@blamejs/exceptd-skills 0.13.93 → 0.13.95

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +770 -0
  6. package/data/atlas-ttps.json +1 -0
  7. package/data/attack-techniques.json +3 -0
  8. package/data/cve-catalog.json +206 -1
  9. package/data/cwe-catalog.json +2 -0
  10. package/data/framework-control-gaps.json +16 -0
  11. package/data/zeroday-lessons.json +100 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -33915,6 +33915,730 @@
33915
33915
  ]
33916
33916
  }
33917
33917
  },
33918
+ "CVE-2024-13059": {
33919
+ "name": "AnythingLLM Non-ASCII Filename Path Traversal Arbitrary File Write to RCE",
33920
+ "rwep": 25,
33921
+ "cvss": 7.2,
33922
+ "cisa_kev": false,
33923
+ "epss_score": null,
33924
+ "referencing_skills": [
33925
+ "kernel-lpe-triage",
33926
+ "ai-attack-surface",
33927
+ "compliance-theater",
33928
+ "attack-surface-pentest",
33929
+ "ot-ics-security",
33930
+ "coordinated-vuln-disclosure",
33931
+ "sector-energy"
33932
+ ],
33933
+ "chain": {
33934
+ "cwes": [
33935
+ {
33936
+ "id": "CWE-1037",
33937
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
33938
+ "category": "Hardware / Side Channel"
33939
+ },
33940
+ {
33941
+ "id": "CWE-1039",
33942
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
33943
+ "category": "AI/ML"
33944
+ },
33945
+ {
33946
+ "id": "CWE-125",
33947
+ "name": "Out-of-bounds Read",
33948
+ "category": "Memory Safety"
33949
+ },
33950
+ {
33951
+ "id": "CWE-1357",
33952
+ "name": "Reliance on Insufficiently Trustworthy Component",
33953
+ "category": "Supply Chain"
33954
+ },
33955
+ {
33956
+ "id": "CWE-1395",
33957
+ "name": "Dependency on Vulnerable Third-Party Component",
33958
+ "category": "Supply Chain"
33959
+ },
33960
+ {
33961
+ "id": "CWE-1426",
33962
+ "name": "Improper Validation of Generative AI Output",
33963
+ "category": "AI/ML"
33964
+ },
33965
+ {
33966
+ "id": "CWE-22",
33967
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
33968
+ "category": "Path/Resource"
33969
+ },
33970
+ {
33971
+ "id": "CWE-269",
33972
+ "name": "Improper Privilege Management",
33973
+ "category": "Authorization"
33974
+ },
33975
+ {
33976
+ "id": "CWE-287",
33977
+ "name": "Improper Authentication",
33978
+ "category": "Authentication"
33979
+ },
33980
+ {
33981
+ "id": "CWE-306",
33982
+ "name": "Missing Authentication for Critical Function",
33983
+ "category": "Authentication"
33984
+ },
33985
+ {
33986
+ "id": "CWE-352",
33987
+ "name": "Cross-Site Request Forgery (CSRF)",
33988
+ "category": "Session"
33989
+ },
33990
+ {
33991
+ "id": "CWE-362",
33992
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
33993
+ "category": "Concurrency"
33994
+ },
33995
+ {
33996
+ "id": "CWE-416",
33997
+ "name": "Use After Free",
33998
+ "category": "Memory Safety"
33999
+ },
34000
+ {
34001
+ "id": "CWE-434",
34002
+ "name": "Unrestricted Upload of File with Dangerous Type",
34003
+ "category": "File Handling"
34004
+ },
34005
+ {
34006
+ "id": "CWE-672",
34007
+ "name": "Operation on a Resource after Expiration or Release",
34008
+ "category": "Memory Safety"
34009
+ },
34010
+ {
34011
+ "id": "CWE-732",
34012
+ "name": "Incorrect Permission Assignment for Critical Resource",
34013
+ "category": "Authorization"
34014
+ },
34015
+ {
34016
+ "id": "CWE-78",
34017
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
34018
+ "category": "Injection"
34019
+ },
34020
+ {
34021
+ "id": "CWE-787",
34022
+ "name": "Out-of-bounds Write",
34023
+ "category": "Memory Safety"
34024
+ },
34025
+ {
34026
+ "id": "CWE-79",
34027
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
34028
+ "category": "Injection"
34029
+ },
34030
+ {
34031
+ "id": "CWE-798",
34032
+ "name": "Use of Hard-coded Credentials",
34033
+ "category": "Credentials"
34034
+ },
34035
+ {
34036
+ "id": "CWE-89",
34037
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
34038
+ "category": "Injection"
34039
+ },
34040
+ {
34041
+ "id": "CWE-918",
34042
+ "name": "Server-Side Request Forgery (SSRF)",
34043
+ "category": "Network"
34044
+ },
34045
+ {
34046
+ "id": "CWE-94",
34047
+ "name": "Improper Control of Generation of Code (Code Injection)",
34048
+ "category": "Injection"
34049
+ }
34050
+ ],
34051
+ "atlas": [
34052
+ {
34053
+ "id": "AML.T0010",
34054
+ "name": "ML Supply Chain Compromise",
34055
+ "tactic": "Initial Access"
34056
+ },
34057
+ {
34058
+ "id": "AML.T0016",
34059
+ "name": "Obtain Capabilities: Develop Capabilities",
34060
+ "tactic": "Resource Development"
34061
+ },
34062
+ {
34063
+ "id": "AML.T0017",
34064
+ "name": "Discover ML Model Ontology",
34065
+ "tactic": "Discovery"
34066
+ },
34067
+ {
34068
+ "id": "AML.T0018",
34069
+ "name": "Backdoor ML Model",
34070
+ "tactic": "Persistence"
34071
+ },
34072
+ {
34073
+ "id": "AML.T0020",
34074
+ "name": "Poison Training Data",
34075
+ "tactic": "ML Attack Staging"
34076
+ },
34077
+ {
34078
+ "id": "AML.T0043",
34079
+ "name": "Craft Adversarial Data",
34080
+ "tactic": "ML Attack Staging"
34081
+ },
34082
+ {
34083
+ "id": "AML.T0051",
34084
+ "name": "LLM Prompt Injection",
34085
+ "tactic": "Execution"
34086
+ },
34087
+ {
34088
+ "id": "AML.T0054",
34089
+ "name": "LLM Jailbreak",
34090
+ "tactic": "Defense Evasion"
34091
+ },
34092
+ {
34093
+ "id": "AML.T0096",
34094
+ "name": "AI API as Covert C2 Channel",
34095
+ "tactic": "Command and Control"
34096
+ }
34097
+ ],
34098
+ "d3fend": [
34099
+ {
34100
+ "id": "D3-ASLR",
34101
+ "name": "Address Space Layout Randomization",
34102
+ "tactic": "Harden"
34103
+ },
34104
+ {
34105
+ "id": "D3-CSPP",
34106
+ "name": "Client-server Payload Profiling",
34107
+ "tactic": "Detect"
34108
+ },
34109
+ {
34110
+ "id": "D3-EAL",
34111
+ "name": "Executable Allowlisting",
34112
+ "tactic": "Harden"
34113
+ },
34114
+ {
34115
+ "id": "D3-IOPR",
34116
+ "name": "Input/Output Profiling Resource",
34117
+ "tactic": "Detect"
34118
+ },
34119
+ {
34120
+ "id": "D3-NTA",
34121
+ "name": "Network Traffic Analysis",
34122
+ "tactic": "Detect"
34123
+ },
34124
+ {
34125
+ "id": "D3-PHRA",
34126
+ "name": "Process Hardware Resource Access",
34127
+ "tactic": "Isolate"
34128
+ },
34129
+ {
34130
+ "id": "D3-PSEP",
34131
+ "name": "Process Segment Execution Prevention",
34132
+ "tactic": "Harden"
34133
+ }
34134
+ ],
34135
+ "framework_gaps": [
34136
+ {
34137
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
34138
+ "framework": "ALL",
34139
+ "control_name": "AI Pipeline Integrity"
34140
+ },
34141
+ {
34142
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
34143
+ "framework": "ALL",
34144
+ "control_name": "Prompt Injection as Access Control Failure"
34145
+ },
34146
+ {
34147
+ "id": "CIS-Controls-v8-Control7",
34148
+ "framework": "CIS Controls v8",
34149
+ "control_name": "Continuous Vulnerability Management"
34150
+ },
34151
+ {
34152
+ "id": "CMMC-2.0-Level-2",
34153
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
34154
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
34155
+ },
34156
+ {
34157
+ "id": "FedRAMP-Rev5-Moderate",
34158
+ "framework": "FedRAMP Rev 5 Moderate",
34159
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
34160
+ },
34161
+ {
34162
+ "id": "IEC-62443-3-3",
34163
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
34164
+ "control_name": "System security requirements and security levels"
34165
+ },
34166
+ {
34167
+ "id": "ISO-27001-2022-A.8.28",
34168
+ "framework": "ISO/IEC 27001:2022",
34169
+ "control_name": "Secure coding"
34170
+ },
34171
+ {
34172
+ "id": "ISO-27001-2022-A.8.8",
34173
+ "framework": "ISO/IEC 27001:2022",
34174
+ "control_name": "Management of technical vulnerabilities"
34175
+ },
34176
+ {
34177
+ "id": "ISO-IEC-23894-2023-clause-7",
34178
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
34179
+ "control_name": "AI risk management process"
34180
+ },
34181
+ {
34182
+ "id": "NERC-CIP-007-6-R4",
34183
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
34184
+ "control_name": "Security event monitoring"
34185
+ },
34186
+ {
34187
+ "id": "NIS2-Art21-patch-management",
34188
+ "framework": "EU NIS2 Directive",
34189
+ "control_name": "Vulnerability handling and disclosure"
34190
+ },
34191
+ {
34192
+ "id": "NIST-800-115",
34193
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
34194
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
34195
+ },
34196
+ {
34197
+ "id": "NIST-800-218-SSDF",
34198
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
34199
+ "control_name": "Secure Software Development Framework"
34200
+ },
34201
+ {
34202
+ "id": "NIST-800-53-AC-2",
34203
+ "framework": "NIST SP 800-53 Rev 5",
34204
+ "control_name": "Account Management"
34205
+ },
34206
+ {
34207
+ "id": "NIST-800-53-SC-8",
34208
+ "framework": "NIST SP 800-53 Rev 5",
34209
+ "control_name": "Transmission Confidentiality and Integrity"
34210
+ },
34211
+ {
34212
+ "id": "NIST-800-53-SI-2",
34213
+ "framework": "NIST SP 800-53 Rev 5",
34214
+ "control_name": "Flaw Remediation"
34215
+ },
34216
+ {
34217
+ "id": "NIST-800-53-SI-3",
34218
+ "framework": "NIST SP 800-53 Rev 5",
34219
+ "control_name": "Malicious Code Protection"
34220
+ },
34221
+ {
34222
+ "id": "NIST-800-82r3",
34223
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
34224
+ "control_name": "Guide to Operational Technology (OT) Security"
34225
+ },
34226
+ {
34227
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
34228
+ "framework": "OWASP Top 10 for LLM Applications 2025",
34229
+ "control_name": "Prompt Injection"
34230
+ },
34231
+ {
34232
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
34233
+ "framework": "OWASP Top 10 for LLM Applications 2025",
34234
+ "control_name": "Sensitive Information Disclosure"
34235
+ },
34236
+ {
34237
+ "id": "OWASP-Pen-Testing-Guide-v5",
34238
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
34239
+ "control_name": "Web application penetration testing methodology"
34240
+ },
34241
+ {
34242
+ "id": "PCI-DSS-4.0-6.3.3",
34243
+ "framework": "PCI DSS 4.0",
34244
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
34245
+ },
34246
+ {
34247
+ "id": "PTES-Pre-engagement",
34248
+ "framework": "Penetration Testing Execution Standard (PTES)",
34249
+ "control_name": "Pre-engagement Interactions"
34250
+ },
34251
+ {
34252
+ "id": "SOC2-CC6-logical-access",
34253
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
34254
+ "control_name": "Logical and Physical Access Controls"
34255
+ },
34256
+ {
34257
+ "id": "SOC2-CC9-vendor-management",
34258
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
34259
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
34260
+ }
34261
+ ],
34262
+ "attack_refs": [
34263
+ "T0855",
34264
+ "T0883",
34265
+ "T1059",
34266
+ "T1068",
34267
+ "T1078",
34268
+ "T1133",
34269
+ "T1190",
34270
+ "T1548.001",
34271
+ "T1566"
34272
+ ],
34273
+ "rfc_refs": [
34274
+ "RFC-4301",
34275
+ "RFC-4303",
34276
+ "RFC-7296"
34277
+ ]
34278
+ }
34279
+ },
34280
+ "CVE-2025-1753": {
34281
+ "name": "LlamaIndex CLI --files OS Command Injection",
34282
+ "rwep": 23,
34283
+ "cvss": 7.8,
34284
+ "cisa_kev": false,
34285
+ "epss_score": null,
34286
+ "referencing_skills": [
34287
+ "kernel-lpe-triage",
34288
+ "ai-attack-surface",
34289
+ "compliance-theater",
34290
+ "attack-surface-pentest",
34291
+ "ot-ics-security",
34292
+ "coordinated-vuln-disclosure",
34293
+ "sector-energy"
34294
+ ],
34295
+ "chain": {
34296
+ "cwes": [
34297
+ {
34298
+ "id": "CWE-1037",
34299
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
34300
+ "category": "Hardware / Side Channel"
34301
+ },
34302
+ {
34303
+ "id": "CWE-1039",
34304
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
34305
+ "category": "AI/ML"
34306
+ },
34307
+ {
34308
+ "id": "CWE-125",
34309
+ "name": "Out-of-bounds Read",
34310
+ "category": "Memory Safety"
34311
+ },
34312
+ {
34313
+ "id": "CWE-1357",
34314
+ "name": "Reliance on Insufficiently Trustworthy Component",
34315
+ "category": "Supply Chain"
34316
+ },
34317
+ {
34318
+ "id": "CWE-1395",
34319
+ "name": "Dependency on Vulnerable Third-Party Component",
34320
+ "category": "Supply Chain"
34321
+ },
34322
+ {
34323
+ "id": "CWE-1426",
34324
+ "name": "Improper Validation of Generative AI Output",
34325
+ "category": "AI/ML"
34326
+ },
34327
+ {
34328
+ "id": "CWE-22",
34329
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
34330
+ "category": "Path/Resource"
34331
+ },
34332
+ {
34333
+ "id": "CWE-269",
34334
+ "name": "Improper Privilege Management",
34335
+ "category": "Authorization"
34336
+ },
34337
+ {
34338
+ "id": "CWE-287",
34339
+ "name": "Improper Authentication",
34340
+ "category": "Authentication"
34341
+ },
34342
+ {
34343
+ "id": "CWE-306",
34344
+ "name": "Missing Authentication for Critical Function",
34345
+ "category": "Authentication"
34346
+ },
34347
+ {
34348
+ "id": "CWE-352",
34349
+ "name": "Cross-Site Request Forgery (CSRF)",
34350
+ "category": "Session"
34351
+ },
34352
+ {
34353
+ "id": "CWE-362",
34354
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
34355
+ "category": "Concurrency"
34356
+ },
34357
+ {
34358
+ "id": "CWE-416",
34359
+ "name": "Use After Free",
34360
+ "category": "Memory Safety"
34361
+ },
34362
+ {
34363
+ "id": "CWE-434",
34364
+ "name": "Unrestricted Upload of File with Dangerous Type",
34365
+ "category": "File Handling"
34366
+ },
34367
+ {
34368
+ "id": "CWE-672",
34369
+ "name": "Operation on a Resource after Expiration or Release",
34370
+ "category": "Memory Safety"
34371
+ },
34372
+ {
34373
+ "id": "CWE-732",
34374
+ "name": "Incorrect Permission Assignment for Critical Resource",
34375
+ "category": "Authorization"
34376
+ },
34377
+ {
34378
+ "id": "CWE-78",
34379
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
34380
+ "category": "Injection"
34381
+ },
34382
+ {
34383
+ "id": "CWE-787",
34384
+ "name": "Out-of-bounds Write",
34385
+ "category": "Memory Safety"
34386
+ },
34387
+ {
34388
+ "id": "CWE-79",
34389
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
34390
+ "category": "Injection"
34391
+ },
34392
+ {
34393
+ "id": "CWE-798",
34394
+ "name": "Use of Hard-coded Credentials",
34395
+ "category": "Credentials"
34396
+ },
34397
+ {
34398
+ "id": "CWE-89",
34399
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
34400
+ "category": "Injection"
34401
+ },
34402
+ {
34403
+ "id": "CWE-918",
34404
+ "name": "Server-Side Request Forgery (SSRF)",
34405
+ "category": "Network"
34406
+ },
34407
+ {
34408
+ "id": "CWE-94",
34409
+ "name": "Improper Control of Generation of Code (Code Injection)",
34410
+ "category": "Injection"
34411
+ }
34412
+ ],
34413
+ "atlas": [
34414
+ {
34415
+ "id": "AML.T0010",
34416
+ "name": "ML Supply Chain Compromise",
34417
+ "tactic": "Initial Access"
34418
+ },
34419
+ {
34420
+ "id": "AML.T0016",
34421
+ "name": "Obtain Capabilities: Develop Capabilities",
34422
+ "tactic": "Resource Development"
34423
+ },
34424
+ {
34425
+ "id": "AML.T0017",
34426
+ "name": "Discover ML Model Ontology",
34427
+ "tactic": "Discovery"
34428
+ },
34429
+ {
34430
+ "id": "AML.T0018",
34431
+ "name": "Backdoor ML Model",
34432
+ "tactic": "Persistence"
34433
+ },
34434
+ {
34435
+ "id": "AML.T0020",
34436
+ "name": "Poison Training Data",
34437
+ "tactic": "ML Attack Staging"
34438
+ },
34439
+ {
34440
+ "id": "AML.T0043",
34441
+ "name": "Craft Adversarial Data",
34442
+ "tactic": "ML Attack Staging"
34443
+ },
34444
+ {
34445
+ "id": "AML.T0051",
34446
+ "name": "LLM Prompt Injection",
34447
+ "tactic": "Execution"
34448
+ },
34449
+ {
34450
+ "id": "AML.T0054",
34451
+ "name": "LLM Jailbreak",
34452
+ "tactic": "Defense Evasion"
34453
+ },
34454
+ {
34455
+ "id": "AML.T0096",
34456
+ "name": "AI API as Covert C2 Channel",
34457
+ "tactic": "Command and Control"
34458
+ }
34459
+ ],
34460
+ "d3fend": [
34461
+ {
34462
+ "id": "D3-ASLR",
34463
+ "name": "Address Space Layout Randomization",
34464
+ "tactic": "Harden"
34465
+ },
34466
+ {
34467
+ "id": "D3-CSPP",
34468
+ "name": "Client-server Payload Profiling",
34469
+ "tactic": "Detect"
34470
+ },
34471
+ {
34472
+ "id": "D3-EAL",
34473
+ "name": "Executable Allowlisting",
34474
+ "tactic": "Harden"
34475
+ },
34476
+ {
34477
+ "id": "D3-IOPR",
34478
+ "name": "Input/Output Profiling Resource",
34479
+ "tactic": "Detect"
34480
+ },
34481
+ {
34482
+ "id": "D3-NTA",
34483
+ "name": "Network Traffic Analysis",
34484
+ "tactic": "Detect"
34485
+ },
34486
+ {
34487
+ "id": "D3-PHRA",
34488
+ "name": "Process Hardware Resource Access",
34489
+ "tactic": "Isolate"
34490
+ },
34491
+ {
34492
+ "id": "D3-PSEP",
34493
+ "name": "Process Segment Execution Prevention",
34494
+ "tactic": "Harden"
34495
+ }
34496
+ ],
34497
+ "framework_gaps": [
34498
+ {
34499
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
34500
+ "framework": "ALL",
34501
+ "control_name": "AI Pipeline Integrity"
34502
+ },
34503
+ {
34504
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
34505
+ "framework": "ALL",
34506
+ "control_name": "Prompt Injection as Access Control Failure"
34507
+ },
34508
+ {
34509
+ "id": "CIS-Controls-v8-Control7",
34510
+ "framework": "CIS Controls v8",
34511
+ "control_name": "Continuous Vulnerability Management"
34512
+ },
34513
+ {
34514
+ "id": "CMMC-2.0-Level-2",
34515
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
34516
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
34517
+ },
34518
+ {
34519
+ "id": "FedRAMP-Rev5-Moderate",
34520
+ "framework": "FedRAMP Rev 5 Moderate",
34521
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
34522
+ },
34523
+ {
34524
+ "id": "IEC-62443-3-3",
34525
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
34526
+ "control_name": "System security requirements and security levels"
34527
+ },
34528
+ {
34529
+ "id": "ISO-27001-2022-A.8.28",
34530
+ "framework": "ISO/IEC 27001:2022",
34531
+ "control_name": "Secure coding"
34532
+ },
34533
+ {
34534
+ "id": "ISO-27001-2022-A.8.8",
34535
+ "framework": "ISO/IEC 27001:2022",
34536
+ "control_name": "Management of technical vulnerabilities"
34537
+ },
34538
+ {
34539
+ "id": "ISO-IEC-23894-2023-clause-7",
34540
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
34541
+ "control_name": "AI risk management process"
34542
+ },
34543
+ {
34544
+ "id": "NERC-CIP-007-6-R4",
34545
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
34546
+ "control_name": "Security event monitoring"
34547
+ },
34548
+ {
34549
+ "id": "NIS2-Art21-patch-management",
34550
+ "framework": "EU NIS2 Directive",
34551
+ "control_name": "Vulnerability handling and disclosure"
34552
+ },
34553
+ {
34554
+ "id": "NIST-800-115",
34555
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
34556
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
34557
+ },
34558
+ {
34559
+ "id": "NIST-800-218-SSDF",
34560
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
34561
+ "control_name": "Secure Software Development Framework"
34562
+ },
34563
+ {
34564
+ "id": "NIST-800-53-AC-2",
34565
+ "framework": "NIST SP 800-53 Rev 5",
34566
+ "control_name": "Account Management"
34567
+ },
34568
+ {
34569
+ "id": "NIST-800-53-SC-8",
34570
+ "framework": "NIST SP 800-53 Rev 5",
34571
+ "control_name": "Transmission Confidentiality and Integrity"
34572
+ },
34573
+ {
34574
+ "id": "NIST-800-53-SI-2",
34575
+ "framework": "NIST SP 800-53 Rev 5",
34576
+ "control_name": "Flaw Remediation"
34577
+ },
34578
+ {
34579
+ "id": "NIST-800-53-SI-3",
34580
+ "framework": "NIST SP 800-53 Rev 5",
34581
+ "control_name": "Malicious Code Protection"
34582
+ },
34583
+ {
34584
+ "id": "NIST-800-82r3",
34585
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
34586
+ "control_name": "Guide to Operational Technology (OT) Security"
34587
+ },
34588
+ {
34589
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
34590
+ "framework": "OWASP Top 10 for LLM Applications 2025",
34591
+ "control_name": "Prompt Injection"
34592
+ },
34593
+ {
34594
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
34595
+ "framework": "OWASP Top 10 for LLM Applications 2025",
34596
+ "control_name": "Sensitive Information Disclosure"
34597
+ },
34598
+ {
34599
+ "id": "OWASP-Pen-Testing-Guide-v5",
34600
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
34601
+ "control_name": "Web application penetration testing methodology"
34602
+ },
34603
+ {
34604
+ "id": "PCI-DSS-4.0-6.3.3",
34605
+ "framework": "PCI DSS 4.0",
34606
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
34607
+ },
34608
+ {
34609
+ "id": "PTES-Pre-engagement",
34610
+ "framework": "Penetration Testing Execution Standard (PTES)",
34611
+ "control_name": "Pre-engagement Interactions"
34612
+ },
34613
+ {
34614
+ "id": "SOC2-CC6-logical-access",
34615
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
34616
+ "control_name": "Logical and Physical Access Controls"
34617
+ },
34618
+ {
34619
+ "id": "SOC2-CC9-vendor-management",
34620
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
34621
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
34622
+ }
34623
+ ],
34624
+ "attack_refs": [
34625
+ "T0855",
34626
+ "T0883",
34627
+ "T1059",
34628
+ "T1068",
34629
+ "T1078",
34630
+ "T1133",
34631
+ "T1190",
34632
+ "T1548.001",
34633
+ "T1566"
34634
+ ],
34635
+ "rfc_refs": [
34636
+ "RFC-4301",
34637
+ "RFC-4303",
34638
+ "RFC-7296"
34639
+ ]
34640
+ }
34641
+ },
33918
34642
  "CVE-2026-41091": {
33919
34643
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
33920
34644
  "rwep": 45,
@@ -60300,6 +61024,7 @@
60300
61024
  "CVE-2024-11392",
60301
61025
  "CVE-2024-11393",
60302
61026
  "CVE-2024-11394",
61027
+ "CVE-2024-13059",
60303
61028
  "CVE-2024-1561",
60304
61029
  "CVE-2024-21513",
60305
61030
  "CVE-2024-21575",
@@ -60317,6 +61042,7 @@
60317
61042
  "CVE-2025-1094",
60318
61043
  "CVE-2025-14174",
60319
61044
  "CVE-2025-1550",
61045
+ "CVE-2025-1753",
60320
61046
  "CVE-2025-23254",
60321
61047
  "CVE-2025-23266",
60322
61048
  "CVE-2025-30165",
@@ -60695,6 +61421,7 @@
60695
61421
  "CVE-2024-11392",
60696
61422
  "CVE-2024-11393",
60697
61423
  "CVE-2024-11394",
61424
+ "CVE-2024-13059",
60698
61425
  "CVE-2024-1561",
60699
61426
  "CVE-2024-21513",
60700
61427
  "CVE-2024-21575",
@@ -60710,6 +61437,7 @@
60710
61437
  "CVE-2025-1094",
60711
61438
  "CVE-2025-14174",
60712
61439
  "CVE-2025-1550",
61440
+ "CVE-2025-1753",
60713
61441
  "CVE-2025-23254",
60714
61442
  "CVE-2025-23266",
60715
61443
  "CVE-2025-30165",
@@ -60881,6 +61609,7 @@
60881
61609
  "CVE-2024-11392",
60882
61610
  "CVE-2024-11393",
60883
61611
  "CVE-2024-11394",
61612
+ "CVE-2024-13059",
60884
61613
  "CVE-2024-1561",
60885
61614
  "CVE-2024-21513",
60886
61615
  "CVE-2024-21575",
@@ -60896,6 +61625,7 @@
60896
61625
  "CVE-2025-1094",
60897
61626
  "CVE-2025-14174",
60898
61627
  "CVE-2025-1550",
61628
+ "CVE-2025-1753",
60899
61629
  "CVE-2025-23254",
60900
61630
  "CVE-2025-23266",
60901
61631
  "CVE-2025-30165",
@@ -61081,6 +61811,7 @@
61081
61811
  "CVE-2024-11392",
61082
61812
  "CVE-2024-11393",
61083
61813
  "CVE-2024-11394",
61814
+ "CVE-2024-13059",
61084
61815
  "CVE-2024-1561",
61085
61816
  "CVE-2024-21513",
61086
61817
  "CVE-2024-21575",
@@ -61096,6 +61827,7 @@
61096
61827
  "CVE-2025-1094",
61097
61828
  "CVE-2025-14174",
61098
61829
  "CVE-2025-1550",
61830
+ "CVE-2025-1753",
61099
61831
  "CVE-2025-23254",
61100
61832
  "CVE-2025-23266",
61101
61833
  "CVE-2025-30165",
@@ -61385,6 +62117,7 @@
61385
62117
  "CVE-2024-11392",
61386
62118
  "CVE-2024-11393",
61387
62119
  "CVE-2024-11394",
62120
+ "CVE-2024-13059",
61388
62121
  "CVE-2024-1561",
61389
62122
  "CVE-2024-21513",
61390
62123
  "CVE-2024-21575",
@@ -61401,6 +62134,7 @@
61401
62134
  "CVE-2025-1094",
61402
62135
  "CVE-2025-11837",
61403
62136
  "CVE-2025-1550",
62137
+ "CVE-2025-1753",
61404
62138
  "CVE-2025-23254",
61405
62139
  "CVE-2025-23266",
61406
62140
  "CVE-2025-30165",
@@ -61648,6 +62382,7 @@
61648
62382
  "CVE-2024-11393",
61649
62383
  "CVE-2024-11394",
61650
62384
  "CVE-2024-12987",
62385
+ "CVE-2024-13059",
61651
62386
  "CVE-2024-1561",
61652
62387
  "CVE-2024-1708",
61653
62388
  "CVE-2024-21513",
@@ -61686,6 +62421,7 @@
61686
62421
  "CVE-2025-14733",
61687
62422
  "CVE-2025-1550",
61688
62423
  "CVE-2025-15556",
62424
+ "CVE-2025-1753",
61689
62425
  "CVE-2025-20281",
61690
62426
  "CVE-2025-20333",
61691
62427
  "CVE-2025-20337",
@@ -62493,6 +63229,7 @@
62493
63229
  "CVE-2024-11392",
62494
63230
  "CVE-2024-11393",
62495
63231
  "CVE-2024-11394",
63232
+ "CVE-2024-13059",
62496
63233
  "CVE-2024-1561",
62497
63234
  "CVE-2024-21513",
62498
63235
  "CVE-2024-21575",
@@ -62510,6 +63247,7 @@
62510
63247
  "CVE-2025-1094",
62511
63248
  "CVE-2025-14174",
62512
63249
  "CVE-2025-1550",
63250
+ "CVE-2025-1753",
62513
63251
  "CVE-2025-23254",
62514
63252
  "CVE-2025-23266",
62515
63253
  "CVE-2025-30165",
@@ -63118,6 +63856,7 @@
63118
63856
  "CVE-2024-11392",
63119
63857
  "CVE-2024-11393",
63120
63858
  "CVE-2024-11394",
63859
+ "CVE-2024-13059",
63121
63860
  "CVE-2024-1561",
63122
63861
  "CVE-2024-21513",
63123
63862
  "CVE-2024-21575",
@@ -63135,6 +63874,7 @@
63135
63874
  "CVE-2025-1094",
63136
63875
  "CVE-2025-14174",
63137
63876
  "CVE-2025-1550",
63877
+ "CVE-2025-1753",
63138
63878
  "CVE-2025-23254",
63139
63879
  "CVE-2025-23266",
63140
63880
  "CVE-2025-30165",
@@ -63381,6 +64121,7 @@
63381
64121
  "CVE-2024-11392",
63382
64122
  "CVE-2024-11393",
63383
64123
  "CVE-2024-11394",
64124
+ "CVE-2024-13059",
63384
64125
  "CVE-2024-1561",
63385
64126
  "CVE-2024-21513",
63386
64127
  "CVE-2024-21575",
@@ -63396,6 +64137,7 @@
63396
64137
  "CVE-2025-1094",
63397
64138
  "CVE-2025-14174",
63398
64139
  "CVE-2025-1550",
64140
+ "CVE-2025-1753",
63399
64141
  "CVE-2025-23254",
63400
64142
  "CVE-2025-23266",
63401
64143
  "CVE-2025-30165",
@@ -64070,6 +64812,7 @@
64070
64812
  "CVE-2024-11392",
64071
64813
  "CVE-2024-11393",
64072
64814
  "CVE-2024-11394",
64815
+ "CVE-2024-13059",
64073
64816
  "CVE-2024-1561",
64074
64817
  "CVE-2024-21513",
64075
64818
  "CVE-2024-21575",
@@ -64087,6 +64830,7 @@
64087
64830
  "CVE-2025-1094",
64088
64831
  "CVE-2025-14174",
64089
64832
  "CVE-2025-1550",
64833
+ "CVE-2025-1753",
64090
64834
  "CVE-2025-23254",
64091
64835
  "CVE-2025-23266",
64092
64836
  "CVE-2025-30165",
@@ -64340,6 +65084,7 @@
64340
65084
  "CVE-2024-11393",
64341
65085
  "CVE-2024-11394",
64342
65086
  "CVE-2024-12987",
65087
+ "CVE-2024-13059",
64343
65088
  "CVE-2024-1561",
64344
65089
  "CVE-2024-1708",
64345
65090
  "CVE-2024-21513",
@@ -64378,6 +65123,7 @@
64378
65123
  "CVE-2025-14733",
64379
65124
  "CVE-2025-1550",
64380
65125
  "CVE-2025-15556",
65126
+ "CVE-2025-1753",
64381
65127
  "CVE-2025-20281",
64382
65128
  "CVE-2025-20333",
64383
65129
  "CVE-2025-20337",
@@ -64786,6 +65532,7 @@
64786
65532
  "CVE-2024-11393",
64787
65533
  "CVE-2024-11394",
64788
65534
  "CVE-2024-12987",
65535
+ "CVE-2024-13059",
64789
65536
  "CVE-2024-1561",
64790
65537
  "CVE-2024-1708",
64791
65538
  "CVE-2024-21513",
@@ -64824,6 +65571,7 @@
64824
65571
  "CVE-2025-14733",
64825
65572
  "CVE-2025-1550",
64826
65573
  "CVE-2025-15556",
65574
+ "CVE-2025-1753",
64827
65575
  "CVE-2025-20281",
64828
65576
  "CVE-2025-20333",
64829
65577
  "CVE-2025-20337",
@@ -65260,6 +66008,7 @@
65260
66008
  "CVE-2024-11392",
65261
66009
  "CVE-2024-11393",
65262
66010
  "CVE-2024-11394",
66011
+ "CVE-2024-13059",
65263
66012
  "CVE-2024-1561",
65264
66013
  "CVE-2024-21513",
65265
66014
  "CVE-2024-21575",
@@ -65277,6 +66026,7 @@
65277
66026
  "CVE-2025-1094",
65278
66027
  "CVE-2025-14174",
65279
66028
  "CVE-2025-1550",
66029
+ "CVE-2025-1753",
65280
66030
  "CVE-2025-23254",
65281
66031
  "CVE-2025-23266",
65282
66032
  "CVE-2025-30165",
@@ -66082,6 +66832,7 @@
66082
66832
  "CVE-2024-11393",
66083
66833
  "CVE-2024-11394",
66084
66834
  "CVE-2024-12987",
66835
+ "CVE-2024-13059",
66085
66836
  "CVE-2024-1561",
66086
66837
  "CVE-2024-1708",
66087
66838
  "CVE-2024-21513",
@@ -66120,6 +66871,7 @@
66120
66871
  "CVE-2025-14733",
66121
66872
  "CVE-2025-1550",
66122
66873
  "CVE-2025-15556",
66874
+ "CVE-2025-1753",
66123
66875
  "CVE-2025-20281",
66124
66876
  "CVE-2025-20333",
66125
66877
  "CVE-2025-20337",
@@ -66620,6 +67372,7 @@
66620
67372
  "CVE-2024-11392",
66621
67373
  "CVE-2024-11393",
66622
67374
  "CVE-2024-11394",
67375
+ "CVE-2024-13059",
66623
67376
  "CVE-2024-1561",
66624
67377
  "CVE-2024-21513",
66625
67378
  "CVE-2024-21575",
@@ -66637,6 +67390,7 @@
66637
67390
  "CVE-2025-1094",
66638
67391
  "CVE-2025-14174",
66639
67392
  "CVE-2025-1550",
67393
+ "CVE-2025-1753",
66640
67394
  "CVE-2025-23254",
66641
67395
  "CVE-2025-23266",
66642
67396
  "CVE-2025-30165",
@@ -66968,6 +67722,7 @@
66968
67722
  "CVE-2024-11393",
66969
67723
  "CVE-2024-11394",
66970
67724
  "CVE-2024-12987",
67725
+ "CVE-2024-13059",
66971
67726
  "CVE-2024-1561",
66972
67727
  "CVE-2024-1708",
66973
67728
  "CVE-2024-21513",
@@ -67009,6 +67764,7 @@
67009
67764
  "CVE-2025-14733",
67010
67765
  "CVE-2025-1550",
67011
67766
  "CVE-2025-15556",
67767
+ "CVE-2025-1753",
67012
67768
  "CVE-2025-20281",
67013
67769
  "CVE-2025-20333",
67014
67770
  "CVE-2025-20337",
@@ -67525,6 +68281,7 @@
67525
68281
  "CVE-2024-11392",
67526
68282
  "CVE-2024-11393",
67527
68283
  "CVE-2024-11394",
68284
+ "CVE-2024-13059",
67528
68285
  "CVE-2024-1561",
67529
68286
  "CVE-2024-21513",
67530
68287
  "CVE-2024-21575",
@@ -67541,6 +68298,7 @@
67541
68298
  "CVE-2025-1094",
67542
68299
  "CVE-2025-14174",
67543
68300
  "CVE-2025-1550",
68301
+ "CVE-2025-1753",
67544
68302
  "CVE-2025-23254",
67545
68303
  "CVE-2025-23266",
67546
68304
  "CVE-2025-30165",
@@ -68485,6 +69243,7 @@
68485
69243
  "CVE-2024-11392",
68486
69244
  "CVE-2024-11393",
68487
69245
  "CVE-2024-11394",
69246
+ "CVE-2024-13059",
68488
69247
  "CVE-2024-1561",
68489
69248
  "CVE-2024-21513",
68490
69249
  "CVE-2024-21575",
@@ -68502,6 +69261,7 @@
68502
69261
  "CVE-2025-1094",
68503
69262
  "CVE-2025-14174",
68504
69263
  "CVE-2025-1550",
69264
+ "CVE-2025-1753",
68505
69265
  "CVE-2025-23254",
68506
69266
  "CVE-2025-23266",
68507
69267
  "CVE-2025-30165",
@@ -68609,6 +69369,7 @@
68609
69369
  "CVE-2024-11392",
68610
69370
  "CVE-2024-11393",
68611
69371
  "CVE-2024-11394",
69372
+ "CVE-2024-13059",
68612
69373
  "CVE-2024-1561",
68613
69374
  "CVE-2024-21513",
68614
69375
  "CVE-2024-21575",
@@ -68623,6 +69384,7 @@
68623
69384
  "CVE-2025-1094",
68624
69385
  "CVE-2025-14174",
68625
69386
  "CVE-2025-1550",
69387
+ "CVE-2025-1753",
68626
69388
  "CVE-2025-23254",
68627
69389
  "CVE-2025-23266",
68628
69390
  "CVE-2025-30165",
@@ -68803,6 +69565,7 @@
68803
69565
  "CVE-2024-11392",
68804
69566
  "CVE-2024-11393",
68805
69567
  "CVE-2024-11394",
69568
+ "CVE-2024-13059",
68806
69569
  "CVE-2024-1561",
68807
69570
  "CVE-2024-21513",
68808
69571
  "CVE-2024-21575",
@@ -68817,6 +69580,7 @@
68817
69580
  "CVE-2025-1094",
68818
69581
  "CVE-2025-11837",
68819
69582
  "CVE-2025-1550",
69583
+ "CVE-2025-1753",
68820
69584
  "CVE-2025-23254",
68821
69585
  "CVE-2025-23266",
68822
69586
  "CVE-2025-30165",
@@ -69249,6 +70013,7 @@
69249
70013
  "CVE-2024-11393",
69250
70014
  "CVE-2024-11394",
69251
70015
  "CVE-2024-12987",
70016
+ "CVE-2024-13059",
69252
70017
  "CVE-2024-1561",
69253
70018
  "CVE-2024-1708",
69254
70019
  "CVE-2024-21513",
@@ -69286,6 +70051,7 @@
69286
70051
  "CVE-2025-14733",
69287
70052
  "CVE-2025-1550",
69288
70053
  "CVE-2025-15556",
70054
+ "CVE-2025-1753",
69289
70055
  "CVE-2025-20281",
69290
70056
  "CVE-2025-20333",
69291
70057
  "CVE-2025-20337",
@@ -69713,6 +70479,7 @@
69713
70479
  "CVE-2024-11392",
69714
70480
  "CVE-2024-11393",
69715
70481
  "CVE-2024-11394",
70482
+ "CVE-2024-13059",
69716
70483
  "CVE-2024-1561",
69717
70484
  "CVE-2024-21513",
69718
70485
  "CVE-2024-21575",
@@ -69730,6 +70497,7 @@
69730
70497
  "CVE-2025-1094",
69731
70498
  "CVE-2025-14174",
69732
70499
  "CVE-2025-1550",
70500
+ "CVE-2025-1753",
69733
70501
  "CVE-2025-23254",
69734
70502
  "CVE-2025-23266",
69735
70503
  "CVE-2025-30165",
@@ -70030,6 +70798,7 @@
70030
70798
  "CVE-2024-11392",
70031
70799
  "CVE-2024-11393",
70032
70800
  "CVE-2024-11394",
70801
+ "CVE-2024-13059",
70033
70802
  "CVE-2024-1561",
70034
70803
  "CVE-2024-21513",
70035
70804
  "CVE-2024-21575",
@@ -70047,6 +70816,7 @@
70047
70816
  "CVE-2025-11837",
70048
70817
  "CVE-2025-14847",
70049
70818
  "CVE-2025-1550",
70819
+ "CVE-2025-1753",
70050
70820
  "CVE-2025-22226",
70051
70821
  "CVE-2025-23254",
70052
70822
  "CVE-2025-23266",