for LLM Applications 2025",
33867
+ "control_name": "Prompt Injection"
33868
+ },
33869
+ {
33870
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
33871
+ "framework": "OWASP Top 10 for LLM Applications 2025",
33872
+ "control_name": "Sensitive Information Disclosure"
33873
+ },
33874
+ {
33875
+ "id": "OWASP-Pen-Testing-Guide-v5",
33876
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
33877
+ "control_name": "Web application penetration testing methodology"
33878
+ },
33879
+ {
33880
+ "id": "PCI-DSS-4.0-6.3.3",
33881
+ "framework": "PCI DSS 4.0",
33882
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
33883
+ },
33884
+ {
33885
+ "id": "PTES-Pre-engagement",
33886
+ "framework": "Penetration Testing Execution Standard (PTES)",
33887
+ "control_name": "Pre-engagement Interactions"
33888
+ },
33889
+ {
33890
+ "id": "SOC2-CC6-logical-access",
33891
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
33892
+ "control_name": "Logical and Physical Access Controls"
33893
+ },
33894
+ {
33895
+ "id": "SOC2-CC9-vendor-management",
33896
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
33897
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
33898
+ }
33899
+ ],
33900
+ "attack_refs": [
33901
+ "T0855",
33902
+ "T0883",
33903
+ "T1059",
33904
+ "T1068",
33905
+ "T1078",
33906
+ "T1133",
33907
+ "T1190",
33908
+ "T1548.001",
33909
+ "T1566"
33910
+ ],
33911
+ "rfc_refs": [
33912
+ "RFC-4301",
33913
+ "RFC-4303",
33914
+ "RFC-7296"
33915
+ ]
33916
+ }
33917
+ },
33918
+ "CVE-2024-13059": {
33919
+ "name": "AnythingLLM Non-ASCII Filename Path Traversal Arbitrary File Write to RCE",
33920
+ "rwep": 25,
33921
+ "cvss": 7.2,
33922
+ "cisa_kev": false,
33923
+ "epss_score": null,
33924
+ "referencing_skills": [
33925
+ "kernel-lpe-triage",
33926
+ "ai-attack-surface",
33927
+ "compliance-theater",
33928
+ "attack-surface-pentest",
33929
+ "ot-ics-security",
33930
+ "coordinated-vuln-disclosure",
33931
+ "sector-energy"
33932
+ ],
33933
+ "chain": {
33934
+ "cwes": [
33935
+ {
33936
+ "id": "CWE-1037",
33937
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
33938
+ "category": "Hardware / Side Channel"
33939
+ },
33940
+ {
33941
+ "id": "CWE-1039",
33942
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
33943
+ "category": "AI/ML"
33944
+ },
33945
+ {
33946
+ "id": "CWE-125",
33947
+ "name": "Out-of-bounds Read",
33948
+ "category": "Memory Safety"
33949
+ },
33950
+ {
33951
+ "id": "CWE-1357",
33952
+ "name": "Reliance on Insufficiently Trustworthy Component",
33953
+ "category": "Supply Chain"
33954
+ },
33955
+ {
33956
+ "id": "CWE-1395",
33957
+ "name": "Dependency on Vulnerable Third-Party Component",
33958
+ "category": "Supply Chain"
33959
+ },
33960
+ {
33961
+ "id": "CWE-1426",
33962
+ "name": "Improper Validation of Generative AI Output",
33963
+ "category": "AI/ML"
33964
+ },
33965
+ {
33966
+ "id": "CWE-22",
33967
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
33968
+ "category": "Path/Resource"
33969
+ },
33970
+ {
33971
+ "id": "CWE-269",
33972
+ "name": "Improper Privilege Management",
33973
+ "category": "Authorization"
33974
+ },
33975
+ {
33976
+ "id": "CWE-287",
33977
+ "name": "Improper Authentication",
33978
+ "category": "Authentication"
33979
+ },
33980
+ {
33981
+ "id": "CWE-306",
33982
+ "name": "Missing Authentication for Critical Function",
33983
+ "category": "Authentication"
33984
+ },
33985
+ {
33986
+ "id": "CWE-352",
33987
+ "name": "Cross-Site Request Forgery (CSRF)",
33988
+ "category": "Session"
33989
+ },
33990
+ {
33991
+ "id": "CWE-362",
33992
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
33993
+ "category": "Concurrency"
33994
+ },
33995
+ {
33996
+ "id": "CWE-416",
33997
+ "name": "Use After Free",
33998
+ "category": "Memory Safety"
33999
+ },
34000
+ {
34001
+ "id": "CWE-434",
34002
+ "name": "Unrestricted Upload of File with Dangerous Type",
34003
+ "category": "File Handling"
34004
+ },
34005
+ {
34006
+ "id": "CWE-672",
34007
+ "name": "Operation on a Resource after Expiration or Release",
34008
+ "category": "Memory Safety"
34009
+ },
34010
+ {
34011
+ "id": "CWE-732",
34012
+ "name": "Incorrect Permission Assignment for Critical Resource",
34013
+ "category": "Authorization"
34014
+ },
34015
+ {
34016
+ "id": "CWE-78",
34017
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
34018
+ "category": "Injection"
34019
+ },
34020
+ {
34021
+ "id": "CWE-787",
34022
+ "name": "Out-of-bounds Write",
34023
+ "category": "Memory Safety"
34024
+ },
34025
+ {
34026
+ "id": "CWE-79",
34027
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
34028
+ "category": "Injection"
34029
+ },
34030
+ {
34031
+ "id": "CWE-798",
34032
+ "name": "Use of Hard-coded Credentials",
34033
+ "category": "Credentials"
34034
+ },
34035
+ {
34036
+ "id": "CWE-89",
34037
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
34038
+ "category": "Injection"
34039
+ },
34040
+ {
34041
+ "id": "CWE-918",
34042
+ "name": "Server-Side Request Forgery (SSRF)",
34043
+ "category": "Network"
34044
+ },
34045
+ {
34046
+ "id": "CWE-94",
34047
+ "name": "Improper Control of Generation of Code (Code Injection)",
34048
+ "category": "Injection"
34049
+ }
34050
+ ],
34051
+ "atlas": [
34052
+ {
34053
+ "id": "AML.T0010",
34054
+ "name": "ML Supply Chain Compromise",
34055
+ "tactic": "Initial Access"
34056
+ },
34057
+ {
34058
+ "id": "AML.T0016",
34059
+ "name": "Obtain Capabilities: Develop Capabilities",
34060
+ "tactic": "Resource Development"
34061
+ },
34062
+ {
34063
+ "id": "AML.T0017",
34064
+ "name": "Discover ML Model Ontology",
34065
+ "tactic": "Discovery"
34066
+ },
34067
+ {
34068
+ "id": "AML.T0018",
34069
+ "name": "Backdoor ML Model",
34070
+ "tactic": "Persistence"
34071
+ },
34072
+ {
34073
+ "id": "AML.T0020",
34074
+ "name": "Poison Training Data",
34075
+ "tactic": "ML Attack Staging"
34076
+ },
34077
+ {
34078
+ "id": "AML.T0043",
34079
+ "name": "Craft Adversarial Data",
34080
+ "tactic": "ML Attack Staging"
34081
+ },
34082
+ {
34083
+ "id": "AML.T0051",
34084
+ "name": "LLM Prompt Injection",
34085
+ "tactic": "Execution"
34086
+ },
34087
+ {
34088
+ "id": "AML.T0054",
34089
+ "name": "LLM Jailbreak",
34090
+ "tactic": "Defense Evasion"
34091
+ },
34092
+ {
34093
+ "id": "AML.T0096",
34094
+ "name": "AI API as Covert C2 Channel",
34095
+ "tactic": "Command and Control"
34096
+ }
34097
+ ],
34098
+ "d3fend": [
34099
+ {
34100
+ "id": "D3-ASLR",
34101
+ "name": "Address Space Layout Randomization",
34102
+ "tactic": "Harden"
34103
+ },
34104
+ {
34105
+ "id": "D3-CSPP",
34106
+ "name": "Client-server Payload Profiling",
34107
+ "tactic": "Detect"
34108
+ },
34109
+ {
34110
+ "id": "D3-EAL",
34111
+ "name": "Executable Allowlisting",
34112
+ "tactic": "Harden"
34113
+ },
34114
+ {
34115
+ "id": "D3-IOPR",
34116
+ "name": "Input/Output Profiling Resource",
34117
+ "tactic": "Detect"
34118
+ },
34119
+ {
34120
+ "id": "D3-NTA",
34121
+ "name": "Network Traffic Analysis",
34122
+ "tactic": "Detect"
34123
+ },
34124
+ {
34125
+ "id": "D3-PHRA",
34126
+ "name": "Process Hardware Resource Access",
34127
+ "tactic": "Isolate"
34128
+ },
34129
+ {
34130
+ "id": "D3-PSEP",
34131
+ "name": "Process Segment Execution Prevention",
34132
+ "tactic": "Harden"
34133
+ }
34134
+ ],
34135
+ "framework_gaps": [
34136
+ {
34137
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
34138
+ "framework": "ALL",
34139
+ "control_name": "AI Pipeline Integrity"
34140
+ },
34141
+ {
34142
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
34143
+ "framework": "ALL",
34144
+ "control_name": "Prompt Injection as Access Control Failure"
34145
+ },
34146
+ {
34147
+ "id": "CIS-Controls-v8-Control7",
34148
+ "framework": "CIS Controls v8",
34149
+ "control_name": "Continuous Vulnerability Management"
34150
+ },
34151
+ {
34152
+ "id": "CMMC-2.0-Level-2",
34153
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
34154
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
34155
+ },
34156
+ {
34157
+ "id": "FedRAMP-Rev5-Moderate",
34158
+ "framework": "FedRAMP Rev 5 Moderate",
34159
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
34160
+ },
34161
+ {
34162
+ "id": "IEC-62443-3-3",
34163
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
34164
+ "control_name": "System security requirements and security levels"
34165
+ },
34166
+ {
34167
+ "id": "ISO-27001-2022-A.8.28",
34168
+ "framework": "ISO/IEC 27001:2022",
34169
+ "control_name": "Secure coding"
34170
+ },
34171
+ {
34172
+ "id": "ISO-27001-2022-A.8.8",
34173
+ "framework": "ISO/IEC 27001:2022",
34174
+ "control_name": "Management of technical vulnerabilities"
34175
+ },
34176
+ {
34177
+ "id": "ISO-IEC-23894-2023-clause-7",
34178
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
34179
+ "control_name": "AI risk management process"
34180
+ },
34181
+ {
34182
+ "id": "NERC-CIP-007-6-R4",
34183
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
34184
+ "control_name": "Security event monitoring"
34185
+ },
34186
+ {
34187
+ "id": "NIS2-Art21-patch-management",
34188
+ "framework": "EU NIS2 Directive",
34189
+ "control_name": "Vulnerability handling and disclosure"
34190
+ },
34191
+ {
34192
+ "id": "NIST-800-115",
34193
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
34194
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
34195
+ },
34196
+ {
34197
+ "id": "NIST-800-218-SSDF",
34198
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
34199
+ "control_name": "Secure Software Development Framework"
34200
+ },
34201
+ {
34202
+ "id": "NIST-800-53-AC-2",
34203
+ "framework": "NIST SP 800-53 Rev 5",
34204
+ "control_name": "Account Management"
34205
+ },
34206
+ {
34207
+ "id": "NIST-800-53-SC-8",
34208
+ "framework": "NIST SP 800-53 Rev 5",
34209
+ "control_name": "Transmission Confidentiality and Integrity"
34210
+ },
34211
+ {
34212
+ "id": "NIST-800-53-SI-2",
34213
+ "framework": "NIST SP 800-53 Rev 5",
34214
+ "control_name": "Flaw Remediation"
34215
+ },
34216
+ {
34217
+ "id": "NIST-800-53-SI-3",
34218
+ "framework": "NIST SP 800-53 Rev 5",
34219
+ "control_name": "Malicious Code Protection"
34220
+ },
34221
+ {
34222
+ "id": "NIST-800-82r3",
34223
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
34224
+ "control_name": "Guide to Operational Technology (OT) Security"
34225
+ },
34226
+ {
34227
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
34228
+ "framework": "OWASP Top 10 for LLM Applications 2025",
34229
+ "control_name": "Prompt Injection"
34230
+ },
34231
+ {
34232
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
34233
+ "framework": "OWASP Top 10 for LLM Applications 2025",
34234
+ "control_name": "Sensitive Information Disclosure"
34235
+ },
34236
+ {
34237
+ "id": "OWASP-Pen-Testing-Guide-v5",
34238
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
34239
+ "control_name": "Web application penetration testing methodology"
34240
+ },
34241
+ {
34242
+ "id": "PCI-DSS-4.0-6.3.3",
34243
+ "framework": "PCI DSS 4.0",
34244
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
34245
+ },
34246
+ {
34247
+ "id": "PTES-Pre-engagement",
34248
+ "framework": "Penetration Testing Execution Standard (PTES)",
34249
+ "control_name": "Pre-engagement Interactions"
34250
+ },
34251
+ {
34252
+ "id": "SOC2-CC6-logical-access",
34253
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
34254
+ "control_name": "Logical and Physical Access Controls"
34255
+ },
34256
+ {
34257
+ "id": "SOC2-CC9-vendor-management",
34258
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
34259
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
34260
+ }
34261
+ ],
34262
+ "attack_refs": [
34263
+ "T0855",
34264
+ "T0883",
34265
+ "T1059",
34266
+ "T1068",
34267
+ "T1078",
34268
+ "T1133",
34269
+ "T1190",
34270
+ "T1548.001",
34271
+ "T1566"
34272
+ ],
34273
+ "rfc_refs": [
34274
+ "RFC-4301",
34275
+ "RFC-4303",
34276
+ "RFC-7296"
34277
+ ]
34278
+ }
34279
+ },
33194
34280
  "CVE-2026-41091": {
33195
34281
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
33196
34282
  "rwep": 45,
@@ -59569,13 +60655,16 @@
59569
60655
  "CVE-2022-1471",
59570
60656
  "CVE-2023-43472",
59571
60657
  "CVE-2023-43654",
60658
+ "CVE-2023-44467",
59572
60659
  "CVE-2023-48022",
59573
60660
  "CVE-2023-51449",
59574
60661
  "CVE-2024-0132",
59575
60662
  "CVE-2024-11392",
59576
60663
  "CVE-2024-11393",
59577
60664
  "CVE-2024-11394",
60665
+ "CVE-2024-13059",
59578
60666
  "CVE-2024-1561",
60667
+ "CVE-2024-21513",
59579
60668
  "CVE-2024-21575",
59580
60669
  "CVE-2024-21576",
59581
60670
  "CVE-2024-27132",
@@ -59962,13 +61051,16 @@
59962
61051
  "CVE-2022-1471",
59963
61052
  "CVE-2023-43472",
59964
61053
  "CVE-2023-43654",
61054
+ "CVE-2023-44467",
59965
61055
  "CVE-2023-48022",
59966
61056
  "CVE-2023-51449",
59967
61057
  "CVE-2024-0132",
59968
61058
  "CVE-2024-11392",
59969
61059
  "CVE-2024-11393",
59970
61060
  "CVE-2024-11394",
61061
+ "CVE-2024-13059",
59971
61062
  "CVE-2024-1561",
61063
+ "CVE-2024-21513",
59972
61064
  "CVE-2024-21575",
59973
61065
  "CVE-2024-21576",
59974
61066
  "CVE-2024-27132",
@@ -60146,13 +61238,16 @@
60146
61238
  "CVE-2022-1471",
60147
61239
  "CVE-2023-43472",
60148
61240
  "CVE-2023-43654",
61241
+ "CVE-2023-44467",
60149
61242
  "CVE-2023-48022",
60150
61243
  "CVE-2023-51449",
60151
61244
  "CVE-2024-0132",
60152
61245
  "CVE-2024-11392",
60153
61246
  "CVE-2024-11393",
60154
61247
  "CVE-2024-11394",
61248
+ "CVE-2024-13059",
60155
61249
  "CVE-2024-1561",
61250
+ "CVE-2024-21513",
60156
61251
  "CVE-2024-21575",
60157
61252
  "CVE-2024-21576",
60158
61253
  "CVE-2024-27132",
@@ -60344,13 +61439,16 @@
60344
61439
  "CVE-2022-1471",
60345
61440
  "CVE-2023-43472",
60346
61441
  "CVE-2023-43654",
61442
+ "CVE-2023-44467",
60347
61443
  "CVE-2023-48022",
60348
61444
  "CVE-2023-51449",
60349
61445
  "CVE-2024-0132",
60350
61446
  "CVE-2024-11392",
60351
61447
  "CVE-2024-11393",
60352
61448
  "CVE-2024-11394",
61449
+ "CVE-2024-13059",
60353
61450
  "CVE-2024-1561",
61451
+ "CVE-2024-21513",
60354
61452
  "CVE-2024-21575",
60355
61453
  "CVE-2024-21576",
60356
61454
  "CVE-2024-27132",
@@ -60646,13 +61744,16 @@
60646
61744
  "CVE-2022-1471",
60647
61745
  "CVE-2023-43472",
60648
61746
  "CVE-2023-43654",
61747
+ "CVE-2023-44467",
60649
61748
  "CVE-2023-48022",
60650
61749
  "CVE-2023-51449",
60651
61750
  "CVE-2024-0132",
60652
61751
  "CVE-2024-11392",
60653
61752
  "CVE-2024-11393",
60654
61753
  "CVE-2024-11394",
61754
+ "CVE-2024-13059",
60655
61755
  "CVE-2024-1561",
61756
+ "CVE-2024-21513",
60656
61757
  "CVE-2024-21575",
60657
61758
  "CVE-2024-21576",
60658
61759
  "CVE-2024-27132",
@@ -60902,6 +62003,7 @@
60902
62003
  "CVE-2023-41974",
60903
62004
  "CVE-2023-43000",
60904
62005
  "CVE-2023-43654",
62006
+ "CVE-2023-44467",
60905
62007
  "CVE-2023-48022",
60906
62008
  "CVE-2023-50224",
60907
62009
  "CVE-2023-51449",
@@ -60913,8 +62015,10 @@
60913
62015
  "CVE-2024-11393",
60914
62016
  "CVE-2024-11394",
60915
62017
  "CVE-2024-12987",
62018
+ "CVE-2024-13059",
60916
62019
  "CVE-2024-1561",
60917
62020
  "CVE-2024-1708",
62021
+ "CVE-2024-21513",
60918
62022
  "CVE-2024-21575",
60919
62023
  "CVE-2024-21576",
60920
62024
  "CVE-2024-21762",
@@ -61750,13 +62854,16 @@
61750
62854
  "CVE-2022-1471",
61751
62855
  "CVE-2023-43472",
61752
62856
  "CVE-2023-43654",
62857
+ "CVE-2023-44467",
61753
62858
  "CVE-2023-48022",
61754
62859
  "CVE-2023-51449",
61755
62860
  "CVE-2024-0132",
61756
62861
  "CVE-2024-11392",
61757
62862
  "CVE-2024-11393",
61758
62863
  "CVE-2024-11394",
62864
+ "CVE-2024-13059",
61759
62865
  "CVE-2024-1561",
62866
+ "CVE-2024-21513",
61760
62867
  "CVE-2024-21575",
61761
62868
  "CVE-2024-21576",
61762
62869
  "CVE-2024-27132",
@@ -62373,13 +63480,16 @@
62373
63480
  "CVE-2022-1471",
62374
63481
  "CVE-2023-43472",
62375
63482
  "CVE-2023-43654",
63483
+ "CVE-2023-44467",
62376
63484
  "CVE-2023-48022",
62377
63485
  "CVE-2023-51449",
62378
63486
  "CVE-2024-0132",
62379
63487
  "CVE-2024-11392",
62380
63488
  "CVE-2024-11393",
62381
63489
  "CVE-2024-11394",
63490
+ "CVE-2024-13059",
62382
63491
  "CVE-2024-1561",
63492
+ "CVE-2024-21513",
62383
63493
  "CVE-2024-21575",
62384
63494
  "CVE-2024-21576",
62385
63495
  "CVE-2024-27132",
@@ -62634,13 +63744,16 @@
62634
63744
  "related_cves": [
62635
63745
  "CVE-2022-1471",
62636
63746
  "CVE-2023-43654",
63747
+ "CVE-2023-44467",
62637
63748
  "CVE-2023-48022",
62638
63749
  "CVE-2023-51449",
62639
63750
  "CVE-2024-0132",
62640
63751
  "CVE-2024-11392",
62641
63752
  "CVE-2024-11393",
62642
63753
  "CVE-2024-11394",
63754
+ "CVE-2024-13059",
62643
63755
  "CVE-2024-1561",
63756
+ "CVE-2024-21513",
62644
63757
  "CVE-2024-21575",
62645
63758
  "CVE-2024-21576",
62646
63759
  "CVE-2024-27132",
@@ -63321,13 +64434,16 @@
63321
64434
  "CVE-2022-1471",
63322
64435
  "CVE-2023-43472",
63323
64436
  "CVE-2023-43654",
64437
+ "CVE-2023-44467",
63324
64438
  "CVE-2023-48022",
63325
64439
  "CVE-2023-51449",
63326
64440
  "CVE-2024-0132",
63327
64441
  "CVE-2024-11392",
63328
64442
  "CVE-2024-11393",
63329
64443
  "CVE-2024-11394",
64444
+ "CVE-2024-13059",
63330
64445
  "CVE-2024-1561",
64446
+ "CVE-2024-21513",
63331
64447
  "CVE-2024-21575",
63332
64448
  "CVE-2024-21576",
63333
64449
  "CVE-2024-27132",
@@ -63584,6 +64700,7 @@
63584
64700
  "CVE-2023-41974",
63585
64701
  "CVE-2023-43000",
63586
64702
  "CVE-2023-43654",
64703
+ "CVE-2023-44467",
63587
64704
  "CVE-2023-48022",
63588
64705
  "CVE-2023-50224",
63589
64706
  "CVE-2023-51449",
@@ -63595,8 +64712,10 @@
63595
64712
  "CVE-2024-11393",
63596
64713
  "CVE-2024-11394",
63597
64714
  "CVE-2024-12987",
64715
+ "CVE-2024-13059",
63598
64716
  "CVE-2024-1561",
63599
64717
  "CVE-2024-1708",
64718
+ "CVE-2024-21513",
63600
64719
  "CVE-2024-21575",
63601
64720
  "CVE-2024-21576",
63602
64721
  "CVE-2024-21762",
@@ -64028,6 +65147,7 @@
64028
65147
  "CVE-2023-41974",
64029
65148
  "CVE-2023-43000",
64030
65149
  "CVE-2023-43654",
65150
+ "CVE-2023-44467",
64031
65151
  "CVE-2023-48022",
64032
65152
  "CVE-2023-50224",
64033
65153
  "CVE-2023-51449",
@@ -64039,8 +65159,10 @@
64039
65159
  "CVE-2024-11393",
64040
65160
  "CVE-2024-11394",
64041
65161
  "CVE-2024-12987",
65162
+ "CVE-2024-13059",
64042
65163
  "CVE-2024-1561",
64043
65164
  "CVE-2024-1708",
65165
+ "CVE-2024-21513",
64044
65166
  "CVE-2024-21575",
64045
65167
  "CVE-2024-21576",
64046
65168
  "CVE-2024-21762",
@@ -64505,13 +65627,16 @@
64505
65627
  "CVE-2022-1471",
64506
65628
  "CVE-2023-43472",
64507
65629
  "CVE-2023-43654",
65630
+ "CVE-2023-44467",
64508
65631
  "CVE-2023-48022",
64509
65632
  "CVE-2023-51449",
64510
65633
  "CVE-2024-0132",
64511
65634
  "CVE-2024-11392",
64512
65635
  "CVE-2024-11393",
64513
65636
  "CVE-2024-11394",
65637
+ "CVE-2024-13059",
64514
65638
  "CVE-2024-1561",
65639
+ "CVE-2024-21513",
64515
65640
  "CVE-2024-21575",
64516
65641
  "CVE-2024-21576",
64517
65642
  "CVE-2024-27132",
@@ -65320,6 +66445,7 @@
65320
66445
  "CVE-2023-41974",
65321
66446
  "CVE-2023-43000",
65322
66447
  "CVE-2023-43654",
66448
+ "CVE-2023-44467",
65323
66449
  "CVE-2023-48022",
65324
66450
  "CVE-2023-50224",
65325
66451
  "CVE-2023-51449",
@@ -65331,8 +66457,10 @@
65331
66457
  "CVE-2024-11393",
65332
66458
  "CVE-2024-11394",
65333
66459
  "CVE-2024-12987",
66460
+ "CVE-2024-13059",
65334
66461
  "CVE-2024-1561",
65335
66462
  "CVE-2024-1708",
66463
+ "CVE-2024-21513",
65336
66464
  "CVE-2024-21575",
65337
66465
  "CVE-2024-21576",
65338
66466
  "CVE-2024-21762",
@@ -65861,13 +66989,16 @@
65861
66989
  "CVE-2022-1471",
65862
66990
  "CVE-2023-43472",
65863
66991
  "CVE-2023-43654",
66992
+ "CVE-2023-44467",
65864
66993
  "CVE-2023-48022",
65865
66994
  "CVE-2023-51449",
65866
66995
  "CVE-2024-0132",
65867
66996
  "CVE-2024-11392",
65868
66997
  "CVE-2024-11393",
65869
66998
  "CVE-2024-11394",
66999
+ "CVE-2024-13059",
65870
67000
  "CVE-2024-1561",
67001
+ "CVE-2024-21513",
65871
67002
  "CVE-2024-21575",
65872
67003
  "CVE-2024-21576",
65873
67004
  "CVE-2024-27132",
@@ -66202,6 +67333,7 @@
66202
67333
  "CVE-2023-43000",
66203
67334
  "CVE-2023-43472",
66204
67335
  "CVE-2023-43654",
67336
+ "CVE-2023-44467",
66205
67337
  "CVE-2023-48022",
66206
67338
  "CVE-2023-50224",
66207
67339
  "CVE-2023-51449",
@@ -66213,8 +67345,10 @@
66213
67345
  "CVE-2024-11393",
66214
67346
  "CVE-2024-11394",
66215
67347
  "CVE-2024-12987",
67348
+ "CVE-2024-13059",
66216
67349
  "CVE-2024-1561",
66217
67350
  "CVE-2024-1708",
67351
+ "CVE-2024-21513",
66218
67352
  "CVE-2024-21575",
66219
67353
  "CVE-2024-21576",
66220
67354
  "CVE-2024-21762",
@@ -66762,13 +67896,16 @@
66762
67896
  "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
66763
67897
  "CVE-2022-1471",
66764
67898
  "CVE-2023-43654",
67899
+ "CVE-2023-44467",
66765
67900
  "CVE-2023-48022",
66766
67901
  "CVE-2023-51449",
66767
67902
  "CVE-2024-0132",
66768
67903
  "CVE-2024-11392",
66769
67904
  "CVE-2024-11393",
66770
67905
  "CVE-2024-11394",
67906
+ "CVE-2024-13059",
66771
67907
  "CVE-2024-1561",
67908
+ "CVE-2024-21513",
66772
67909
  "CVE-2024-21575",
66773
67910
  "CVE-2024-21576",
66774
67911
  "CVE-2024-27132",
@@ -67720,13 +68857,16 @@
67720
68857
  "CVE-2022-1471",
67721
68858
  "CVE-2023-43472",
67722
68859
  "CVE-2023-43654",
68860
+ "CVE-2023-44467",
67723
68861
  "CVE-2023-48022",
67724
68862
  "CVE-2023-51449",
67725
68863
  "CVE-2024-0132",
67726
68864
  "CVE-2024-11392",
67727
68865
  "CVE-2024-11393",
67728
68866
  "CVE-2024-11394",
68867
+ "CVE-2024-13059",
67729
68868
  "CVE-2024-1561",
68869
+ "CVE-2024-21513",
67730
68870
  "CVE-2024-21575",
67731
68871
  "CVE-2024-21576",
67732
68872
  "CVE-2024-27132",
@@ -67842,13 +68982,16 @@
67842
68982
  "related_cves": [
67843
68983
  "CVE-2022-1471",
67844
68984
  "CVE-2023-43654",
68985
+ "CVE-2023-44467",
67845
68986
  "CVE-2023-48022",
67846
68987
  "CVE-2023-51449",
67847
68988
  "CVE-2024-0132",
67848
68989
  "CVE-2024-11392",
67849
68990
  "CVE-2024-11393",
67850
68991
  "CVE-2024-11394",
68992
+ "CVE-2024-13059",
67851
68993
  "CVE-2024-1561",
68994
+ "CVE-2024-21513",
67852
68995
  "CVE-2024-21575",
67853
68996
  "CVE-2024-21576",
67854
68997
  "CVE-2024-27132",
@@ -68034,13 +69177,16 @@
68034
69177
  "CVE-2022-1471",
68035
69178
  "CVE-2023-43472",
68036
69179
  "CVE-2023-43654",
69180
+ "CVE-2023-44467",
68037
69181
  "CVE-2023-48022",
68038
69182
  "CVE-2023-51449",
68039
69183
  "CVE-2024-0132",
68040
69184
  "CVE-2024-11392",
68041
69185
  "CVE-2024-11393",
68042
69186
  "CVE-2024-11394",
69187
+ "CVE-2024-13059",
68043
69188
  "CVE-2024-1561",
69189
+ "CVE-2024-21513",
68044
69190
  "CVE-2024-21575",
68045
69191
  "CVE-2024-21576",
68046
69192
  "CVE-2024-27132",
@@ -68475,6 +69621,7 @@
68475
69621
  "CVE-2023-41974",
68476
69622
  "CVE-2023-43000",
68477
69623
  "CVE-2023-43654",
69624
+ "CVE-2023-44467",
68478
69625
  "CVE-2023-50224",
68479
69626
  "CVE-2023-51449",
68480
69627
  "CVE-2023-52163",
@@ -68484,8 +69631,10 @@
68484
69631
  "CVE-2024-11393",
68485
69632
  "CVE-2024-11394",
68486
69633
  "CVE-2024-12987",
69634
+ "CVE-2024-13059",
68487
69635
  "CVE-2024-1561",
68488
69636
  "CVE-2024-1708",
69637
+ "CVE-2024-21513",
68489
69638
  "CVE-2024-21575",
68490
69639
  "CVE-2024-21576",
68491
69640
  "CVE-2024-21762",
@@ -68940,13 +70089,16 @@
68940
70089
  "CVE-2022-1471",
68941
70090
  "CVE-2023-43472",
68942
70091
  "CVE-2023-43654",
70092
+ "CVE-2023-44467",
68943
70093
  "CVE-2023-48022",
68944
70094
  "CVE-2023-51449",
68945
70095
  "CVE-2024-0132",
68946
70096
  "CVE-2024-11392",
68947
70097
  "CVE-2024-11393",
68948
70098
  "CVE-2024-11394",
70099
+ "CVE-2024-13059",
68949
70100
  "CVE-2024-1561",
70101
+ "CVE-2024-21513",
68950
70102
  "CVE-2024-21575",
68951
70103
  "CVE-2024-21576",
68952
70104
  "CVE-2024-27132",
@@ -69255,13 +70407,16 @@
69255
70407
  "CVE-2022-1471",
69256
70408
  "CVE-2023-43472",
69257
70409
  "CVE-2023-43654",
70410
+ "CVE-2023-44467",
69258
70411
  "CVE-2023-48022",
69259
70412
  "CVE-2023-51449",
69260
70413
  "CVE-2024-0132",
69261
70414
  "CVE-2024-11392",
69262
70415
  "CVE-2024-11393",
69263
70416
  "CVE-2024-11394",
70417
+ "CVE-2024-13059",
69264
70418
  "CVE-2024-1561",
70419
+ "CVE-2024-21513",
69265
70420
  "CVE-2024-21575",
69266
70421
  "CVE-2024-21576",
69267
70422
  "CVE-2024-27132",