@blamejs/exceptd-skills 0.13.94 → 0.13.95
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/data/_indexes/_meta.json +8 -8
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +385 -0
- package/data/attack-techniques.json +1 -0
- package/data/cve-catalog.json +103 -1
- package/data/cwe-catalog.json +1 -0
- package/data/framework-control-gaps.json +8 -0
- package/data/zeroday-lessons.json +50 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +23 -23
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.13.95 — 2026-05-25
|
|
4
|
+
|
|
5
|
+
CVE catalog — LlamaIndex CLI command injection. Adds **CVE-2025-1753** (CWE-78, CNA huntr.dev CVSS 7.8; NVD has not assigned its own score): the LlamaIndex CLI builds a shell command from the user-supplied `--files` argument and runs it without neutralization, so shell metacharacters execute arbitrary OS commands; the fix adds shlex escaping. Maps ATT&CK T1059, with a zero-day lesson (NEW-CTRL-100) requiring AI-framework CLIs/tools to use argv-array execution or shlex neutralization rather than building shell strings from arguments — the same root cause as the MCP-stdio command-injection family, applied to a framework CLI. CVE count 369 → 370.
|
|
6
|
+
|
|
3
7
|
## 0.13.94 — 2026-05-25
|
|
4
8
|
|
|
5
9
|
CVE catalog — AnythingLLM upload path traversal to RCE. Adds **CVE-2024-13059** (CWE-22, NIST CVSS 7.2): AnythingLLM's multer-based upload handler mishandles non-ASCII filenames so they decode into `../` traversal sequences, letting a manager/admin user write attacker content to an arbitrary path (e.g. a startup script) and achieve remote code execution on the host; fixed in 1.3.1. Maps ATLAS AML.T0049 and ATT&CK T1190 / T1059, and reuses the runtime-API path-traversal control (NEW-CTRL-094) shared with the Ollama entries — AI-app file/path inputs must be canonicalized and validated, including non-ASCII transforms, before touching the filesystem. CVE count 368 → 369.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,21 +1,21 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-26T03:
|
|
3
|
+
"generated_at": "2026-05-26T03:30:30.490Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
7
|
+
"manifest.json": "ca9e058f24dff42048d0dbd2bc1cbe43d1bb6952a725ae3cd2b1d008d600d3ec",
|
|
8
8
|
"data/atlas-ttps.json": "00c4cd73790a452917a61423c12ecdaf4a7dd27544a9239665fbef4779ba0c6a",
|
|
9
|
-
"data/attack-techniques.json": "
|
|
10
|
-
"data/cve-catalog.json": "
|
|
11
|
-
"data/cwe-catalog.json": "
|
|
9
|
+
"data/attack-techniques.json": "b3f989c348815c79f76a23ce147222e64e92e405f73fdfb60504691c05462b38",
|
|
10
|
+
"data/cve-catalog.json": "726ebd2d7428346544d033f7e05b10c9ca527d6fea545accb23b3646a9209760",
|
|
11
|
+
"data/cwe-catalog.json": "5298d58103a45efe5149c96f578416fe49f517da84a69560063f6dd7ff0dbca4",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
14
14
|
"data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
|
|
15
|
-
"data/framework-control-gaps.json": "
|
|
15
|
+
"data/framework-control-gaps.json": "e2db0d9fa8e439ff79f8e65ec66fc260cbc83ca2b22ef4455c6a551aef8c14fe",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
|
|
18
|
-
"data/zeroday-lessons.json": "
|
|
18
|
+
"data/zeroday-lessons.json": "1075c96dff51cc9834ebf1c013203e0ad5a81e09366e10fe16a4a5aa4ca77e46",
|
|
19
19
|
"skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
|
|
20
20
|
"skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
|
|
21
21
|
"skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
|
|
@@ -72,7 +72,7 @@
|
|
|
72
72
|
"dlp_refs": 0
|
|
73
73
|
},
|
|
74
74
|
"trigger_table_entries": 538,
|
|
75
|
-
"chains_cve_entries":
|
|
75
|
+
"chains_cve_entries": 359,
|
|
76
76
|
"chains_cwe_entries": 171,
|
|
77
77
|
"jurisdictions_indexed": 29,
|
|
78
78
|
"handoff_dag_nodes": 42,
|
|
@@ -149,7 +149,7 @@
|
|
|
149
149
|
"artifact": "data/cve-catalog.json",
|
|
150
150
|
"path": "data/cve-catalog.json",
|
|
151
151
|
"schema_version": "1.0.0",
|
|
152
|
-
"entry_count":
|
|
152
|
+
"entry_count": 370
|
|
153
153
|
},
|
|
154
154
|
{
|
|
155
155
|
"date": "2026-05-18",
|
|
@@ -165,7 +165,7 @@
|
|
|
165
165
|
"artifact": "data/zeroday-lessons.json",
|
|
166
166
|
"path": "data/zeroday-lessons.json",
|
|
167
167
|
"schema_version": "1.1.0",
|
|
168
|
-
"entry_count":
|
|
168
|
+
"entry_count": 365
|
|
169
169
|
},
|
|
170
170
|
{
|
|
171
171
|
"date": "2026-05-17",
|
|
@@ -62,7 +62,7 @@
|
|
|
62
62
|
"rebuild_after_days": 365,
|
|
63
63
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
64
64
|
},
|
|
65
|
-
"entry_count":
|
|
65
|
+
"entry_count": 370,
|
|
66
66
|
"sample_keys": [
|
|
67
67
|
"CVE-2025-53773",
|
|
68
68
|
"CVE-2026-30615",
|
|
@@ -238,7 +238,7 @@
|
|
|
238
238
|
"rebuild_after_days": 365,
|
|
239
239
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
240
240
|
},
|
|
241
|
-
"entry_count":
|
|
241
|
+
"entry_count": 365,
|
|
242
242
|
"sample_keys": [
|
|
243
243
|
"CVE-2026-31431",
|
|
244
244
|
"CVE-2025-53773",
|
|
@@ -34277,6 +34277,368 @@
|
|
|
34277
34277
|
]
|
|
34278
34278
|
}
|
|
34279
34279
|
},
|
|
34280
|
+
"CVE-2025-1753": {
|
|
34281
|
+
"name": "LlamaIndex CLI --files OS Command Injection",
|
|
34282
|
+
"rwep": 23,
|
|
34283
|
+
"cvss": 7.8,
|
|
34284
|
+
"cisa_kev": false,
|
|
34285
|
+
"epss_score": null,
|
|
34286
|
+
"referencing_skills": [
|
|
34287
|
+
"kernel-lpe-triage",
|
|
34288
|
+
"ai-attack-surface",
|
|
34289
|
+
"compliance-theater",
|
|
34290
|
+
"attack-surface-pentest",
|
|
34291
|
+
"ot-ics-security",
|
|
34292
|
+
"coordinated-vuln-disclosure",
|
|
34293
|
+
"sector-energy"
|
|
34294
|
+
],
|
|
34295
|
+
"chain": {
|
|
34296
|
+
"cwes": [
|
|
34297
|
+
{
|
|
34298
|
+
"id": "CWE-1037",
|
|
34299
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
34300
|
+
"category": "Hardware / Side Channel"
|
|
34301
|
+
},
|
|
34302
|
+
{
|
|
34303
|
+
"id": "CWE-1039",
|
|
34304
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
34305
|
+
"category": "AI/ML"
|
|
34306
|
+
},
|
|
34307
|
+
{
|
|
34308
|
+
"id": "CWE-125",
|
|
34309
|
+
"name": "Out-of-bounds Read",
|
|
34310
|
+
"category": "Memory Safety"
|
|
34311
|
+
},
|
|
34312
|
+
{
|
|
34313
|
+
"id": "CWE-1357",
|
|
34314
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
34315
|
+
"category": "Supply Chain"
|
|
34316
|
+
},
|
|
34317
|
+
{
|
|
34318
|
+
"id": "CWE-1395",
|
|
34319
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
34320
|
+
"category": "Supply Chain"
|
|
34321
|
+
},
|
|
34322
|
+
{
|
|
34323
|
+
"id": "CWE-1426",
|
|
34324
|
+
"name": "Improper Validation of Generative AI Output",
|
|
34325
|
+
"category": "AI/ML"
|
|
34326
|
+
},
|
|
34327
|
+
{
|
|
34328
|
+
"id": "CWE-22",
|
|
34329
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
34330
|
+
"category": "Path/Resource"
|
|
34331
|
+
},
|
|
34332
|
+
{
|
|
34333
|
+
"id": "CWE-269",
|
|
34334
|
+
"name": "Improper Privilege Management",
|
|
34335
|
+
"category": "Authorization"
|
|
34336
|
+
},
|
|
34337
|
+
{
|
|
34338
|
+
"id": "CWE-287",
|
|
34339
|
+
"name": "Improper Authentication",
|
|
34340
|
+
"category": "Authentication"
|
|
34341
|
+
},
|
|
34342
|
+
{
|
|
34343
|
+
"id": "CWE-306",
|
|
34344
|
+
"name": "Missing Authentication for Critical Function",
|
|
34345
|
+
"category": "Authentication"
|
|
34346
|
+
},
|
|
34347
|
+
{
|
|
34348
|
+
"id": "CWE-352",
|
|
34349
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
34350
|
+
"category": "Session"
|
|
34351
|
+
},
|
|
34352
|
+
{
|
|
34353
|
+
"id": "CWE-362",
|
|
34354
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
34355
|
+
"category": "Concurrency"
|
|
34356
|
+
},
|
|
34357
|
+
{
|
|
34358
|
+
"id": "CWE-416",
|
|
34359
|
+
"name": "Use After Free",
|
|
34360
|
+
"category": "Memory Safety"
|
|
34361
|
+
},
|
|
34362
|
+
{
|
|
34363
|
+
"id": "CWE-434",
|
|
34364
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
34365
|
+
"category": "File Handling"
|
|
34366
|
+
},
|
|
34367
|
+
{
|
|
34368
|
+
"id": "CWE-672",
|
|
34369
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
34370
|
+
"category": "Memory Safety"
|
|
34371
|
+
},
|
|
34372
|
+
{
|
|
34373
|
+
"id": "CWE-732",
|
|
34374
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
34375
|
+
"category": "Authorization"
|
|
34376
|
+
},
|
|
34377
|
+
{
|
|
34378
|
+
"id": "CWE-78",
|
|
34379
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
34380
|
+
"category": "Injection"
|
|
34381
|
+
},
|
|
34382
|
+
{
|
|
34383
|
+
"id": "CWE-787",
|
|
34384
|
+
"name": "Out-of-bounds Write",
|
|
34385
|
+
"category": "Memory Safety"
|
|
34386
|
+
},
|
|
34387
|
+
{
|
|
34388
|
+
"id": "CWE-79",
|
|
34389
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
34390
|
+
"category": "Injection"
|
|
34391
|
+
},
|
|
34392
|
+
{
|
|
34393
|
+
"id": "CWE-798",
|
|
34394
|
+
"name": "Use of Hard-coded Credentials",
|
|
34395
|
+
"category": "Credentials"
|
|
34396
|
+
},
|
|
34397
|
+
{
|
|
34398
|
+
"id": "CWE-89",
|
|
34399
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
34400
|
+
"category": "Injection"
|
|
34401
|
+
},
|
|
34402
|
+
{
|
|
34403
|
+
"id": "CWE-918",
|
|
34404
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
34405
|
+
"category": "Network"
|
|
34406
|
+
},
|
|
34407
|
+
{
|
|
34408
|
+
"id": "CWE-94",
|
|
34409
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
34410
|
+
"category": "Injection"
|
|
34411
|
+
}
|
|
34412
|
+
],
|
|
34413
|
+
"atlas": [
|
|
34414
|
+
{
|
|
34415
|
+
"id": "AML.T0010",
|
|
34416
|
+
"name": "ML Supply Chain Compromise",
|
|
34417
|
+
"tactic": "Initial Access"
|
|
34418
|
+
},
|
|
34419
|
+
{
|
|
34420
|
+
"id": "AML.T0016",
|
|
34421
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
34422
|
+
"tactic": "Resource Development"
|
|
34423
|
+
},
|
|
34424
|
+
{
|
|
34425
|
+
"id": "AML.T0017",
|
|
34426
|
+
"name": "Discover ML Model Ontology",
|
|
34427
|
+
"tactic": "Discovery"
|
|
34428
|
+
},
|
|
34429
|
+
{
|
|
34430
|
+
"id": "AML.T0018",
|
|
34431
|
+
"name": "Backdoor ML Model",
|
|
34432
|
+
"tactic": "Persistence"
|
|
34433
|
+
},
|
|
34434
|
+
{
|
|
34435
|
+
"id": "AML.T0020",
|
|
34436
|
+
"name": "Poison Training Data",
|
|
34437
|
+
"tactic": "ML Attack Staging"
|
|
34438
|
+
},
|
|
34439
|
+
{
|
|
34440
|
+
"id": "AML.T0043",
|
|
34441
|
+
"name": "Craft Adversarial Data",
|
|
34442
|
+
"tactic": "ML Attack Staging"
|
|
34443
|
+
},
|
|
34444
|
+
{
|
|
34445
|
+
"id": "AML.T0051",
|
|
34446
|
+
"name": "LLM Prompt Injection",
|
|
34447
|
+
"tactic": "Execution"
|
|
34448
|
+
},
|
|
34449
|
+
{
|
|
34450
|
+
"id": "AML.T0054",
|
|
34451
|
+
"name": "LLM Jailbreak",
|
|
34452
|
+
"tactic": "Defense Evasion"
|
|
34453
|
+
},
|
|
34454
|
+
{
|
|
34455
|
+
"id": "AML.T0096",
|
|
34456
|
+
"name": "AI API as Covert C2 Channel",
|
|
34457
|
+
"tactic": "Command and Control"
|
|
34458
|
+
}
|
|
34459
|
+
],
|
|
34460
|
+
"d3fend": [
|
|
34461
|
+
{
|
|
34462
|
+
"id": "D3-ASLR",
|
|
34463
|
+
"name": "Address Space Layout Randomization",
|
|
34464
|
+
"tactic": "Harden"
|
|
34465
|
+
},
|
|
34466
|
+
{
|
|
34467
|
+
"id": "D3-CSPP",
|
|
34468
|
+
"name": "Client-server Payload Profiling",
|
|
34469
|
+
"tactic": "Detect"
|
|
34470
|
+
},
|
|
34471
|
+
{
|
|
34472
|
+
"id": "D3-EAL",
|
|
34473
|
+
"name": "Executable Allowlisting",
|
|
34474
|
+
"tactic": "Harden"
|
|
34475
|
+
},
|
|
34476
|
+
{
|
|
34477
|
+
"id": "D3-IOPR",
|
|
34478
|
+
"name": "Input/Output Profiling Resource",
|
|
34479
|
+
"tactic": "Detect"
|
|
34480
|
+
},
|
|
34481
|
+
{
|
|
34482
|
+
"id": "D3-NTA",
|
|
34483
|
+
"name": "Network Traffic Analysis",
|
|
34484
|
+
"tactic": "Detect"
|
|
34485
|
+
},
|
|
34486
|
+
{
|
|
34487
|
+
"id": "D3-PHRA",
|
|
34488
|
+
"name": "Process Hardware Resource Access",
|
|
34489
|
+
"tactic": "Isolate"
|
|
34490
|
+
},
|
|
34491
|
+
{
|
|
34492
|
+
"id": "D3-PSEP",
|
|
34493
|
+
"name": "Process Segment Execution Prevention",
|
|
34494
|
+
"tactic": "Harden"
|
|
34495
|
+
}
|
|
34496
|
+
],
|
|
34497
|
+
"framework_gaps": [
|
|
34498
|
+
{
|
|
34499
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
34500
|
+
"framework": "ALL",
|
|
34501
|
+
"control_name": "AI Pipeline Integrity"
|
|
34502
|
+
},
|
|
34503
|
+
{
|
|
34504
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
34505
|
+
"framework": "ALL",
|
|
34506
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
34507
|
+
},
|
|
34508
|
+
{
|
|
34509
|
+
"id": "CIS-Controls-v8-Control7",
|
|
34510
|
+
"framework": "CIS Controls v8",
|
|
34511
|
+
"control_name": "Continuous Vulnerability Management"
|
|
34512
|
+
},
|
|
34513
|
+
{
|
|
34514
|
+
"id": "CMMC-2.0-Level-2",
|
|
34515
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
34516
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
34517
|
+
},
|
|
34518
|
+
{
|
|
34519
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
34520
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
34521
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
34522
|
+
},
|
|
34523
|
+
{
|
|
34524
|
+
"id": "IEC-62443-3-3",
|
|
34525
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
34526
|
+
"control_name": "System security requirements and security levels"
|
|
34527
|
+
},
|
|
34528
|
+
{
|
|
34529
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
34530
|
+
"framework": "ISO/IEC 27001:2022",
|
|
34531
|
+
"control_name": "Secure coding"
|
|
34532
|
+
},
|
|
34533
|
+
{
|
|
34534
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
34535
|
+
"framework": "ISO/IEC 27001:2022",
|
|
34536
|
+
"control_name": "Management of technical vulnerabilities"
|
|
34537
|
+
},
|
|
34538
|
+
{
|
|
34539
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
34540
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
34541
|
+
"control_name": "AI risk management process"
|
|
34542
|
+
},
|
|
34543
|
+
{
|
|
34544
|
+
"id": "NERC-CIP-007-6-R4",
|
|
34545
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
34546
|
+
"control_name": "Security event monitoring"
|
|
34547
|
+
},
|
|
34548
|
+
{
|
|
34549
|
+
"id": "NIS2-Art21-patch-management",
|
|
34550
|
+
"framework": "EU NIS2 Directive",
|
|
34551
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
34552
|
+
},
|
|
34553
|
+
{
|
|
34554
|
+
"id": "NIST-800-115",
|
|
34555
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
34556
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
34557
|
+
},
|
|
34558
|
+
{
|
|
34559
|
+
"id": "NIST-800-218-SSDF",
|
|
34560
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
34561
|
+
"control_name": "Secure Software Development Framework"
|
|
34562
|
+
},
|
|
34563
|
+
{
|
|
34564
|
+
"id": "NIST-800-53-AC-2",
|
|
34565
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
34566
|
+
"control_name": "Account Management"
|
|
34567
|
+
},
|
|
34568
|
+
{
|
|
34569
|
+
"id": "NIST-800-53-SC-8",
|
|
34570
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
34571
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
34572
|
+
},
|
|
34573
|
+
{
|
|
34574
|
+
"id": "NIST-800-53-SI-2",
|
|
34575
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
34576
|
+
"control_name": "Flaw Remediation"
|
|
34577
|
+
},
|
|
34578
|
+
{
|
|
34579
|
+
"id": "NIST-800-53-SI-3",
|
|
34580
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
34581
|
+
"control_name": "Malicious Code Protection"
|
|
34582
|
+
},
|
|
34583
|
+
{
|
|
34584
|
+
"id": "NIST-800-82r3",
|
|
34585
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
34586
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
34587
|
+
},
|
|
34588
|
+
{
|
|
34589
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
34590
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
34591
|
+
"control_name": "Prompt Injection"
|
|
34592
|
+
},
|
|
34593
|
+
{
|
|
34594
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
34595
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
34596
|
+
"control_name": "Sensitive Information Disclosure"
|
|
34597
|
+
},
|
|
34598
|
+
{
|
|
34599
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
34600
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
34601
|
+
"control_name": "Web application penetration testing methodology"
|
|
34602
|
+
},
|
|
34603
|
+
{
|
|
34604
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
34605
|
+
"framework": "PCI DSS 4.0",
|
|
34606
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
34607
|
+
},
|
|
34608
|
+
{
|
|
34609
|
+
"id": "PTES-Pre-engagement",
|
|
34610
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
34611
|
+
"control_name": "Pre-engagement Interactions"
|
|
34612
|
+
},
|
|
34613
|
+
{
|
|
34614
|
+
"id": "SOC2-CC6-logical-access",
|
|
34615
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
34616
|
+
"control_name": "Logical and Physical Access Controls"
|
|
34617
|
+
},
|
|
34618
|
+
{
|
|
34619
|
+
"id": "SOC2-CC9-vendor-management",
|
|
34620
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
34621
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
34622
|
+
}
|
|
34623
|
+
],
|
|
34624
|
+
"attack_refs": [
|
|
34625
|
+
"T0855",
|
|
34626
|
+
"T0883",
|
|
34627
|
+
"T1059",
|
|
34628
|
+
"T1068",
|
|
34629
|
+
"T1078",
|
|
34630
|
+
"T1133",
|
|
34631
|
+
"T1190",
|
|
34632
|
+
"T1548.001",
|
|
34633
|
+
"T1566"
|
|
34634
|
+
],
|
|
34635
|
+
"rfc_refs": [
|
|
34636
|
+
"RFC-4301",
|
|
34637
|
+
"RFC-4303",
|
|
34638
|
+
"RFC-7296"
|
|
34639
|
+
]
|
|
34640
|
+
}
|
|
34641
|
+
},
|
|
34280
34642
|
"CVE-2026-41091": {
|
|
34281
34643
|
"name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
|
|
34282
34644
|
"rwep": 45,
|
|
@@ -60680,6 +61042,7 @@
|
|
|
60680
61042
|
"CVE-2025-1094",
|
|
60681
61043
|
"CVE-2025-14174",
|
|
60682
61044
|
"CVE-2025-1550",
|
|
61045
|
+
"CVE-2025-1753",
|
|
60683
61046
|
"CVE-2025-23254",
|
|
60684
61047
|
"CVE-2025-23266",
|
|
60685
61048
|
"CVE-2025-30165",
|
|
@@ -61074,6 +61437,7 @@
|
|
|
61074
61437
|
"CVE-2025-1094",
|
|
61075
61438
|
"CVE-2025-14174",
|
|
61076
61439
|
"CVE-2025-1550",
|
|
61440
|
+
"CVE-2025-1753",
|
|
61077
61441
|
"CVE-2025-23254",
|
|
61078
61442
|
"CVE-2025-23266",
|
|
61079
61443
|
"CVE-2025-30165",
|
|
@@ -61261,6 +61625,7 @@
|
|
|
61261
61625
|
"CVE-2025-1094",
|
|
61262
61626
|
"CVE-2025-14174",
|
|
61263
61627
|
"CVE-2025-1550",
|
|
61628
|
+
"CVE-2025-1753",
|
|
61264
61629
|
"CVE-2025-23254",
|
|
61265
61630
|
"CVE-2025-23266",
|
|
61266
61631
|
"CVE-2025-30165",
|
|
@@ -61462,6 +61827,7 @@
|
|
|
61462
61827
|
"CVE-2025-1094",
|
|
61463
61828
|
"CVE-2025-14174",
|
|
61464
61829
|
"CVE-2025-1550",
|
|
61830
|
+
"CVE-2025-1753",
|
|
61465
61831
|
"CVE-2025-23254",
|
|
61466
61832
|
"CVE-2025-23266",
|
|
61467
61833
|
"CVE-2025-30165",
|
|
@@ -61768,6 +62134,7 @@
|
|
|
61768
62134
|
"CVE-2025-1094",
|
|
61769
62135
|
"CVE-2025-11837",
|
|
61770
62136
|
"CVE-2025-1550",
|
|
62137
|
+
"CVE-2025-1753",
|
|
61771
62138
|
"CVE-2025-23254",
|
|
61772
62139
|
"CVE-2025-23266",
|
|
61773
62140
|
"CVE-2025-30165",
|
|
@@ -62054,6 +62421,7 @@
|
|
|
62054
62421
|
"CVE-2025-14733",
|
|
62055
62422
|
"CVE-2025-1550",
|
|
62056
62423
|
"CVE-2025-15556",
|
|
62424
|
+
"CVE-2025-1753",
|
|
62057
62425
|
"CVE-2025-20281",
|
|
62058
62426
|
"CVE-2025-20333",
|
|
62059
62427
|
"CVE-2025-20337",
|
|
@@ -62879,6 +63247,7 @@
|
|
|
62879
63247
|
"CVE-2025-1094",
|
|
62880
63248
|
"CVE-2025-14174",
|
|
62881
63249
|
"CVE-2025-1550",
|
|
63250
|
+
"CVE-2025-1753",
|
|
62882
63251
|
"CVE-2025-23254",
|
|
62883
63252
|
"CVE-2025-23266",
|
|
62884
63253
|
"CVE-2025-30165",
|
|
@@ -63505,6 +63874,7 @@
|
|
|
63505
63874
|
"CVE-2025-1094",
|
|
63506
63875
|
"CVE-2025-14174",
|
|
63507
63876
|
"CVE-2025-1550",
|
|
63877
|
+
"CVE-2025-1753",
|
|
63508
63878
|
"CVE-2025-23254",
|
|
63509
63879
|
"CVE-2025-23266",
|
|
63510
63880
|
"CVE-2025-30165",
|
|
@@ -63767,6 +64137,7 @@
|
|
|
63767
64137
|
"CVE-2025-1094",
|
|
63768
64138
|
"CVE-2025-14174",
|
|
63769
64139
|
"CVE-2025-1550",
|
|
64140
|
+
"CVE-2025-1753",
|
|
63770
64141
|
"CVE-2025-23254",
|
|
63771
64142
|
"CVE-2025-23266",
|
|
63772
64143
|
"CVE-2025-30165",
|
|
@@ -64459,6 +64830,7 @@
|
|
|
64459
64830
|
"CVE-2025-1094",
|
|
64460
64831
|
"CVE-2025-14174",
|
|
64461
64832
|
"CVE-2025-1550",
|
|
64833
|
+
"CVE-2025-1753",
|
|
64462
64834
|
"CVE-2025-23254",
|
|
64463
64835
|
"CVE-2025-23266",
|
|
64464
64836
|
"CVE-2025-30165",
|
|
@@ -64751,6 +65123,7 @@
|
|
|
64751
65123
|
"CVE-2025-14733",
|
|
64752
65124
|
"CVE-2025-1550",
|
|
64753
65125
|
"CVE-2025-15556",
|
|
65126
|
+
"CVE-2025-1753",
|
|
64754
65127
|
"CVE-2025-20281",
|
|
64755
65128
|
"CVE-2025-20333",
|
|
64756
65129
|
"CVE-2025-20337",
|
|
@@ -65198,6 +65571,7 @@
|
|
|
65198
65571
|
"CVE-2025-14733",
|
|
65199
65572
|
"CVE-2025-1550",
|
|
65200
65573
|
"CVE-2025-15556",
|
|
65574
|
+
"CVE-2025-1753",
|
|
65201
65575
|
"CVE-2025-20281",
|
|
65202
65576
|
"CVE-2025-20333",
|
|
65203
65577
|
"CVE-2025-20337",
|
|
@@ -65652,6 +66026,7 @@
|
|
|
65652
66026
|
"CVE-2025-1094",
|
|
65653
66027
|
"CVE-2025-14174",
|
|
65654
66028
|
"CVE-2025-1550",
|
|
66029
|
+
"CVE-2025-1753",
|
|
65655
66030
|
"CVE-2025-23254",
|
|
65656
66031
|
"CVE-2025-23266",
|
|
65657
66032
|
"CVE-2025-30165",
|
|
@@ -66496,6 +66871,7 @@
|
|
|
66496
66871
|
"CVE-2025-14733",
|
|
66497
66872
|
"CVE-2025-1550",
|
|
66498
66873
|
"CVE-2025-15556",
|
|
66874
|
+
"CVE-2025-1753",
|
|
66499
66875
|
"CVE-2025-20281",
|
|
66500
66876
|
"CVE-2025-20333",
|
|
66501
66877
|
"CVE-2025-20337",
|
|
@@ -67014,6 +67390,7 @@
|
|
|
67014
67390
|
"CVE-2025-1094",
|
|
67015
67391
|
"CVE-2025-14174",
|
|
67016
67392
|
"CVE-2025-1550",
|
|
67393
|
+
"CVE-2025-1753",
|
|
67017
67394
|
"CVE-2025-23254",
|
|
67018
67395
|
"CVE-2025-23266",
|
|
67019
67396
|
"CVE-2025-30165",
|
|
@@ -67387,6 +67764,7 @@
|
|
|
67387
67764
|
"CVE-2025-14733",
|
|
67388
67765
|
"CVE-2025-1550",
|
|
67389
67766
|
"CVE-2025-15556",
|
|
67767
|
+
"CVE-2025-1753",
|
|
67390
67768
|
"CVE-2025-20281",
|
|
67391
67769
|
"CVE-2025-20333",
|
|
67392
67770
|
"CVE-2025-20337",
|
|
@@ -67920,6 +68298,7 @@
|
|
|
67920
68298
|
"CVE-2025-1094",
|
|
67921
68299
|
"CVE-2025-14174",
|
|
67922
68300
|
"CVE-2025-1550",
|
|
68301
|
+
"CVE-2025-1753",
|
|
67923
68302
|
"CVE-2025-23254",
|
|
67924
68303
|
"CVE-2025-23266",
|
|
67925
68304
|
"CVE-2025-30165",
|
|
@@ -68882,6 +69261,7 @@
|
|
|
68882
69261
|
"CVE-2025-1094",
|
|
68883
69262
|
"CVE-2025-14174",
|
|
68884
69263
|
"CVE-2025-1550",
|
|
69264
|
+
"CVE-2025-1753",
|
|
68885
69265
|
"CVE-2025-23254",
|
|
68886
69266
|
"CVE-2025-23266",
|
|
68887
69267
|
"CVE-2025-30165",
|
|
@@ -69004,6 +69384,7 @@
|
|
|
69004
69384
|
"CVE-2025-1094",
|
|
69005
69385
|
"CVE-2025-14174",
|
|
69006
69386
|
"CVE-2025-1550",
|
|
69387
|
+
"CVE-2025-1753",
|
|
69007
69388
|
"CVE-2025-23254",
|
|
69008
69389
|
"CVE-2025-23266",
|
|
69009
69390
|
"CVE-2025-30165",
|
|
@@ -69199,6 +69580,7 @@
|
|
|
69199
69580
|
"CVE-2025-1094",
|
|
69200
69581
|
"CVE-2025-11837",
|
|
69201
69582
|
"CVE-2025-1550",
|
|
69583
|
+
"CVE-2025-1753",
|
|
69202
69584
|
"CVE-2025-23254",
|
|
69203
69585
|
"CVE-2025-23266",
|
|
69204
69586
|
"CVE-2025-30165",
|
|
@@ -69669,6 +70051,7 @@
|
|
|
69669
70051
|
"CVE-2025-14733",
|
|
69670
70052
|
"CVE-2025-1550",
|
|
69671
70053
|
"CVE-2025-15556",
|
|
70054
|
+
"CVE-2025-1753",
|
|
69672
70055
|
"CVE-2025-20281",
|
|
69673
70056
|
"CVE-2025-20333",
|
|
69674
70057
|
"CVE-2025-20337",
|
|
@@ -70114,6 +70497,7 @@
|
|
|
70114
70497
|
"CVE-2025-1094",
|
|
70115
70498
|
"CVE-2025-14174",
|
|
70116
70499
|
"CVE-2025-1550",
|
|
70500
|
+
"CVE-2025-1753",
|
|
70117
70501
|
"CVE-2025-23254",
|
|
70118
70502
|
"CVE-2025-23266",
|
|
70119
70503
|
"CVE-2025-30165",
|
|
@@ -70432,6 +70816,7 @@
|
|
|
70432
70816
|
"CVE-2025-11837",
|
|
70433
70817
|
"CVE-2025-14847",
|
|
70434
70818
|
"CVE-2025-1550",
|
|
70819
|
+
"CVE-2025-1753",
|
|
70435
70820
|
"CVE-2025-22226",
|
|
70436
70821
|
"CVE-2025-23254",
|
|
70437
70822
|
"CVE-2025-23266",
|