@blamejs/exceptd-skills 0.13.95 → 0.13.97
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +1540 -0
- package/data/atlas-ttps.json +9 -1
- package/data/attack-techniques.json +8 -0
- package/data/cve-catalog.json +419 -0
- package/data/cwe-catalog.json +4 -0
- package/data/framework-control-gaps.json +34 -2
- package/data/zeroday-lessons.json +200 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
|
@@ -34639,6 +34639,1454 @@
|
|
|
34639
34639
|
]
|
|
34640
34640
|
}
|
|
34641
34641
|
},
|
|
34642
|
+
"CVE-2024-6587": {
|
|
34643
|
+
"name": "BerriAI LiteLLM api_base SSRF API-Key Interception",
|
|
34644
|
+
"rwep": 29,
|
|
34645
|
+
"cvss": 7.5,
|
|
34646
|
+
"cisa_kev": false,
|
|
34647
|
+
"epss_score": null,
|
|
34648
|
+
"referencing_skills": [
|
|
34649
|
+
"kernel-lpe-triage",
|
|
34650
|
+
"ai-attack-surface",
|
|
34651
|
+
"compliance-theater",
|
|
34652
|
+
"attack-surface-pentest",
|
|
34653
|
+
"ot-ics-security",
|
|
34654
|
+
"coordinated-vuln-disclosure",
|
|
34655
|
+
"sector-energy"
|
|
34656
|
+
],
|
|
34657
|
+
"chain": {
|
|
34658
|
+
"cwes": [
|
|
34659
|
+
{
|
|
34660
|
+
"id": "CWE-1037",
|
|
34661
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
34662
|
+
"category": "Hardware / Side Channel"
|
|
34663
|
+
},
|
|
34664
|
+
{
|
|
34665
|
+
"id": "CWE-1039",
|
|
34666
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
34667
|
+
"category": "AI/ML"
|
|
34668
|
+
},
|
|
34669
|
+
{
|
|
34670
|
+
"id": "CWE-125",
|
|
34671
|
+
"name": "Out-of-bounds Read",
|
|
34672
|
+
"category": "Memory Safety"
|
|
34673
|
+
},
|
|
34674
|
+
{
|
|
34675
|
+
"id": "CWE-1357",
|
|
34676
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
34677
|
+
"category": "Supply Chain"
|
|
34678
|
+
},
|
|
34679
|
+
{
|
|
34680
|
+
"id": "CWE-1395",
|
|
34681
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
34682
|
+
"category": "Supply Chain"
|
|
34683
|
+
},
|
|
34684
|
+
{
|
|
34685
|
+
"id": "CWE-1426",
|
|
34686
|
+
"name": "Improper Validation of Generative AI Output",
|
|
34687
|
+
"category": "AI/ML"
|
|
34688
|
+
},
|
|
34689
|
+
{
|
|
34690
|
+
"id": "CWE-22",
|
|
34691
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
34692
|
+
"category": "Path/Resource"
|
|
34693
|
+
},
|
|
34694
|
+
{
|
|
34695
|
+
"id": "CWE-269",
|
|
34696
|
+
"name": "Improper Privilege Management",
|
|
34697
|
+
"category": "Authorization"
|
|
34698
|
+
},
|
|
34699
|
+
{
|
|
34700
|
+
"id": "CWE-287",
|
|
34701
|
+
"name": "Improper Authentication",
|
|
34702
|
+
"category": "Authentication"
|
|
34703
|
+
},
|
|
34704
|
+
{
|
|
34705
|
+
"id": "CWE-306",
|
|
34706
|
+
"name": "Missing Authentication for Critical Function",
|
|
34707
|
+
"category": "Authentication"
|
|
34708
|
+
},
|
|
34709
|
+
{
|
|
34710
|
+
"id": "CWE-352",
|
|
34711
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
34712
|
+
"category": "Session"
|
|
34713
|
+
},
|
|
34714
|
+
{
|
|
34715
|
+
"id": "CWE-362",
|
|
34716
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
34717
|
+
"category": "Concurrency"
|
|
34718
|
+
},
|
|
34719
|
+
{
|
|
34720
|
+
"id": "CWE-416",
|
|
34721
|
+
"name": "Use After Free",
|
|
34722
|
+
"category": "Memory Safety"
|
|
34723
|
+
},
|
|
34724
|
+
{
|
|
34725
|
+
"id": "CWE-434",
|
|
34726
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
34727
|
+
"category": "File Handling"
|
|
34728
|
+
},
|
|
34729
|
+
{
|
|
34730
|
+
"id": "CWE-672",
|
|
34731
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
34732
|
+
"category": "Memory Safety"
|
|
34733
|
+
},
|
|
34734
|
+
{
|
|
34735
|
+
"id": "CWE-732",
|
|
34736
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
34737
|
+
"category": "Authorization"
|
|
34738
|
+
},
|
|
34739
|
+
{
|
|
34740
|
+
"id": "CWE-78",
|
|
34741
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
34742
|
+
"category": "Injection"
|
|
34743
|
+
},
|
|
34744
|
+
{
|
|
34745
|
+
"id": "CWE-787",
|
|
34746
|
+
"name": "Out-of-bounds Write",
|
|
34747
|
+
"category": "Memory Safety"
|
|
34748
|
+
},
|
|
34749
|
+
{
|
|
34750
|
+
"id": "CWE-79",
|
|
34751
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
34752
|
+
"category": "Injection"
|
|
34753
|
+
},
|
|
34754
|
+
{
|
|
34755
|
+
"id": "CWE-798",
|
|
34756
|
+
"name": "Use of Hard-coded Credentials",
|
|
34757
|
+
"category": "Credentials"
|
|
34758
|
+
},
|
|
34759
|
+
{
|
|
34760
|
+
"id": "CWE-89",
|
|
34761
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
34762
|
+
"category": "Injection"
|
|
34763
|
+
},
|
|
34764
|
+
{
|
|
34765
|
+
"id": "CWE-918",
|
|
34766
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
34767
|
+
"category": "Network"
|
|
34768
|
+
},
|
|
34769
|
+
{
|
|
34770
|
+
"id": "CWE-94",
|
|
34771
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
34772
|
+
"category": "Injection"
|
|
34773
|
+
}
|
|
34774
|
+
],
|
|
34775
|
+
"atlas": [
|
|
34776
|
+
{
|
|
34777
|
+
"id": "AML.T0010",
|
|
34778
|
+
"name": "ML Supply Chain Compromise",
|
|
34779
|
+
"tactic": "Initial Access"
|
|
34780
|
+
},
|
|
34781
|
+
{
|
|
34782
|
+
"id": "AML.T0016",
|
|
34783
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
34784
|
+
"tactic": "Resource Development"
|
|
34785
|
+
},
|
|
34786
|
+
{
|
|
34787
|
+
"id": "AML.T0017",
|
|
34788
|
+
"name": "Discover ML Model Ontology",
|
|
34789
|
+
"tactic": "Discovery"
|
|
34790
|
+
},
|
|
34791
|
+
{
|
|
34792
|
+
"id": "AML.T0018",
|
|
34793
|
+
"name": "Backdoor ML Model",
|
|
34794
|
+
"tactic": "Persistence"
|
|
34795
|
+
},
|
|
34796
|
+
{
|
|
34797
|
+
"id": "AML.T0020",
|
|
34798
|
+
"name": "Poison Training Data",
|
|
34799
|
+
"tactic": "ML Attack Staging"
|
|
34800
|
+
},
|
|
34801
|
+
{
|
|
34802
|
+
"id": "AML.T0043",
|
|
34803
|
+
"name": "Craft Adversarial Data",
|
|
34804
|
+
"tactic": "ML Attack Staging"
|
|
34805
|
+
},
|
|
34806
|
+
{
|
|
34807
|
+
"id": "AML.T0051",
|
|
34808
|
+
"name": "LLM Prompt Injection",
|
|
34809
|
+
"tactic": "Execution"
|
|
34810
|
+
},
|
|
34811
|
+
{
|
|
34812
|
+
"id": "AML.T0054",
|
|
34813
|
+
"name": "LLM Jailbreak",
|
|
34814
|
+
"tactic": "Defense Evasion"
|
|
34815
|
+
},
|
|
34816
|
+
{
|
|
34817
|
+
"id": "AML.T0096",
|
|
34818
|
+
"name": "AI API as Covert C2 Channel",
|
|
34819
|
+
"tactic": "Command and Control"
|
|
34820
|
+
}
|
|
34821
|
+
],
|
|
34822
|
+
"d3fend": [
|
|
34823
|
+
{
|
|
34824
|
+
"id": "D3-ASLR",
|
|
34825
|
+
"name": "Address Space Layout Randomization",
|
|
34826
|
+
"tactic": "Harden"
|
|
34827
|
+
},
|
|
34828
|
+
{
|
|
34829
|
+
"id": "D3-CSPP",
|
|
34830
|
+
"name": "Client-server Payload Profiling",
|
|
34831
|
+
"tactic": "Detect"
|
|
34832
|
+
},
|
|
34833
|
+
{
|
|
34834
|
+
"id": "D3-EAL",
|
|
34835
|
+
"name": "Executable Allowlisting",
|
|
34836
|
+
"tactic": "Harden"
|
|
34837
|
+
},
|
|
34838
|
+
{
|
|
34839
|
+
"id": "D3-IOPR",
|
|
34840
|
+
"name": "Input/Output Profiling Resource",
|
|
34841
|
+
"tactic": "Detect"
|
|
34842
|
+
},
|
|
34843
|
+
{
|
|
34844
|
+
"id": "D3-NTA",
|
|
34845
|
+
"name": "Network Traffic Analysis",
|
|
34846
|
+
"tactic": "Detect"
|
|
34847
|
+
},
|
|
34848
|
+
{
|
|
34849
|
+
"id": "D3-PHRA",
|
|
34850
|
+
"name": "Process Hardware Resource Access",
|
|
34851
|
+
"tactic": "Isolate"
|
|
34852
|
+
},
|
|
34853
|
+
{
|
|
34854
|
+
"id": "D3-PSEP",
|
|
34855
|
+
"name": "Process Segment Execution Prevention",
|
|
34856
|
+
"tactic": "Harden"
|
|
34857
|
+
}
|
|
34858
|
+
],
|
|
34859
|
+
"framework_gaps": [
|
|
34860
|
+
{
|
|
34861
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
34862
|
+
"framework": "ALL",
|
|
34863
|
+
"control_name": "AI Pipeline Integrity"
|
|
34864
|
+
},
|
|
34865
|
+
{
|
|
34866
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
34867
|
+
"framework": "ALL",
|
|
34868
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
34869
|
+
},
|
|
34870
|
+
{
|
|
34871
|
+
"id": "CIS-Controls-v8-Control7",
|
|
34872
|
+
"framework": "CIS Controls v8",
|
|
34873
|
+
"control_name": "Continuous Vulnerability Management"
|
|
34874
|
+
},
|
|
34875
|
+
{
|
|
34876
|
+
"id": "CMMC-2.0-Level-2",
|
|
34877
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
34878
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
34879
|
+
},
|
|
34880
|
+
{
|
|
34881
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
34882
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
34883
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
34884
|
+
},
|
|
34885
|
+
{
|
|
34886
|
+
"id": "IEC-62443-3-3",
|
|
34887
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
34888
|
+
"control_name": "System security requirements and security levels"
|
|
34889
|
+
},
|
|
34890
|
+
{
|
|
34891
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
34892
|
+
"framework": "ISO/IEC 27001:2022",
|
|
34893
|
+
"control_name": "Secure coding"
|
|
34894
|
+
},
|
|
34895
|
+
{
|
|
34896
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
34897
|
+
"framework": "ISO/IEC 27001:2022",
|
|
34898
|
+
"control_name": "Management of technical vulnerabilities"
|
|
34899
|
+
},
|
|
34900
|
+
{
|
|
34901
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
34902
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
34903
|
+
"control_name": "AI risk management process"
|
|
34904
|
+
},
|
|
34905
|
+
{
|
|
34906
|
+
"id": "NERC-CIP-007-6-R4",
|
|
34907
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
34908
|
+
"control_name": "Security event monitoring"
|
|
34909
|
+
},
|
|
34910
|
+
{
|
|
34911
|
+
"id": "NIS2-Art21-patch-management",
|
|
34912
|
+
"framework": "EU NIS2 Directive",
|
|
34913
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
34914
|
+
},
|
|
34915
|
+
{
|
|
34916
|
+
"id": "NIST-800-115",
|
|
34917
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
34918
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
34919
|
+
},
|
|
34920
|
+
{
|
|
34921
|
+
"id": "NIST-800-218-SSDF",
|
|
34922
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
34923
|
+
"control_name": "Secure Software Development Framework"
|
|
34924
|
+
},
|
|
34925
|
+
{
|
|
34926
|
+
"id": "NIST-800-53-AC-2",
|
|
34927
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
34928
|
+
"control_name": "Account Management"
|
|
34929
|
+
},
|
|
34930
|
+
{
|
|
34931
|
+
"id": "NIST-800-53-SC-8",
|
|
34932
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
34933
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
34934
|
+
},
|
|
34935
|
+
{
|
|
34936
|
+
"id": "NIST-800-53-SI-2",
|
|
34937
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
34938
|
+
"control_name": "Flaw Remediation"
|
|
34939
|
+
},
|
|
34940
|
+
{
|
|
34941
|
+
"id": "NIST-800-53-SI-3",
|
|
34942
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
34943
|
+
"control_name": "Malicious Code Protection"
|
|
34944
|
+
},
|
|
34945
|
+
{
|
|
34946
|
+
"id": "NIST-800-82r3",
|
|
34947
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
34948
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
34949
|
+
},
|
|
34950
|
+
{
|
|
34951
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
34952
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
34953
|
+
"control_name": "Prompt Injection"
|
|
34954
|
+
},
|
|
34955
|
+
{
|
|
34956
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
34957
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
34958
|
+
"control_name": "Sensitive Information Disclosure"
|
|
34959
|
+
},
|
|
34960
|
+
{
|
|
34961
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
34962
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
34963
|
+
"control_name": "Web application penetration testing methodology"
|
|
34964
|
+
},
|
|
34965
|
+
{
|
|
34966
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
34967
|
+
"framework": "PCI DSS 4.0",
|
|
34968
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
34969
|
+
},
|
|
34970
|
+
{
|
|
34971
|
+
"id": "PTES-Pre-engagement",
|
|
34972
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
34973
|
+
"control_name": "Pre-engagement Interactions"
|
|
34974
|
+
},
|
|
34975
|
+
{
|
|
34976
|
+
"id": "SOC2-CC6-logical-access",
|
|
34977
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
34978
|
+
"control_name": "Logical and Physical Access Controls"
|
|
34979
|
+
},
|
|
34980
|
+
{
|
|
34981
|
+
"id": "SOC2-CC9-vendor-management",
|
|
34982
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
34983
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
34984
|
+
}
|
|
34985
|
+
],
|
|
34986
|
+
"attack_refs": [
|
|
34987
|
+
"T0855",
|
|
34988
|
+
"T0883",
|
|
34989
|
+
"T1059",
|
|
34990
|
+
"T1068",
|
|
34991
|
+
"T1078",
|
|
34992
|
+
"T1133",
|
|
34993
|
+
"T1190",
|
|
34994
|
+
"T1548.001",
|
|
34995
|
+
"T1566"
|
|
34996
|
+
],
|
|
34997
|
+
"rfc_refs": [
|
|
34998
|
+
"RFC-4301",
|
|
34999
|
+
"RFC-4303",
|
|
35000
|
+
"RFC-7296"
|
|
35001
|
+
]
|
|
35002
|
+
}
|
|
35003
|
+
},
|
|
35004
|
+
"CVE-2024-4889": {
|
|
35005
|
+
"name": "BerriAI LiteLLM Config Code Injection via UI_LOGO_PATH / KMS",
|
|
35006
|
+
"rwep": 27,
|
|
35007
|
+
"cvss": 7.2,
|
|
35008
|
+
"cisa_kev": false,
|
|
35009
|
+
"epss_score": null,
|
|
35010
|
+
"referencing_skills": [
|
|
35011
|
+
"kernel-lpe-triage",
|
|
35012
|
+
"ai-attack-surface",
|
|
35013
|
+
"compliance-theater",
|
|
35014
|
+
"attack-surface-pentest",
|
|
35015
|
+
"ot-ics-security",
|
|
35016
|
+
"coordinated-vuln-disclosure",
|
|
35017
|
+
"sector-energy"
|
|
35018
|
+
],
|
|
35019
|
+
"chain": {
|
|
35020
|
+
"cwes": [
|
|
35021
|
+
{
|
|
35022
|
+
"id": "CWE-1037",
|
|
35023
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
35024
|
+
"category": "Hardware / Side Channel"
|
|
35025
|
+
},
|
|
35026
|
+
{
|
|
35027
|
+
"id": "CWE-1039",
|
|
35028
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
35029
|
+
"category": "AI/ML"
|
|
35030
|
+
},
|
|
35031
|
+
{
|
|
35032
|
+
"id": "CWE-125",
|
|
35033
|
+
"name": "Out-of-bounds Read",
|
|
35034
|
+
"category": "Memory Safety"
|
|
35035
|
+
},
|
|
35036
|
+
{
|
|
35037
|
+
"id": "CWE-1357",
|
|
35038
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
35039
|
+
"category": "Supply Chain"
|
|
35040
|
+
},
|
|
35041
|
+
{
|
|
35042
|
+
"id": "CWE-1395",
|
|
35043
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
35044
|
+
"category": "Supply Chain"
|
|
35045
|
+
},
|
|
35046
|
+
{
|
|
35047
|
+
"id": "CWE-1426",
|
|
35048
|
+
"name": "Improper Validation of Generative AI Output",
|
|
35049
|
+
"category": "AI/ML"
|
|
35050
|
+
},
|
|
35051
|
+
{
|
|
35052
|
+
"id": "CWE-22",
|
|
35053
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
35054
|
+
"category": "Path/Resource"
|
|
35055
|
+
},
|
|
35056
|
+
{
|
|
35057
|
+
"id": "CWE-269",
|
|
35058
|
+
"name": "Improper Privilege Management",
|
|
35059
|
+
"category": "Authorization"
|
|
35060
|
+
},
|
|
35061
|
+
{
|
|
35062
|
+
"id": "CWE-287",
|
|
35063
|
+
"name": "Improper Authentication",
|
|
35064
|
+
"category": "Authentication"
|
|
35065
|
+
},
|
|
35066
|
+
{
|
|
35067
|
+
"id": "CWE-306",
|
|
35068
|
+
"name": "Missing Authentication for Critical Function",
|
|
35069
|
+
"category": "Authentication"
|
|
35070
|
+
},
|
|
35071
|
+
{
|
|
35072
|
+
"id": "CWE-352",
|
|
35073
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
35074
|
+
"category": "Session"
|
|
35075
|
+
},
|
|
35076
|
+
{
|
|
35077
|
+
"id": "CWE-362",
|
|
35078
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
35079
|
+
"category": "Concurrency"
|
|
35080
|
+
},
|
|
35081
|
+
{
|
|
35082
|
+
"id": "CWE-416",
|
|
35083
|
+
"name": "Use After Free",
|
|
35084
|
+
"category": "Memory Safety"
|
|
35085
|
+
},
|
|
35086
|
+
{
|
|
35087
|
+
"id": "CWE-434",
|
|
35088
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
35089
|
+
"category": "File Handling"
|
|
35090
|
+
},
|
|
35091
|
+
{
|
|
35092
|
+
"id": "CWE-672",
|
|
35093
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
35094
|
+
"category": "Memory Safety"
|
|
35095
|
+
},
|
|
35096
|
+
{
|
|
35097
|
+
"id": "CWE-732",
|
|
35098
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
35099
|
+
"category": "Authorization"
|
|
35100
|
+
},
|
|
35101
|
+
{
|
|
35102
|
+
"id": "CWE-78",
|
|
35103
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
35104
|
+
"category": "Injection"
|
|
35105
|
+
},
|
|
35106
|
+
{
|
|
35107
|
+
"id": "CWE-787",
|
|
35108
|
+
"name": "Out-of-bounds Write",
|
|
35109
|
+
"category": "Memory Safety"
|
|
35110
|
+
},
|
|
35111
|
+
{
|
|
35112
|
+
"id": "CWE-79",
|
|
35113
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
35114
|
+
"category": "Injection"
|
|
35115
|
+
},
|
|
35116
|
+
{
|
|
35117
|
+
"id": "CWE-798",
|
|
35118
|
+
"name": "Use of Hard-coded Credentials",
|
|
35119
|
+
"category": "Credentials"
|
|
35120
|
+
},
|
|
35121
|
+
{
|
|
35122
|
+
"id": "CWE-89",
|
|
35123
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
35124
|
+
"category": "Injection"
|
|
35125
|
+
},
|
|
35126
|
+
{
|
|
35127
|
+
"id": "CWE-918",
|
|
35128
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
35129
|
+
"category": "Network"
|
|
35130
|
+
},
|
|
35131
|
+
{
|
|
35132
|
+
"id": "CWE-94",
|
|
35133
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
35134
|
+
"category": "Injection"
|
|
35135
|
+
}
|
|
35136
|
+
],
|
|
35137
|
+
"atlas": [
|
|
35138
|
+
{
|
|
35139
|
+
"id": "AML.T0010",
|
|
35140
|
+
"name": "ML Supply Chain Compromise",
|
|
35141
|
+
"tactic": "Initial Access"
|
|
35142
|
+
},
|
|
35143
|
+
{
|
|
35144
|
+
"id": "AML.T0016",
|
|
35145
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
35146
|
+
"tactic": "Resource Development"
|
|
35147
|
+
},
|
|
35148
|
+
{
|
|
35149
|
+
"id": "AML.T0017",
|
|
35150
|
+
"name": "Discover ML Model Ontology",
|
|
35151
|
+
"tactic": "Discovery"
|
|
35152
|
+
},
|
|
35153
|
+
{
|
|
35154
|
+
"id": "AML.T0018",
|
|
35155
|
+
"name": "Backdoor ML Model",
|
|
35156
|
+
"tactic": "Persistence"
|
|
35157
|
+
},
|
|
35158
|
+
{
|
|
35159
|
+
"id": "AML.T0020",
|
|
35160
|
+
"name": "Poison Training Data",
|
|
35161
|
+
"tactic": "ML Attack Staging"
|
|
35162
|
+
},
|
|
35163
|
+
{
|
|
35164
|
+
"id": "AML.T0043",
|
|
35165
|
+
"name": "Craft Adversarial Data",
|
|
35166
|
+
"tactic": "ML Attack Staging"
|
|
35167
|
+
},
|
|
35168
|
+
{
|
|
35169
|
+
"id": "AML.T0051",
|
|
35170
|
+
"name": "LLM Prompt Injection",
|
|
35171
|
+
"tactic": "Execution"
|
|
35172
|
+
},
|
|
35173
|
+
{
|
|
35174
|
+
"id": "AML.T0054",
|
|
35175
|
+
"name": "LLM Jailbreak",
|
|
35176
|
+
"tactic": "Defense Evasion"
|
|
35177
|
+
},
|
|
35178
|
+
{
|
|
35179
|
+
"id": "AML.T0096",
|
|
35180
|
+
"name": "AI API as Covert C2 Channel",
|
|
35181
|
+
"tactic": "Command and Control"
|
|
35182
|
+
}
|
|
35183
|
+
],
|
|
35184
|
+
"d3fend": [
|
|
35185
|
+
{
|
|
35186
|
+
"id": "D3-ASLR",
|
|
35187
|
+
"name": "Address Space Layout Randomization",
|
|
35188
|
+
"tactic": "Harden"
|
|
35189
|
+
},
|
|
35190
|
+
{
|
|
35191
|
+
"id": "D3-CSPP",
|
|
35192
|
+
"name": "Client-server Payload Profiling",
|
|
35193
|
+
"tactic": "Detect"
|
|
35194
|
+
},
|
|
35195
|
+
{
|
|
35196
|
+
"id": "D3-EAL",
|
|
35197
|
+
"name": "Executable Allowlisting",
|
|
35198
|
+
"tactic": "Harden"
|
|
35199
|
+
},
|
|
35200
|
+
{
|
|
35201
|
+
"id": "D3-IOPR",
|
|
35202
|
+
"name": "Input/Output Profiling Resource",
|
|
35203
|
+
"tactic": "Detect"
|
|
35204
|
+
},
|
|
35205
|
+
{
|
|
35206
|
+
"id": "D3-NTA",
|
|
35207
|
+
"name": "Network Traffic Analysis",
|
|
35208
|
+
"tactic": "Detect"
|
|
35209
|
+
},
|
|
35210
|
+
{
|
|
35211
|
+
"id": "D3-PHRA",
|
|
35212
|
+
"name": "Process Hardware Resource Access",
|
|
35213
|
+
"tactic": "Isolate"
|
|
35214
|
+
},
|
|
35215
|
+
{
|
|
35216
|
+
"id": "D3-PSEP",
|
|
35217
|
+
"name": "Process Segment Execution Prevention",
|
|
35218
|
+
"tactic": "Harden"
|
|
35219
|
+
}
|
|
35220
|
+
],
|
|
35221
|
+
"framework_gaps": [
|
|
35222
|
+
{
|
|
35223
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
35224
|
+
"framework": "ALL",
|
|
35225
|
+
"control_name": "AI Pipeline Integrity"
|
|
35226
|
+
},
|
|
35227
|
+
{
|
|
35228
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
35229
|
+
"framework": "ALL",
|
|
35230
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
35231
|
+
},
|
|
35232
|
+
{
|
|
35233
|
+
"id": "CIS-Controls-v8-Control7",
|
|
35234
|
+
"framework": "CIS Controls v8",
|
|
35235
|
+
"control_name": "Continuous Vulnerability Management"
|
|
35236
|
+
},
|
|
35237
|
+
{
|
|
35238
|
+
"id": "CMMC-2.0-Level-2",
|
|
35239
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
35240
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
35241
|
+
},
|
|
35242
|
+
{
|
|
35243
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
35244
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
35245
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
35246
|
+
},
|
|
35247
|
+
{
|
|
35248
|
+
"id": "IEC-62443-3-3",
|
|
35249
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
35250
|
+
"control_name": "System security requirements and security levels"
|
|
35251
|
+
},
|
|
35252
|
+
{
|
|
35253
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
35254
|
+
"framework": "ISO/IEC 27001:2022",
|
|
35255
|
+
"control_name": "Secure coding"
|
|
35256
|
+
},
|
|
35257
|
+
{
|
|
35258
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
35259
|
+
"framework": "ISO/IEC 27001:2022",
|
|
35260
|
+
"control_name": "Management of technical vulnerabilities"
|
|
35261
|
+
},
|
|
35262
|
+
{
|
|
35263
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
35264
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
35265
|
+
"control_name": "AI risk management process"
|
|
35266
|
+
},
|
|
35267
|
+
{
|
|
35268
|
+
"id": "NERC-CIP-007-6-R4",
|
|
35269
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
35270
|
+
"control_name": "Security event monitoring"
|
|
35271
|
+
},
|
|
35272
|
+
{
|
|
35273
|
+
"id": "NIS2-Art21-patch-management",
|
|
35274
|
+
"framework": "EU NIS2 Directive",
|
|
35275
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
35276
|
+
},
|
|
35277
|
+
{
|
|
35278
|
+
"id": "NIST-800-115",
|
|
35279
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
35280
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
35281
|
+
},
|
|
35282
|
+
{
|
|
35283
|
+
"id": "NIST-800-218-SSDF",
|
|
35284
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
35285
|
+
"control_name": "Secure Software Development Framework"
|
|
35286
|
+
},
|
|
35287
|
+
{
|
|
35288
|
+
"id": "NIST-800-53-AC-2",
|
|
35289
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
35290
|
+
"control_name": "Account Management"
|
|
35291
|
+
},
|
|
35292
|
+
{
|
|
35293
|
+
"id": "NIST-800-53-SC-8",
|
|
35294
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
35295
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
35296
|
+
},
|
|
35297
|
+
{
|
|
35298
|
+
"id": "NIST-800-53-SI-2",
|
|
35299
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
35300
|
+
"control_name": "Flaw Remediation"
|
|
35301
|
+
},
|
|
35302
|
+
{
|
|
35303
|
+
"id": "NIST-800-53-SI-3",
|
|
35304
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
35305
|
+
"control_name": "Malicious Code Protection"
|
|
35306
|
+
},
|
|
35307
|
+
{
|
|
35308
|
+
"id": "NIST-800-82r3",
|
|
35309
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
35310
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
35311
|
+
},
|
|
35312
|
+
{
|
|
35313
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
35314
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
35315
|
+
"control_name": "Prompt Injection"
|
|
35316
|
+
},
|
|
35317
|
+
{
|
|
35318
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
35319
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
35320
|
+
"control_name": "Sensitive Information Disclosure"
|
|
35321
|
+
},
|
|
35322
|
+
{
|
|
35323
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
35324
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
35325
|
+
"control_name": "Web application penetration testing methodology"
|
|
35326
|
+
},
|
|
35327
|
+
{
|
|
35328
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
35329
|
+
"framework": "PCI DSS 4.0",
|
|
35330
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
35331
|
+
},
|
|
35332
|
+
{
|
|
35333
|
+
"id": "PTES-Pre-engagement",
|
|
35334
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
35335
|
+
"control_name": "Pre-engagement Interactions"
|
|
35336
|
+
},
|
|
35337
|
+
{
|
|
35338
|
+
"id": "SOC2-CC6-logical-access",
|
|
35339
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
35340
|
+
"control_name": "Logical and Physical Access Controls"
|
|
35341
|
+
},
|
|
35342
|
+
{
|
|
35343
|
+
"id": "SOC2-CC9-vendor-management",
|
|
35344
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
35345
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
35346
|
+
}
|
|
35347
|
+
],
|
|
35348
|
+
"attack_refs": [
|
|
35349
|
+
"T0855",
|
|
35350
|
+
"T0883",
|
|
35351
|
+
"T1059",
|
|
35352
|
+
"T1068",
|
|
35353
|
+
"T1078",
|
|
35354
|
+
"T1133",
|
|
35355
|
+
"T1190",
|
|
35356
|
+
"T1548.001",
|
|
35357
|
+
"T1566"
|
|
35358
|
+
],
|
|
35359
|
+
"rfc_refs": [
|
|
35360
|
+
"RFC-4301",
|
|
35361
|
+
"RFC-4303",
|
|
35362
|
+
"RFC-7296"
|
|
35363
|
+
]
|
|
35364
|
+
}
|
|
35365
|
+
},
|
|
35366
|
+
"CVE-2025-64513": {
|
|
35367
|
+
"name": "Milvus Proxy Authentication Bypass via Forged Headers",
|
|
35368
|
+
"rwep": 27,
|
|
35369
|
+
"cvss": 9.3,
|
|
35370
|
+
"cisa_kev": false,
|
|
35371
|
+
"epss_score": null,
|
|
35372
|
+
"referencing_skills": [
|
|
35373
|
+
"kernel-lpe-triage",
|
|
35374
|
+
"ai-attack-surface",
|
|
35375
|
+
"compliance-theater",
|
|
35376
|
+
"attack-surface-pentest",
|
|
35377
|
+
"ot-ics-security",
|
|
35378
|
+
"coordinated-vuln-disclosure",
|
|
35379
|
+
"sector-energy"
|
|
35380
|
+
],
|
|
35381
|
+
"chain": {
|
|
35382
|
+
"cwes": [
|
|
35383
|
+
{
|
|
35384
|
+
"id": "CWE-1037",
|
|
35385
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
35386
|
+
"category": "Hardware / Side Channel"
|
|
35387
|
+
},
|
|
35388
|
+
{
|
|
35389
|
+
"id": "CWE-1039",
|
|
35390
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
35391
|
+
"category": "AI/ML"
|
|
35392
|
+
},
|
|
35393
|
+
{
|
|
35394
|
+
"id": "CWE-125",
|
|
35395
|
+
"name": "Out-of-bounds Read",
|
|
35396
|
+
"category": "Memory Safety"
|
|
35397
|
+
},
|
|
35398
|
+
{
|
|
35399
|
+
"id": "CWE-1357",
|
|
35400
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
35401
|
+
"category": "Supply Chain"
|
|
35402
|
+
},
|
|
35403
|
+
{
|
|
35404
|
+
"id": "CWE-1395",
|
|
35405
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
35406
|
+
"category": "Supply Chain"
|
|
35407
|
+
},
|
|
35408
|
+
{
|
|
35409
|
+
"id": "CWE-1426",
|
|
35410
|
+
"name": "Improper Validation of Generative AI Output",
|
|
35411
|
+
"category": "AI/ML"
|
|
35412
|
+
},
|
|
35413
|
+
{
|
|
35414
|
+
"id": "CWE-22",
|
|
35415
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
35416
|
+
"category": "Path/Resource"
|
|
35417
|
+
},
|
|
35418
|
+
{
|
|
35419
|
+
"id": "CWE-269",
|
|
35420
|
+
"name": "Improper Privilege Management",
|
|
35421
|
+
"category": "Authorization"
|
|
35422
|
+
},
|
|
35423
|
+
{
|
|
35424
|
+
"id": "CWE-287",
|
|
35425
|
+
"name": "Improper Authentication",
|
|
35426
|
+
"category": "Authentication"
|
|
35427
|
+
},
|
|
35428
|
+
{
|
|
35429
|
+
"id": "CWE-306",
|
|
35430
|
+
"name": "Missing Authentication for Critical Function",
|
|
35431
|
+
"category": "Authentication"
|
|
35432
|
+
},
|
|
35433
|
+
{
|
|
35434
|
+
"id": "CWE-352",
|
|
35435
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
35436
|
+
"category": "Session"
|
|
35437
|
+
},
|
|
35438
|
+
{
|
|
35439
|
+
"id": "CWE-362",
|
|
35440
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
35441
|
+
"category": "Concurrency"
|
|
35442
|
+
},
|
|
35443
|
+
{
|
|
35444
|
+
"id": "CWE-416",
|
|
35445
|
+
"name": "Use After Free",
|
|
35446
|
+
"category": "Memory Safety"
|
|
35447
|
+
},
|
|
35448
|
+
{
|
|
35449
|
+
"id": "CWE-434",
|
|
35450
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
35451
|
+
"category": "File Handling"
|
|
35452
|
+
},
|
|
35453
|
+
{
|
|
35454
|
+
"id": "CWE-672",
|
|
35455
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
35456
|
+
"category": "Memory Safety"
|
|
35457
|
+
},
|
|
35458
|
+
{
|
|
35459
|
+
"id": "CWE-732",
|
|
35460
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
35461
|
+
"category": "Authorization"
|
|
35462
|
+
},
|
|
35463
|
+
{
|
|
35464
|
+
"id": "CWE-78",
|
|
35465
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
35466
|
+
"category": "Injection"
|
|
35467
|
+
},
|
|
35468
|
+
{
|
|
35469
|
+
"id": "CWE-787",
|
|
35470
|
+
"name": "Out-of-bounds Write",
|
|
35471
|
+
"category": "Memory Safety"
|
|
35472
|
+
},
|
|
35473
|
+
{
|
|
35474
|
+
"id": "CWE-79",
|
|
35475
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
35476
|
+
"category": "Injection"
|
|
35477
|
+
},
|
|
35478
|
+
{
|
|
35479
|
+
"id": "CWE-798",
|
|
35480
|
+
"name": "Use of Hard-coded Credentials",
|
|
35481
|
+
"category": "Credentials"
|
|
35482
|
+
},
|
|
35483
|
+
{
|
|
35484
|
+
"id": "CWE-89",
|
|
35485
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
35486
|
+
"category": "Injection"
|
|
35487
|
+
},
|
|
35488
|
+
{
|
|
35489
|
+
"id": "CWE-918",
|
|
35490
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
35491
|
+
"category": "Network"
|
|
35492
|
+
},
|
|
35493
|
+
{
|
|
35494
|
+
"id": "CWE-94",
|
|
35495
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
35496
|
+
"category": "Injection"
|
|
35497
|
+
}
|
|
35498
|
+
],
|
|
35499
|
+
"atlas": [
|
|
35500
|
+
{
|
|
35501
|
+
"id": "AML.T0010",
|
|
35502
|
+
"name": "ML Supply Chain Compromise",
|
|
35503
|
+
"tactic": "Initial Access"
|
|
35504
|
+
},
|
|
35505
|
+
{
|
|
35506
|
+
"id": "AML.T0016",
|
|
35507
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
35508
|
+
"tactic": "Resource Development"
|
|
35509
|
+
},
|
|
35510
|
+
{
|
|
35511
|
+
"id": "AML.T0017",
|
|
35512
|
+
"name": "Discover ML Model Ontology",
|
|
35513
|
+
"tactic": "Discovery"
|
|
35514
|
+
},
|
|
35515
|
+
{
|
|
35516
|
+
"id": "AML.T0018",
|
|
35517
|
+
"name": "Backdoor ML Model",
|
|
35518
|
+
"tactic": "Persistence"
|
|
35519
|
+
},
|
|
35520
|
+
{
|
|
35521
|
+
"id": "AML.T0020",
|
|
35522
|
+
"name": "Poison Training Data",
|
|
35523
|
+
"tactic": "ML Attack Staging"
|
|
35524
|
+
},
|
|
35525
|
+
{
|
|
35526
|
+
"id": "AML.T0043",
|
|
35527
|
+
"name": "Craft Adversarial Data",
|
|
35528
|
+
"tactic": "ML Attack Staging"
|
|
35529
|
+
},
|
|
35530
|
+
{
|
|
35531
|
+
"id": "AML.T0051",
|
|
35532
|
+
"name": "LLM Prompt Injection",
|
|
35533
|
+
"tactic": "Execution"
|
|
35534
|
+
},
|
|
35535
|
+
{
|
|
35536
|
+
"id": "AML.T0054",
|
|
35537
|
+
"name": "LLM Jailbreak",
|
|
35538
|
+
"tactic": "Defense Evasion"
|
|
35539
|
+
},
|
|
35540
|
+
{
|
|
35541
|
+
"id": "AML.T0096",
|
|
35542
|
+
"name": "AI API as Covert C2 Channel",
|
|
35543
|
+
"tactic": "Command and Control"
|
|
35544
|
+
}
|
|
35545
|
+
],
|
|
35546
|
+
"d3fend": [
|
|
35547
|
+
{
|
|
35548
|
+
"id": "D3-ASLR",
|
|
35549
|
+
"name": "Address Space Layout Randomization",
|
|
35550
|
+
"tactic": "Harden"
|
|
35551
|
+
},
|
|
35552
|
+
{
|
|
35553
|
+
"id": "D3-CSPP",
|
|
35554
|
+
"name": "Client-server Payload Profiling",
|
|
35555
|
+
"tactic": "Detect"
|
|
35556
|
+
},
|
|
35557
|
+
{
|
|
35558
|
+
"id": "D3-EAL",
|
|
35559
|
+
"name": "Executable Allowlisting",
|
|
35560
|
+
"tactic": "Harden"
|
|
35561
|
+
},
|
|
35562
|
+
{
|
|
35563
|
+
"id": "D3-IOPR",
|
|
35564
|
+
"name": "Input/Output Profiling Resource",
|
|
35565
|
+
"tactic": "Detect"
|
|
35566
|
+
},
|
|
35567
|
+
{
|
|
35568
|
+
"id": "D3-NTA",
|
|
35569
|
+
"name": "Network Traffic Analysis",
|
|
35570
|
+
"tactic": "Detect"
|
|
35571
|
+
},
|
|
35572
|
+
{
|
|
35573
|
+
"id": "D3-PHRA",
|
|
35574
|
+
"name": "Process Hardware Resource Access",
|
|
35575
|
+
"tactic": "Isolate"
|
|
35576
|
+
},
|
|
35577
|
+
{
|
|
35578
|
+
"id": "D3-PSEP",
|
|
35579
|
+
"name": "Process Segment Execution Prevention",
|
|
35580
|
+
"tactic": "Harden"
|
|
35581
|
+
}
|
|
35582
|
+
],
|
|
35583
|
+
"framework_gaps": [
|
|
35584
|
+
{
|
|
35585
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
35586
|
+
"framework": "ALL",
|
|
35587
|
+
"control_name": "AI Pipeline Integrity"
|
|
35588
|
+
},
|
|
35589
|
+
{
|
|
35590
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
35591
|
+
"framework": "ALL",
|
|
35592
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
35593
|
+
},
|
|
35594
|
+
{
|
|
35595
|
+
"id": "CIS-Controls-v8-Control7",
|
|
35596
|
+
"framework": "CIS Controls v8",
|
|
35597
|
+
"control_name": "Continuous Vulnerability Management"
|
|
35598
|
+
},
|
|
35599
|
+
{
|
|
35600
|
+
"id": "CMMC-2.0-Level-2",
|
|
35601
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
35602
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
35603
|
+
},
|
|
35604
|
+
{
|
|
35605
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
35606
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
35607
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
35608
|
+
},
|
|
35609
|
+
{
|
|
35610
|
+
"id": "IEC-62443-3-3",
|
|
35611
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
35612
|
+
"control_name": "System security requirements and security levels"
|
|
35613
|
+
},
|
|
35614
|
+
{
|
|
35615
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
35616
|
+
"framework": "ISO/IEC 27001:2022",
|
|
35617
|
+
"control_name": "Secure coding"
|
|
35618
|
+
},
|
|
35619
|
+
{
|
|
35620
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
35621
|
+
"framework": "ISO/IEC 27001:2022",
|
|
35622
|
+
"control_name": "Management of technical vulnerabilities"
|
|
35623
|
+
},
|
|
35624
|
+
{
|
|
35625
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
35626
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
35627
|
+
"control_name": "AI risk management process"
|
|
35628
|
+
},
|
|
35629
|
+
{
|
|
35630
|
+
"id": "NERC-CIP-007-6-R4",
|
|
35631
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
35632
|
+
"control_name": "Security event monitoring"
|
|
35633
|
+
},
|
|
35634
|
+
{
|
|
35635
|
+
"id": "NIS2-Art21-patch-management",
|
|
35636
|
+
"framework": "EU NIS2 Directive",
|
|
35637
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
35638
|
+
},
|
|
35639
|
+
{
|
|
35640
|
+
"id": "NIST-800-115",
|
|
35641
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
35642
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
35643
|
+
},
|
|
35644
|
+
{
|
|
35645
|
+
"id": "NIST-800-218-SSDF",
|
|
35646
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
35647
|
+
"control_name": "Secure Software Development Framework"
|
|
35648
|
+
},
|
|
35649
|
+
{
|
|
35650
|
+
"id": "NIST-800-53-AC-2",
|
|
35651
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
35652
|
+
"control_name": "Account Management"
|
|
35653
|
+
},
|
|
35654
|
+
{
|
|
35655
|
+
"id": "NIST-800-53-SC-8",
|
|
35656
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
35657
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
35658
|
+
},
|
|
35659
|
+
{
|
|
35660
|
+
"id": "NIST-800-53-SI-2",
|
|
35661
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
35662
|
+
"control_name": "Flaw Remediation"
|
|
35663
|
+
},
|
|
35664
|
+
{
|
|
35665
|
+
"id": "NIST-800-53-SI-3",
|
|
35666
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
35667
|
+
"control_name": "Malicious Code Protection"
|
|
35668
|
+
},
|
|
35669
|
+
{
|
|
35670
|
+
"id": "NIST-800-82r3",
|
|
35671
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
35672
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
35673
|
+
},
|
|
35674
|
+
{
|
|
35675
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
35676
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
35677
|
+
"control_name": "Prompt Injection"
|
|
35678
|
+
},
|
|
35679
|
+
{
|
|
35680
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
35681
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
35682
|
+
"control_name": "Sensitive Information Disclosure"
|
|
35683
|
+
},
|
|
35684
|
+
{
|
|
35685
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
35686
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
35687
|
+
"control_name": "Web application penetration testing methodology"
|
|
35688
|
+
},
|
|
35689
|
+
{
|
|
35690
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
35691
|
+
"framework": "PCI DSS 4.0",
|
|
35692
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
35693
|
+
},
|
|
35694
|
+
{
|
|
35695
|
+
"id": "PTES-Pre-engagement",
|
|
35696
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
35697
|
+
"control_name": "Pre-engagement Interactions"
|
|
35698
|
+
},
|
|
35699
|
+
{
|
|
35700
|
+
"id": "SOC2-CC6-logical-access",
|
|
35701
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
35702
|
+
"control_name": "Logical and Physical Access Controls"
|
|
35703
|
+
},
|
|
35704
|
+
{
|
|
35705
|
+
"id": "SOC2-CC9-vendor-management",
|
|
35706
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
35707
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
35708
|
+
}
|
|
35709
|
+
],
|
|
35710
|
+
"attack_refs": [
|
|
35711
|
+
"T0855",
|
|
35712
|
+
"T0883",
|
|
35713
|
+
"T1059",
|
|
35714
|
+
"T1068",
|
|
35715
|
+
"T1078",
|
|
35716
|
+
"T1133",
|
|
35717
|
+
"T1190",
|
|
35718
|
+
"T1548.001",
|
|
35719
|
+
"T1566"
|
|
35720
|
+
],
|
|
35721
|
+
"rfc_refs": [
|
|
35722
|
+
"RFC-4301",
|
|
35723
|
+
"RFC-4303",
|
|
35724
|
+
"RFC-7296"
|
|
35725
|
+
]
|
|
35726
|
+
}
|
|
35727
|
+
},
|
|
35728
|
+
"CVE-2026-26190": {
|
|
35729
|
+
"name": "Milvus Port 9091 Missing Authentication / Weak Default Token",
|
|
35730
|
+
"rwep": 27,
|
|
35731
|
+
"cvss": 9.8,
|
|
35732
|
+
"cisa_kev": false,
|
|
35733
|
+
"epss_score": null,
|
|
35734
|
+
"referencing_skills": [
|
|
35735
|
+
"kernel-lpe-triage",
|
|
35736
|
+
"ai-attack-surface",
|
|
35737
|
+
"compliance-theater",
|
|
35738
|
+
"attack-surface-pentest",
|
|
35739
|
+
"ot-ics-security",
|
|
35740
|
+
"coordinated-vuln-disclosure",
|
|
35741
|
+
"sector-energy"
|
|
35742
|
+
],
|
|
35743
|
+
"chain": {
|
|
35744
|
+
"cwes": [
|
|
35745
|
+
{
|
|
35746
|
+
"id": "CWE-1037",
|
|
35747
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
35748
|
+
"category": "Hardware / Side Channel"
|
|
35749
|
+
},
|
|
35750
|
+
{
|
|
35751
|
+
"id": "CWE-1039",
|
|
35752
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
35753
|
+
"category": "AI/ML"
|
|
35754
|
+
},
|
|
35755
|
+
{
|
|
35756
|
+
"id": "CWE-125",
|
|
35757
|
+
"name": "Out-of-bounds Read",
|
|
35758
|
+
"category": "Memory Safety"
|
|
35759
|
+
},
|
|
35760
|
+
{
|
|
35761
|
+
"id": "CWE-1357",
|
|
35762
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
35763
|
+
"category": "Supply Chain"
|
|
35764
|
+
},
|
|
35765
|
+
{
|
|
35766
|
+
"id": "CWE-1395",
|
|
35767
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
35768
|
+
"category": "Supply Chain"
|
|
35769
|
+
},
|
|
35770
|
+
{
|
|
35771
|
+
"id": "CWE-1426",
|
|
35772
|
+
"name": "Improper Validation of Generative AI Output",
|
|
35773
|
+
"category": "AI/ML"
|
|
35774
|
+
},
|
|
35775
|
+
{
|
|
35776
|
+
"id": "CWE-22",
|
|
35777
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
35778
|
+
"category": "Path/Resource"
|
|
35779
|
+
},
|
|
35780
|
+
{
|
|
35781
|
+
"id": "CWE-269",
|
|
35782
|
+
"name": "Improper Privilege Management",
|
|
35783
|
+
"category": "Authorization"
|
|
35784
|
+
},
|
|
35785
|
+
{
|
|
35786
|
+
"id": "CWE-287",
|
|
35787
|
+
"name": "Improper Authentication",
|
|
35788
|
+
"category": "Authentication"
|
|
35789
|
+
},
|
|
35790
|
+
{
|
|
35791
|
+
"id": "CWE-306",
|
|
35792
|
+
"name": "Missing Authentication for Critical Function",
|
|
35793
|
+
"category": "Authentication"
|
|
35794
|
+
},
|
|
35795
|
+
{
|
|
35796
|
+
"id": "CWE-352",
|
|
35797
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
35798
|
+
"category": "Session"
|
|
35799
|
+
},
|
|
35800
|
+
{
|
|
35801
|
+
"id": "CWE-362",
|
|
35802
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
35803
|
+
"category": "Concurrency"
|
|
35804
|
+
},
|
|
35805
|
+
{
|
|
35806
|
+
"id": "CWE-416",
|
|
35807
|
+
"name": "Use After Free",
|
|
35808
|
+
"category": "Memory Safety"
|
|
35809
|
+
},
|
|
35810
|
+
{
|
|
35811
|
+
"id": "CWE-434",
|
|
35812
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
35813
|
+
"category": "File Handling"
|
|
35814
|
+
},
|
|
35815
|
+
{
|
|
35816
|
+
"id": "CWE-672",
|
|
35817
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
35818
|
+
"category": "Memory Safety"
|
|
35819
|
+
},
|
|
35820
|
+
{
|
|
35821
|
+
"id": "CWE-732",
|
|
35822
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
35823
|
+
"category": "Authorization"
|
|
35824
|
+
},
|
|
35825
|
+
{
|
|
35826
|
+
"id": "CWE-78",
|
|
35827
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
35828
|
+
"category": "Injection"
|
|
35829
|
+
},
|
|
35830
|
+
{
|
|
35831
|
+
"id": "CWE-787",
|
|
35832
|
+
"name": "Out-of-bounds Write",
|
|
35833
|
+
"category": "Memory Safety"
|
|
35834
|
+
},
|
|
35835
|
+
{
|
|
35836
|
+
"id": "CWE-79",
|
|
35837
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
35838
|
+
"category": "Injection"
|
|
35839
|
+
},
|
|
35840
|
+
{
|
|
35841
|
+
"id": "CWE-798",
|
|
35842
|
+
"name": "Use of Hard-coded Credentials",
|
|
35843
|
+
"category": "Credentials"
|
|
35844
|
+
},
|
|
35845
|
+
{
|
|
35846
|
+
"id": "CWE-89",
|
|
35847
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
35848
|
+
"category": "Injection"
|
|
35849
|
+
},
|
|
35850
|
+
{
|
|
35851
|
+
"id": "CWE-918",
|
|
35852
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
35853
|
+
"category": "Network"
|
|
35854
|
+
},
|
|
35855
|
+
{
|
|
35856
|
+
"id": "CWE-94",
|
|
35857
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
35858
|
+
"category": "Injection"
|
|
35859
|
+
}
|
|
35860
|
+
],
|
|
35861
|
+
"atlas": [
|
|
35862
|
+
{
|
|
35863
|
+
"id": "AML.T0010",
|
|
35864
|
+
"name": "ML Supply Chain Compromise",
|
|
35865
|
+
"tactic": "Initial Access"
|
|
35866
|
+
},
|
|
35867
|
+
{
|
|
35868
|
+
"id": "AML.T0016",
|
|
35869
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
35870
|
+
"tactic": "Resource Development"
|
|
35871
|
+
},
|
|
35872
|
+
{
|
|
35873
|
+
"id": "AML.T0017",
|
|
35874
|
+
"name": "Discover ML Model Ontology",
|
|
35875
|
+
"tactic": "Discovery"
|
|
35876
|
+
},
|
|
35877
|
+
{
|
|
35878
|
+
"id": "AML.T0018",
|
|
35879
|
+
"name": "Backdoor ML Model",
|
|
35880
|
+
"tactic": "Persistence"
|
|
35881
|
+
},
|
|
35882
|
+
{
|
|
35883
|
+
"id": "AML.T0020",
|
|
35884
|
+
"name": "Poison Training Data",
|
|
35885
|
+
"tactic": "ML Attack Staging"
|
|
35886
|
+
},
|
|
35887
|
+
{
|
|
35888
|
+
"id": "AML.T0043",
|
|
35889
|
+
"name": "Craft Adversarial Data",
|
|
35890
|
+
"tactic": "ML Attack Staging"
|
|
35891
|
+
},
|
|
35892
|
+
{
|
|
35893
|
+
"id": "AML.T0051",
|
|
35894
|
+
"name": "LLM Prompt Injection",
|
|
35895
|
+
"tactic": "Execution"
|
|
35896
|
+
},
|
|
35897
|
+
{
|
|
35898
|
+
"id": "AML.T0054",
|
|
35899
|
+
"name": "LLM Jailbreak",
|
|
35900
|
+
"tactic": "Defense Evasion"
|
|
35901
|
+
},
|
|
35902
|
+
{
|
|
35903
|
+
"id": "AML.T0096",
|
|
35904
|
+
"name": "AI API as Covert C2 Channel",
|
|
35905
|
+
"tactic": "Command and Control"
|
|
35906
|
+
}
|
|
35907
|
+
],
|
|
35908
|
+
"d3fend": [
|
|
35909
|
+
{
|
|
35910
|
+
"id": "D3-ASLR",
|
|
35911
|
+
"name": "Address Space Layout Randomization",
|
|
35912
|
+
"tactic": "Harden"
|
|
35913
|
+
},
|
|
35914
|
+
{
|
|
35915
|
+
"id": "D3-CSPP",
|
|
35916
|
+
"name": "Client-server Payload Profiling",
|
|
35917
|
+
"tactic": "Detect"
|
|
35918
|
+
},
|
|
35919
|
+
{
|
|
35920
|
+
"id": "D3-EAL",
|
|
35921
|
+
"name": "Executable Allowlisting",
|
|
35922
|
+
"tactic": "Harden"
|
|
35923
|
+
},
|
|
35924
|
+
{
|
|
35925
|
+
"id": "D3-IOPR",
|
|
35926
|
+
"name": "Input/Output Profiling Resource",
|
|
35927
|
+
"tactic": "Detect"
|
|
35928
|
+
},
|
|
35929
|
+
{
|
|
35930
|
+
"id": "D3-NTA",
|
|
35931
|
+
"name": "Network Traffic Analysis",
|
|
35932
|
+
"tactic": "Detect"
|
|
35933
|
+
},
|
|
35934
|
+
{
|
|
35935
|
+
"id": "D3-PHRA",
|
|
35936
|
+
"name": "Process Hardware Resource Access",
|
|
35937
|
+
"tactic": "Isolate"
|
|
35938
|
+
},
|
|
35939
|
+
{
|
|
35940
|
+
"id": "D3-PSEP",
|
|
35941
|
+
"name": "Process Segment Execution Prevention",
|
|
35942
|
+
"tactic": "Harden"
|
|
35943
|
+
}
|
|
35944
|
+
],
|
|
35945
|
+
"framework_gaps": [
|
|
35946
|
+
{
|
|
35947
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
35948
|
+
"framework": "ALL",
|
|
35949
|
+
"control_name": "AI Pipeline Integrity"
|
|
35950
|
+
},
|
|
35951
|
+
{
|
|
35952
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
35953
|
+
"framework": "ALL",
|
|
35954
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
35955
|
+
},
|
|
35956
|
+
{
|
|
35957
|
+
"id": "CIS-Controls-v8-Control7",
|
|
35958
|
+
"framework": "CIS Controls v8",
|
|
35959
|
+
"control_name": "Continuous Vulnerability Management"
|
|
35960
|
+
},
|
|
35961
|
+
{
|
|
35962
|
+
"id": "CMMC-2.0-Level-2",
|
|
35963
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
35964
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
35965
|
+
},
|
|
35966
|
+
{
|
|
35967
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
35968
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
35969
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
35970
|
+
},
|
|
35971
|
+
{
|
|
35972
|
+
"id": "IEC-62443-3-3",
|
|
35973
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
35974
|
+
"control_name": "System security requirements and security levels"
|
|
35975
|
+
},
|
|
35976
|
+
{
|
|
35977
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
35978
|
+
"framework": "ISO/IEC 27001:2022",
|
|
35979
|
+
"control_name": "Secure coding"
|
|
35980
|
+
},
|
|
35981
|
+
{
|
|
35982
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
35983
|
+
"framework": "ISO/IEC 27001:2022",
|
|
35984
|
+
"control_name": "Management of technical vulnerabilities"
|
|
35985
|
+
},
|
|
35986
|
+
{
|
|
35987
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
35988
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
35989
|
+
"control_name": "AI risk management process"
|
|
35990
|
+
},
|
|
35991
|
+
{
|
|
35992
|
+
"id": "NERC-CIP-007-6-R4",
|
|
35993
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
35994
|
+
"control_name": "Security event monitoring"
|
|
35995
|
+
},
|
|
35996
|
+
{
|
|
35997
|
+
"id": "NIS2-Art21-patch-management",
|
|
35998
|
+
"framework": "EU NIS2 Directive",
|
|
35999
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
36000
|
+
},
|
|
36001
|
+
{
|
|
36002
|
+
"id": "NIST-800-115",
|
|
36003
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
36004
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
36005
|
+
},
|
|
36006
|
+
{
|
|
36007
|
+
"id": "NIST-800-218-SSDF",
|
|
36008
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
36009
|
+
"control_name": "Secure Software Development Framework"
|
|
36010
|
+
},
|
|
36011
|
+
{
|
|
36012
|
+
"id": "NIST-800-53-AC-2",
|
|
36013
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36014
|
+
"control_name": "Account Management"
|
|
36015
|
+
},
|
|
36016
|
+
{
|
|
36017
|
+
"id": "NIST-800-53-SC-8",
|
|
36018
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36019
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
36020
|
+
},
|
|
36021
|
+
{
|
|
36022
|
+
"id": "NIST-800-53-SI-2",
|
|
36023
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36024
|
+
"control_name": "Flaw Remediation"
|
|
36025
|
+
},
|
|
36026
|
+
{
|
|
36027
|
+
"id": "NIST-800-53-SI-3",
|
|
36028
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36029
|
+
"control_name": "Malicious Code Protection"
|
|
36030
|
+
},
|
|
36031
|
+
{
|
|
36032
|
+
"id": "NIST-800-82r3",
|
|
36033
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
36034
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
36035
|
+
},
|
|
36036
|
+
{
|
|
36037
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
36038
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
36039
|
+
"control_name": "Prompt Injection"
|
|
36040
|
+
},
|
|
36041
|
+
{
|
|
36042
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
36043
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
36044
|
+
"control_name": "Sensitive Information Disclosure"
|
|
36045
|
+
},
|
|
36046
|
+
{
|
|
36047
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
36048
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
36049
|
+
"control_name": "Web application penetration testing methodology"
|
|
36050
|
+
},
|
|
36051
|
+
{
|
|
36052
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
36053
|
+
"framework": "PCI DSS 4.0",
|
|
36054
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
36055
|
+
},
|
|
36056
|
+
{
|
|
36057
|
+
"id": "PTES-Pre-engagement",
|
|
36058
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
36059
|
+
"control_name": "Pre-engagement Interactions"
|
|
36060
|
+
},
|
|
36061
|
+
{
|
|
36062
|
+
"id": "SOC2-CC6-logical-access",
|
|
36063
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
36064
|
+
"control_name": "Logical and Physical Access Controls"
|
|
36065
|
+
},
|
|
36066
|
+
{
|
|
36067
|
+
"id": "SOC2-CC9-vendor-management",
|
|
36068
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
36069
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
36070
|
+
}
|
|
36071
|
+
],
|
|
36072
|
+
"attack_refs": [
|
|
36073
|
+
"T0855",
|
|
36074
|
+
"T0883",
|
|
36075
|
+
"T1059",
|
|
36076
|
+
"T1068",
|
|
36077
|
+
"T1078",
|
|
36078
|
+
"T1133",
|
|
36079
|
+
"T1190",
|
|
36080
|
+
"T1548.001",
|
|
36081
|
+
"T1566"
|
|
36082
|
+
],
|
|
36083
|
+
"rfc_refs": [
|
|
36084
|
+
"RFC-4301",
|
|
36085
|
+
"RFC-4303",
|
|
36086
|
+
"RFC-7296"
|
|
36087
|
+
]
|
|
36088
|
+
}
|
|
36089
|
+
},
|
|
34642
36090
|
"CVE-2026-41091": {
|
|
34643
36091
|
"name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
|
|
34644
36092
|
"rwep": 45,
|
|
@@ -61036,7 +62484,9 @@
|
|
|
61036
62484
|
"CVE-2024-39722",
|
|
61037
62485
|
"CVE-2024-42478",
|
|
61038
62486
|
"CVE-2024-42479",
|
|
62487
|
+
"CVE-2024-4889",
|
|
61039
62488
|
"CVE-2024-50050",
|
|
62489
|
+
"CVE-2024-6587",
|
|
61040
62490
|
"CVE-2025-0133",
|
|
61041
62491
|
"CVE-2025-10585",
|
|
61042
62492
|
"CVE-2025-1094",
|
|
@@ -61057,6 +62507,7 @@
|
|
|
61057
62507
|
"CVE-2025-54136",
|
|
61058
62508
|
"CVE-2025-60455",
|
|
61059
62509
|
"CVE-2025-64496",
|
|
62510
|
+
"CVE-2025-64513",
|
|
61060
62511
|
"CVE-2025-6965",
|
|
61061
62512
|
"CVE-2025-8747",
|
|
61062
62513
|
"CVE-2026-0766",
|
|
@@ -61069,6 +62520,7 @@
|
|
|
61069
62520
|
"CVE-2026-24215",
|
|
61070
62521
|
"CVE-2026-25592",
|
|
61071
62522
|
"CVE-2026-26015",
|
|
62523
|
+
"CVE-2026-26190",
|
|
61072
62524
|
"CVE-2026-30615",
|
|
61073
62525
|
"CVE-2026-30616",
|
|
61074
62526
|
"CVE-2026-30617",
|
|
@@ -61431,7 +62883,9 @@
|
|
|
61431
62883
|
"CVE-2024-39722",
|
|
61432
62884
|
"CVE-2024-42478",
|
|
61433
62885
|
"CVE-2024-42479",
|
|
62886
|
+
"CVE-2024-4889",
|
|
61434
62887
|
"CVE-2024-50050",
|
|
62888
|
+
"CVE-2024-6587",
|
|
61435
62889
|
"CVE-2025-0133",
|
|
61436
62890
|
"CVE-2025-10585",
|
|
61437
62891
|
"CVE-2025-1094",
|
|
@@ -61450,6 +62904,7 @@
|
|
|
61450
62904
|
"CVE-2025-54136",
|
|
61451
62905
|
"CVE-2025-60455",
|
|
61452
62906
|
"CVE-2025-64496",
|
|
62907
|
+
"CVE-2025-64513",
|
|
61453
62908
|
"CVE-2025-6965",
|
|
61454
62909
|
"CVE-2025-8747",
|
|
61455
62910
|
"CVE-2026-0766",
|
|
@@ -61462,6 +62917,7 @@
|
|
|
61462
62917
|
"CVE-2026-24215",
|
|
61463
62918
|
"CVE-2026-25592",
|
|
61464
62919
|
"CVE-2026-26015",
|
|
62920
|
+
"CVE-2026-26190",
|
|
61465
62921
|
"CVE-2026-30616",
|
|
61466
62922
|
"CVE-2026-30617",
|
|
61467
62923
|
"CVE-2026-30623",
|
|
@@ -61619,7 +63075,9 @@
|
|
|
61619
63075
|
"CVE-2024-39722",
|
|
61620
63076
|
"CVE-2024-42478",
|
|
61621
63077
|
"CVE-2024-42479",
|
|
63078
|
+
"CVE-2024-4889",
|
|
61622
63079
|
"CVE-2024-50050",
|
|
63080
|
+
"CVE-2024-6587",
|
|
61623
63081
|
"CVE-2025-0133",
|
|
61624
63082
|
"CVE-2025-10585",
|
|
61625
63083
|
"CVE-2025-1094",
|
|
@@ -61638,6 +63096,7 @@
|
|
|
61638
63096
|
"CVE-2025-54136",
|
|
61639
63097
|
"CVE-2025-60455",
|
|
61640
63098
|
"CVE-2025-64496",
|
|
63099
|
+
"CVE-2025-64513",
|
|
61641
63100
|
"CVE-2025-6965",
|
|
61642
63101
|
"CVE-2025-8747",
|
|
61643
63102
|
"CVE-2026-0766",
|
|
@@ -61650,6 +63109,7 @@
|
|
|
61650
63109
|
"CVE-2026-24215",
|
|
61651
63110
|
"CVE-2026-25592",
|
|
61652
63111
|
"CVE-2026-26015",
|
|
63112
|
+
"CVE-2026-26190",
|
|
61653
63113
|
"CVE-2026-30616",
|
|
61654
63114
|
"CVE-2026-30617",
|
|
61655
63115
|
"CVE-2026-30623",
|
|
@@ -61821,7 +63281,9 @@
|
|
|
61821
63281
|
"CVE-2024-39722",
|
|
61822
63282
|
"CVE-2024-42478",
|
|
61823
63283
|
"CVE-2024-42479",
|
|
63284
|
+
"CVE-2024-4889",
|
|
61824
63285
|
"CVE-2024-50050",
|
|
63286
|
+
"CVE-2024-6587",
|
|
61825
63287
|
"CVE-2025-0133",
|
|
61826
63288
|
"CVE-2025-10585",
|
|
61827
63289
|
"CVE-2025-1094",
|
|
@@ -61840,6 +63302,7 @@
|
|
|
61840
63302
|
"CVE-2025-54136",
|
|
61841
63303
|
"CVE-2025-60455",
|
|
61842
63304
|
"CVE-2025-64496",
|
|
63305
|
+
"CVE-2025-64513",
|
|
61843
63306
|
"CVE-2025-6965",
|
|
61844
63307
|
"CVE-2025-8747",
|
|
61845
63308
|
"CVE-2026-0766",
|
|
@@ -61852,6 +63315,7 @@
|
|
|
61852
63315
|
"CVE-2026-24215",
|
|
61853
63316
|
"CVE-2026-25592",
|
|
61854
63317
|
"CVE-2026-26015",
|
|
63318
|
+
"CVE-2026-26190",
|
|
61855
63319
|
"CVE-2026-30616",
|
|
61856
63320
|
"CVE-2026-30617",
|
|
61857
63321
|
"CVE-2026-30623",
|
|
@@ -62129,7 +63593,9 @@
|
|
|
62129
63593
|
"CVE-2024-39722",
|
|
62130
63594
|
"CVE-2024-42478",
|
|
62131
63595
|
"CVE-2024-42479",
|
|
63596
|
+
"CVE-2024-4889",
|
|
62132
63597
|
"CVE-2024-50050",
|
|
63598
|
+
"CVE-2024-6587",
|
|
62133
63599
|
"CVE-2025-0133",
|
|
62134
63600
|
"CVE-2025-1094",
|
|
62135
63601
|
"CVE-2025-11837",
|
|
@@ -62147,6 +63613,7 @@
|
|
|
62147
63613
|
"CVE-2025-54136",
|
|
62148
63614
|
"CVE-2025-60455",
|
|
62149
63615
|
"CVE-2025-64496",
|
|
63616
|
+
"CVE-2025-64513",
|
|
62150
63617
|
"CVE-2025-6965",
|
|
62151
63618
|
"CVE-2025-8747",
|
|
62152
63619
|
"CVE-2026-0766",
|
|
@@ -62160,6 +63627,7 @@
|
|
|
62160
63627
|
"CVE-2026-24215",
|
|
62161
63628
|
"CVE-2026-25592",
|
|
62162
63629
|
"CVE-2026-26015",
|
|
63630
|
+
"CVE-2026-26190",
|
|
62163
63631
|
"CVE-2026-30615",
|
|
62164
63632
|
"CVE-2026-30616",
|
|
62165
63633
|
"CVE-2026-30617",
|
|
@@ -62399,11 +63867,13 @@
|
|
|
62399
63867
|
"CVE-2024-42478",
|
|
62400
63868
|
"CVE-2024-42479",
|
|
62401
63869
|
"CVE-2024-43468",
|
|
63870
|
+
"CVE-2024-4889",
|
|
62402
63871
|
"CVE-2024-50050",
|
|
62403
63872
|
"CVE-2024-54085",
|
|
62404
63873
|
"CVE-2024-56145",
|
|
62405
63874
|
"CVE-2024-57726",
|
|
62406
63875
|
"CVE-2024-57728",
|
|
63876
|
+
"CVE-2024-6587",
|
|
62407
63877
|
"CVE-2024-7399",
|
|
62408
63878
|
"CVE-2024-7694",
|
|
62409
63879
|
"CVE-2024-8068",
|
|
@@ -62544,6 +64014,7 @@
|
|
|
62544
64014
|
"CVE-2025-64328",
|
|
62545
64015
|
"CVE-2025-64446",
|
|
62546
64016
|
"CVE-2025-64496",
|
|
64017
|
+
"CVE-2025-64513",
|
|
62547
64018
|
"CVE-2025-6543",
|
|
62548
64019
|
"CVE-2025-6554",
|
|
62549
64020
|
"CVE-2025-6558",
|
|
@@ -62601,6 +64072,7 @@
|
|
|
62601
64072
|
"CVE-2026-25108",
|
|
62602
64073
|
"CVE-2026-25592",
|
|
62603
64074
|
"CVE-2026-26015",
|
|
64075
|
+
"CVE-2026-26190",
|
|
62604
64076
|
"CVE-2026-3055",
|
|
62605
64077
|
"CVE-2026-30616",
|
|
62606
64078
|
"CVE-2026-30617",
|
|
@@ -63241,7 +64713,9 @@
|
|
|
63241
64713
|
"CVE-2024-39722",
|
|
63242
64714
|
"CVE-2024-42478",
|
|
63243
64715
|
"CVE-2024-42479",
|
|
64716
|
+
"CVE-2024-4889",
|
|
63244
64717
|
"CVE-2024-50050",
|
|
64718
|
+
"CVE-2024-6587",
|
|
63245
64719
|
"CVE-2025-0133",
|
|
63246
64720
|
"CVE-2025-10585",
|
|
63247
64721
|
"CVE-2025-1094",
|
|
@@ -63262,6 +64736,7 @@
|
|
|
63262
64736
|
"CVE-2025-54136",
|
|
63263
64737
|
"CVE-2025-60455",
|
|
63264
64738
|
"CVE-2025-64496",
|
|
64739
|
+
"CVE-2025-64513",
|
|
63265
64740
|
"CVE-2025-6965",
|
|
63266
64741
|
"CVE-2025-8747",
|
|
63267
64742
|
"CVE-2026-0766",
|
|
@@ -63274,6 +64749,7 @@
|
|
|
63274
64749
|
"CVE-2026-24215",
|
|
63275
64750
|
"CVE-2026-25592",
|
|
63276
64751
|
"CVE-2026-26015",
|
|
64752
|
+
"CVE-2026-26190",
|
|
63277
64753
|
"CVE-2026-30615",
|
|
63278
64754
|
"CVE-2026-30616",
|
|
63279
64755
|
"CVE-2026-30617",
|
|
@@ -63868,7 +65344,9 @@
|
|
|
63868
65344
|
"CVE-2024-39722",
|
|
63869
65345
|
"CVE-2024-42478",
|
|
63870
65346
|
"CVE-2024-42479",
|
|
65347
|
+
"CVE-2024-4889",
|
|
63871
65348
|
"CVE-2024-50050",
|
|
65349
|
+
"CVE-2024-6587",
|
|
63872
65350
|
"CVE-2025-0133",
|
|
63873
65351
|
"CVE-2025-10585",
|
|
63874
65352
|
"CVE-2025-1094",
|
|
@@ -63889,6 +65367,7 @@
|
|
|
63889
65367
|
"CVE-2025-54136",
|
|
63890
65368
|
"CVE-2025-60455",
|
|
63891
65369
|
"CVE-2025-64496",
|
|
65370
|
+
"CVE-2025-64513",
|
|
63892
65371
|
"CVE-2025-6965",
|
|
63893
65372
|
"CVE-2025-8747",
|
|
63894
65373
|
"CVE-2026-0766",
|
|
@@ -63901,6 +65380,7 @@
|
|
|
63901
65380
|
"CVE-2026-24215",
|
|
63902
65381
|
"CVE-2026-25592",
|
|
63903
65382
|
"CVE-2026-26015",
|
|
65383
|
+
"CVE-2026-26190",
|
|
63904
65384
|
"CVE-2026-30615",
|
|
63905
65385
|
"CVE-2026-30616",
|
|
63906
65386
|
"CVE-2026-30617",
|
|
@@ -64132,7 +65612,9 @@
|
|
|
64132
65612
|
"CVE-2024-39722",
|
|
64133
65613
|
"CVE-2024-42478",
|
|
64134
65614
|
"CVE-2024-42479",
|
|
65615
|
+
"CVE-2024-4889",
|
|
64135
65616
|
"CVE-2024-50050",
|
|
65617
|
+
"CVE-2024-6587",
|
|
64136
65618
|
"CVE-2025-10585",
|
|
64137
65619
|
"CVE-2025-1094",
|
|
64138
65620
|
"CVE-2025-14174",
|
|
@@ -64151,6 +65633,7 @@
|
|
|
64151
65633
|
"CVE-2025-54136",
|
|
64152
65634
|
"CVE-2025-60455",
|
|
64153
65635
|
"CVE-2025-64496",
|
|
65636
|
+
"CVE-2025-64513",
|
|
64154
65637
|
"CVE-2025-8747",
|
|
64155
65638
|
"CVE-2026-0766",
|
|
64156
65639
|
"CVE-2026-22252",
|
|
@@ -64162,6 +65645,7 @@
|
|
|
64162
65645
|
"CVE-2026-24215",
|
|
64163
65646
|
"CVE-2026-25592",
|
|
64164
65647
|
"CVE-2026-26015",
|
|
65648
|
+
"CVE-2026-26190",
|
|
64165
65649
|
"CVE-2026-30615",
|
|
64166
65650
|
"CVE-2026-30616",
|
|
64167
65651
|
"CVE-2026-30617",
|
|
@@ -64824,7 +66308,9 @@
|
|
|
64824
66308
|
"CVE-2024-39722",
|
|
64825
66309
|
"CVE-2024-42478",
|
|
64826
66310
|
"CVE-2024-42479",
|
|
66311
|
+
"CVE-2024-4889",
|
|
64827
66312
|
"CVE-2024-50050",
|
|
66313
|
+
"CVE-2024-6587",
|
|
64828
66314
|
"CVE-2025-0133",
|
|
64829
66315
|
"CVE-2025-10585",
|
|
64830
66316
|
"CVE-2025-1094",
|
|
@@ -64845,6 +66331,7 @@
|
|
|
64845
66331
|
"CVE-2025-54136",
|
|
64846
66332
|
"CVE-2025-60455",
|
|
64847
66333
|
"CVE-2025-64496",
|
|
66334
|
+
"CVE-2025-64513",
|
|
64848
66335
|
"CVE-2025-6965",
|
|
64849
66336
|
"CVE-2025-8747",
|
|
64850
66337
|
"CVE-2026-0766",
|
|
@@ -64857,6 +66344,7 @@
|
|
|
64857
66344
|
"CVE-2026-24215",
|
|
64858
66345
|
"CVE-2026-25592",
|
|
64859
66346
|
"CVE-2026-26015",
|
|
66347
|
+
"CVE-2026-26190",
|
|
64860
66348
|
"CVE-2026-30615",
|
|
64861
66349
|
"CVE-2026-30616",
|
|
64862
66350
|
"CVE-2026-30617",
|
|
@@ -65101,11 +66589,13 @@
|
|
|
65101
66589
|
"CVE-2024-42478",
|
|
65102
66590
|
"CVE-2024-42479",
|
|
65103
66591
|
"CVE-2024-43468",
|
|
66592
|
+
"CVE-2024-4889",
|
|
65104
66593
|
"CVE-2024-50050",
|
|
65105
66594
|
"CVE-2024-54085",
|
|
65106
66595
|
"CVE-2024-56145",
|
|
65107
66596
|
"CVE-2024-57726",
|
|
65108
66597
|
"CVE-2024-57728",
|
|
66598
|
+
"CVE-2024-6587",
|
|
65109
66599
|
"CVE-2024-7399",
|
|
65110
66600
|
"CVE-2024-7694",
|
|
65111
66601
|
"CVE-2024-8068",
|
|
@@ -65246,6 +66736,7 @@
|
|
|
65246
66736
|
"CVE-2025-64328",
|
|
65247
66737
|
"CVE-2025-64446",
|
|
65248
66738
|
"CVE-2025-64496",
|
|
66739
|
+
"CVE-2025-64513",
|
|
65249
66740
|
"CVE-2025-6543",
|
|
65250
66741
|
"CVE-2025-6554",
|
|
65251
66742
|
"CVE-2025-6558",
|
|
@@ -65303,6 +66794,7 @@
|
|
|
65303
66794
|
"CVE-2026-25108",
|
|
65304
66795
|
"CVE-2026-25592",
|
|
65305
66796
|
"CVE-2026-26015",
|
|
66797
|
+
"CVE-2026-26190",
|
|
65306
66798
|
"CVE-2026-3055",
|
|
65307
66799
|
"CVE-2026-30616",
|
|
65308
66800
|
"CVE-2026-30617",
|
|
@@ -65549,11 +67041,13 @@
|
|
|
65549
67041
|
"CVE-2024-42478",
|
|
65550
67042
|
"CVE-2024-42479",
|
|
65551
67043
|
"CVE-2024-43468",
|
|
67044
|
+
"CVE-2024-4889",
|
|
65552
67045
|
"CVE-2024-50050",
|
|
65553
67046
|
"CVE-2024-54085",
|
|
65554
67047
|
"CVE-2024-56145",
|
|
65555
67048
|
"CVE-2024-57726",
|
|
65556
67049
|
"CVE-2024-57728",
|
|
67050
|
+
"CVE-2024-6587",
|
|
65557
67051
|
"CVE-2024-7399",
|
|
65558
67052
|
"CVE-2024-7694",
|
|
65559
67053
|
"CVE-2024-8068",
|
|
@@ -65694,6 +67188,7 @@
|
|
|
65694
67188
|
"CVE-2025-64328",
|
|
65695
67189
|
"CVE-2025-64446",
|
|
65696
67190
|
"CVE-2025-64496",
|
|
67191
|
+
"CVE-2025-64513",
|
|
65697
67192
|
"CVE-2025-6543",
|
|
65698
67193
|
"CVE-2025-6554",
|
|
65699
67194
|
"CVE-2025-6558",
|
|
@@ -65751,6 +67246,7 @@
|
|
|
65751
67246
|
"CVE-2026-25108",
|
|
65752
67247
|
"CVE-2026-25592",
|
|
65753
67248
|
"CVE-2026-26015",
|
|
67249
|
+
"CVE-2026-26190",
|
|
65754
67250
|
"CVE-2026-3055",
|
|
65755
67251
|
"CVE-2026-30616",
|
|
65756
67252
|
"CVE-2026-30617",
|
|
@@ -66020,7 +67516,9 @@
|
|
|
66020
67516
|
"CVE-2024-39722",
|
|
66021
67517
|
"CVE-2024-42478",
|
|
66022
67518
|
"CVE-2024-42479",
|
|
67519
|
+
"CVE-2024-4889",
|
|
66023
67520
|
"CVE-2024-50050",
|
|
67521
|
+
"CVE-2024-6587",
|
|
66024
67522
|
"CVE-2025-0133",
|
|
66025
67523
|
"CVE-2025-10585",
|
|
66026
67524
|
"CVE-2025-1094",
|
|
@@ -66041,6 +67539,7 @@
|
|
|
66041
67539
|
"CVE-2025-54136",
|
|
66042
67540
|
"CVE-2025-60455",
|
|
66043
67541
|
"CVE-2025-64496",
|
|
67542
|
+
"CVE-2025-64513",
|
|
66044
67543
|
"CVE-2025-6965",
|
|
66045
67544
|
"CVE-2025-8747",
|
|
66046
67545
|
"CVE-2026-0766",
|
|
@@ -66053,6 +67552,7 @@
|
|
|
66053
67552
|
"CVE-2026-24215",
|
|
66054
67553
|
"CVE-2026-25592",
|
|
66055
67554
|
"CVE-2026-26015",
|
|
67555
|
+
"CVE-2026-26190",
|
|
66056
67556
|
"CVE-2026-30615",
|
|
66057
67557
|
"CVE-2026-30616",
|
|
66058
67558
|
"CVE-2026-30617",
|
|
@@ -66849,11 +68349,13 @@
|
|
|
66849
68349
|
"CVE-2024-42478",
|
|
66850
68350
|
"CVE-2024-42479",
|
|
66851
68351
|
"CVE-2024-43468",
|
|
68352
|
+
"CVE-2024-4889",
|
|
66852
68353
|
"CVE-2024-50050",
|
|
66853
68354
|
"CVE-2024-54085",
|
|
66854
68355
|
"CVE-2024-56145",
|
|
66855
68356
|
"CVE-2024-57726",
|
|
66856
68357
|
"CVE-2024-57728",
|
|
68358
|
+
"CVE-2024-6587",
|
|
66857
68359
|
"CVE-2024-7399",
|
|
66858
68360
|
"CVE-2024-7694",
|
|
66859
68361
|
"CVE-2024-8068",
|
|
@@ -66994,6 +68496,7 @@
|
|
|
66994
68496
|
"CVE-2025-64328",
|
|
66995
68497
|
"CVE-2025-64446",
|
|
66996
68498
|
"CVE-2025-64496",
|
|
68499
|
+
"CVE-2025-64513",
|
|
66997
68500
|
"CVE-2025-6543",
|
|
66998
68501
|
"CVE-2025-6554",
|
|
66999
68502
|
"CVE-2025-6558",
|
|
@@ -67051,6 +68554,7 @@
|
|
|
67051
68554
|
"CVE-2026-25108",
|
|
67052
68555
|
"CVE-2026-25592",
|
|
67053
68556
|
"CVE-2026-26015",
|
|
68557
|
+
"CVE-2026-26190",
|
|
67054
68558
|
"CVE-2026-3055",
|
|
67055
68559
|
"CVE-2026-30616",
|
|
67056
68560
|
"CVE-2026-30617",
|
|
@@ -67384,7 +68888,9 @@
|
|
|
67384
68888
|
"CVE-2024-39722",
|
|
67385
68889
|
"CVE-2024-42478",
|
|
67386
68890
|
"CVE-2024-42479",
|
|
68891
|
+
"CVE-2024-4889",
|
|
67387
68892
|
"CVE-2024-50050",
|
|
68893
|
+
"CVE-2024-6587",
|
|
67388
68894
|
"CVE-2025-0133",
|
|
67389
68895
|
"CVE-2025-10585",
|
|
67390
68896
|
"CVE-2025-1094",
|
|
@@ -67405,6 +68911,7 @@
|
|
|
67405
68911
|
"CVE-2025-54136",
|
|
67406
68912
|
"CVE-2025-60455",
|
|
67407
68913
|
"CVE-2025-64496",
|
|
68914
|
+
"CVE-2025-64513",
|
|
67408
68915
|
"CVE-2025-6965",
|
|
67409
68916
|
"CVE-2025-8747",
|
|
67410
68917
|
"CVE-2026-0766",
|
|
@@ -67417,6 +68924,7 @@
|
|
|
67417
68924
|
"CVE-2026-24215",
|
|
67418
68925
|
"CVE-2026-25592",
|
|
67419
68926
|
"CVE-2026-26015",
|
|
68927
|
+
"CVE-2026-26190",
|
|
67420
68928
|
"CVE-2026-30615",
|
|
67421
68929
|
"CVE-2026-30616",
|
|
67422
68930
|
"CVE-2026-30617",
|
|
@@ -67741,11 +69249,13 @@
|
|
|
67741
69249
|
"CVE-2024-42478",
|
|
67742
69250
|
"CVE-2024-42479",
|
|
67743
69251
|
"CVE-2024-43468",
|
|
69252
|
+
"CVE-2024-4889",
|
|
67744
69253
|
"CVE-2024-50050",
|
|
67745
69254
|
"CVE-2024-54085",
|
|
67746
69255
|
"CVE-2024-56145",
|
|
67747
69256
|
"CVE-2024-57726",
|
|
67748
69257
|
"CVE-2024-57728",
|
|
69258
|
+
"CVE-2024-6587",
|
|
67749
69259
|
"CVE-2024-7399",
|
|
67750
69260
|
"CVE-2024-7694",
|
|
67751
69261
|
"CVE-2024-8068",
|
|
@@ -67888,6 +69398,7 @@
|
|
|
67888
69398
|
"CVE-2025-64328",
|
|
67889
69399
|
"CVE-2025-64446",
|
|
67890
69400
|
"CVE-2025-64496",
|
|
69401
|
+
"CVE-2025-64513",
|
|
67891
69402
|
"CVE-2025-6543",
|
|
67892
69403
|
"CVE-2025-6554",
|
|
67893
69404
|
"CVE-2025-6558",
|
|
@@ -67946,6 +69457,7 @@
|
|
|
67946
69457
|
"CVE-2026-25108",
|
|
67947
69458
|
"CVE-2026-25592",
|
|
67948
69459
|
"CVE-2026-26015",
|
|
69460
|
+
"CVE-2026-26190",
|
|
67949
69461
|
"CVE-2026-3055",
|
|
67950
69462
|
"CVE-2026-30615",
|
|
67951
69463
|
"CVE-2026-30616",
|
|
@@ -68293,7 +69805,9 @@
|
|
|
68293
69805
|
"CVE-2024-39722",
|
|
68294
69806
|
"CVE-2024-42478",
|
|
68295
69807
|
"CVE-2024-42479",
|
|
69808
|
+
"CVE-2024-4889",
|
|
68296
69809
|
"CVE-2024-50050",
|
|
69810
|
+
"CVE-2024-6587",
|
|
68297
69811
|
"CVE-2025-10585",
|
|
68298
69812
|
"CVE-2025-1094",
|
|
68299
69813
|
"CVE-2025-14174",
|
|
@@ -68313,6 +69827,7 @@
|
|
|
68313
69827
|
"CVE-2025-54136",
|
|
68314
69828
|
"CVE-2025-60455",
|
|
68315
69829
|
"CVE-2025-64496",
|
|
69830
|
+
"CVE-2025-64513",
|
|
68316
69831
|
"CVE-2025-8747",
|
|
68317
69832
|
"CVE-2026-0766",
|
|
68318
69833
|
"CVE-2026-22252",
|
|
@@ -68324,6 +69839,7 @@
|
|
|
68324
69839
|
"CVE-2026-24215",
|
|
68325
69840
|
"CVE-2026-25592",
|
|
68326
69841
|
"CVE-2026-26015",
|
|
69842
|
+
"CVE-2026-26190",
|
|
68327
69843
|
"CVE-2026-30615",
|
|
68328
69844
|
"CVE-2026-30616",
|
|
68329
69845
|
"CVE-2026-30617",
|
|
@@ -69255,7 +70771,9 @@
|
|
|
69255
70771
|
"CVE-2024-39722",
|
|
69256
70772
|
"CVE-2024-42478",
|
|
69257
70773
|
"CVE-2024-42479",
|
|
70774
|
+
"CVE-2024-4889",
|
|
69258
70775
|
"CVE-2024-50050",
|
|
70776
|
+
"CVE-2024-6587",
|
|
69259
70777
|
"CVE-2025-0133",
|
|
69260
70778
|
"CVE-2025-10585",
|
|
69261
70779
|
"CVE-2025-1094",
|
|
@@ -69276,6 +70794,7 @@
|
|
|
69276
70794
|
"CVE-2025-54136",
|
|
69277
70795
|
"CVE-2025-60455",
|
|
69278
70796
|
"CVE-2025-64496",
|
|
70797
|
+
"CVE-2025-64513",
|
|
69279
70798
|
"CVE-2025-6965",
|
|
69280
70799
|
"CVE-2025-8747",
|
|
69281
70800
|
"CVE-2026-0766",
|
|
@@ -69288,6 +70807,7 @@
|
|
|
69288
70807
|
"CVE-2026-24215",
|
|
69289
70808
|
"CVE-2026-25592",
|
|
69290
70809
|
"CVE-2026-26015",
|
|
70810
|
+
"CVE-2026-26190",
|
|
69291
70811
|
"CVE-2026-30615",
|
|
69292
70812
|
"CVE-2026-30616",
|
|
69293
70813
|
"CVE-2026-30617",
|
|
@@ -69379,7 +70899,9 @@
|
|
|
69379
70899
|
"CVE-2024-39722",
|
|
69380
70900
|
"CVE-2024-42478",
|
|
69381
70901
|
"CVE-2024-42479",
|
|
70902
|
+
"CVE-2024-4889",
|
|
69382
70903
|
"CVE-2024-50050",
|
|
70904
|
+
"CVE-2024-6587",
|
|
69383
70905
|
"CVE-2025-10585",
|
|
69384
70906
|
"CVE-2025-1094",
|
|
69385
70907
|
"CVE-2025-14174",
|
|
@@ -69397,6 +70919,7 @@
|
|
|
69397
70919
|
"CVE-2025-54136",
|
|
69398
70920
|
"CVE-2025-60455",
|
|
69399
70921
|
"CVE-2025-64496",
|
|
70922
|
+
"CVE-2025-64513",
|
|
69400
70923
|
"CVE-2025-8747",
|
|
69401
70924
|
"CVE-2026-0766",
|
|
69402
70925
|
"CVE-2026-22252",
|
|
@@ -69408,6 +70931,7 @@
|
|
|
69408
70931
|
"CVE-2026-24215",
|
|
69409
70932
|
"CVE-2026-25592",
|
|
69410
70933
|
"CVE-2026-26015",
|
|
70934
|
+
"CVE-2026-26190",
|
|
69411
70935
|
"CVE-2026-30616",
|
|
69412
70936
|
"CVE-2026-30617",
|
|
69413
70937
|
"CVE-2026-30624",
|
|
@@ -69575,7 +71099,9 @@
|
|
|
69575
71099
|
"CVE-2024-39722",
|
|
69576
71100
|
"CVE-2024-42478",
|
|
69577
71101
|
"CVE-2024-42479",
|
|
71102
|
+
"CVE-2024-4889",
|
|
69578
71103
|
"CVE-2024-50050",
|
|
71104
|
+
"CVE-2024-6587",
|
|
69579
71105
|
"CVE-2025-0133",
|
|
69580
71106
|
"CVE-2025-1094",
|
|
69581
71107
|
"CVE-2025-11837",
|
|
@@ -69592,6 +71118,7 @@
|
|
|
69592
71118
|
"CVE-2025-54136",
|
|
69593
71119
|
"CVE-2025-60455",
|
|
69594
71120
|
"CVE-2025-64496",
|
|
71121
|
+
"CVE-2025-64513",
|
|
69595
71122
|
"CVE-2025-6965",
|
|
69596
71123
|
"CVE-2025-8747",
|
|
69597
71124
|
"CVE-2026-0766",
|
|
@@ -69605,6 +71132,7 @@
|
|
|
69605
71132
|
"CVE-2026-24215",
|
|
69606
71133
|
"CVE-2026-25592",
|
|
69607
71134
|
"CVE-2026-26015",
|
|
71135
|
+
"CVE-2026-26190",
|
|
69608
71136
|
"CVE-2026-30616",
|
|
69609
71137
|
"CVE-2026-30617",
|
|
69610
71138
|
"CVE-2026-30623",
|
|
@@ -70031,11 +71559,13 @@
|
|
|
70031
71559
|
"CVE-2024-42478",
|
|
70032
71560
|
"CVE-2024-42479",
|
|
70033
71561
|
"CVE-2024-43468",
|
|
71562
|
+
"CVE-2024-4889",
|
|
70034
71563
|
"CVE-2024-50050",
|
|
70035
71564
|
"CVE-2024-54085",
|
|
70036
71565
|
"CVE-2024-56145",
|
|
70037
71566
|
"CVE-2024-57726",
|
|
70038
71567
|
"CVE-2024-57728",
|
|
71568
|
+
"CVE-2024-6587",
|
|
70039
71569
|
"CVE-2024-7399",
|
|
70040
71570
|
"CVE-2024-7694",
|
|
70041
71571
|
"CVE-2024-8068",
|
|
@@ -70168,6 +71698,7 @@
|
|
|
70168
71698
|
"CVE-2025-64328",
|
|
70169
71699
|
"CVE-2025-64446",
|
|
70170
71700
|
"CVE-2025-64496",
|
|
71701
|
+
"CVE-2025-64513",
|
|
70171
71702
|
"CVE-2025-6543",
|
|
70172
71703
|
"CVE-2025-6554",
|
|
70173
71704
|
"CVE-2025-6558",
|
|
@@ -70223,6 +71754,7 @@
|
|
|
70223
71754
|
"CVE-2026-25108",
|
|
70224
71755
|
"CVE-2026-25592",
|
|
70225
71756
|
"CVE-2026-26015",
|
|
71757
|
+
"CVE-2026-26190",
|
|
70226
71758
|
"CVE-2026-3055",
|
|
70227
71759
|
"CVE-2026-30615",
|
|
70228
71760
|
"CVE-2026-30616",
|
|
@@ -70491,7 +72023,9 @@
|
|
|
70491
72023
|
"CVE-2024-39722",
|
|
70492
72024
|
"CVE-2024-42478",
|
|
70493
72025
|
"CVE-2024-42479",
|
|
72026
|
+
"CVE-2024-4889",
|
|
70494
72027
|
"CVE-2024-50050",
|
|
72028
|
+
"CVE-2024-6587",
|
|
70495
72029
|
"CVE-2025-0133",
|
|
70496
72030
|
"CVE-2025-10585",
|
|
70497
72031
|
"CVE-2025-1094",
|
|
@@ -70512,6 +72046,7 @@
|
|
|
70512
72046
|
"CVE-2025-54136",
|
|
70513
72047
|
"CVE-2025-60455",
|
|
70514
72048
|
"CVE-2025-64496",
|
|
72049
|
+
"CVE-2025-64513",
|
|
70515
72050
|
"CVE-2025-6965",
|
|
70516
72051
|
"CVE-2025-8747",
|
|
70517
72052
|
"CVE-2026-0766",
|
|
@@ -70524,6 +72059,7 @@
|
|
|
70524
72059
|
"CVE-2026-24215",
|
|
70525
72060
|
"CVE-2026-25592",
|
|
70526
72061
|
"CVE-2026-26015",
|
|
72062
|
+
"CVE-2026-26190",
|
|
70527
72063
|
"CVE-2026-30615",
|
|
70528
72064
|
"CVE-2026-30616",
|
|
70529
72065
|
"CVE-2026-30617",
|
|
@@ -70810,7 +72346,9 @@
|
|
|
70810
72346
|
"CVE-2024-40635",
|
|
70811
72347
|
"CVE-2024-42478",
|
|
70812
72348
|
"CVE-2024-42479",
|
|
72349
|
+
"CVE-2024-4889",
|
|
70813
72350
|
"CVE-2024-50050",
|
|
72351
|
+
"CVE-2024-6587",
|
|
70814
72352
|
"CVE-2025-0133",
|
|
70815
72353
|
"CVE-2025-1094",
|
|
70816
72354
|
"CVE-2025-11837",
|
|
@@ -70830,6 +72368,7 @@
|
|
|
70830
72368
|
"CVE-2025-54136",
|
|
70831
72369
|
"CVE-2025-60455",
|
|
70832
72370
|
"CVE-2025-64496",
|
|
72371
|
+
"CVE-2025-64513",
|
|
70833
72372
|
"CVE-2025-6965",
|
|
70834
72373
|
"CVE-2025-8747",
|
|
70835
72374
|
"CVE-2026-0766",
|
|
@@ -70843,6 +72382,7 @@
|
|
|
70843
72382
|
"CVE-2026-24215",
|
|
70844
72383
|
"CVE-2026-25592",
|
|
70845
72384
|
"CVE-2026-26015",
|
|
72385
|
+
"CVE-2026-26190",
|
|
70846
72386
|
"CVE-2026-30615",
|
|
70847
72387
|
"CVE-2026-30616",
|
|
70848
72388
|
"CVE-2026-30617",
|