@blamejs/exceptd-skills 0.13.96 → 0.13.97

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +770 -0
  6. package/data/atlas-ttps.json +5 -1
  7. package/data/attack-techniques.json +4 -0
  8. package/data/cve-catalog.json +211 -0
  9. package/data/cwe-catalog.json +2 -0
  10. package/data/framework-control-gaps.json +18 -2
  11. package/data/zeroday-lessons.json +100 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -35363,6 +35363,730 @@
35363
35363
  ]
35364
35364
  }
35365
35365
  },
35366
+ "CVE-2025-64513": {
35367
+ "name": "Milvus Proxy Authentication Bypass via Forged Headers",
35368
+ "rwep": 27,
35369
+ "cvss": 9.3,
35370
+ "cisa_kev": false,
35371
+ "epss_score": null,
35372
+ "referencing_skills": [
35373
+ "kernel-lpe-triage",
35374
+ "ai-attack-surface",
35375
+ "compliance-theater",
35376
+ "attack-surface-pentest",
35377
+ "ot-ics-security",
35378
+ "coordinated-vuln-disclosure",
35379
+ "sector-energy"
35380
+ ],
35381
+ "chain": {
35382
+ "cwes": [
35383
+ {
35384
+ "id": "CWE-1037",
35385
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
35386
+ "category": "Hardware / Side Channel"
35387
+ },
35388
+ {
35389
+ "id": "CWE-1039",
35390
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
35391
+ "category": "AI/ML"
35392
+ },
35393
+ {
35394
+ "id": "CWE-125",
35395
+ "name": "Out-of-bounds Read",
35396
+ "category": "Memory Safety"
35397
+ },
35398
+ {
35399
+ "id": "CWE-1357",
35400
+ "name": "Reliance on Insufficiently Trustworthy Component",
35401
+ "category": "Supply Chain"
35402
+ },
35403
+ {
35404
+ "id": "CWE-1395",
35405
+ "name": "Dependency on Vulnerable Third-Party Component",
35406
+ "category": "Supply Chain"
35407
+ },
35408
+ {
35409
+ "id": "CWE-1426",
35410
+ "name": "Improper Validation of Generative AI Output",
35411
+ "category": "AI/ML"
35412
+ },
35413
+ {
35414
+ "id": "CWE-22",
35415
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
35416
+ "category": "Path/Resource"
35417
+ },
35418
+ {
35419
+ "id": "CWE-269",
35420
+ "name": "Improper Privilege Management",
35421
+ "category": "Authorization"
35422
+ },
35423
+ {
35424
+ "id": "CWE-287",
35425
+ "name": "Improper Authentication",
35426
+ "category": "Authentication"
35427
+ },
35428
+ {
35429
+ "id": "CWE-306",
35430
+ "name": "Missing Authentication for Critical Function",
35431
+ "category": "Authentication"
35432
+ },
35433
+ {
35434
+ "id": "CWE-352",
35435
+ "name": "Cross-Site Request Forgery (CSRF)",
35436
+ "category": "Session"
35437
+ },
35438
+ {
35439
+ "id": "CWE-362",
35440
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
35441
+ "category": "Concurrency"
35442
+ },
35443
+ {
35444
+ "id": "CWE-416",
35445
+ "name": "Use After Free",
35446
+ "category": "Memory Safety"
35447
+ },
35448
+ {
35449
+ "id": "CWE-434",
35450
+ "name": "Unrestricted Upload of File with Dangerous Type",
35451
+ "category": "File Handling"
35452
+ },
35453
+ {
35454
+ "id": "CWE-672",
35455
+ "name": "Operation on a Resource after Expiration or Release",
35456
+ "category": "Memory Safety"
35457
+ },
35458
+ {
35459
+ "id": "CWE-732",
35460
+ "name": "Incorrect Permission Assignment for Critical Resource",
35461
+ "category": "Authorization"
35462
+ },
35463
+ {
35464
+ "id": "CWE-78",
35465
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
35466
+ "category": "Injection"
35467
+ },
35468
+ {
35469
+ "id": "CWE-787",
35470
+ "name": "Out-of-bounds Write",
35471
+ "category": "Memory Safety"
35472
+ },
35473
+ {
35474
+ "id": "CWE-79",
35475
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
35476
+ "category": "Injection"
35477
+ },
35478
+ {
35479
+ "id": "CWE-798",
35480
+ "name": "Use of Hard-coded Credentials",
35481
+ "category": "Credentials"
35482
+ },
35483
+ {
35484
+ "id": "CWE-89",
35485
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
35486
+ "category": "Injection"
35487
+ },
35488
+ {
35489
+ "id": "CWE-918",
35490
+ "name": "Server-Side Request Forgery (SSRF)",
35491
+ "category": "Network"
35492
+ },
35493
+ {
35494
+ "id": "CWE-94",
35495
+ "name": "Improper Control of Generation of Code (Code Injection)",
35496
+ "category": "Injection"
35497
+ }
35498
+ ],
35499
+ "atlas": [
35500
+ {
35501
+ "id": "AML.T0010",
35502
+ "name": "ML Supply Chain Compromise",
35503
+ "tactic": "Initial Access"
35504
+ },
35505
+ {
35506
+ "id": "AML.T0016",
35507
+ "name": "Obtain Capabilities: Develop Capabilities",
35508
+ "tactic": "Resource Development"
35509
+ },
35510
+ {
35511
+ "id": "AML.T0017",
35512
+ "name": "Discover ML Model Ontology",
35513
+ "tactic": "Discovery"
35514
+ },
35515
+ {
35516
+ "id": "AML.T0018",
35517
+ "name": "Backdoor ML Model",
35518
+ "tactic": "Persistence"
35519
+ },
35520
+ {
35521
+ "id": "AML.T0020",
35522
+ "name": "Poison Training Data",
35523
+ "tactic": "ML Attack Staging"
35524
+ },
35525
+ {
35526
+ "id": "AML.T0043",
35527
+ "name": "Craft Adversarial Data",
35528
+ "tactic": "ML Attack Staging"
35529
+ },
35530
+ {
35531
+ "id": "AML.T0051",
35532
+ "name": "LLM Prompt Injection",
35533
+ "tactic": "Execution"
35534
+ },
35535
+ {
35536
+ "id": "AML.T0054",
35537
+ "name": "LLM Jailbreak",
35538
+ "tactic": "Defense Evasion"
35539
+ },
35540
+ {
35541
+ "id": "AML.T0096",
35542
+ "name": "AI API as Covert C2 Channel",
35543
+ "tactic": "Command and Control"
35544
+ }
35545
+ ],
35546
+ "d3fend": [
35547
+ {
35548
+ "id": "D3-ASLR",
35549
+ "name": "Address Space Layout Randomization",
35550
+ "tactic": "Harden"
35551
+ },
35552
+ {
35553
+ "id": "D3-CSPP",
35554
+ "name": "Client-server Payload Profiling",
35555
+ "tactic": "Detect"
35556
+ },
35557
+ {
35558
+ "id": "D3-EAL",
35559
+ "name": "Executable Allowlisting",
35560
+ "tactic": "Harden"
35561
+ },
35562
+ {
35563
+ "id": "D3-IOPR",
35564
+ "name": "Input/Output Profiling Resource",
35565
+ "tactic": "Detect"
35566
+ },
35567
+ {
35568
+ "id": "D3-NTA",
35569
+ "name": "Network Traffic Analysis",
35570
+ "tactic": "Detect"
35571
+ },
35572
+ {
35573
+ "id": "D3-PHRA",
35574
+ "name": "Process Hardware Resource Access",
35575
+ "tactic": "Isolate"
35576
+ },
35577
+ {
35578
+ "id": "D3-PSEP",
35579
+ "name": "Process Segment Execution Prevention",
35580
+ "tactic": "Harden"
35581
+ }
35582
+ ],
35583
+ "framework_gaps": [
35584
+ {
35585
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
35586
+ "framework": "ALL",
35587
+ "control_name": "AI Pipeline Integrity"
35588
+ },
35589
+ {
35590
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
35591
+ "framework": "ALL",
35592
+ "control_name": "Prompt Injection as Access Control Failure"
35593
+ },
35594
+ {
35595
+ "id": "CIS-Controls-v8-Control7",
35596
+ "framework": "CIS Controls v8",
35597
+ "control_name": "Continuous Vulnerability Management"
35598
+ },
35599
+ {
35600
+ "id": "CMMC-2.0-Level-2",
35601
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
35602
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
35603
+ },
35604
+ {
35605
+ "id": "FedRAMP-Rev5-Moderate",
35606
+ "framework": "FedRAMP Rev 5 Moderate",
35607
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
35608
+ },
35609
+ {
35610
+ "id": "IEC-62443-3-3",
35611
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
35612
+ "control_name": "System security requirements and security levels"
35613
+ },
35614
+ {
35615
+ "id": "ISO-27001-2022-A.8.28",
35616
+ "framework": "ISO/IEC 27001:2022",
35617
+ "control_name": "Secure coding"
35618
+ },
35619
+ {
35620
+ "id": "ISO-27001-2022-A.8.8",
35621
+ "framework": "ISO/IEC 27001:2022",
35622
+ "control_name": "Management of technical vulnerabilities"
35623
+ },
35624
+ {
35625
+ "id": "ISO-IEC-23894-2023-clause-7",
35626
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
35627
+ "control_name": "AI risk management process"
35628
+ },
35629
+ {
35630
+ "id": "NERC-CIP-007-6-R4",
35631
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
35632
+ "control_name": "Security event monitoring"
35633
+ },
35634
+ {
35635
+ "id": "NIS2-Art21-patch-management",
35636
+ "framework": "EU NIS2 Directive",
35637
+ "control_name": "Vulnerability handling and disclosure"
35638
+ },
35639
+ {
35640
+ "id": "NIST-800-115",
35641
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
35642
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
35643
+ },
35644
+ {
35645
+ "id": "NIST-800-218-SSDF",
35646
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
35647
+ "control_name": "Secure Software Development Framework"
35648
+ },
35649
+ {
35650
+ "id": "NIST-800-53-AC-2",
35651
+ "framework": "NIST SP 800-53 Rev 5",
35652
+ "control_name": "Account Management"
35653
+ },
35654
+ {
35655
+ "id": "NIST-800-53-SC-8",
35656
+ "framework": "NIST SP 800-53 Rev 5",
35657
+ "control_name": "Transmission Confidentiality and Integrity"
35658
+ },
35659
+ {
35660
+ "id": "NIST-800-53-SI-2",
35661
+ "framework": "NIST SP 800-53 Rev 5",
35662
+ "control_name": "Flaw Remediation"
35663
+ },
35664
+ {
35665
+ "id": "NIST-800-53-SI-3",
35666
+ "framework": "NIST SP 800-53 Rev 5",
35667
+ "control_name": "Malicious Code Protection"
35668
+ },
35669
+ {
35670
+ "id": "NIST-800-82r3",
35671
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
35672
+ "control_name": "Guide to Operational Technology (OT) Security"
35673
+ },
35674
+ {
35675
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
35676
+ "framework": "OWASP Top 10 for LLM Applications 2025",
35677
+ "control_name": "Prompt Injection"
35678
+ },
35679
+ {
35680
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
35681
+ "framework": "OWASP Top 10 for LLM Applications 2025",
35682
+ "control_name": "Sensitive Information Disclosure"
35683
+ },
35684
+ {
35685
+ "id": "OWASP-Pen-Testing-Guide-v5",
35686
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
35687
+ "control_name": "Web application penetration testing methodology"
35688
+ },
35689
+ {
35690
+ "id": "PCI-DSS-4.0-6.3.3",
35691
+ "framework": "PCI DSS 4.0",
35692
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
35693
+ },
35694
+ {
35695
+ "id": "PTES-Pre-engagement",
35696
+ "framework": "Penetration Testing Execution Standard (PTES)",
35697
+ "control_name": "Pre-engagement Interactions"
35698
+ },
35699
+ {
35700
+ "id": "SOC2-CC6-logical-access",
35701
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
35702
+ "control_name": "Logical and Physical Access Controls"
35703
+ },
35704
+ {
35705
+ "id": "SOC2-CC9-vendor-management",
35706
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
35707
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
35708
+ }
35709
+ ],
35710
+ "attack_refs": [
35711
+ "T0855",
35712
+ "T0883",
35713
+ "T1059",
35714
+ "T1068",
35715
+ "T1078",
35716
+ "T1133",
35717
+ "T1190",
35718
+ "T1548.001",
35719
+ "T1566"
35720
+ ],
35721
+ "rfc_refs": [
35722
+ "RFC-4301",
35723
+ "RFC-4303",
35724
+ "RFC-7296"
35725
+ ]
35726
+ }
35727
+ },
35728
+ "CVE-2026-26190": {
35729
+ "name": "Milvus Port 9091 Missing Authentication / Weak Default Token",
35730
+ "rwep": 27,
35731
+ "cvss": 9.8,
35732
+ "cisa_kev": false,
35733
+ "epss_score": null,
35734
+ "referencing_skills": [
35735
+ "kernel-lpe-triage",
35736
+ "ai-attack-surface",
35737
+ "compliance-theater",
35738
+ "attack-surface-pentest",
35739
+ "ot-ics-security",
35740
+ "coordinated-vuln-disclosure",
35741
+ "sector-energy"
35742
+ ],
35743
+ "chain": {
35744
+ "cwes": [
35745
+ {
35746
+ "id": "CWE-1037",
35747
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
35748
+ "category": "Hardware / Side Channel"
35749
+ },
35750
+ {
35751
+ "id": "CWE-1039",
35752
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
35753
+ "category": "AI/ML"
35754
+ },
35755
+ {
35756
+ "id": "CWE-125",
35757
+ "name": "Out-of-bounds Read",
35758
+ "category": "Memory Safety"
35759
+ },
35760
+ {
35761
+ "id": "CWE-1357",
35762
+ "name": "Reliance on Insufficiently Trustworthy Component",
35763
+ "category": "Supply Chain"
35764
+ },
35765
+ {
35766
+ "id": "CWE-1395",
35767
+ "name": "Dependency on Vulnerable Third-Party Component",
35768
+ "category": "Supply Chain"
35769
+ },
35770
+ {
35771
+ "id": "CWE-1426",
35772
+ "name": "Improper Validation of Generative AI Output",
35773
+ "category": "AI/ML"
35774
+ },
35775
+ {
35776
+ "id": "CWE-22",
35777
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
35778
+ "category": "Path/Resource"
35779
+ },
35780
+ {
35781
+ "id": "CWE-269",
35782
+ "name": "Improper Privilege Management",
35783
+ "category": "Authorization"
35784
+ },
35785
+ {
35786
+ "id": "CWE-287",
35787
+ "name": "Improper Authentication",
35788
+ "category": "Authentication"
35789
+ },
35790
+ {
35791
+ "id": "CWE-306",
35792
+ "name": "Missing Authentication for Critical Function",
35793
+ "category": "Authentication"
35794
+ },
35795
+ {
35796
+ "id": "CWE-352",
35797
+ "name": "Cross-Site Request Forgery (CSRF)",
35798
+ "category": "Session"
35799
+ },
35800
+ {
35801
+ "id": "CWE-362",
35802
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
35803
+ "category": "Concurrency"
35804
+ },
35805
+ {
35806
+ "id": "CWE-416",
35807
+ "name": "Use After Free",
35808
+ "category": "Memory Safety"
35809
+ },
35810
+ {
35811
+ "id": "CWE-434",
35812
+ "name": "Unrestricted Upload of File with Dangerous Type",
35813
+ "category": "File Handling"
35814
+ },
35815
+ {
35816
+ "id": "CWE-672",
35817
+ "name": "Operation on a Resource after Expiration or Release",
35818
+ "category": "Memory Safety"
35819
+ },
35820
+ {
35821
+ "id": "CWE-732",
35822
+ "name": "Incorrect Permission Assignment for Critical Resource",
35823
+ "category": "Authorization"
35824
+ },
35825
+ {
35826
+ "id": "CWE-78",
35827
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
35828
+ "category": "Injection"
35829
+ },
35830
+ {
35831
+ "id": "CWE-787",
35832
+ "name": "Out-of-bounds Write",
35833
+ "category": "Memory Safety"
35834
+ },
35835
+ {
35836
+ "id": "CWE-79",
35837
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
35838
+ "category": "Injection"
35839
+ },
35840
+ {
35841
+ "id": "CWE-798",
35842
+ "name": "Use of Hard-coded Credentials",
35843
+ "category": "Credentials"
35844
+ },
35845
+ {
35846
+ "id": "CWE-89",
35847
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
35848
+ "category": "Injection"
35849
+ },
35850
+ {
35851
+ "id": "CWE-918",
35852
+ "name": "Server-Side Request Forgery (SSRF)",
35853
+ "category": "Network"
35854
+ },
35855
+ {
35856
+ "id": "CWE-94",
35857
+ "name": "Improper Control of Generation of Code (Code Injection)",
35858
+ "category": "Injection"
35859
+ }
35860
+ ],
35861
+ "atlas": [
35862
+ {
35863
+ "id": "AML.T0010",
35864
+ "name": "ML Supply Chain Compromise",
35865
+ "tactic": "Initial Access"
35866
+ },
35867
+ {
35868
+ "id": "AML.T0016",
35869
+ "name": "Obtain Capabilities: Develop Capabilities",
35870
+ "tactic": "Resource Development"
35871
+ },
35872
+ {
35873
+ "id": "AML.T0017",
35874
+ "name": "Discover ML Model Ontology",
35875
+ "tactic": "Discovery"
35876
+ },
35877
+ {
35878
+ "id": "AML.T0018",
35879
+ "name": "Backdoor ML Model",
35880
+ "tactic": "Persistence"
35881
+ },
35882
+ {
35883
+ "id": "AML.T0020",
35884
+ "name": "Poison Training Data",
35885
+ "tactic": "ML Attack Staging"
35886
+ },
35887
+ {
35888
+ "id": "AML.T0043",
35889
+ "name": "Craft Adversarial Data",
35890
+ "tactic": "ML Attack Staging"
35891
+ },
35892
+ {
35893
+ "id": "AML.T0051",
35894
+ "name": "LLM Prompt Injection",
35895
+ "tactic": "Execution"
35896
+ },
35897
+ {
35898
+ "id": "AML.T0054",
35899
+ "name": "LLM Jailbreak",
35900
+ "tactic": "Defense Evasion"
35901
+ },
35902
+ {
35903
+ "id": "AML.T0096",
35904
+ "name": "AI API as Covert C2 Channel",
35905
+ "tactic": "Command and Control"
35906
+ }
35907
+ ],
35908
+ "d3fend": [
35909
+ {
35910
+ "id": "D3-ASLR",
35911
+ "name": "Address Space Layout Randomization",
35912
+ "tactic": "Harden"
35913
+ },
35914
+ {
35915
+ "id": "D3-CSPP",
35916
+ "name": "Client-server Payload Profiling",
35917
+ "tactic": "Detect"
35918
+ },
35919
+ {
35920
+ "id": "D3-EAL",
35921
+ "name": "Executable Allowlisting",
35922
+ "tactic": "Harden"
35923
+ },
35924
+ {
35925
+ "id": "D3-IOPR",
35926
+ "name": "Input/Output Profiling Resource",
35927
+ "tactic": "Detect"
35928
+ },
35929
+ {
35930
+ "id": "D3-NTA",
35931
+ "name": "Network Traffic Analysis",
35932
+ "tactic": "Detect"
35933
+ },
35934
+ {
35935
+ "id": "D3-PHRA",
35936
+ "name": "Process Hardware Resource Access",
35937
+ "tactic": "Isolate"
35938
+ },
35939
+ {
35940
+ "id": "D3-PSEP",
35941
+ "name": "Process Segment Execution Prevention",
35942
+ "tactic": "Harden"
35943
+ }
35944
+ ],
35945
+ "framework_gaps": [
35946
+ {
35947
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
35948
+ "framework": "ALL",
35949
+ "control_name": "AI Pipeline Integrity"
35950
+ },
35951
+ {
35952
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
35953
+ "framework": "ALL",
35954
+ "control_name": "Prompt Injection as Access Control Failure"
35955
+ },
35956
+ {
35957
+ "id": "CIS-Controls-v8-Control7",
35958
+ "framework": "CIS Controls v8",
35959
+ "control_name": "Continuous Vulnerability Management"
35960
+ },
35961
+ {
35962
+ "id": "CMMC-2.0-Level-2",
35963
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
35964
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
35965
+ },
35966
+ {
35967
+ "id": "FedRAMP-Rev5-Moderate",
35968
+ "framework": "FedRAMP Rev 5 Moderate",
35969
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
35970
+ },
35971
+ {
35972
+ "id": "IEC-62443-3-3",
35973
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
35974
+ "control_name": "System security requirements and security levels"
35975
+ },
35976
+ {
35977
+ "id": "ISO-27001-2022-A.8.28",
35978
+ "framework": "ISO/IEC 27001:2022",
35979
+ "control_name": "Secure coding"
35980
+ },
35981
+ {
35982
+ "id": "ISO-27001-2022-A.8.8",
35983
+ "framework": "ISO/IEC 27001:2022",
35984
+ "control_name": "Management of technical vulnerabilities"
35985
+ },
35986
+ {
35987
+ "id": "ISO-IEC-23894-2023-clause-7",
35988
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
35989
+ "control_name": "AI risk management process"
35990
+ },
35991
+ {
35992
+ "id": "NERC-CIP-007-6-R4",
35993
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
35994
+ "control_name": "Security event monitoring"
35995
+ },
35996
+ {
35997
+ "id": "NIS2-Art21-patch-management",
35998
+ "framework": "EU NIS2 Directive",
35999
+ "control_name": "Vulnerability handling and disclosure"
36000
+ },
36001
+ {
36002
+ "id": "NIST-800-115",
36003
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
36004
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
36005
+ },
36006
+ {
36007
+ "id": "NIST-800-218-SSDF",
36008
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
36009
+ "control_name": "Secure Software Development Framework"
36010
+ },
36011
+ {
36012
+ "id": "NIST-800-53-AC-2",
36013
+ "framework": "NIST SP 800-53 Rev 5",
36014
+ "control_name": "Account Management"
36015
+ },
36016
+ {
36017
+ "id": "NIST-800-53-SC-8",
36018
+ "framework": "NIST SP 800-53 Rev 5",
36019
+ "control_name": "Transmission Confidentiality and Integrity"
36020
+ },
36021
+ {
36022
+ "id": "NIST-800-53-SI-2",
36023
+ "framework": "NIST SP 800-53 Rev 5",
36024
+ "control_name": "Flaw Remediation"
36025
+ },
36026
+ {
36027
+ "id": "NIST-800-53-SI-3",
36028
+ "framework": "NIST SP 800-53 Rev 5",
36029
+ "control_name": "Malicious Code Protection"
36030
+ },
36031
+ {
36032
+ "id": "NIST-800-82r3",
36033
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
36034
+ "control_name": "Guide to Operational Technology (OT) Security"
36035
+ },
36036
+ {
36037
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
36038
+ "framework": "OWASP Top 10 for LLM Applications 2025",
36039
+ "control_name": "Prompt Injection"
36040
+ },
36041
+ {
36042
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
36043
+ "framework": "OWASP Top 10 for LLM Applications 2025",
36044
+ "control_name": "Sensitive Information Disclosure"
36045
+ },
36046
+ {
36047
+ "id": "OWASP-Pen-Testing-Guide-v5",
36048
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
36049
+ "control_name": "Web application penetration testing methodology"
36050
+ },
36051
+ {
36052
+ "id": "PCI-DSS-4.0-6.3.3",
36053
+ "framework": "PCI DSS 4.0",
36054
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
36055
+ },
36056
+ {
36057
+ "id": "PTES-Pre-engagement",
36058
+ "framework": "Penetration Testing Execution Standard (PTES)",
36059
+ "control_name": "Pre-engagement Interactions"
36060
+ },
36061
+ {
36062
+ "id": "SOC2-CC6-logical-access",
36063
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
36064
+ "control_name": "Logical and Physical Access Controls"
36065
+ },
36066
+ {
36067
+ "id": "SOC2-CC9-vendor-management",
36068
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
36069
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
36070
+ }
36071
+ ],
36072
+ "attack_refs": [
36073
+ "T0855",
36074
+ "T0883",
36075
+ "T1059",
36076
+ "T1068",
36077
+ "T1078",
36078
+ "T1133",
36079
+ "T1190",
36080
+ "T1548.001",
36081
+ "T1566"
36082
+ ],
36083
+ "rfc_refs": [
36084
+ "RFC-4301",
36085
+ "RFC-4303",
36086
+ "RFC-7296"
36087
+ ]
36088
+ }
36089
+ },
35366
36090
  "CVE-2026-41091": {
35367
36091
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
35368
36092
  "rwep": 45,
@@ -61783,6 +62507,7 @@
61783
62507
  "CVE-2025-54136",
61784
62508
  "CVE-2025-60455",
61785
62509
  "CVE-2025-64496",
62510
+ "CVE-2025-64513",
61786
62511
  "CVE-2025-6965",
61787
62512
  "CVE-2025-8747",
61788
62513
  "CVE-2026-0766",
@@ -61795,6 +62520,7 @@
61795
62520
  "CVE-2026-24215",
61796
62521
  "CVE-2026-25592",
61797
62522
  "CVE-2026-26015",
62523
+ "CVE-2026-26190",
61798
62524
  "CVE-2026-30615",
61799
62525
  "CVE-2026-30616",
61800
62526
  "CVE-2026-30617",
@@ -62178,6 +62904,7 @@
62178
62904
  "CVE-2025-54136",
62179
62905
  "CVE-2025-60455",
62180
62906
  "CVE-2025-64496",
62907
+ "CVE-2025-64513",
62181
62908
  "CVE-2025-6965",
62182
62909
  "CVE-2025-8747",
62183
62910
  "CVE-2026-0766",
@@ -62190,6 +62917,7 @@
62190
62917
  "CVE-2026-24215",
62191
62918
  "CVE-2026-25592",
62192
62919
  "CVE-2026-26015",
62920
+ "CVE-2026-26190",
62193
62921
  "CVE-2026-30616",
62194
62922
  "CVE-2026-30617",
62195
62923
  "CVE-2026-30623",
@@ -62368,6 +63096,7 @@
62368
63096
  "CVE-2025-54136",
62369
63097
  "CVE-2025-60455",
62370
63098
  "CVE-2025-64496",
63099
+ "CVE-2025-64513",
62371
63100
  "CVE-2025-6965",
62372
63101
  "CVE-2025-8747",
62373
63102
  "CVE-2026-0766",
@@ -62380,6 +63109,7 @@
62380
63109
  "CVE-2026-24215",
62381
63110
  "CVE-2026-25592",
62382
63111
  "CVE-2026-26015",
63112
+ "CVE-2026-26190",
62383
63113
  "CVE-2026-30616",
62384
63114
  "CVE-2026-30617",
62385
63115
  "CVE-2026-30623",
@@ -62572,6 +63302,7 @@
62572
63302
  "CVE-2025-54136",
62573
63303
  "CVE-2025-60455",
62574
63304
  "CVE-2025-64496",
63305
+ "CVE-2025-64513",
62575
63306
  "CVE-2025-6965",
62576
63307
  "CVE-2025-8747",
62577
63308
  "CVE-2026-0766",
@@ -62584,6 +63315,7 @@
62584
63315
  "CVE-2026-24215",
62585
63316
  "CVE-2026-25592",
62586
63317
  "CVE-2026-26015",
63318
+ "CVE-2026-26190",
62587
63319
  "CVE-2026-30616",
62588
63320
  "CVE-2026-30617",
62589
63321
  "CVE-2026-30623",
@@ -62881,6 +63613,7 @@
62881
63613
  "CVE-2025-54136",
62882
63614
  "CVE-2025-60455",
62883
63615
  "CVE-2025-64496",
63616
+ "CVE-2025-64513",
62884
63617
  "CVE-2025-6965",
62885
63618
  "CVE-2025-8747",
62886
63619
  "CVE-2026-0766",
@@ -62894,6 +63627,7 @@
62894
63627
  "CVE-2026-24215",
62895
63628
  "CVE-2026-25592",
62896
63629
  "CVE-2026-26015",
63630
+ "CVE-2026-26190",
62897
63631
  "CVE-2026-30615",
62898
63632
  "CVE-2026-30616",
62899
63633
  "CVE-2026-30617",
@@ -63280,6 +64014,7 @@
63280
64014
  "CVE-2025-64328",
63281
64015
  "CVE-2025-64446",
63282
64016
  "CVE-2025-64496",
64017
+ "CVE-2025-64513",
63283
64018
  "CVE-2025-6543",
63284
64019
  "CVE-2025-6554",
63285
64020
  "CVE-2025-6558",
@@ -63337,6 +64072,7 @@
63337
64072
  "CVE-2026-25108",
63338
64073
  "CVE-2026-25592",
63339
64074
  "CVE-2026-26015",
64075
+ "CVE-2026-26190",
63340
64076
  "CVE-2026-3055",
63341
64077
  "CVE-2026-30616",
63342
64078
  "CVE-2026-30617",
@@ -64000,6 +64736,7 @@
64000
64736
  "CVE-2025-54136",
64001
64737
  "CVE-2025-60455",
64002
64738
  "CVE-2025-64496",
64739
+ "CVE-2025-64513",
64003
64740
  "CVE-2025-6965",
64004
64741
  "CVE-2025-8747",
64005
64742
  "CVE-2026-0766",
@@ -64012,6 +64749,7 @@
64012
64749
  "CVE-2026-24215",
64013
64750
  "CVE-2026-25592",
64014
64751
  "CVE-2026-26015",
64752
+ "CVE-2026-26190",
64015
64753
  "CVE-2026-30615",
64016
64754
  "CVE-2026-30616",
64017
64755
  "CVE-2026-30617",
@@ -64629,6 +65367,7 @@
64629
65367
  "CVE-2025-54136",
64630
65368
  "CVE-2025-60455",
64631
65369
  "CVE-2025-64496",
65370
+ "CVE-2025-64513",
64632
65371
  "CVE-2025-6965",
64633
65372
  "CVE-2025-8747",
64634
65373
  "CVE-2026-0766",
@@ -64641,6 +65380,7 @@
64641
65380
  "CVE-2026-24215",
64642
65381
  "CVE-2026-25592",
64643
65382
  "CVE-2026-26015",
65383
+ "CVE-2026-26190",
64644
65384
  "CVE-2026-30615",
64645
65385
  "CVE-2026-30616",
64646
65386
  "CVE-2026-30617",
@@ -64893,6 +65633,7 @@
64893
65633
  "CVE-2025-54136",
64894
65634
  "CVE-2025-60455",
64895
65635
  "CVE-2025-64496",
65636
+ "CVE-2025-64513",
64896
65637
  "CVE-2025-8747",
64897
65638
  "CVE-2026-0766",
64898
65639
  "CVE-2026-22252",
@@ -64904,6 +65645,7 @@
64904
65645
  "CVE-2026-24215",
64905
65646
  "CVE-2026-25592",
64906
65647
  "CVE-2026-26015",
65648
+ "CVE-2026-26190",
64907
65649
  "CVE-2026-30615",
64908
65650
  "CVE-2026-30616",
64909
65651
  "CVE-2026-30617",
@@ -65589,6 +66331,7 @@
65589
66331
  "CVE-2025-54136",
65590
66332
  "CVE-2025-60455",
65591
66333
  "CVE-2025-64496",
66334
+ "CVE-2025-64513",
65592
66335
  "CVE-2025-6965",
65593
66336
  "CVE-2025-8747",
65594
66337
  "CVE-2026-0766",
@@ -65601,6 +66344,7 @@
65601
66344
  "CVE-2026-24215",
65602
66345
  "CVE-2026-25592",
65603
66346
  "CVE-2026-26015",
66347
+ "CVE-2026-26190",
65604
66348
  "CVE-2026-30615",
65605
66349
  "CVE-2026-30616",
65606
66350
  "CVE-2026-30617",
@@ -65992,6 +66736,7 @@
65992
66736
  "CVE-2025-64328",
65993
66737
  "CVE-2025-64446",
65994
66738
  "CVE-2025-64496",
66739
+ "CVE-2025-64513",
65995
66740
  "CVE-2025-6543",
65996
66741
  "CVE-2025-6554",
65997
66742
  "CVE-2025-6558",
@@ -66049,6 +66794,7 @@
66049
66794
  "CVE-2026-25108",
66050
66795
  "CVE-2026-25592",
66051
66796
  "CVE-2026-26015",
66797
+ "CVE-2026-26190",
66052
66798
  "CVE-2026-3055",
66053
66799
  "CVE-2026-30616",
66054
66800
  "CVE-2026-30617",
@@ -66442,6 +67188,7 @@
66442
67188
  "CVE-2025-64328",
66443
67189
  "CVE-2025-64446",
66444
67190
  "CVE-2025-64496",
67191
+ "CVE-2025-64513",
66445
67192
  "CVE-2025-6543",
66446
67193
  "CVE-2025-6554",
66447
67194
  "CVE-2025-6558",
@@ -66499,6 +67246,7 @@
66499
67246
  "CVE-2026-25108",
66500
67247
  "CVE-2026-25592",
66501
67248
  "CVE-2026-26015",
67249
+ "CVE-2026-26190",
66502
67250
  "CVE-2026-3055",
66503
67251
  "CVE-2026-30616",
66504
67252
  "CVE-2026-30617",
@@ -66791,6 +67539,7 @@
66791
67539
  "CVE-2025-54136",
66792
67540
  "CVE-2025-60455",
66793
67541
  "CVE-2025-64496",
67542
+ "CVE-2025-64513",
66794
67543
  "CVE-2025-6965",
66795
67544
  "CVE-2025-8747",
66796
67545
  "CVE-2026-0766",
@@ -66803,6 +67552,7 @@
66803
67552
  "CVE-2026-24215",
66804
67553
  "CVE-2026-25592",
66805
67554
  "CVE-2026-26015",
67555
+ "CVE-2026-26190",
66806
67556
  "CVE-2026-30615",
66807
67557
  "CVE-2026-30616",
66808
67558
  "CVE-2026-30617",
@@ -67746,6 +68496,7 @@
67746
68496
  "CVE-2025-64328",
67747
68497
  "CVE-2025-64446",
67748
68498
  "CVE-2025-64496",
68499
+ "CVE-2025-64513",
67749
68500
  "CVE-2025-6543",
67750
68501
  "CVE-2025-6554",
67751
68502
  "CVE-2025-6558",
@@ -67803,6 +68554,7 @@
67803
68554
  "CVE-2026-25108",
67804
68555
  "CVE-2026-25592",
67805
68556
  "CVE-2026-26015",
68557
+ "CVE-2026-26190",
67806
68558
  "CVE-2026-3055",
67807
68559
  "CVE-2026-30616",
67808
68560
  "CVE-2026-30617",
@@ -68159,6 +68911,7 @@
68159
68911
  "CVE-2025-54136",
68160
68912
  "CVE-2025-60455",
68161
68913
  "CVE-2025-64496",
68914
+ "CVE-2025-64513",
68162
68915
  "CVE-2025-6965",
68163
68916
  "CVE-2025-8747",
68164
68917
  "CVE-2026-0766",
@@ -68171,6 +68924,7 @@
68171
68924
  "CVE-2026-24215",
68172
68925
  "CVE-2026-25592",
68173
68926
  "CVE-2026-26015",
68927
+ "CVE-2026-26190",
68174
68928
  "CVE-2026-30615",
68175
68929
  "CVE-2026-30616",
68176
68930
  "CVE-2026-30617",
@@ -68644,6 +69398,7 @@
68644
69398
  "CVE-2025-64328",
68645
69399
  "CVE-2025-64446",
68646
69400
  "CVE-2025-64496",
69401
+ "CVE-2025-64513",
68647
69402
  "CVE-2025-6543",
68648
69403
  "CVE-2025-6554",
68649
69404
  "CVE-2025-6558",
@@ -68702,6 +69457,7 @@
68702
69457
  "CVE-2026-25108",
68703
69458
  "CVE-2026-25592",
68704
69459
  "CVE-2026-26015",
69460
+ "CVE-2026-26190",
68705
69461
  "CVE-2026-3055",
68706
69462
  "CVE-2026-30615",
68707
69463
  "CVE-2026-30616",
@@ -69071,6 +69827,7 @@
69071
69827
  "CVE-2025-54136",
69072
69828
  "CVE-2025-60455",
69073
69829
  "CVE-2025-64496",
69830
+ "CVE-2025-64513",
69074
69831
  "CVE-2025-8747",
69075
69832
  "CVE-2026-0766",
69076
69833
  "CVE-2026-22252",
@@ -69082,6 +69839,7 @@
69082
69839
  "CVE-2026-24215",
69083
69840
  "CVE-2026-25592",
69084
69841
  "CVE-2026-26015",
69842
+ "CVE-2026-26190",
69085
69843
  "CVE-2026-30615",
69086
69844
  "CVE-2026-30616",
69087
69845
  "CVE-2026-30617",
@@ -70036,6 +70794,7 @@
70036
70794
  "CVE-2025-54136",
70037
70795
  "CVE-2025-60455",
70038
70796
  "CVE-2025-64496",
70797
+ "CVE-2025-64513",
70039
70798
  "CVE-2025-6965",
70040
70799
  "CVE-2025-8747",
70041
70800
  "CVE-2026-0766",
@@ -70048,6 +70807,7 @@
70048
70807
  "CVE-2026-24215",
70049
70808
  "CVE-2026-25592",
70050
70809
  "CVE-2026-26015",
70810
+ "CVE-2026-26190",
70051
70811
  "CVE-2026-30615",
70052
70812
  "CVE-2026-30616",
70053
70813
  "CVE-2026-30617",
@@ -70159,6 +70919,7 @@
70159
70919
  "CVE-2025-54136",
70160
70920
  "CVE-2025-60455",
70161
70921
  "CVE-2025-64496",
70922
+ "CVE-2025-64513",
70162
70923
  "CVE-2025-8747",
70163
70924
  "CVE-2026-0766",
70164
70925
  "CVE-2026-22252",
@@ -70170,6 +70931,7 @@
70170
70931
  "CVE-2026-24215",
70171
70932
  "CVE-2026-25592",
70172
70933
  "CVE-2026-26015",
70934
+ "CVE-2026-26190",
70173
70935
  "CVE-2026-30616",
70174
70936
  "CVE-2026-30617",
70175
70937
  "CVE-2026-30624",
@@ -70356,6 +71118,7 @@
70356
71118
  "CVE-2025-54136",
70357
71119
  "CVE-2025-60455",
70358
71120
  "CVE-2025-64496",
71121
+ "CVE-2025-64513",
70359
71122
  "CVE-2025-6965",
70360
71123
  "CVE-2025-8747",
70361
71124
  "CVE-2026-0766",
@@ -70369,6 +71132,7 @@
70369
71132
  "CVE-2026-24215",
70370
71133
  "CVE-2026-25592",
70371
71134
  "CVE-2026-26015",
71135
+ "CVE-2026-26190",
70372
71136
  "CVE-2026-30616",
70373
71137
  "CVE-2026-30617",
70374
71138
  "CVE-2026-30623",
@@ -70934,6 +71698,7 @@
70934
71698
  "CVE-2025-64328",
70935
71699
  "CVE-2025-64446",
70936
71700
  "CVE-2025-64496",
71701
+ "CVE-2025-64513",
70937
71702
  "CVE-2025-6543",
70938
71703
  "CVE-2025-6554",
70939
71704
  "CVE-2025-6558",
@@ -70989,6 +71754,7 @@
70989
71754
  "CVE-2026-25108",
70990
71755
  "CVE-2026-25592",
70991
71756
  "CVE-2026-26015",
71757
+ "CVE-2026-26190",
70992
71758
  "CVE-2026-3055",
70993
71759
  "CVE-2026-30615",
70994
71760
  "CVE-2026-30616",
@@ -71280,6 +72046,7 @@
71280
72046
  "CVE-2025-54136",
71281
72047
  "CVE-2025-60455",
71282
72048
  "CVE-2025-64496",
72049
+ "CVE-2025-64513",
71283
72050
  "CVE-2025-6965",
71284
72051
  "CVE-2025-8747",
71285
72052
  "CVE-2026-0766",
@@ -71292,6 +72059,7 @@
71292
72059
  "CVE-2026-24215",
71293
72060
  "CVE-2026-25592",
71294
72061
  "CVE-2026-26015",
72062
+ "CVE-2026-26190",
71295
72063
  "CVE-2026-30615",
71296
72064
  "CVE-2026-30616",
71297
72065
  "CVE-2026-30617",
@@ -71600,6 +72368,7 @@
71600
72368
  "CVE-2025-54136",
71601
72369
  "CVE-2025-60455",
71602
72370
  "CVE-2025-64496",
72371
+ "CVE-2025-64513",
71603
72372
  "CVE-2025-6965",
71604
72373
  "CVE-2025-8747",
71605
72374
  "CVE-2026-0766",
@@ -71613,6 +72382,7 @@
71613
72382
  "CVE-2026-24215",
71614
72383
  "CVE-2026-25592",
71615
72384
  "CVE-2026-26015",
72385
+ "CVE-2026-26190",
71616
72386
  "CVE-2026-30615",
71617
72387
  "CVE-2026-30616",
71618
72388
  "CVE-2026-30617",