@blamejs/exceptd-skills 0.13.94 → 0.13.96

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +1155 -0
  6. package/data/atlas-ttps.json +4 -0
  7. package/data/attack-techniques.json +5 -0
  8. package/data/cve-catalog.json +311 -1
  9. package/data/cwe-catalog.json +3 -0
  10. package/data/framework-control-gaps.json +24 -0
  11. package/data/zeroday-lessons.json +150 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -34277,6 +34277,1092 @@
34277
34277
  ]
34278
34278
  }
34279
34279
  },
34280
+ "CVE-2025-1753": {
34281
+ "name": "LlamaIndex CLI --files OS Command Injection",
34282
+ "rwep": 23,
34283
+ "cvss": 7.8,
34284
+ "cisa_kev": false,
34285
+ "epss_score": null,
34286
+ "referencing_skills": [
34287
+ "kernel-lpe-triage",
34288
+ "ai-attack-surface",
34289
+ "compliance-theater",
34290
+ "attack-surface-pentest",
34291
+ "ot-ics-security",
34292
+ "coordinated-vuln-disclosure",
34293
+ "sector-energy"
34294
+ ],
34295
+ "chain": {
34296
+ "cwes": [
34297
+ {
34298
+ "id": "CWE-1037",
34299
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
34300
+ "category": "Hardware / Side Channel"
34301
+ },
34302
+ {
34303
+ "id": "CWE-1039",
34304
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
34305
+ "category": "AI/ML"
34306
+ },
34307
+ {
34308
+ "id": "CWE-125",
34309
+ "name": "Out-of-bounds Read",
34310
+ "category": "Memory Safety"
34311
+ },
34312
+ {
34313
+ "id": "CWE-1357",
34314
+ "name": "Reliance on Insufficiently Trustworthy Component",
34315
+ "category": "Supply Chain"
34316
+ },
34317
+ {
34318
+ "id": "CWE-1395",
34319
+ "name": "Dependency on Vulnerable Third-Party Component",
34320
+ "category": "Supply Chain"
34321
+ },
34322
+ {
34323
+ "id": "CWE-1426",
34324
+ "name": "Improper Validation of Generative AI Output",
34325
+ "category": "AI/ML"
34326
+ },
34327
+ {
34328
+ "id": "CWE-22",
34329
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
34330
+ "category": "Path/Resource"
34331
+ },
34332
+ {
34333
+ "id": "CWE-269",
34334
+ "name": "Improper Privilege Management",
34335
+ "category": "Authorization"
34336
+ },
34337
+ {
34338
+ "id": "CWE-287",
34339
+ "name": "Improper Authentication",
34340
+ "category": "Authentication"
34341
+ },
34342
+ {
34343
+ "id": "CWE-306",
34344
+ "name": "Missing Authentication for Critical Function",
34345
+ "category": "Authentication"
34346
+ },
34347
+ {
34348
+ "id": "CWE-352",
34349
+ "name": "Cross-Site Request Forgery (CSRF)",
34350
+ "category": "Session"
34351
+ },
34352
+ {
34353
+ "id": "CWE-362",
34354
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
34355
+ "category": "Concurrency"
34356
+ },
34357
+ {
34358
+ "id": "CWE-416",
34359
+ "name": "Use After Free",
34360
+ "category": "Memory Safety"
34361
+ },
34362
+ {
34363
+ "id": "CWE-434",
34364
+ "name": "Unrestricted Upload of File with Dangerous Type",
34365
+ "category": "File Handling"
34366
+ },
34367
+ {
34368
+ "id": "CWE-672",
34369
+ "name": "Operation on a Resource after Expiration or Release",
34370
+ "category": "Memory Safety"
34371
+ },
34372
+ {
34373
+ "id": "CWE-732",
34374
+ "name": "Incorrect Permission Assignment for Critical Resource",
34375
+ "category": "Authorization"
34376
+ },
34377
+ {
34378
+ "id": "CWE-78",
34379
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
34380
+ "category": "Injection"
34381
+ },
34382
+ {
34383
+ "id": "CWE-787",
34384
+ "name": "Out-of-bounds Write",
34385
+ "category": "Memory Safety"
34386
+ },
34387
+ {
34388
+ "id": "CWE-79",
34389
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
34390
+ "category": "Injection"
34391
+ },
34392
+ {
34393
+ "id": "CWE-798",
34394
+ "name": "Use of Hard-coded Credentials",
34395
+ "category": "Credentials"
34396
+ },
34397
+ {
34398
+ "id": "CWE-89",
34399
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
34400
+ "category": "Injection"
34401
+ },
34402
+ {
34403
+ "id": "CWE-918",
34404
+ "name": "Server-Side Request Forgery (SSRF)",
34405
+ "category": "Network"
34406
+ },
34407
+ {
34408
+ "id": "CWE-94",
34409
+ "name": "Improper Control of Generation of Code (Code Injection)",
34410
+ "category": "Injection"
34411
+ }
34412
+ ],
34413
+ "atlas": [
34414
+ {
34415
+ "id": "AML.T0010",
34416
+ "name": "ML Supply Chain Compromise",
34417
+ "tactic": "Initial Access"
34418
+ },
34419
+ {
34420
+ "id": "AML.T0016",
34421
+ "name": "Obtain Capabilities: Develop Capabilities",
34422
+ "tactic": "Resource Development"
34423
+ },
34424
+ {
34425
+ "id": "AML.T0017",
34426
+ "name": "Discover ML Model Ontology",
34427
+ "tactic": "Discovery"
34428
+ },
34429
+ {
34430
+ "id": "AML.T0018",
34431
+ "name": "Backdoor ML Model",
34432
+ "tactic": "Persistence"
34433
+ },
34434
+ {
34435
+ "id": "AML.T0020",
34436
+ "name": "Poison Training Data",
34437
+ "tactic": "ML Attack Staging"
34438
+ },
34439
+ {
34440
+ "id": "AML.T0043",
34441
+ "name": "Craft Adversarial Data",
34442
+ "tactic": "ML Attack Staging"
34443
+ },
34444
+ {
34445
+ "id": "AML.T0051",
34446
+ "name": "LLM Prompt Injection",
34447
+ "tactic": "Execution"
34448
+ },
34449
+ {
34450
+ "id": "AML.T0054",
34451
+ "name": "LLM Jailbreak",
34452
+ "tactic": "Defense Evasion"
34453
+ },
34454
+ {
34455
+ "id": "AML.T0096",
34456
+ "name": "AI API as Covert C2 Channel",
34457
+ "tactic": "Command and Control"
34458
+ }
34459
+ ],
34460
+ "d3fend": [
34461
+ {
34462
+ "id": "D3-ASLR",
34463
+ "name": "Address Space Layout Randomization",
34464
+ "tactic": "Harden"
34465
+ },
34466
+ {
34467
+ "id": "D3-CSPP",
34468
+ "name": "Client-server Payload Profiling",
34469
+ "tactic": "Detect"
34470
+ },
34471
+ {
34472
+ "id": "D3-EAL",
34473
+ "name": "Executable Allowlisting",
34474
+ "tactic": "Harden"
34475
+ },
34476
+ {
34477
+ "id": "D3-IOPR",
34478
+ "name": "Input/Output Profiling Resource",
34479
+ "tactic": "Detect"
34480
+ },
34481
+ {
34482
+ "id": "D3-NTA",
34483
+ "name": "Network Traffic Analysis",
34484
+ "tactic": "Detect"
34485
+ },
34486
+ {
34487
+ "id": "D3-PHRA",
34488
+ "name": "Process Hardware Resource Access",
34489
+ "tactic": "Isolate"
34490
+ },
34491
+ {
34492
+ "id": "D3-PSEP",
34493
+ "name": "Process Segment Execution Prevention",
34494
+ "tactic": "Harden"
34495
+ }
34496
+ ],
34497
+ "framework_gaps": [
34498
+ {
34499
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
34500
+ "framework": "ALL",
34501
+ "control_name": "AI Pipeline Integrity"
34502
+ },
34503
+ {
34504
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
34505
+ "framework": "ALL",
34506
+ "control_name": "Prompt Injection as Access Control Failure"
34507
+ },
34508
+ {
34509
+ "id": "CIS-Controls-v8-Control7",
34510
+ "framework": "CIS Controls v8",
34511
+ "control_name": "Continuous Vulnerability Management"
34512
+ },
34513
+ {
34514
+ "id": "CMMC-2.0-Level-2",
34515
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
34516
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
34517
+ },
34518
+ {
34519
+ "id": "FedRAMP-Rev5-Moderate",
34520
+ "framework": "FedRAMP Rev 5 Moderate",
34521
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
34522
+ },
34523
+ {
34524
+ "id": "IEC-62443-3-3",
34525
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
34526
+ "control_name": "System security requirements and security levels"
34527
+ },
34528
+ {
34529
+ "id": "ISO-27001-2022-A.8.28",
34530
+ "framework": "ISO/IEC 27001:2022",
34531
+ "control_name": "Secure coding"
34532
+ },
34533
+ {
34534
+ "id": "ISO-27001-2022-A.8.8",
34535
+ "framework": "ISO/IEC 27001:2022",
34536
+ "control_name": "Management of technical vulnerabilities"
34537
+ },
34538
+ {
34539
+ "id": "ISO-IEC-23894-2023-clause-7",
34540
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
34541
+ "control_name": "AI risk management process"
34542
+ },
34543
+ {
34544
+ "id": "NERC-CIP-007-6-R4",
34545
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
34546
+ "control_name": "Security event monitoring"
34547
+ },
34548
+ {
34549
+ "id": "NIS2-Art21-patch-management",
34550
+ "framework": "EU NIS2 Directive",
34551
+ "control_name": "Vulnerability handling and disclosure"
34552
+ },
34553
+ {
34554
+ "id": "NIST-800-115",
34555
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
34556
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
34557
+ },
34558
+ {
34559
+ "id": "NIST-800-218-SSDF",
34560
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
34561
+ "control_name": "Secure Software Development Framework"
34562
+ },
34563
+ {
34564
+ "id": "NIST-800-53-AC-2",
34565
+ "framework": "NIST SP 800-53 Rev 5",
34566
+ "control_name": "Account Management"
34567
+ },
34568
+ {
34569
+ "id": "NIST-800-53-SC-8",
34570
+ "framework": "NIST SP 800-53 Rev 5",
34571
+ "control_name": "Transmission Confidentiality and Integrity"
34572
+ },
34573
+ {
34574
+ "id": "NIST-800-53-SI-2",
34575
+ "framework": "NIST SP 800-53 Rev 5",
34576
+ "control_name": "Flaw Remediation"
34577
+ },
34578
+ {
34579
+ "id": "NIST-800-53-SI-3",
34580
+ "framework": "NIST SP 800-53 Rev 5",
34581
+ "control_name": "Malicious Code Protection"
34582
+ },
34583
+ {
34584
+ "id": "NIST-800-82r3",
34585
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
34586
+ "control_name": "Guide to Operational Technology (OT) Security"
34587
+ },
34588
+ {
34589
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
34590
+ "framework": "OWASP Top 10 for LLM Applications 2025",
34591
+ "control_name": "Prompt Injection"
34592
+ },
34593
+ {
34594
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
34595
+ "framework": "OWASP Top 10 for LLM Applications 2025",
34596
+ "control_name": "Sensitive Information Disclosure"
34597
+ },
34598
+ {
34599
+ "id": "OWASP-Pen-Testing-Guide-v5",
34600
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
34601
+ "control_name": "Web application penetration testing methodology"
34602
+ },
34603
+ {
34604
+ "id": "PCI-DSS-4.0-6.3.3",
34605
+ "framework": "PCI DSS 4.0",
34606
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
34607
+ },
34608
+ {
34609
+ "id": "PTES-Pre-engagement",
34610
+ "framework": "Penetration Testing Execution Standard (PTES)",
34611
+ "control_name": "Pre-engagement Interactions"
34612
+ },
34613
+ {
34614
+ "id": "SOC2-CC6-logical-access",
34615
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
34616
+ "control_name": "Logical and Physical Access Controls"
34617
+ },
34618
+ {
34619
+ "id": "SOC2-CC9-vendor-management",
34620
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
34621
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
34622
+ }
34623
+ ],
34624
+ "attack_refs": [
34625
+ "T0855",
34626
+ "T0883",
34627
+ "T1059",
34628
+ "T1068",
34629
+ "T1078",
34630
+ "T1133",
34631
+ "T1190",
34632
+ "T1548.001",
34633
+ "T1566"
34634
+ ],
34635
+ "rfc_refs": [
34636
+ "RFC-4301",
34637
+ "RFC-4303",
34638
+ "RFC-7296"
34639
+ ]
34640
+ }
34641
+ },
34642
+ "CVE-2024-6587": {
34643
+ "name": "BerriAI LiteLLM api_base SSRF API-Key Interception",
34644
+ "rwep": 29,
34645
+ "cvss": 7.5,
34646
+ "cisa_kev": false,
34647
+ "epss_score": null,
34648
+ "referencing_skills": [
34649
+ "kernel-lpe-triage",
34650
+ "ai-attack-surface",
34651
+ "compliance-theater",
34652
+ "attack-surface-pentest",
34653
+ "ot-ics-security",
34654
+ "coordinated-vuln-disclosure",
34655
+ "sector-energy"
34656
+ ],
34657
+ "chain": {
34658
+ "cwes": [
34659
+ {
34660
+ "id": "CWE-1037",
34661
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
34662
+ "category": "Hardware / Side Channel"
34663
+ },
34664
+ {
34665
+ "id": "CWE-1039",
34666
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
34667
+ "category": "AI/ML"
34668
+ },
34669
+ {
34670
+ "id": "CWE-125",
34671
+ "name": "Out-of-bounds Read",
34672
+ "category": "Memory Safety"
34673
+ },
34674
+ {
34675
+ "id": "CWE-1357",
34676
+ "name": "Reliance on Insufficiently Trustworthy Component",
34677
+ "category": "Supply Chain"
34678
+ },
34679
+ {
34680
+ "id": "CWE-1395",
34681
+ "name": "Dependency on Vulnerable Third-Party Component",
34682
+ "category": "Supply Chain"
34683
+ },
34684
+ {
34685
+ "id": "CWE-1426",
34686
+ "name": "Improper Validation of Generative AI Output",
34687
+ "category": "AI/ML"
34688
+ },
34689
+ {
34690
+ "id": "CWE-22",
34691
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
34692
+ "category": "Path/Resource"
34693
+ },
34694
+ {
34695
+ "id": "CWE-269",
34696
+ "name": "Improper Privilege Management",
34697
+ "category": "Authorization"
34698
+ },
34699
+ {
34700
+ "id": "CWE-287",
34701
+ "name": "Improper Authentication",
34702
+ "category": "Authentication"
34703
+ },
34704
+ {
34705
+ "id": "CWE-306",
34706
+ "name": "Missing Authentication for Critical Function",
34707
+ "category": "Authentication"
34708
+ },
34709
+ {
34710
+ "id": "CWE-352",
34711
+ "name": "Cross-Site Request Forgery (CSRF)",
34712
+ "category": "Session"
34713
+ },
34714
+ {
34715
+ "id": "CWE-362",
34716
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
34717
+ "category": "Concurrency"
34718
+ },
34719
+ {
34720
+ "id": "CWE-416",
34721
+ "name": "Use After Free",
34722
+ "category": "Memory Safety"
34723
+ },
34724
+ {
34725
+ "id": "CWE-434",
34726
+ "name": "Unrestricted Upload of File with Dangerous Type",
34727
+ "category": "File Handling"
34728
+ },
34729
+ {
34730
+ "id": "CWE-672",
34731
+ "name": "Operation on a Resource after Expiration or Release",
34732
+ "category": "Memory Safety"
34733
+ },
34734
+ {
34735
+ "id": "CWE-732",
34736
+ "name": "Incorrect Permission Assignment for Critical Resource",
34737
+ "category": "Authorization"
34738
+ },
34739
+ {
34740
+ "id": "CWE-78",
34741
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
34742
+ "category": "Injection"
34743
+ },
34744
+ {
34745
+ "id": "CWE-787",
34746
+ "name": "Out-of-bounds Write",
34747
+ "category": "Memory Safety"
34748
+ },
34749
+ {
34750
+ "id": "CWE-79",
34751
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
34752
+ "category": "Injection"
34753
+ },
34754
+ {
34755
+ "id": "CWE-798",
34756
+ "name": "Use of Hard-coded Credentials",
34757
+ "category": "Credentials"
34758
+ },
34759
+ {
34760
+ "id": "CWE-89",
34761
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
34762
+ "category": "Injection"
34763
+ },
34764
+ {
34765
+ "id": "CWE-918",
34766
+ "name": "Server-Side Request Forgery (SSRF)",
34767
+ "category": "Network"
34768
+ },
34769
+ {
34770
+ "id": "CWE-94",
34771
+ "name": "Improper Control of Generation of Code (Code Injection)",
34772
+ "category": "Injection"
34773
+ }
34774
+ ],
34775
+ "atlas": [
34776
+ {
34777
+ "id": "AML.T0010",
34778
+ "name": "ML Supply Chain Compromise",
34779
+ "tactic": "Initial Access"
34780
+ },
34781
+ {
34782
+ "id": "AML.T0016",
34783
+ "name": "Obtain Capabilities: Develop Capabilities",
34784
+ "tactic": "Resource Development"
34785
+ },
34786
+ {
34787
+ "id": "AML.T0017",
34788
+ "name": "Discover ML Model Ontology",
34789
+ "tactic": "Discovery"
34790
+ },
34791
+ {
34792
+ "id": "AML.T0018",
34793
+ "name": "Backdoor ML Model",
34794
+ "tactic": "Persistence"
34795
+ },
34796
+ {
34797
+ "id": "AML.T0020",
34798
+ "name": "Poison Training Data",
34799
+ "tactic": "ML Attack Staging"
34800
+ },
34801
+ {
34802
+ "id": "AML.T0043",
34803
+ "name": "Craft Adversarial Data",
34804
+ "tactic": "ML Attack Staging"
34805
+ },
34806
+ {
34807
+ "id": "AML.T0051",
34808
+ "name": "LLM Prompt Injection",
34809
+ "tactic": "Execution"
34810
+ },
34811
+ {
34812
+ "id": "AML.T0054",
34813
+ "name": "LLM Jailbreak",
34814
+ "tactic": "Defense Evasion"
34815
+ },
34816
+ {
34817
+ "id": "AML.T0096",
34818
+ "name": "AI API as Covert C2 Channel",
34819
+ "tactic": "Command and Control"
34820
+ }
34821
+ ],
34822
+ "d3fend": [
34823
+ {
34824
+ "id": "D3-ASLR",
34825
+ "name": "Address Space Layout Randomization",
34826
+ "tactic": "Harden"
34827
+ },
34828
+ {
34829
+ "id": "D3-CSPP",
34830
+ "name": "Client-server Payload Profiling",
34831
+ "tactic": "Detect"
34832
+ },
34833
+ {
34834
+ "id": "D3-EAL",
34835
+ "name": "Executable Allowlisting",
34836
+ "tactic": "Harden"
34837
+ },
34838
+ {
34839
+ "id": "D3-IOPR",
34840
+ "name": "Input/Output Profiling Resource",
34841
+ "tactic": "Detect"
34842
+ },
34843
+ {
34844
+ "id": "D3-NTA",
34845
+ "name": "Network Traffic Analysis",
34846
+ "tactic": "Detect"
34847
+ },
34848
+ {
34849
+ "id": "D3-PHRA",
34850
+ "name": "Process Hardware Resource Access",
34851
+ "tactic": "Isolate"
34852
+ },
34853
+ {
34854
+ "id": "D3-PSEP",
34855
+ "name": "Process Segment Execution Prevention",
34856
+ "tactic": "Harden"
34857
+ }
34858
+ ],
34859
+ "framework_gaps": [
34860
+ {
34861
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
34862
+ "framework": "ALL",
34863
+ "control_name": "AI Pipeline Integrity"
34864
+ },
34865
+ {
34866
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
34867
+ "framework": "ALL",
34868
+ "control_name": "Prompt Injection as Access Control Failure"
34869
+ },
34870
+ {
34871
+ "id": "CIS-Controls-v8-Control7",
34872
+ "framework": "CIS Controls v8",
34873
+ "control_name": "Continuous Vulnerability Management"
34874
+ },
34875
+ {
34876
+ "id": "CMMC-2.0-Level-2",
34877
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
34878
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
34879
+ },
34880
+ {
34881
+ "id": "FedRAMP-Rev5-Moderate",
34882
+ "framework": "FedRAMP Rev 5 Moderate",
34883
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
34884
+ },
34885
+ {
34886
+ "id": "IEC-62443-3-3",
34887
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
34888
+ "control_name": "System security requirements and security levels"
34889
+ },
34890
+ {
34891
+ "id": "ISO-27001-2022-A.8.28",
34892
+ "framework": "ISO/IEC 27001:2022",
34893
+ "control_name": "Secure coding"
34894
+ },
34895
+ {
34896
+ "id": "ISO-27001-2022-A.8.8",
34897
+ "framework": "ISO/IEC 27001:2022",
34898
+ "control_name": "Management of technical vulnerabilities"
34899
+ },
34900
+ {
34901
+ "id": "ISO-IEC-23894-2023-clause-7",
34902
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
34903
+ "control_name": "AI risk management process"
34904
+ },
34905
+ {
34906
+ "id": "NERC-CIP-007-6-R4",
34907
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
34908
+ "control_name": "Security event monitoring"
34909
+ },
34910
+ {
34911
+ "id": "NIS2-Art21-patch-management",
34912
+ "framework": "EU NIS2 Directive",
34913
+ "control_name": "Vulnerability handling and disclosure"
34914
+ },
34915
+ {
34916
+ "id": "NIST-800-115",
34917
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
34918
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
34919
+ },
34920
+ {
34921
+ "id": "NIST-800-218-SSDF",
34922
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
34923
+ "control_name": "Secure Software Development Framework"
34924
+ },
34925
+ {
34926
+ "id": "NIST-800-53-AC-2",
34927
+ "framework": "NIST SP 800-53 Rev 5",
34928
+ "control_name": "Account Management"
34929
+ },
34930
+ {
34931
+ "id": "NIST-800-53-SC-8",
34932
+ "framework": "NIST SP 800-53 Rev 5",
34933
+ "control_name": "Transmission Confidentiality and Integrity"
34934
+ },
34935
+ {
34936
+ "id": "NIST-800-53-SI-2",
34937
+ "framework": "NIST SP 800-53 Rev 5",
34938
+ "control_name": "Flaw Remediation"
34939
+ },
34940
+ {
34941
+ "id": "NIST-800-53-SI-3",
34942
+ "framework": "NIST SP 800-53 Rev 5",
34943
+ "control_name": "Malicious Code Protection"
34944
+ },
34945
+ {
34946
+ "id": "NIST-800-82r3",
34947
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
34948
+ "control_name": "Guide to Operational Technology (OT) Security"
34949
+ },
34950
+ {
34951
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
34952
+ "framework": "OWASP Top 10 for LLM Applications 2025",
34953
+ "control_name": "Prompt Injection"
34954
+ },
34955
+ {
34956
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
34957
+ "framework": "OWASP Top 10 for LLM Applications 2025",
34958
+ "control_name": "Sensitive Information Disclosure"
34959
+ },
34960
+ {
34961
+ "id": "OWASP-Pen-Testing-Guide-v5",
34962
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
34963
+ "control_name": "Web application penetration testing methodology"
34964
+ },
34965
+ {
34966
+ "id": "PCI-DSS-4.0-6.3.3",
34967
+ "framework": "PCI DSS 4.0",
34968
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
34969
+ },
34970
+ {
34971
+ "id": "PTES-Pre-engagement",
34972
+ "framework": "Penetration Testing Execution Standard (PTES)",
34973
+ "control_name": "Pre-engagement Interactions"
34974
+ },
34975
+ {
34976
+ "id": "SOC2-CC6-logical-access",
34977
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
34978
+ "control_name": "Logical and Physical Access Controls"
34979
+ },
34980
+ {
34981
+ "id": "SOC2-CC9-vendor-management",
34982
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
34983
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
34984
+ }
34985
+ ],
34986
+ "attack_refs": [
34987
+ "T0855",
34988
+ "T0883",
34989
+ "T1059",
34990
+ "T1068",
34991
+ "T1078",
34992
+ "T1133",
34993
+ "T1190",
34994
+ "T1548.001",
34995
+ "T1566"
34996
+ ],
34997
+ "rfc_refs": [
34998
+ "RFC-4301",
34999
+ "RFC-4303",
35000
+ "RFC-7296"
35001
+ ]
35002
+ }
35003
+ },
35004
+ "CVE-2024-4889": {
35005
+ "name": "BerriAI LiteLLM Config Code Injection via UI_LOGO_PATH / KMS",
35006
+ "rwep": 27,
35007
+ "cvss": 7.2,
35008
+ "cisa_kev": false,
35009
+ "epss_score": null,
35010
+ "referencing_skills": [
35011
+ "kernel-lpe-triage",
35012
+ "ai-attack-surface",
35013
+ "compliance-theater",
35014
+ "attack-surface-pentest",
35015
+ "ot-ics-security",
35016
+ "coordinated-vuln-disclosure",
35017
+ "sector-energy"
35018
+ ],
35019
+ "chain": {
35020
+ "cwes": [
35021
+ {
35022
+ "id": "CWE-1037",
35023
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
35024
+ "category": "Hardware / Side Channel"
35025
+ },
35026
+ {
35027
+ "id": "CWE-1039",
35028
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
35029
+ "category": "AI/ML"
35030
+ },
35031
+ {
35032
+ "id": "CWE-125",
35033
+ "name": "Out-of-bounds Read",
35034
+ "category": "Memory Safety"
35035
+ },
35036
+ {
35037
+ "id": "CWE-1357",
35038
+ "name": "Reliance on Insufficiently Trustworthy Component",
35039
+ "category": "Supply Chain"
35040
+ },
35041
+ {
35042
+ "id": "CWE-1395",
35043
+ "name": "Dependency on Vulnerable Third-Party Component",
35044
+ "category": "Supply Chain"
35045
+ },
35046
+ {
35047
+ "id": "CWE-1426",
35048
+ "name": "Improper Validation of Generative AI Output",
35049
+ "category": "AI/ML"
35050
+ },
35051
+ {
35052
+ "id": "CWE-22",
35053
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
35054
+ "category": "Path/Resource"
35055
+ },
35056
+ {
35057
+ "id": "CWE-269",
35058
+ "name": "Improper Privilege Management",
35059
+ "category": "Authorization"
35060
+ },
35061
+ {
35062
+ "id": "CWE-287",
35063
+ "name": "Improper Authentication",
35064
+ "category": "Authentication"
35065
+ },
35066
+ {
35067
+ "id": "CWE-306",
35068
+ "name": "Missing Authentication for Critical Function",
35069
+ "category": "Authentication"
35070
+ },
35071
+ {
35072
+ "id": "CWE-352",
35073
+ "name": "Cross-Site Request Forgery (CSRF)",
35074
+ "category": "Session"
35075
+ },
35076
+ {
35077
+ "id": "CWE-362",
35078
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
35079
+ "category": "Concurrency"
35080
+ },
35081
+ {
35082
+ "id": "CWE-416",
35083
+ "name": "Use After Free",
35084
+ "category": "Memory Safety"
35085
+ },
35086
+ {
35087
+ "id": "CWE-434",
35088
+ "name": "Unrestricted Upload of File with Dangerous Type",
35089
+ "category": "File Handling"
35090
+ },
35091
+ {
35092
+ "id": "CWE-672",
35093
+ "name": "Operation on a Resource after Expiration or Release",
35094
+ "category": "Memory Safety"
35095
+ },
35096
+ {
35097
+ "id": "CWE-732",
35098
+ "name": "Incorrect Permission Assignment for Critical Resource",
35099
+ "category": "Authorization"
35100
+ },
35101
+ {
35102
+ "id": "CWE-78",
35103
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
35104
+ "category": "Injection"
35105
+ },
35106
+ {
35107
+ "id": "CWE-787",
35108
+ "name": "Out-of-bounds Write",
35109
+ "category": "Memory Safety"
35110
+ },
35111
+ {
35112
+ "id": "CWE-79",
35113
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
35114
+ "category": "Injection"
35115
+ },
35116
+ {
35117
+ "id": "CWE-798",
35118
+ "name": "Use of Hard-coded Credentials",
35119
+ "category": "Credentials"
35120
+ },
35121
+ {
35122
+ "id": "CWE-89",
35123
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
35124
+ "category": "Injection"
35125
+ },
35126
+ {
35127
+ "id": "CWE-918",
35128
+ "name": "Server-Side Request Forgery (SSRF)",
35129
+ "category": "Network"
35130
+ },
35131
+ {
35132
+ "id": "CWE-94",
35133
+ "name": "Improper Control of Generation of Code (Code Injection)",
35134
+ "category": "Injection"
35135
+ }
35136
+ ],
35137
+ "atlas": [
35138
+ {
35139
+ "id": "AML.T0010",
35140
+ "name": "ML Supply Chain Compromise",
35141
+ "tactic": "Initial Access"
35142
+ },
35143
+ {
35144
+ "id": "AML.T0016",
35145
+ "name": "Obtain Capabilities: Develop Capabilities",
35146
+ "tactic": "Resource Development"
35147
+ },
35148
+ {
35149
+ "id": "AML.T0017",
35150
+ "name": "Discover ML Model Ontology",
35151
+ "tactic": "Discovery"
35152
+ },
35153
+ {
35154
+ "id": "AML.T0018",
35155
+ "name": "Backdoor ML Model",
35156
+ "tactic": "Persistence"
35157
+ },
35158
+ {
35159
+ "id": "AML.T0020",
35160
+ "name": "Poison Training Data",
35161
+ "tactic": "ML Attack Staging"
35162
+ },
35163
+ {
35164
+ "id": "AML.T0043",
35165
+ "name": "Craft Adversarial Data",
35166
+ "tactic": "ML Attack Staging"
35167
+ },
35168
+ {
35169
+ "id": "AML.T0051",
35170
+ "name": "LLM Prompt Injection",
35171
+ "tactic": "Execution"
35172
+ },
35173
+ {
35174
+ "id": "AML.T0054",
35175
+ "name": "LLM Jailbreak",
35176
+ "tactic": "Defense Evasion"
35177
+ },
35178
+ {
35179
+ "id": "AML.T0096",
35180
+ "name": "AI API as Covert C2 Channel",
35181
+ "tactic": "Command and Control"
35182
+ }
35183
+ ],
35184
+ "d3fend": [
35185
+ {
35186
+ "id": "D3-ASLR",
35187
+ "name": "Address Space Layout Randomization",
35188
+ "tactic": "Harden"
35189
+ },
35190
+ {
35191
+ "id": "D3-CSPP",
35192
+ "name": "Client-server Payload Profiling",
35193
+ "tactic": "Detect"
35194
+ },
35195
+ {
35196
+ "id": "D3-EAL",
35197
+ "name": "Executable Allowlisting",
35198
+ "tactic": "Harden"
35199
+ },
35200
+ {
35201
+ "id": "D3-IOPR",
35202
+ "name": "Input/Output Profiling Resource",
35203
+ "tactic": "Detect"
35204
+ },
35205
+ {
35206
+ "id": "D3-NTA",
35207
+ "name": "Network Traffic Analysis",
35208
+ "tactic": "Detect"
35209
+ },
35210
+ {
35211
+ "id": "D3-PHRA",
35212
+ "name": "Process Hardware Resource Access",
35213
+ "tactic": "Isolate"
35214
+ },
35215
+ {
35216
+ "id": "D3-PSEP",
35217
+ "name": "Process Segment Execution Prevention",
35218
+ "tactic": "Harden"
35219
+ }
35220
+ ],
35221
+ "framework_gaps": [
35222
+ {
35223
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
35224
+ "framework": "ALL",
35225
+ "control_name": "AI Pipeline Integrity"
35226
+ },
35227
+ {
35228
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
35229
+ "framework": "ALL",
35230
+ "control_name": "Prompt Injection as Access Control Failure"
35231
+ },
35232
+ {
35233
+ "id": "CIS-Controls-v8-Control7",
35234
+ "framework": "CIS Controls v8",
35235
+ "control_name": "Continuous Vulnerability Management"
35236
+ },
35237
+ {
35238
+ "id": "CMMC-2.0-Level-2",
35239
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
35240
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
35241
+ },
35242
+ {
35243
+ "id": "FedRAMP-Rev5-Moderate",
35244
+ "framework": "FedRAMP Rev 5 Moderate",
35245
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
35246
+ },
35247
+ {
35248
+ "id": "IEC-62443-3-3",
35249
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
35250
+ "control_name": "System security requirements and security levels"
35251
+ },
35252
+ {
35253
+ "id": "ISO-27001-2022-A.8.28",
35254
+ "framework": "ISO/IEC 27001:2022",
35255
+ "control_name": "Secure coding"
35256
+ },
35257
+ {
35258
+ "id": "ISO-27001-2022-A.8.8",
35259
+ "framework": "ISO/IEC 27001:2022",
35260
+ "control_name": "Management of technical vulnerabilities"
35261
+ },
35262
+ {
35263
+ "id": "ISO-IEC-23894-2023-clause-7",
35264
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
35265
+ "control_name": "AI risk management process"
35266
+ },
35267
+ {
35268
+ "id": "NERC-CIP-007-6-R4",
35269
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
35270
+ "control_name": "Security event monitoring"
35271
+ },
35272
+ {
35273
+ "id": "NIS2-Art21-patch-management",
35274
+ "framework": "EU NIS2 Directive",
35275
+ "control_name": "Vulnerability handling and disclosure"
35276
+ },
35277
+ {
35278
+ "id": "NIST-800-115",
35279
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
35280
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
35281
+ },
35282
+ {
35283
+ "id": "NIST-800-218-SSDF",
35284
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
35285
+ "control_name": "Secure Software Development Framework"
35286
+ },
35287
+ {
35288
+ "id": "NIST-800-53-AC-2",
35289
+ "framework": "NIST SP 800-53 Rev 5",
35290
+ "control_name": "Account Management"
35291
+ },
35292
+ {
35293
+ "id": "NIST-800-53-SC-8",
35294
+ "framework": "NIST SP 800-53 Rev 5",
35295
+ "control_name": "Transmission Confidentiality and Integrity"
35296
+ },
35297
+ {
35298
+ "id": "NIST-800-53-SI-2",
35299
+ "framework": "NIST SP 800-53 Rev 5",
35300
+ "control_name": "Flaw Remediation"
35301
+ },
35302
+ {
35303
+ "id": "NIST-800-53-SI-3",
35304
+ "framework": "NIST SP 800-53 Rev 5",
35305
+ "control_name": "Malicious Code Protection"
35306
+ },
35307
+ {
35308
+ "id": "NIST-800-82r3",
35309
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
35310
+ "control_name": "Guide to Operational Technology (OT) Security"
35311
+ },
35312
+ {
35313
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
35314
+ "framework": "OWASP Top 10 for LLM Applications 2025",
35315
+ "control_name": "Prompt Injection"
35316
+ },
35317
+ {
35318
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
35319
+ "framework": "OWASP Top 10 for LLM Applications 2025",
35320
+ "control_name": "Sensitive Information Disclosure"
35321
+ },
35322
+ {
35323
+ "id": "OWASP-Pen-Testing-Guide-v5",
35324
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
35325
+ "control_name": "Web application penetration testing methodology"
35326
+ },
35327
+ {
35328
+ "id": "PCI-DSS-4.0-6.3.3",
35329
+ "framework": "PCI DSS 4.0",
35330
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
35331
+ },
35332
+ {
35333
+ "id": "PTES-Pre-engagement",
35334
+ "framework": "Penetration Testing Execution Standard (PTES)",
35335
+ "control_name": "Pre-engagement Interactions"
35336
+ },
35337
+ {
35338
+ "id": "SOC2-CC6-logical-access",
35339
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
35340
+ "control_name": "Logical and Physical Access Controls"
35341
+ },
35342
+ {
35343
+ "id": "SOC2-CC9-vendor-management",
35344
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
35345
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
35346
+ }
35347
+ ],
35348
+ "attack_refs": [
35349
+ "T0855",
35350
+ "T0883",
35351
+ "T1059",
35352
+ "T1068",
35353
+ "T1078",
35354
+ "T1133",
35355
+ "T1190",
35356
+ "T1548.001",
35357
+ "T1566"
35358
+ ],
35359
+ "rfc_refs": [
35360
+ "RFC-4301",
35361
+ "RFC-4303",
35362
+ "RFC-7296"
35363
+ ]
35364
+ }
35365
+ },
34280
35366
  "CVE-2026-41091": {
34281
35367
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
34282
35368
  "rwep": 45,
@@ -60674,12 +61760,15 @@
60674
61760
  "CVE-2024-39722",
60675
61761
  "CVE-2024-42478",
60676
61762
  "CVE-2024-42479",
61763
+ "CVE-2024-4889",
60677
61764
  "CVE-2024-50050",
61765
+ "CVE-2024-6587",
60678
61766
  "CVE-2025-0133",
60679
61767
  "CVE-2025-10585",
60680
61768
  "CVE-2025-1094",
60681
61769
  "CVE-2025-14174",
60682
61770
  "CVE-2025-1550",
61771
+ "CVE-2025-1753",
60683
61772
  "CVE-2025-23254",
60684
61773
  "CVE-2025-23266",
60685
61774
  "CVE-2025-30165",
@@ -61068,12 +62157,15 @@
61068
62157
  "CVE-2024-39722",
61069
62158
  "CVE-2024-42478",
61070
62159
  "CVE-2024-42479",
62160
+ "CVE-2024-4889",
61071
62161
  "CVE-2024-50050",
62162
+ "CVE-2024-6587",
61072
62163
  "CVE-2025-0133",
61073
62164
  "CVE-2025-10585",
61074
62165
  "CVE-2025-1094",
61075
62166
  "CVE-2025-14174",
61076
62167
  "CVE-2025-1550",
62168
+ "CVE-2025-1753",
61077
62169
  "CVE-2025-23254",
61078
62170
  "CVE-2025-23266",
61079
62171
  "CVE-2025-30165",
@@ -61255,12 +62347,15 @@
61255
62347
  "CVE-2024-39722",
61256
62348
  "CVE-2024-42478",
61257
62349
  "CVE-2024-42479",
62350
+ "CVE-2024-4889",
61258
62351
  "CVE-2024-50050",
62352
+ "CVE-2024-6587",
61259
62353
  "CVE-2025-0133",
61260
62354
  "CVE-2025-10585",
61261
62355
  "CVE-2025-1094",
61262
62356
  "CVE-2025-14174",
61263
62357
  "CVE-2025-1550",
62358
+ "CVE-2025-1753",
61264
62359
  "CVE-2025-23254",
61265
62360
  "CVE-2025-23266",
61266
62361
  "CVE-2025-30165",
@@ -61456,12 +62551,15 @@
61456
62551
  "CVE-2024-39722",
61457
62552
  "CVE-2024-42478",
61458
62553
  "CVE-2024-42479",
62554
+ "CVE-2024-4889",
61459
62555
  "CVE-2024-50050",
62556
+ "CVE-2024-6587",
61460
62557
  "CVE-2025-0133",
61461
62558
  "CVE-2025-10585",
61462
62559
  "CVE-2025-1094",
61463
62560
  "CVE-2025-14174",
61464
62561
  "CVE-2025-1550",
62562
+ "CVE-2025-1753",
61465
62563
  "CVE-2025-23254",
61466
62564
  "CVE-2025-23266",
61467
62565
  "CVE-2025-30165",
@@ -61763,11 +62861,14 @@
61763
62861
  "CVE-2024-39722",
61764
62862
  "CVE-2024-42478",
61765
62863
  "CVE-2024-42479",
62864
+ "CVE-2024-4889",
61766
62865
  "CVE-2024-50050",
62866
+ "CVE-2024-6587",
61767
62867
  "CVE-2025-0133",
61768
62868
  "CVE-2025-1094",
61769
62869
  "CVE-2025-11837",
61770
62870
  "CVE-2025-1550",
62871
+ "CVE-2025-1753",
61771
62872
  "CVE-2025-23254",
61772
62873
  "CVE-2025-23266",
61773
62874
  "CVE-2025-30165",
@@ -62032,11 +63133,13 @@
62032
63133
  "CVE-2024-42478",
62033
63134
  "CVE-2024-42479",
62034
63135
  "CVE-2024-43468",
63136
+ "CVE-2024-4889",
62035
63137
  "CVE-2024-50050",
62036
63138
  "CVE-2024-54085",
62037
63139
  "CVE-2024-56145",
62038
63140
  "CVE-2024-57726",
62039
63141
  "CVE-2024-57728",
63142
+ "CVE-2024-6587",
62040
63143
  "CVE-2024-7399",
62041
63144
  "CVE-2024-7694",
62042
63145
  "CVE-2024-8068",
@@ -62054,6 +63157,7 @@
62054
63157
  "CVE-2025-14733",
62055
63158
  "CVE-2025-1550",
62056
63159
  "CVE-2025-15556",
63160
+ "CVE-2025-1753",
62057
63161
  "CVE-2025-20281",
62058
63162
  "CVE-2025-20333",
62059
63163
  "CVE-2025-20337",
@@ -62873,12 +63977,15 @@
62873
63977
  "CVE-2024-39722",
62874
63978
  "CVE-2024-42478",
62875
63979
  "CVE-2024-42479",
63980
+ "CVE-2024-4889",
62876
63981
  "CVE-2024-50050",
63982
+ "CVE-2024-6587",
62877
63983
  "CVE-2025-0133",
62878
63984
  "CVE-2025-10585",
62879
63985
  "CVE-2025-1094",
62880
63986
  "CVE-2025-14174",
62881
63987
  "CVE-2025-1550",
63988
+ "CVE-2025-1753",
62882
63989
  "CVE-2025-23254",
62883
63990
  "CVE-2025-23266",
62884
63991
  "CVE-2025-30165",
@@ -63499,12 +64606,15 @@
63499
64606
  "CVE-2024-39722",
63500
64607
  "CVE-2024-42478",
63501
64608
  "CVE-2024-42479",
64609
+ "CVE-2024-4889",
63502
64610
  "CVE-2024-50050",
64611
+ "CVE-2024-6587",
63503
64612
  "CVE-2025-0133",
63504
64613
  "CVE-2025-10585",
63505
64614
  "CVE-2025-1094",
63506
64615
  "CVE-2025-14174",
63507
64616
  "CVE-2025-1550",
64617
+ "CVE-2025-1753",
63508
64618
  "CVE-2025-23254",
63509
64619
  "CVE-2025-23266",
63510
64620
  "CVE-2025-30165",
@@ -63762,11 +64872,14 @@
63762
64872
  "CVE-2024-39722",
63763
64873
  "CVE-2024-42478",
63764
64874
  "CVE-2024-42479",
64875
+ "CVE-2024-4889",
63765
64876
  "CVE-2024-50050",
64877
+ "CVE-2024-6587",
63766
64878
  "CVE-2025-10585",
63767
64879
  "CVE-2025-1094",
63768
64880
  "CVE-2025-14174",
63769
64881
  "CVE-2025-1550",
64882
+ "CVE-2025-1753",
63770
64883
  "CVE-2025-23254",
63771
64884
  "CVE-2025-23266",
63772
64885
  "CVE-2025-30165",
@@ -64453,12 +65566,15 @@
64453
65566
  "CVE-2024-39722",
64454
65567
  "CVE-2024-42478",
64455
65568
  "CVE-2024-42479",
65569
+ "CVE-2024-4889",
64456
65570
  "CVE-2024-50050",
65571
+ "CVE-2024-6587",
64457
65572
  "CVE-2025-0133",
64458
65573
  "CVE-2025-10585",
64459
65574
  "CVE-2025-1094",
64460
65575
  "CVE-2025-14174",
64461
65576
  "CVE-2025-1550",
65577
+ "CVE-2025-1753",
64462
65578
  "CVE-2025-23254",
64463
65579
  "CVE-2025-23266",
64464
65580
  "CVE-2025-30165",
@@ -64729,11 +65845,13 @@
64729
65845
  "CVE-2024-42478",
64730
65846
  "CVE-2024-42479",
64731
65847
  "CVE-2024-43468",
65848
+ "CVE-2024-4889",
64732
65849
  "CVE-2024-50050",
64733
65850
  "CVE-2024-54085",
64734
65851
  "CVE-2024-56145",
64735
65852
  "CVE-2024-57726",
64736
65853
  "CVE-2024-57728",
65854
+ "CVE-2024-6587",
64737
65855
  "CVE-2024-7399",
64738
65856
  "CVE-2024-7694",
64739
65857
  "CVE-2024-8068",
@@ -64751,6 +65869,7 @@
64751
65869
  "CVE-2025-14733",
64752
65870
  "CVE-2025-1550",
64753
65871
  "CVE-2025-15556",
65872
+ "CVE-2025-1753",
64754
65873
  "CVE-2025-20281",
64755
65874
  "CVE-2025-20333",
64756
65875
  "CVE-2025-20337",
@@ -65176,11 +66295,13 @@
65176
66295
  "CVE-2024-42478",
65177
66296
  "CVE-2024-42479",
65178
66297
  "CVE-2024-43468",
66298
+ "CVE-2024-4889",
65179
66299
  "CVE-2024-50050",
65180
66300
  "CVE-2024-54085",
65181
66301
  "CVE-2024-56145",
65182
66302
  "CVE-2024-57726",
65183
66303
  "CVE-2024-57728",
66304
+ "CVE-2024-6587",
65184
66305
  "CVE-2024-7399",
65185
66306
  "CVE-2024-7694",
65186
66307
  "CVE-2024-8068",
@@ -65198,6 +66319,7 @@
65198
66319
  "CVE-2025-14733",
65199
66320
  "CVE-2025-1550",
65200
66321
  "CVE-2025-15556",
66322
+ "CVE-2025-1753",
65201
66323
  "CVE-2025-20281",
65202
66324
  "CVE-2025-20333",
65203
66325
  "CVE-2025-20337",
@@ -65646,12 +66768,15 @@
65646
66768
  "CVE-2024-39722",
65647
66769
  "CVE-2024-42478",
65648
66770
  "CVE-2024-42479",
66771
+ "CVE-2024-4889",
65649
66772
  "CVE-2024-50050",
66773
+ "CVE-2024-6587",
65650
66774
  "CVE-2025-0133",
65651
66775
  "CVE-2025-10585",
65652
66776
  "CVE-2025-1094",
65653
66777
  "CVE-2025-14174",
65654
66778
  "CVE-2025-1550",
66779
+ "CVE-2025-1753",
65655
66780
  "CVE-2025-23254",
65656
66781
  "CVE-2025-23266",
65657
66782
  "CVE-2025-30165",
@@ -66474,11 +67599,13 @@
66474
67599
  "CVE-2024-42478",
66475
67600
  "CVE-2024-42479",
66476
67601
  "CVE-2024-43468",
67602
+ "CVE-2024-4889",
66477
67603
  "CVE-2024-50050",
66478
67604
  "CVE-2024-54085",
66479
67605
  "CVE-2024-56145",
66480
67606
  "CVE-2024-57726",
66481
67607
  "CVE-2024-57728",
67608
+ "CVE-2024-6587",
66482
67609
  "CVE-2024-7399",
66483
67610
  "CVE-2024-7694",
66484
67611
  "CVE-2024-8068",
@@ -66496,6 +67623,7 @@
66496
67623
  "CVE-2025-14733",
66497
67624
  "CVE-2025-1550",
66498
67625
  "CVE-2025-15556",
67626
+ "CVE-2025-1753",
66499
67627
  "CVE-2025-20281",
66500
67628
  "CVE-2025-20333",
66501
67629
  "CVE-2025-20337",
@@ -67008,12 +68136,15 @@
67008
68136
  "CVE-2024-39722",
67009
68137
  "CVE-2024-42478",
67010
68138
  "CVE-2024-42479",
68139
+ "CVE-2024-4889",
67011
68140
  "CVE-2024-50050",
68141
+ "CVE-2024-6587",
67012
68142
  "CVE-2025-0133",
67013
68143
  "CVE-2025-10585",
67014
68144
  "CVE-2025-1094",
67015
68145
  "CVE-2025-14174",
67016
68146
  "CVE-2025-1550",
68147
+ "CVE-2025-1753",
67017
68148
  "CVE-2025-23254",
67018
68149
  "CVE-2025-23266",
67019
68150
  "CVE-2025-30165",
@@ -67364,11 +68495,13 @@
67364
68495
  "CVE-2024-42478",
67365
68496
  "CVE-2024-42479",
67366
68497
  "CVE-2024-43468",
68498
+ "CVE-2024-4889",
67367
68499
  "CVE-2024-50050",
67368
68500
  "CVE-2024-54085",
67369
68501
  "CVE-2024-56145",
67370
68502
  "CVE-2024-57726",
67371
68503
  "CVE-2024-57728",
68504
+ "CVE-2024-6587",
67372
68505
  "CVE-2024-7399",
67373
68506
  "CVE-2024-7694",
67374
68507
  "CVE-2024-8068",
@@ -67387,6 +68520,7 @@
67387
68520
  "CVE-2025-14733",
67388
68521
  "CVE-2025-1550",
67389
68522
  "CVE-2025-15556",
68523
+ "CVE-2025-1753",
67390
68524
  "CVE-2025-20281",
67391
68525
  "CVE-2025-20333",
67392
68526
  "CVE-2025-20337",
@@ -67915,11 +69049,14 @@
67915
69049
  "CVE-2024-39722",
67916
69050
  "CVE-2024-42478",
67917
69051
  "CVE-2024-42479",
69052
+ "CVE-2024-4889",
67918
69053
  "CVE-2024-50050",
69054
+ "CVE-2024-6587",
67919
69055
  "CVE-2025-10585",
67920
69056
  "CVE-2025-1094",
67921
69057
  "CVE-2025-14174",
67922
69058
  "CVE-2025-1550",
69059
+ "CVE-2025-1753",
67923
69060
  "CVE-2025-23254",
67924
69061
  "CVE-2025-23266",
67925
69062
  "CVE-2025-30165",
@@ -68876,12 +70013,15 @@
68876
70013
  "CVE-2024-39722",
68877
70014
  "CVE-2024-42478",
68878
70015
  "CVE-2024-42479",
70016
+ "CVE-2024-4889",
68879
70017
  "CVE-2024-50050",
70018
+ "CVE-2024-6587",
68880
70019
  "CVE-2025-0133",
68881
70020
  "CVE-2025-10585",
68882
70021
  "CVE-2025-1094",
68883
70022
  "CVE-2025-14174",
68884
70023
  "CVE-2025-1550",
70024
+ "CVE-2025-1753",
68885
70025
  "CVE-2025-23254",
68886
70026
  "CVE-2025-23266",
68887
70027
  "CVE-2025-30165",
@@ -68999,11 +70139,14 @@
68999
70139
  "CVE-2024-39722",
69000
70140
  "CVE-2024-42478",
69001
70141
  "CVE-2024-42479",
70142
+ "CVE-2024-4889",
69002
70143
  "CVE-2024-50050",
70144
+ "CVE-2024-6587",
69003
70145
  "CVE-2025-10585",
69004
70146
  "CVE-2025-1094",
69005
70147
  "CVE-2025-14174",
69006
70148
  "CVE-2025-1550",
70149
+ "CVE-2025-1753",
69007
70150
  "CVE-2025-23254",
69008
70151
  "CVE-2025-23266",
69009
70152
  "CVE-2025-30165",
@@ -69194,11 +70337,14 @@
69194
70337
  "CVE-2024-39722",
69195
70338
  "CVE-2024-42478",
69196
70339
  "CVE-2024-42479",
70340
+ "CVE-2024-4889",
69197
70341
  "CVE-2024-50050",
70342
+ "CVE-2024-6587",
69198
70343
  "CVE-2025-0133",
69199
70344
  "CVE-2025-1094",
69200
70345
  "CVE-2025-11837",
69201
70346
  "CVE-2025-1550",
70347
+ "CVE-2025-1753",
69202
70348
  "CVE-2025-23254",
69203
70349
  "CVE-2025-23266",
69204
70350
  "CVE-2025-30165",
@@ -69649,11 +70795,13 @@
69649
70795
  "CVE-2024-42478",
69650
70796
  "CVE-2024-42479",
69651
70797
  "CVE-2024-43468",
70798
+ "CVE-2024-4889",
69652
70799
  "CVE-2024-50050",
69653
70800
  "CVE-2024-54085",
69654
70801
  "CVE-2024-56145",
69655
70802
  "CVE-2024-57726",
69656
70803
  "CVE-2024-57728",
70804
+ "CVE-2024-6587",
69657
70805
  "CVE-2024-7399",
69658
70806
  "CVE-2024-7694",
69659
70807
  "CVE-2024-8068",
@@ -69669,6 +70817,7 @@
69669
70817
  "CVE-2025-14733",
69670
70818
  "CVE-2025-1550",
69671
70819
  "CVE-2025-15556",
70820
+ "CVE-2025-1753",
69672
70821
  "CVE-2025-20281",
69673
70822
  "CVE-2025-20333",
69674
70823
  "CVE-2025-20337",
@@ -70108,12 +71257,15 @@
70108
71257
  "CVE-2024-39722",
70109
71258
  "CVE-2024-42478",
70110
71259
  "CVE-2024-42479",
71260
+ "CVE-2024-4889",
70111
71261
  "CVE-2024-50050",
71262
+ "CVE-2024-6587",
70112
71263
  "CVE-2025-0133",
70113
71264
  "CVE-2025-10585",
70114
71265
  "CVE-2025-1094",
70115
71266
  "CVE-2025-14174",
70116
71267
  "CVE-2025-1550",
71268
+ "CVE-2025-1753",
70117
71269
  "CVE-2025-23254",
70118
71270
  "CVE-2025-23266",
70119
71271
  "CVE-2025-30165",
@@ -70426,12 +71578,15 @@
70426
71578
  "CVE-2024-40635",
70427
71579
  "CVE-2024-42478",
70428
71580
  "CVE-2024-42479",
71581
+ "CVE-2024-4889",
70429
71582
  "CVE-2024-50050",
71583
+ "CVE-2024-6587",
70430
71584
  "CVE-2025-0133",
70431
71585
  "CVE-2025-1094",
70432
71586
  "CVE-2025-11837",
70433
71587
  "CVE-2025-14847",
70434
71588
  "CVE-2025-1550",
71589
+ "CVE-2025-1753",
70435
71590
  "CVE-2025-22226",
70436
71591
  "CVE-2025-23254",
70437
71592
  "CVE-2025-23266",