@blamejs/exceptd-skills 0.13.96 → 0.13.98
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +1540 -0
- package/data/atlas-ttps.json +7 -1
- package/data/attack-techniques.json +8 -0
- package/data/cve-catalog.json +419 -0
- package/data/cwe-catalog.json +4 -0
- package/data/framework-control-gaps.json +34 -2
- package/data/zeroday-lessons.json +200 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
|
@@ -35363,6 +35363,1454 @@
|
|
|
35363
35363
|
]
|
|
35364
35364
|
}
|
|
35365
35365
|
},
|
|
35366
|
+
"CVE-2025-64513": {
|
|
35367
|
+
"name": "Milvus Proxy Authentication Bypass via Forged Headers",
|
|
35368
|
+
"rwep": 27,
|
|
35369
|
+
"cvss": 9.3,
|
|
35370
|
+
"cisa_kev": false,
|
|
35371
|
+
"epss_score": null,
|
|
35372
|
+
"referencing_skills": [
|
|
35373
|
+
"kernel-lpe-triage",
|
|
35374
|
+
"ai-attack-surface",
|
|
35375
|
+
"compliance-theater",
|
|
35376
|
+
"attack-surface-pentest",
|
|
35377
|
+
"ot-ics-security",
|
|
35378
|
+
"coordinated-vuln-disclosure",
|
|
35379
|
+
"sector-energy"
|
|
35380
|
+
],
|
|
35381
|
+
"chain": {
|
|
35382
|
+
"cwes": [
|
|
35383
|
+
{
|
|
35384
|
+
"id": "CWE-1037",
|
|
35385
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
35386
|
+
"category": "Hardware / Side Channel"
|
|
35387
|
+
},
|
|
35388
|
+
{
|
|
35389
|
+
"id": "CWE-1039",
|
|
35390
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
35391
|
+
"category": "AI/ML"
|
|
35392
|
+
},
|
|
35393
|
+
{
|
|
35394
|
+
"id": "CWE-125",
|
|
35395
|
+
"name": "Out-of-bounds Read",
|
|
35396
|
+
"category": "Memory Safety"
|
|
35397
|
+
},
|
|
35398
|
+
{
|
|
35399
|
+
"id": "CWE-1357",
|
|
35400
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
35401
|
+
"category": "Supply Chain"
|
|
35402
|
+
},
|
|
35403
|
+
{
|
|
35404
|
+
"id": "CWE-1395",
|
|
35405
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
35406
|
+
"category": "Supply Chain"
|
|
35407
|
+
},
|
|
35408
|
+
{
|
|
35409
|
+
"id": "CWE-1426",
|
|
35410
|
+
"name": "Improper Validation of Generative AI Output",
|
|
35411
|
+
"category": "AI/ML"
|
|
35412
|
+
},
|
|
35413
|
+
{
|
|
35414
|
+
"id": "CWE-22",
|
|
35415
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
35416
|
+
"category": "Path/Resource"
|
|
35417
|
+
},
|
|
35418
|
+
{
|
|
35419
|
+
"id": "CWE-269",
|
|
35420
|
+
"name": "Improper Privilege Management",
|
|
35421
|
+
"category": "Authorization"
|
|
35422
|
+
},
|
|
35423
|
+
{
|
|
35424
|
+
"id": "CWE-287",
|
|
35425
|
+
"name": "Improper Authentication",
|
|
35426
|
+
"category": "Authentication"
|
|
35427
|
+
},
|
|
35428
|
+
{
|
|
35429
|
+
"id": "CWE-306",
|
|
35430
|
+
"name": "Missing Authentication for Critical Function",
|
|
35431
|
+
"category": "Authentication"
|
|
35432
|
+
},
|
|
35433
|
+
{
|
|
35434
|
+
"id": "CWE-352",
|
|
35435
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
35436
|
+
"category": "Session"
|
|
35437
|
+
},
|
|
35438
|
+
{
|
|
35439
|
+
"id": "CWE-362",
|
|
35440
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
35441
|
+
"category": "Concurrency"
|
|
35442
|
+
},
|
|
35443
|
+
{
|
|
35444
|
+
"id": "CWE-416",
|
|
35445
|
+
"name": "Use After Free",
|
|
35446
|
+
"category": "Memory Safety"
|
|
35447
|
+
},
|
|
35448
|
+
{
|
|
35449
|
+
"id": "CWE-434",
|
|
35450
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
35451
|
+
"category": "File Handling"
|
|
35452
|
+
},
|
|
35453
|
+
{
|
|
35454
|
+
"id": "CWE-672",
|
|
35455
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
35456
|
+
"category": "Memory Safety"
|
|
35457
|
+
},
|
|
35458
|
+
{
|
|
35459
|
+
"id": "CWE-732",
|
|
35460
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
35461
|
+
"category": "Authorization"
|
|
35462
|
+
},
|
|
35463
|
+
{
|
|
35464
|
+
"id": "CWE-78",
|
|
35465
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
35466
|
+
"category": "Injection"
|
|
35467
|
+
},
|
|
35468
|
+
{
|
|
35469
|
+
"id": "CWE-787",
|
|
35470
|
+
"name": "Out-of-bounds Write",
|
|
35471
|
+
"category": "Memory Safety"
|
|
35472
|
+
},
|
|
35473
|
+
{
|
|
35474
|
+
"id": "CWE-79",
|
|
35475
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
35476
|
+
"category": "Injection"
|
|
35477
|
+
},
|
|
35478
|
+
{
|
|
35479
|
+
"id": "CWE-798",
|
|
35480
|
+
"name": "Use of Hard-coded Credentials",
|
|
35481
|
+
"category": "Credentials"
|
|
35482
|
+
},
|
|
35483
|
+
{
|
|
35484
|
+
"id": "CWE-89",
|
|
35485
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
35486
|
+
"category": "Injection"
|
|
35487
|
+
},
|
|
35488
|
+
{
|
|
35489
|
+
"id": "CWE-918",
|
|
35490
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
35491
|
+
"category": "Network"
|
|
35492
|
+
},
|
|
35493
|
+
{
|
|
35494
|
+
"id": "CWE-94",
|
|
35495
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
35496
|
+
"category": "Injection"
|
|
35497
|
+
}
|
|
35498
|
+
],
|
|
35499
|
+
"atlas": [
|
|
35500
|
+
{
|
|
35501
|
+
"id": "AML.T0010",
|
|
35502
|
+
"name": "ML Supply Chain Compromise",
|
|
35503
|
+
"tactic": "Initial Access"
|
|
35504
|
+
},
|
|
35505
|
+
{
|
|
35506
|
+
"id": "AML.T0016",
|
|
35507
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
35508
|
+
"tactic": "Resource Development"
|
|
35509
|
+
},
|
|
35510
|
+
{
|
|
35511
|
+
"id": "AML.T0017",
|
|
35512
|
+
"name": "Discover ML Model Ontology",
|
|
35513
|
+
"tactic": "Discovery"
|
|
35514
|
+
},
|
|
35515
|
+
{
|
|
35516
|
+
"id": "AML.T0018",
|
|
35517
|
+
"name": "Backdoor ML Model",
|
|
35518
|
+
"tactic": "Persistence"
|
|
35519
|
+
},
|
|
35520
|
+
{
|
|
35521
|
+
"id": "AML.T0020",
|
|
35522
|
+
"name": "Poison Training Data",
|
|
35523
|
+
"tactic": "ML Attack Staging"
|
|
35524
|
+
},
|
|
35525
|
+
{
|
|
35526
|
+
"id": "AML.T0043",
|
|
35527
|
+
"name": "Craft Adversarial Data",
|
|
35528
|
+
"tactic": "ML Attack Staging"
|
|
35529
|
+
},
|
|
35530
|
+
{
|
|
35531
|
+
"id": "AML.T0051",
|
|
35532
|
+
"name": "LLM Prompt Injection",
|
|
35533
|
+
"tactic": "Execution"
|
|
35534
|
+
},
|
|
35535
|
+
{
|
|
35536
|
+
"id": "AML.T0054",
|
|
35537
|
+
"name": "LLM Jailbreak",
|
|
35538
|
+
"tactic": "Defense Evasion"
|
|
35539
|
+
},
|
|
35540
|
+
{
|
|
35541
|
+
"id": "AML.T0096",
|
|
35542
|
+
"name": "AI API as Covert C2 Channel",
|
|
35543
|
+
"tactic": "Command and Control"
|
|
35544
|
+
}
|
|
35545
|
+
],
|
|
35546
|
+
"d3fend": [
|
|
35547
|
+
{
|
|
35548
|
+
"id": "D3-ASLR",
|
|
35549
|
+
"name": "Address Space Layout Randomization",
|
|
35550
|
+
"tactic": "Harden"
|
|
35551
|
+
},
|
|
35552
|
+
{
|
|
35553
|
+
"id": "D3-CSPP",
|
|
35554
|
+
"name": "Client-server Payload Profiling",
|
|
35555
|
+
"tactic": "Detect"
|
|
35556
|
+
},
|
|
35557
|
+
{
|
|
35558
|
+
"id": "D3-EAL",
|
|
35559
|
+
"name": "Executable Allowlisting",
|
|
35560
|
+
"tactic": "Harden"
|
|
35561
|
+
},
|
|
35562
|
+
{
|
|
35563
|
+
"id": "D3-IOPR",
|
|
35564
|
+
"name": "Input/Output Profiling Resource",
|
|
35565
|
+
"tactic": "Detect"
|
|
35566
|
+
},
|
|
35567
|
+
{
|
|
35568
|
+
"id": "D3-NTA",
|
|
35569
|
+
"name": "Network Traffic Analysis",
|
|
35570
|
+
"tactic": "Detect"
|
|
35571
|
+
},
|
|
35572
|
+
{
|
|
35573
|
+
"id": "D3-PHRA",
|
|
35574
|
+
"name": "Process Hardware Resource Access",
|
|
35575
|
+
"tactic": "Isolate"
|
|
35576
|
+
},
|
|
35577
|
+
{
|
|
35578
|
+
"id": "D3-PSEP",
|
|
35579
|
+
"name": "Process Segment Execution Prevention",
|
|
35580
|
+
"tactic": "Harden"
|
|
35581
|
+
}
|
|
35582
|
+
],
|
|
35583
|
+
"framework_gaps": [
|
|
35584
|
+
{
|
|
35585
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
35586
|
+
"framework": "ALL",
|
|
35587
|
+
"control_name": "AI Pipeline Integrity"
|
|
35588
|
+
},
|
|
35589
|
+
{
|
|
35590
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
35591
|
+
"framework": "ALL",
|
|
35592
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
35593
|
+
},
|
|
35594
|
+
{
|
|
35595
|
+
"id": "CIS-Controls-v8-Control7",
|
|
35596
|
+
"framework": "CIS Controls v8",
|
|
35597
|
+
"control_name": "Continuous Vulnerability Management"
|
|
35598
|
+
},
|
|
35599
|
+
{
|
|
35600
|
+
"id": "CMMC-2.0-Level-2",
|
|
35601
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
35602
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
35603
|
+
},
|
|
35604
|
+
{
|
|
35605
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
35606
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
35607
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
35608
|
+
},
|
|
35609
|
+
{
|
|
35610
|
+
"id": "IEC-62443-3-3",
|
|
35611
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
35612
|
+
"control_name": "System security requirements and security levels"
|
|
35613
|
+
},
|
|
35614
|
+
{
|
|
35615
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
35616
|
+
"framework": "ISO/IEC 27001:2022",
|
|
35617
|
+
"control_name": "Secure coding"
|
|
35618
|
+
},
|
|
35619
|
+
{
|
|
35620
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
35621
|
+
"framework": "ISO/IEC 27001:2022",
|
|
35622
|
+
"control_name": "Management of technical vulnerabilities"
|
|
35623
|
+
},
|
|
35624
|
+
{
|
|
35625
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
35626
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
35627
|
+
"control_name": "AI risk management process"
|
|
35628
|
+
},
|
|
35629
|
+
{
|
|
35630
|
+
"id": "NERC-CIP-007-6-R4",
|
|
35631
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
35632
|
+
"control_name": "Security event monitoring"
|
|
35633
|
+
},
|
|
35634
|
+
{
|
|
35635
|
+
"id": "NIS2-Art21-patch-management",
|
|
35636
|
+
"framework": "EU NIS2 Directive",
|
|
35637
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
35638
|
+
},
|
|
35639
|
+
{
|
|
35640
|
+
"id": "NIST-800-115",
|
|
35641
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
35642
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
35643
|
+
},
|
|
35644
|
+
{
|
|
35645
|
+
"id": "NIST-800-218-SSDF",
|
|
35646
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
35647
|
+
"control_name": "Secure Software Development Framework"
|
|
35648
|
+
},
|
|
35649
|
+
{
|
|
35650
|
+
"id": "NIST-800-53-AC-2",
|
|
35651
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
35652
|
+
"control_name": "Account Management"
|
|
35653
|
+
},
|
|
35654
|
+
{
|
|
35655
|
+
"id": "NIST-800-53-SC-8",
|
|
35656
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
35657
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
35658
|
+
},
|
|
35659
|
+
{
|
|
35660
|
+
"id": "NIST-800-53-SI-2",
|
|
35661
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
35662
|
+
"control_name": "Flaw Remediation"
|
|
35663
|
+
},
|
|
35664
|
+
{
|
|
35665
|
+
"id": "NIST-800-53-SI-3",
|
|
35666
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
35667
|
+
"control_name": "Malicious Code Protection"
|
|
35668
|
+
},
|
|
35669
|
+
{
|
|
35670
|
+
"id": "NIST-800-82r3",
|
|
35671
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
35672
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
35673
|
+
},
|
|
35674
|
+
{
|
|
35675
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
35676
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
35677
|
+
"control_name": "Prompt Injection"
|
|
35678
|
+
},
|
|
35679
|
+
{
|
|
35680
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
35681
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
35682
|
+
"control_name": "Sensitive Information Disclosure"
|
|
35683
|
+
},
|
|
35684
|
+
{
|
|
35685
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
35686
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
35687
|
+
"control_name": "Web application penetration testing methodology"
|
|
35688
|
+
},
|
|
35689
|
+
{
|
|
35690
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
35691
|
+
"framework": "PCI DSS 4.0",
|
|
35692
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
35693
|
+
},
|
|
35694
|
+
{
|
|
35695
|
+
"id": "PTES-Pre-engagement",
|
|
35696
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
35697
|
+
"control_name": "Pre-engagement Interactions"
|
|
35698
|
+
},
|
|
35699
|
+
{
|
|
35700
|
+
"id": "SOC2-CC6-logical-access",
|
|
35701
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
35702
|
+
"control_name": "Logical and Physical Access Controls"
|
|
35703
|
+
},
|
|
35704
|
+
{
|
|
35705
|
+
"id": "SOC2-CC9-vendor-management",
|
|
35706
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
35707
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
35708
|
+
}
|
|
35709
|
+
],
|
|
35710
|
+
"attack_refs": [
|
|
35711
|
+
"T0855",
|
|
35712
|
+
"T0883",
|
|
35713
|
+
"T1059",
|
|
35714
|
+
"T1068",
|
|
35715
|
+
"T1078",
|
|
35716
|
+
"T1133",
|
|
35717
|
+
"T1190",
|
|
35718
|
+
"T1548.001",
|
|
35719
|
+
"T1566"
|
|
35720
|
+
],
|
|
35721
|
+
"rfc_refs": [
|
|
35722
|
+
"RFC-4301",
|
|
35723
|
+
"RFC-4303",
|
|
35724
|
+
"RFC-7296"
|
|
35725
|
+
]
|
|
35726
|
+
}
|
|
35727
|
+
},
|
|
35728
|
+
"CVE-2026-26190": {
|
|
35729
|
+
"name": "Milvus Port 9091 Missing Authentication / Weak Default Token",
|
|
35730
|
+
"rwep": 27,
|
|
35731
|
+
"cvss": 9.8,
|
|
35732
|
+
"cisa_kev": false,
|
|
35733
|
+
"epss_score": null,
|
|
35734
|
+
"referencing_skills": [
|
|
35735
|
+
"kernel-lpe-triage",
|
|
35736
|
+
"ai-attack-surface",
|
|
35737
|
+
"compliance-theater",
|
|
35738
|
+
"attack-surface-pentest",
|
|
35739
|
+
"ot-ics-security",
|
|
35740
|
+
"coordinated-vuln-disclosure",
|
|
35741
|
+
"sector-energy"
|
|
35742
|
+
],
|
|
35743
|
+
"chain": {
|
|
35744
|
+
"cwes": [
|
|
35745
|
+
{
|
|
35746
|
+
"id": "CWE-1037",
|
|
35747
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
35748
|
+
"category": "Hardware / Side Channel"
|
|
35749
|
+
},
|
|
35750
|
+
{
|
|
35751
|
+
"id": "CWE-1039",
|
|
35752
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
35753
|
+
"category": "AI/ML"
|
|
35754
|
+
},
|
|
35755
|
+
{
|
|
35756
|
+
"id": "CWE-125",
|
|
35757
|
+
"name": "Out-of-bounds Read",
|
|
35758
|
+
"category": "Memory Safety"
|
|
35759
|
+
},
|
|
35760
|
+
{
|
|
35761
|
+
"id": "CWE-1357",
|
|
35762
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
35763
|
+
"category": "Supply Chain"
|
|
35764
|
+
},
|
|
35765
|
+
{
|
|
35766
|
+
"id": "CWE-1395",
|
|
35767
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
35768
|
+
"category": "Supply Chain"
|
|
35769
|
+
},
|
|
35770
|
+
{
|
|
35771
|
+
"id": "CWE-1426",
|
|
35772
|
+
"name": "Improper Validation of Generative AI Output",
|
|
35773
|
+
"category": "AI/ML"
|
|
35774
|
+
},
|
|
35775
|
+
{
|
|
35776
|
+
"id": "CWE-22",
|
|
35777
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
35778
|
+
"category": "Path/Resource"
|
|
35779
|
+
},
|
|
35780
|
+
{
|
|
35781
|
+
"id": "CWE-269",
|
|
35782
|
+
"name": "Improper Privilege Management",
|
|
35783
|
+
"category": "Authorization"
|
|
35784
|
+
},
|
|
35785
|
+
{
|
|
35786
|
+
"id": "CWE-287",
|
|
35787
|
+
"name": "Improper Authentication",
|
|
35788
|
+
"category": "Authentication"
|
|
35789
|
+
},
|
|
35790
|
+
{
|
|
35791
|
+
"id": "CWE-306",
|
|
35792
|
+
"name": "Missing Authentication for Critical Function",
|
|
35793
|
+
"category": "Authentication"
|
|
35794
|
+
},
|
|
35795
|
+
{
|
|
35796
|
+
"id": "CWE-352",
|
|
35797
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
35798
|
+
"category": "Session"
|
|
35799
|
+
},
|
|
35800
|
+
{
|
|
35801
|
+
"id": "CWE-362",
|
|
35802
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
35803
|
+
"category": "Concurrency"
|
|
35804
|
+
},
|
|
35805
|
+
{
|
|
35806
|
+
"id": "CWE-416",
|
|
35807
|
+
"name": "Use After Free",
|
|
35808
|
+
"category": "Memory Safety"
|
|
35809
|
+
},
|
|
35810
|
+
{
|
|
35811
|
+
"id": "CWE-434",
|
|
35812
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
35813
|
+
"category": "File Handling"
|
|
35814
|
+
},
|
|
35815
|
+
{
|
|
35816
|
+
"id": "CWE-672",
|
|
35817
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
35818
|
+
"category": "Memory Safety"
|
|
35819
|
+
},
|
|
35820
|
+
{
|
|
35821
|
+
"id": "CWE-732",
|
|
35822
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
35823
|
+
"category": "Authorization"
|
|
35824
|
+
},
|
|
35825
|
+
{
|
|
35826
|
+
"id": "CWE-78",
|
|
35827
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
35828
|
+
"category": "Injection"
|
|
35829
|
+
},
|
|
35830
|
+
{
|
|
35831
|
+
"id": "CWE-787",
|
|
35832
|
+
"name": "Out-of-bounds Write",
|
|
35833
|
+
"category": "Memory Safety"
|
|
35834
|
+
},
|
|
35835
|
+
{
|
|
35836
|
+
"id": "CWE-79",
|
|
35837
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
35838
|
+
"category": "Injection"
|
|
35839
|
+
},
|
|
35840
|
+
{
|
|
35841
|
+
"id": "CWE-798",
|
|
35842
|
+
"name": "Use of Hard-coded Credentials",
|
|
35843
|
+
"category": "Credentials"
|
|
35844
|
+
},
|
|
35845
|
+
{
|
|
35846
|
+
"id": "CWE-89",
|
|
35847
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
35848
|
+
"category": "Injection"
|
|
35849
|
+
},
|
|
35850
|
+
{
|
|
35851
|
+
"id": "CWE-918",
|
|
35852
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
35853
|
+
"category": "Network"
|
|
35854
|
+
},
|
|
35855
|
+
{
|
|
35856
|
+
"id": "CWE-94",
|
|
35857
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
35858
|
+
"category": "Injection"
|
|
35859
|
+
}
|
|
35860
|
+
],
|
|
35861
|
+
"atlas": [
|
|
35862
|
+
{
|
|
35863
|
+
"id": "AML.T0010",
|
|
35864
|
+
"name": "ML Supply Chain Compromise",
|
|
35865
|
+
"tactic": "Initial Access"
|
|
35866
|
+
},
|
|
35867
|
+
{
|
|
35868
|
+
"id": "AML.T0016",
|
|
35869
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
35870
|
+
"tactic": "Resource Development"
|
|
35871
|
+
},
|
|
35872
|
+
{
|
|
35873
|
+
"id": "AML.T0017",
|
|
35874
|
+
"name": "Discover ML Model Ontology",
|
|
35875
|
+
"tactic": "Discovery"
|
|
35876
|
+
},
|
|
35877
|
+
{
|
|
35878
|
+
"id": "AML.T0018",
|
|
35879
|
+
"name": "Backdoor ML Model",
|
|
35880
|
+
"tactic": "Persistence"
|
|
35881
|
+
},
|
|
35882
|
+
{
|
|
35883
|
+
"id": "AML.T0020",
|
|
35884
|
+
"name": "Poison Training Data",
|
|
35885
|
+
"tactic": "ML Attack Staging"
|
|
35886
|
+
},
|
|
35887
|
+
{
|
|
35888
|
+
"id": "AML.T0043",
|
|
35889
|
+
"name": "Craft Adversarial Data",
|
|
35890
|
+
"tactic": "ML Attack Staging"
|
|
35891
|
+
},
|
|
35892
|
+
{
|
|
35893
|
+
"id": "AML.T0051",
|
|
35894
|
+
"name": "LLM Prompt Injection",
|
|
35895
|
+
"tactic": "Execution"
|
|
35896
|
+
},
|
|
35897
|
+
{
|
|
35898
|
+
"id": "AML.T0054",
|
|
35899
|
+
"name": "LLM Jailbreak",
|
|
35900
|
+
"tactic": "Defense Evasion"
|
|
35901
|
+
},
|
|
35902
|
+
{
|
|
35903
|
+
"id": "AML.T0096",
|
|
35904
|
+
"name": "AI API as Covert C2 Channel",
|
|
35905
|
+
"tactic": "Command and Control"
|
|
35906
|
+
}
|
|
35907
|
+
],
|
|
35908
|
+
"d3fend": [
|
|
35909
|
+
{
|
|
35910
|
+
"id": "D3-ASLR",
|
|
35911
|
+
"name": "Address Space Layout Randomization",
|
|
35912
|
+
"tactic": "Harden"
|
|
35913
|
+
},
|
|
35914
|
+
{
|
|
35915
|
+
"id": "D3-CSPP",
|
|
35916
|
+
"name": "Client-server Payload Profiling",
|
|
35917
|
+
"tactic": "Detect"
|
|
35918
|
+
},
|
|
35919
|
+
{
|
|
35920
|
+
"id": "D3-EAL",
|
|
35921
|
+
"name": "Executable Allowlisting",
|
|
35922
|
+
"tactic": "Harden"
|
|
35923
|
+
},
|
|
35924
|
+
{
|
|
35925
|
+
"id": "D3-IOPR",
|
|
35926
|
+
"name": "Input/Output Profiling Resource",
|
|
35927
|
+
"tactic": "Detect"
|
|
35928
|
+
},
|
|
35929
|
+
{
|
|
35930
|
+
"id": "D3-NTA",
|
|
35931
|
+
"name": "Network Traffic Analysis",
|
|
35932
|
+
"tactic": "Detect"
|
|
35933
|
+
},
|
|
35934
|
+
{
|
|
35935
|
+
"id": "D3-PHRA",
|
|
35936
|
+
"name": "Process Hardware Resource Access",
|
|
35937
|
+
"tactic": "Isolate"
|
|
35938
|
+
},
|
|
35939
|
+
{
|
|
35940
|
+
"id": "D3-PSEP",
|
|
35941
|
+
"name": "Process Segment Execution Prevention",
|
|
35942
|
+
"tactic": "Harden"
|
|
35943
|
+
}
|
|
35944
|
+
],
|
|
35945
|
+
"framework_gaps": [
|
|
35946
|
+
{
|
|
35947
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
35948
|
+
"framework": "ALL",
|
|
35949
|
+
"control_name": "AI Pipeline Integrity"
|
|
35950
|
+
},
|
|
35951
|
+
{
|
|
35952
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
35953
|
+
"framework": "ALL",
|
|
35954
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
35955
|
+
},
|
|
35956
|
+
{
|
|
35957
|
+
"id": "CIS-Controls-v8-Control7",
|
|
35958
|
+
"framework": "CIS Controls v8",
|
|
35959
|
+
"control_name": "Continuous Vulnerability Management"
|
|
35960
|
+
},
|
|
35961
|
+
{
|
|
35962
|
+
"id": "CMMC-2.0-Level-2",
|
|
35963
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
35964
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
35965
|
+
},
|
|
35966
|
+
{
|
|
35967
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
35968
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
35969
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
35970
|
+
},
|
|
35971
|
+
{
|
|
35972
|
+
"id": "IEC-62443-3-3",
|
|
35973
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
35974
|
+
"control_name": "System security requirements and security levels"
|
|
35975
|
+
},
|
|
35976
|
+
{
|
|
35977
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
35978
|
+
"framework": "ISO/IEC 27001:2022",
|
|
35979
|
+
"control_name": "Secure coding"
|
|
35980
|
+
},
|
|
35981
|
+
{
|
|
35982
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
35983
|
+
"framework": "ISO/IEC 27001:2022",
|
|
35984
|
+
"control_name": "Management of technical vulnerabilities"
|
|
35985
|
+
},
|
|
35986
|
+
{
|
|
35987
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
35988
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
35989
|
+
"control_name": "AI risk management process"
|
|
35990
|
+
},
|
|
35991
|
+
{
|
|
35992
|
+
"id": "NERC-CIP-007-6-R4",
|
|
35993
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
35994
|
+
"control_name": "Security event monitoring"
|
|
35995
|
+
},
|
|
35996
|
+
{
|
|
35997
|
+
"id": "NIS2-Art21-patch-management",
|
|
35998
|
+
"framework": "EU NIS2 Directive",
|
|
35999
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
36000
|
+
},
|
|
36001
|
+
{
|
|
36002
|
+
"id": "NIST-800-115",
|
|
36003
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
36004
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
36005
|
+
},
|
|
36006
|
+
{
|
|
36007
|
+
"id": "NIST-800-218-SSDF",
|
|
36008
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
36009
|
+
"control_name": "Secure Software Development Framework"
|
|
36010
|
+
},
|
|
36011
|
+
{
|
|
36012
|
+
"id": "NIST-800-53-AC-2",
|
|
36013
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36014
|
+
"control_name": "Account Management"
|
|
36015
|
+
},
|
|
36016
|
+
{
|
|
36017
|
+
"id": "NIST-800-53-SC-8",
|
|
36018
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36019
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
36020
|
+
},
|
|
36021
|
+
{
|
|
36022
|
+
"id": "NIST-800-53-SI-2",
|
|
36023
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36024
|
+
"control_name": "Flaw Remediation"
|
|
36025
|
+
},
|
|
36026
|
+
{
|
|
36027
|
+
"id": "NIST-800-53-SI-3",
|
|
36028
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36029
|
+
"control_name": "Malicious Code Protection"
|
|
36030
|
+
},
|
|
36031
|
+
{
|
|
36032
|
+
"id": "NIST-800-82r3",
|
|
36033
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
36034
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
36035
|
+
},
|
|
36036
|
+
{
|
|
36037
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
36038
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
36039
|
+
"control_name": "Prompt Injection"
|
|
36040
|
+
},
|
|
36041
|
+
{
|
|
36042
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
36043
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
36044
|
+
"control_name": "Sensitive Information Disclosure"
|
|
36045
|
+
},
|
|
36046
|
+
{
|
|
36047
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
36048
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
36049
|
+
"control_name": "Web application penetration testing methodology"
|
|
36050
|
+
},
|
|
36051
|
+
{
|
|
36052
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
36053
|
+
"framework": "PCI DSS 4.0",
|
|
36054
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
36055
|
+
},
|
|
36056
|
+
{
|
|
36057
|
+
"id": "PTES-Pre-engagement",
|
|
36058
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
36059
|
+
"control_name": "Pre-engagement Interactions"
|
|
36060
|
+
},
|
|
36061
|
+
{
|
|
36062
|
+
"id": "SOC2-CC6-logical-access",
|
|
36063
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
36064
|
+
"control_name": "Logical and Physical Access Controls"
|
|
36065
|
+
},
|
|
36066
|
+
{
|
|
36067
|
+
"id": "SOC2-CC9-vendor-management",
|
|
36068
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
36069
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
36070
|
+
}
|
|
36071
|
+
],
|
|
36072
|
+
"attack_refs": [
|
|
36073
|
+
"T0855",
|
|
36074
|
+
"T0883",
|
|
36075
|
+
"T1059",
|
|
36076
|
+
"T1068",
|
|
36077
|
+
"T1078",
|
|
36078
|
+
"T1133",
|
|
36079
|
+
"T1190",
|
|
36080
|
+
"T1548.001",
|
|
36081
|
+
"T1566"
|
|
36082
|
+
],
|
|
36083
|
+
"rfc_refs": [
|
|
36084
|
+
"RFC-4301",
|
|
36085
|
+
"RFC-4303",
|
|
36086
|
+
"RFC-7296"
|
|
36087
|
+
]
|
|
36088
|
+
}
|
|
36089
|
+
},
|
|
36090
|
+
"CVE-2023-6019": {
|
|
36091
|
+
"name": "Anyscale Ray Dashboard cpu_profile Command Injection RCE",
|
|
36092
|
+
"rwep": 31,
|
|
36093
|
+
"cvss": 9.8,
|
|
36094
|
+
"cisa_kev": false,
|
|
36095
|
+
"epss_score": null,
|
|
36096
|
+
"referencing_skills": [
|
|
36097
|
+
"kernel-lpe-triage",
|
|
36098
|
+
"ai-attack-surface",
|
|
36099
|
+
"compliance-theater",
|
|
36100
|
+
"attack-surface-pentest",
|
|
36101
|
+
"ot-ics-security",
|
|
36102
|
+
"coordinated-vuln-disclosure",
|
|
36103
|
+
"sector-energy"
|
|
36104
|
+
],
|
|
36105
|
+
"chain": {
|
|
36106
|
+
"cwes": [
|
|
36107
|
+
{
|
|
36108
|
+
"id": "CWE-1037",
|
|
36109
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
36110
|
+
"category": "Hardware / Side Channel"
|
|
36111
|
+
},
|
|
36112
|
+
{
|
|
36113
|
+
"id": "CWE-1039",
|
|
36114
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
36115
|
+
"category": "AI/ML"
|
|
36116
|
+
},
|
|
36117
|
+
{
|
|
36118
|
+
"id": "CWE-125",
|
|
36119
|
+
"name": "Out-of-bounds Read",
|
|
36120
|
+
"category": "Memory Safety"
|
|
36121
|
+
},
|
|
36122
|
+
{
|
|
36123
|
+
"id": "CWE-1357",
|
|
36124
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
36125
|
+
"category": "Supply Chain"
|
|
36126
|
+
},
|
|
36127
|
+
{
|
|
36128
|
+
"id": "CWE-1395",
|
|
36129
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
36130
|
+
"category": "Supply Chain"
|
|
36131
|
+
},
|
|
36132
|
+
{
|
|
36133
|
+
"id": "CWE-1426",
|
|
36134
|
+
"name": "Improper Validation of Generative AI Output",
|
|
36135
|
+
"category": "AI/ML"
|
|
36136
|
+
},
|
|
36137
|
+
{
|
|
36138
|
+
"id": "CWE-22",
|
|
36139
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
36140
|
+
"category": "Path/Resource"
|
|
36141
|
+
},
|
|
36142
|
+
{
|
|
36143
|
+
"id": "CWE-269",
|
|
36144
|
+
"name": "Improper Privilege Management",
|
|
36145
|
+
"category": "Authorization"
|
|
36146
|
+
},
|
|
36147
|
+
{
|
|
36148
|
+
"id": "CWE-287",
|
|
36149
|
+
"name": "Improper Authentication",
|
|
36150
|
+
"category": "Authentication"
|
|
36151
|
+
},
|
|
36152
|
+
{
|
|
36153
|
+
"id": "CWE-306",
|
|
36154
|
+
"name": "Missing Authentication for Critical Function",
|
|
36155
|
+
"category": "Authentication"
|
|
36156
|
+
},
|
|
36157
|
+
{
|
|
36158
|
+
"id": "CWE-352",
|
|
36159
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
36160
|
+
"category": "Session"
|
|
36161
|
+
},
|
|
36162
|
+
{
|
|
36163
|
+
"id": "CWE-362",
|
|
36164
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
36165
|
+
"category": "Concurrency"
|
|
36166
|
+
},
|
|
36167
|
+
{
|
|
36168
|
+
"id": "CWE-416",
|
|
36169
|
+
"name": "Use After Free",
|
|
36170
|
+
"category": "Memory Safety"
|
|
36171
|
+
},
|
|
36172
|
+
{
|
|
36173
|
+
"id": "CWE-434",
|
|
36174
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
36175
|
+
"category": "File Handling"
|
|
36176
|
+
},
|
|
36177
|
+
{
|
|
36178
|
+
"id": "CWE-672",
|
|
36179
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
36180
|
+
"category": "Memory Safety"
|
|
36181
|
+
},
|
|
36182
|
+
{
|
|
36183
|
+
"id": "CWE-732",
|
|
36184
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
36185
|
+
"category": "Authorization"
|
|
36186
|
+
},
|
|
36187
|
+
{
|
|
36188
|
+
"id": "CWE-78",
|
|
36189
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
36190
|
+
"category": "Injection"
|
|
36191
|
+
},
|
|
36192
|
+
{
|
|
36193
|
+
"id": "CWE-787",
|
|
36194
|
+
"name": "Out-of-bounds Write",
|
|
36195
|
+
"category": "Memory Safety"
|
|
36196
|
+
},
|
|
36197
|
+
{
|
|
36198
|
+
"id": "CWE-79",
|
|
36199
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
36200
|
+
"category": "Injection"
|
|
36201
|
+
},
|
|
36202
|
+
{
|
|
36203
|
+
"id": "CWE-798",
|
|
36204
|
+
"name": "Use of Hard-coded Credentials",
|
|
36205
|
+
"category": "Credentials"
|
|
36206
|
+
},
|
|
36207
|
+
{
|
|
36208
|
+
"id": "CWE-89",
|
|
36209
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
36210
|
+
"category": "Injection"
|
|
36211
|
+
},
|
|
36212
|
+
{
|
|
36213
|
+
"id": "CWE-918",
|
|
36214
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
36215
|
+
"category": "Network"
|
|
36216
|
+
},
|
|
36217
|
+
{
|
|
36218
|
+
"id": "CWE-94",
|
|
36219
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
36220
|
+
"category": "Injection"
|
|
36221
|
+
}
|
|
36222
|
+
],
|
|
36223
|
+
"atlas": [
|
|
36224
|
+
{
|
|
36225
|
+
"id": "AML.T0010",
|
|
36226
|
+
"name": "ML Supply Chain Compromise",
|
|
36227
|
+
"tactic": "Initial Access"
|
|
36228
|
+
},
|
|
36229
|
+
{
|
|
36230
|
+
"id": "AML.T0016",
|
|
36231
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
36232
|
+
"tactic": "Resource Development"
|
|
36233
|
+
},
|
|
36234
|
+
{
|
|
36235
|
+
"id": "AML.T0017",
|
|
36236
|
+
"name": "Discover ML Model Ontology",
|
|
36237
|
+
"tactic": "Discovery"
|
|
36238
|
+
},
|
|
36239
|
+
{
|
|
36240
|
+
"id": "AML.T0018",
|
|
36241
|
+
"name": "Backdoor ML Model",
|
|
36242
|
+
"tactic": "Persistence"
|
|
36243
|
+
},
|
|
36244
|
+
{
|
|
36245
|
+
"id": "AML.T0020",
|
|
36246
|
+
"name": "Poison Training Data",
|
|
36247
|
+
"tactic": "ML Attack Staging"
|
|
36248
|
+
},
|
|
36249
|
+
{
|
|
36250
|
+
"id": "AML.T0043",
|
|
36251
|
+
"name": "Craft Adversarial Data",
|
|
36252
|
+
"tactic": "ML Attack Staging"
|
|
36253
|
+
},
|
|
36254
|
+
{
|
|
36255
|
+
"id": "AML.T0051",
|
|
36256
|
+
"name": "LLM Prompt Injection",
|
|
36257
|
+
"tactic": "Execution"
|
|
36258
|
+
},
|
|
36259
|
+
{
|
|
36260
|
+
"id": "AML.T0054",
|
|
36261
|
+
"name": "LLM Jailbreak",
|
|
36262
|
+
"tactic": "Defense Evasion"
|
|
36263
|
+
},
|
|
36264
|
+
{
|
|
36265
|
+
"id": "AML.T0096",
|
|
36266
|
+
"name": "AI API as Covert C2 Channel",
|
|
36267
|
+
"tactic": "Command and Control"
|
|
36268
|
+
}
|
|
36269
|
+
],
|
|
36270
|
+
"d3fend": [
|
|
36271
|
+
{
|
|
36272
|
+
"id": "D3-ASLR",
|
|
36273
|
+
"name": "Address Space Layout Randomization",
|
|
36274
|
+
"tactic": "Harden"
|
|
36275
|
+
},
|
|
36276
|
+
{
|
|
36277
|
+
"id": "D3-CSPP",
|
|
36278
|
+
"name": "Client-server Payload Profiling",
|
|
36279
|
+
"tactic": "Detect"
|
|
36280
|
+
},
|
|
36281
|
+
{
|
|
36282
|
+
"id": "D3-EAL",
|
|
36283
|
+
"name": "Executable Allowlisting",
|
|
36284
|
+
"tactic": "Harden"
|
|
36285
|
+
},
|
|
36286
|
+
{
|
|
36287
|
+
"id": "D3-IOPR",
|
|
36288
|
+
"name": "Input/Output Profiling Resource",
|
|
36289
|
+
"tactic": "Detect"
|
|
36290
|
+
},
|
|
36291
|
+
{
|
|
36292
|
+
"id": "D3-NTA",
|
|
36293
|
+
"name": "Network Traffic Analysis",
|
|
36294
|
+
"tactic": "Detect"
|
|
36295
|
+
},
|
|
36296
|
+
{
|
|
36297
|
+
"id": "D3-PHRA",
|
|
36298
|
+
"name": "Process Hardware Resource Access",
|
|
36299
|
+
"tactic": "Isolate"
|
|
36300
|
+
},
|
|
36301
|
+
{
|
|
36302
|
+
"id": "D3-PSEP",
|
|
36303
|
+
"name": "Process Segment Execution Prevention",
|
|
36304
|
+
"tactic": "Harden"
|
|
36305
|
+
}
|
|
36306
|
+
],
|
|
36307
|
+
"framework_gaps": [
|
|
36308
|
+
{
|
|
36309
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
36310
|
+
"framework": "ALL",
|
|
36311
|
+
"control_name": "AI Pipeline Integrity"
|
|
36312
|
+
},
|
|
36313
|
+
{
|
|
36314
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
36315
|
+
"framework": "ALL",
|
|
36316
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
36317
|
+
},
|
|
36318
|
+
{
|
|
36319
|
+
"id": "CIS-Controls-v8-Control7",
|
|
36320
|
+
"framework": "CIS Controls v8",
|
|
36321
|
+
"control_name": "Continuous Vulnerability Management"
|
|
36322
|
+
},
|
|
36323
|
+
{
|
|
36324
|
+
"id": "CMMC-2.0-Level-2",
|
|
36325
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
36326
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
36327
|
+
},
|
|
36328
|
+
{
|
|
36329
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
36330
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
36331
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
36332
|
+
},
|
|
36333
|
+
{
|
|
36334
|
+
"id": "IEC-62443-3-3",
|
|
36335
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
36336
|
+
"control_name": "System security requirements and security levels"
|
|
36337
|
+
},
|
|
36338
|
+
{
|
|
36339
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
36340
|
+
"framework": "ISO/IEC 27001:2022",
|
|
36341
|
+
"control_name": "Secure coding"
|
|
36342
|
+
},
|
|
36343
|
+
{
|
|
36344
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
36345
|
+
"framework": "ISO/IEC 27001:2022",
|
|
36346
|
+
"control_name": "Management of technical vulnerabilities"
|
|
36347
|
+
},
|
|
36348
|
+
{
|
|
36349
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
36350
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
36351
|
+
"control_name": "AI risk management process"
|
|
36352
|
+
},
|
|
36353
|
+
{
|
|
36354
|
+
"id": "NERC-CIP-007-6-R4",
|
|
36355
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
36356
|
+
"control_name": "Security event monitoring"
|
|
36357
|
+
},
|
|
36358
|
+
{
|
|
36359
|
+
"id": "NIS2-Art21-patch-management",
|
|
36360
|
+
"framework": "EU NIS2 Directive",
|
|
36361
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
36362
|
+
},
|
|
36363
|
+
{
|
|
36364
|
+
"id": "NIST-800-115",
|
|
36365
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
36366
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
36367
|
+
},
|
|
36368
|
+
{
|
|
36369
|
+
"id": "NIST-800-218-SSDF",
|
|
36370
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
36371
|
+
"control_name": "Secure Software Development Framework"
|
|
36372
|
+
},
|
|
36373
|
+
{
|
|
36374
|
+
"id": "NIST-800-53-AC-2",
|
|
36375
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36376
|
+
"control_name": "Account Management"
|
|
36377
|
+
},
|
|
36378
|
+
{
|
|
36379
|
+
"id": "NIST-800-53-SC-8",
|
|
36380
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36381
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
36382
|
+
},
|
|
36383
|
+
{
|
|
36384
|
+
"id": "NIST-800-53-SI-2",
|
|
36385
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36386
|
+
"control_name": "Flaw Remediation"
|
|
36387
|
+
},
|
|
36388
|
+
{
|
|
36389
|
+
"id": "NIST-800-53-SI-3",
|
|
36390
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36391
|
+
"control_name": "Malicious Code Protection"
|
|
36392
|
+
},
|
|
36393
|
+
{
|
|
36394
|
+
"id": "NIST-800-82r3",
|
|
36395
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
36396
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
36397
|
+
},
|
|
36398
|
+
{
|
|
36399
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
36400
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
36401
|
+
"control_name": "Prompt Injection"
|
|
36402
|
+
},
|
|
36403
|
+
{
|
|
36404
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
36405
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
36406
|
+
"control_name": "Sensitive Information Disclosure"
|
|
36407
|
+
},
|
|
36408
|
+
{
|
|
36409
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
36410
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
36411
|
+
"control_name": "Web application penetration testing methodology"
|
|
36412
|
+
},
|
|
36413
|
+
{
|
|
36414
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
36415
|
+
"framework": "PCI DSS 4.0",
|
|
36416
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
36417
|
+
},
|
|
36418
|
+
{
|
|
36419
|
+
"id": "PTES-Pre-engagement",
|
|
36420
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
36421
|
+
"control_name": "Pre-engagement Interactions"
|
|
36422
|
+
},
|
|
36423
|
+
{
|
|
36424
|
+
"id": "SOC2-CC6-logical-access",
|
|
36425
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
36426
|
+
"control_name": "Logical and Physical Access Controls"
|
|
36427
|
+
},
|
|
36428
|
+
{
|
|
36429
|
+
"id": "SOC2-CC9-vendor-management",
|
|
36430
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
36431
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
36432
|
+
}
|
|
36433
|
+
],
|
|
36434
|
+
"attack_refs": [
|
|
36435
|
+
"T0855",
|
|
36436
|
+
"T0883",
|
|
36437
|
+
"T1059",
|
|
36438
|
+
"T1068",
|
|
36439
|
+
"T1078",
|
|
36440
|
+
"T1133",
|
|
36441
|
+
"T1190",
|
|
36442
|
+
"T1548.001",
|
|
36443
|
+
"T1566"
|
|
36444
|
+
],
|
|
36445
|
+
"rfc_refs": [
|
|
36446
|
+
"RFC-4301",
|
|
36447
|
+
"RFC-4303",
|
|
36448
|
+
"RFC-7296"
|
|
36449
|
+
]
|
|
36450
|
+
}
|
|
36451
|
+
},
|
|
36452
|
+
"CVE-2023-6021": {
|
|
36453
|
+
"name": "Anyscale Ray Dashboard Log API Local File Inclusion",
|
|
36454
|
+
"rwep": 27,
|
|
36455
|
+
"cvss": 7.5,
|
|
36456
|
+
"cisa_kev": false,
|
|
36457
|
+
"epss_score": null,
|
|
36458
|
+
"referencing_skills": [
|
|
36459
|
+
"kernel-lpe-triage",
|
|
36460
|
+
"ai-attack-surface",
|
|
36461
|
+
"compliance-theater",
|
|
36462
|
+
"attack-surface-pentest",
|
|
36463
|
+
"ot-ics-security",
|
|
36464
|
+
"coordinated-vuln-disclosure",
|
|
36465
|
+
"sector-energy"
|
|
36466
|
+
],
|
|
36467
|
+
"chain": {
|
|
36468
|
+
"cwes": [
|
|
36469
|
+
{
|
|
36470
|
+
"id": "CWE-1037",
|
|
36471
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
36472
|
+
"category": "Hardware / Side Channel"
|
|
36473
|
+
},
|
|
36474
|
+
{
|
|
36475
|
+
"id": "CWE-1039",
|
|
36476
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
36477
|
+
"category": "AI/ML"
|
|
36478
|
+
},
|
|
36479
|
+
{
|
|
36480
|
+
"id": "CWE-125",
|
|
36481
|
+
"name": "Out-of-bounds Read",
|
|
36482
|
+
"category": "Memory Safety"
|
|
36483
|
+
},
|
|
36484
|
+
{
|
|
36485
|
+
"id": "CWE-1357",
|
|
36486
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
36487
|
+
"category": "Supply Chain"
|
|
36488
|
+
},
|
|
36489
|
+
{
|
|
36490
|
+
"id": "CWE-1395",
|
|
36491
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
36492
|
+
"category": "Supply Chain"
|
|
36493
|
+
},
|
|
36494
|
+
{
|
|
36495
|
+
"id": "CWE-1426",
|
|
36496
|
+
"name": "Improper Validation of Generative AI Output",
|
|
36497
|
+
"category": "AI/ML"
|
|
36498
|
+
},
|
|
36499
|
+
{
|
|
36500
|
+
"id": "CWE-22",
|
|
36501
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
36502
|
+
"category": "Path/Resource"
|
|
36503
|
+
},
|
|
36504
|
+
{
|
|
36505
|
+
"id": "CWE-269",
|
|
36506
|
+
"name": "Improper Privilege Management",
|
|
36507
|
+
"category": "Authorization"
|
|
36508
|
+
},
|
|
36509
|
+
{
|
|
36510
|
+
"id": "CWE-287",
|
|
36511
|
+
"name": "Improper Authentication",
|
|
36512
|
+
"category": "Authentication"
|
|
36513
|
+
},
|
|
36514
|
+
{
|
|
36515
|
+
"id": "CWE-306",
|
|
36516
|
+
"name": "Missing Authentication for Critical Function",
|
|
36517
|
+
"category": "Authentication"
|
|
36518
|
+
},
|
|
36519
|
+
{
|
|
36520
|
+
"id": "CWE-352",
|
|
36521
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
36522
|
+
"category": "Session"
|
|
36523
|
+
},
|
|
36524
|
+
{
|
|
36525
|
+
"id": "CWE-362",
|
|
36526
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
36527
|
+
"category": "Concurrency"
|
|
36528
|
+
},
|
|
36529
|
+
{
|
|
36530
|
+
"id": "CWE-416",
|
|
36531
|
+
"name": "Use After Free",
|
|
36532
|
+
"category": "Memory Safety"
|
|
36533
|
+
},
|
|
36534
|
+
{
|
|
36535
|
+
"id": "CWE-434",
|
|
36536
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
36537
|
+
"category": "File Handling"
|
|
36538
|
+
},
|
|
36539
|
+
{
|
|
36540
|
+
"id": "CWE-672",
|
|
36541
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
36542
|
+
"category": "Memory Safety"
|
|
36543
|
+
},
|
|
36544
|
+
{
|
|
36545
|
+
"id": "CWE-732",
|
|
36546
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
36547
|
+
"category": "Authorization"
|
|
36548
|
+
},
|
|
36549
|
+
{
|
|
36550
|
+
"id": "CWE-78",
|
|
36551
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
36552
|
+
"category": "Injection"
|
|
36553
|
+
},
|
|
36554
|
+
{
|
|
36555
|
+
"id": "CWE-787",
|
|
36556
|
+
"name": "Out-of-bounds Write",
|
|
36557
|
+
"category": "Memory Safety"
|
|
36558
|
+
},
|
|
36559
|
+
{
|
|
36560
|
+
"id": "CWE-79",
|
|
36561
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
36562
|
+
"category": "Injection"
|
|
36563
|
+
},
|
|
36564
|
+
{
|
|
36565
|
+
"id": "CWE-798",
|
|
36566
|
+
"name": "Use of Hard-coded Credentials",
|
|
36567
|
+
"category": "Credentials"
|
|
36568
|
+
},
|
|
36569
|
+
{
|
|
36570
|
+
"id": "CWE-89",
|
|
36571
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
36572
|
+
"category": "Injection"
|
|
36573
|
+
},
|
|
36574
|
+
{
|
|
36575
|
+
"id": "CWE-918",
|
|
36576
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
36577
|
+
"category": "Network"
|
|
36578
|
+
},
|
|
36579
|
+
{
|
|
36580
|
+
"id": "CWE-94",
|
|
36581
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
36582
|
+
"category": "Injection"
|
|
36583
|
+
}
|
|
36584
|
+
],
|
|
36585
|
+
"atlas": [
|
|
36586
|
+
{
|
|
36587
|
+
"id": "AML.T0010",
|
|
36588
|
+
"name": "ML Supply Chain Compromise",
|
|
36589
|
+
"tactic": "Initial Access"
|
|
36590
|
+
},
|
|
36591
|
+
{
|
|
36592
|
+
"id": "AML.T0016",
|
|
36593
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
36594
|
+
"tactic": "Resource Development"
|
|
36595
|
+
},
|
|
36596
|
+
{
|
|
36597
|
+
"id": "AML.T0017",
|
|
36598
|
+
"name": "Discover ML Model Ontology",
|
|
36599
|
+
"tactic": "Discovery"
|
|
36600
|
+
},
|
|
36601
|
+
{
|
|
36602
|
+
"id": "AML.T0018",
|
|
36603
|
+
"name": "Backdoor ML Model",
|
|
36604
|
+
"tactic": "Persistence"
|
|
36605
|
+
},
|
|
36606
|
+
{
|
|
36607
|
+
"id": "AML.T0020",
|
|
36608
|
+
"name": "Poison Training Data",
|
|
36609
|
+
"tactic": "ML Attack Staging"
|
|
36610
|
+
},
|
|
36611
|
+
{
|
|
36612
|
+
"id": "AML.T0043",
|
|
36613
|
+
"name": "Craft Adversarial Data",
|
|
36614
|
+
"tactic": "ML Attack Staging"
|
|
36615
|
+
},
|
|
36616
|
+
{
|
|
36617
|
+
"id": "AML.T0051",
|
|
36618
|
+
"name": "LLM Prompt Injection",
|
|
36619
|
+
"tactic": "Execution"
|
|
36620
|
+
},
|
|
36621
|
+
{
|
|
36622
|
+
"id": "AML.T0054",
|
|
36623
|
+
"name": "LLM Jailbreak",
|
|
36624
|
+
"tactic": "Defense Evasion"
|
|
36625
|
+
},
|
|
36626
|
+
{
|
|
36627
|
+
"id": "AML.T0096",
|
|
36628
|
+
"name": "AI API as Covert C2 Channel",
|
|
36629
|
+
"tactic": "Command and Control"
|
|
36630
|
+
}
|
|
36631
|
+
],
|
|
36632
|
+
"d3fend": [
|
|
36633
|
+
{
|
|
36634
|
+
"id": "D3-ASLR",
|
|
36635
|
+
"name": "Address Space Layout Randomization",
|
|
36636
|
+
"tactic": "Harden"
|
|
36637
|
+
},
|
|
36638
|
+
{
|
|
36639
|
+
"id": "D3-CSPP",
|
|
36640
|
+
"name": "Client-server Payload Profiling",
|
|
36641
|
+
"tactic": "Detect"
|
|
36642
|
+
},
|
|
36643
|
+
{
|
|
36644
|
+
"id": "D3-EAL",
|
|
36645
|
+
"name": "Executable Allowlisting",
|
|
36646
|
+
"tactic": "Harden"
|
|
36647
|
+
},
|
|
36648
|
+
{
|
|
36649
|
+
"id": "D3-IOPR",
|
|
36650
|
+
"name": "Input/Output Profiling Resource",
|
|
36651
|
+
"tactic": "Detect"
|
|
36652
|
+
},
|
|
36653
|
+
{
|
|
36654
|
+
"id": "D3-NTA",
|
|
36655
|
+
"name": "Network Traffic Analysis",
|
|
36656
|
+
"tactic": "Detect"
|
|
36657
|
+
},
|
|
36658
|
+
{
|
|
36659
|
+
"id": "D3-PHRA",
|
|
36660
|
+
"name": "Process Hardware Resource Access",
|
|
36661
|
+
"tactic": "Isolate"
|
|
36662
|
+
},
|
|
36663
|
+
{
|
|
36664
|
+
"id": "D3-PSEP",
|
|
36665
|
+
"name": "Process Segment Execution Prevention",
|
|
36666
|
+
"tactic": "Harden"
|
|
36667
|
+
}
|
|
36668
|
+
],
|
|
36669
|
+
"framework_gaps": [
|
|
36670
|
+
{
|
|
36671
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
36672
|
+
"framework": "ALL",
|
|
36673
|
+
"control_name": "AI Pipeline Integrity"
|
|
36674
|
+
},
|
|
36675
|
+
{
|
|
36676
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
36677
|
+
"framework": "ALL",
|
|
36678
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
36679
|
+
},
|
|
36680
|
+
{
|
|
36681
|
+
"id": "CIS-Controls-v8-Control7",
|
|
36682
|
+
"framework": "CIS Controls v8",
|
|
36683
|
+
"control_name": "Continuous Vulnerability Management"
|
|
36684
|
+
},
|
|
36685
|
+
{
|
|
36686
|
+
"id": "CMMC-2.0-Level-2",
|
|
36687
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
36688
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
36689
|
+
},
|
|
36690
|
+
{
|
|
36691
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
36692
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
36693
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
36694
|
+
},
|
|
36695
|
+
{
|
|
36696
|
+
"id": "IEC-62443-3-3",
|
|
36697
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
36698
|
+
"control_name": "System security requirements and security levels"
|
|
36699
|
+
},
|
|
36700
|
+
{
|
|
36701
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
36702
|
+
"framework": "ISO/IEC 27001:2022",
|
|
36703
|
+
"control_name": "Secure coding"
|
|
36704
|
+
},
|
|
36705
|
+
{
|
|
36706
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
36707
|
+
"framework": "ISO/IEC 27001:2022",
|
|
36708
|
+
"control_name": "Management of technical vulnerabilities"
|
|
36709
|
+
},
|
|
36710
|
+
{
|
|
36711
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
36712
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
36713
|
+
"control_name": "AI risk management process"
|
|
36714
|
+
},
|
|
36715
|
+
{
|
|
36716
|
+
"id": "NERC-CIP-007-6-R4",
|
|
36717
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
36718
|
+
"control_name": "Security event monitoring"
|
|
36719
|
+
},
|
|
36720
|
+
{
|
|
36721
|
+
"id": "NIS2-Art21-patch-management",
|
|
36722
|
+
"framework": "EU NIS2 Directive",
|
|
36723
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
36724
|
+
},
|
|
36725
|
+
{
|
|
36726
|
+
"id": "NIST-800-115",
|
|
36727
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
36728
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
36729
|
+
},
|
|
36730
|
+
{
|
|
36731
|
+
"id": "NIST-800-218-SSDF",
|
|
36732
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
36733
|
+
"control_name": "Secure Software Development Framework"
|
|
36734
|
+
},
|
|
36735
|
+
{
|
|
36736
|
+
"id": "NIST-800-53-AC-2",
|
|
36737
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36738
|
+
"control_name": "Account Management"
|
|
36739
|
+
},
|
|
36740
|
+
{
|
|
36741
|
+
"id": "NIST-800-53-SC-8",
|
|
36742
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36743
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
36744
|
+
},
|
|
36745
|
+
{
|
|
36746
|
+
"id": "NIST-800-53-SI-2",
|
|
36747
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36748
|
+
"control_name": "Flaw Remediation"
|
|
36749
|
+
},
|
|
36750
|
+
{
|
|
36751
|
+
"id": "NIST-800-53-SI-3",
|
|
36752
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36753
|
+
"control_name": "Malicious Code Protection"
|
|
36754
|
+
},
|
|
36755
|
+
{
|
|
36756
|
+
"id": "NIST-800-82r3",
|
|
36757
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
36758
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
36759
|
+
},
|
|
36760
|
+
{
|
|
36761
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
36762
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
36763
|
+
"control_name": "Prompt Injection"
|
|
36764
|
+
},
|
|
36765
|
+
{
|
|
36766
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
36767
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
36768
|
+
"control_name": "Sensitive Information Disclosure"
|
|
36769
|
+
},
|
|
36770
|
+
{
|
|
36771
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
36772
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
36773
|
+
"control_name": "Web application penetration testing methodology"
|
|
36774
|
+
},
|
|
36775
|
+
{
|
|
36776
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
36777
|
+
"framework": "PCI DSS 4.0",
|
|
36778
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
36779
|
+
},
|
|
36780
|
+
{
|
|
36781
|
+
"id": "PTES-Pre-engagement",
|
|
36782
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
36783
|
+
"control_name": "Pre-engagement Interactions"
|
|
36784
|
+
},
|
|
36785
|
+
{
|
|
36786
|
+
"id": "SOC2-CC6-logical-access",
|
|
36787
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
36788
|
+
"control_name": "Logical and Physical Access Controls"
|
|
36789
|
+
},
|
|
36790
|
+
{
|
|
36791
|
+
"id": "SOC2-CC9-vendor-management",
|
|
36792
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
36793
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
36794
|
+
}
|
|
36795
|
+
],
|
|
36796
|
+
"attack_refs": [
|
|
36797
|
+
"T0855",
|
|
36798
|
+
"T0883",
|
|
36799
|
+
"T1059",
|
|
36800
|
+
"T1068",
|
|
36801
|
+
"T1078",
|
|
36802
|
+
"T1133",
|
|
36803
|
+
"T1190",
|
|
36804
|
+
"T1548.001",
|
|
36805
|
+
"T1566"
|
|
36806
|
+
],
|
|
36807
|
+
"rfc_refs": [
|
|
36808
|
+
"RFC-4301",
|
|
36809
|
+
"RFC-4303",
|
|
36810
|
+
"RFC-7296"
|
|
36811
|
+
]
|
|
36812
|
+
}
|
|
36813
|
+
},
|
|
35366
36814
|
"CVE-2026-41091": {
|
|
35367
36815
|
"name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
|
|
35368
36816
|
"rwep": 45,
|
|
@@ -61744,6 +63192,8 @@
|
|
|
61744
63192
|
"CVE-2023-44467",
|
|
61745
63193
|
"CVE-2023-48022",
|
|
61746
63194
|
"CVE-2023-51449",
|
|
63195
|
+
"CVE-2023-6019",
|
|
63196
|
+
"CVE-2023-6021",
|
|
61747
63197
|
"CVE-2024-0132",
|
|
61748
63198
|
"CVE-2024-11392",
|
|
61749
63199
|
"CVE-2024-11393",
|
|
@@ -61783,6 +63233,7 @@
|
|
|
61783
63233
|
"CVE-2025-54136",
|
|
61784
63234
|
"CVE-2025-60455",
|
|
61785
63235
|
"CVE-2025-64496",
|
|
63236
|
+
"CVE-2025-64513",
|
|
61786
63237
|
"CVE-2025-6965",
|
|
61787
63238
|
"CVE-2025-8747",
|
|
61788
63239
|
"CVE-2026-0766",
|
|
@@ -61795,6 +63246,7 @@
|
|
|
61795
63246
|
"CVE-2026-24215",
|
|
61796
63247
|
"CVE-2026-25592",
|
|
61797
63248
|
"CVE-2026-26015",
|
|
63249
|
+
"CVE-2026-26190",
|
|
61798
63250
|
"CVE-2026-30615",
|
|
61799
63251
|
"CVE-2026-30616",
|
|
61800
63252
|
"CVE-2026-30617",
|
|
@@ -62143,6 +63595,8 @@
|
|
|
62143
63595
|
"CVE-2023-44467",
|
|
62144
63596
|
"CVE-2023-48022",
|
|
62145
63597
|
"CVE-2023-51449",
|
|
63598
|
+
"CVE-2023-6019",
|
|
63599
|
+
"CVE-2023-6021",
|
|
62146
63600
|
"CVE-2024-0132",
|
|
62147
63601
|
"CVE-2024-11392",
|
|
62148
63602
|
"CVE-2024-11393",
|
|
@@ -62178,6 +63632,7 @@
|
|
|
62178
63632
|
"CVE-2025-54136",
|
|
62179
63633
|
"CVE-2025-60455",
|
|
62180
63634
|
"CVE-2025-64496",
|
|
63635
|
+
"CVE-2025-64513",
|
|
62181
63636
|
"CVE-2025-6965",
|
|
62182
63637
|
"CVE-2025-8747",
|
|
62183
63638
|
"CVE-2026-0766",
|
|
@@ -62190,6 +63645,7 @@
|
|
|
62190
63645
|
"CVE-2026-24215",
|
|
62191
63646
|
"CVE-2026-25592",
|
|
62192
63647
|
"CVE-2026-26015",
|
|
63648
|
+
"CVE-2026-26190",
|
|
62193
63649
|
"CVE-2026-30616",
|
|
62194
63650
|
"CVE-2026-30617",
|
|
62195
63651
|
"CVE-2026-30623",
|
|
@@ -62333,6 +63789,8 @@
|
|
|
62333
63789
|
"CVE-2023-44467",
|
|
62334
63790
|
"CVE-2023-48022",
|
|
62335
63791
|
"CVE-2023-51449",
|
|
63792
|
+
"CVE-2023-6019",
|
|
63793
|
+
"CVE-2023-6021",
|
|
62336
63794
|
"CVE-2024-0132",
|
|
62337
63795
|
"CVE-2024-11392",
|
|
62338
63796
|
"CVE-2024-11393",
|
|
@@ -62368,6 +63826,7 @@
|
|
|
62368
63826
|
"CVE-2025-54136",
|
|
62369
63827
|
"CVE-2025-60455",
|
|
62370
63828
|
"CVE-2025-64496",
|
|
63829
|
+
"CVE-2025-64513",
|
|
62371
63830
|
"CVE-2025-6965",
|
|
62372
63831
|
"CVE-2025-8747",
|
|
62373
63832
|
"CVE-2026-0766",
|
|
@@ -62380,6 +63839,7 @@
|
|
|
62380
63839
|
"CVE-2026-24215",
|
|
62381
63840
|
"CVE-2026-25592",
|
|
62382
63841
|
"CVE-2026-26015",
|
|
63842
|
+
"CVE-2026-26190",
|
|
62383
63843
|
"CVE-2026-30616",
|
|
62384
63844
|
"CVE-2026-30617",
|
|
62385
63845
|
"CVE-2026-30623",
|
|
@@ -62537,6 +63997,8 @@
|
|
|
62537
63997
|
"CVE-2023-44467",
|
|
62538
63998
|
"CVE-2023-48022",
|
|
62539
63999
|
"CVE-2023-51449",
|
|
64000
|
+
"CVE-2023-6019",
|
|
64001
|
+
"CVE-2023-6021",
|
|
62540
64002
|
"CVE-2024-0132",
|
|
62541
64003
|
"CVE-2024-11392",
|
|
62542
64004
|
"CVE-2024-11393",
|
|
@@ -62572,6 +64034,7 @@
|
|
|
62572
64034
|
"CVE-2025-54136",
|
|
62573
64035
|
"CVE-2025-60455",
|
|
62574
64036
|
"CVE-2025-64496",
|
|
64037
|
+
"CVE-2025-64513",
|
|
62575
64038
|
"CVE-2025-6965",
|
|
62576
64039
|
"CVE-2025-8747",
|
|
62577
64040
|
"CVE-2026-0766",
|
|
@@ -62584,6 +64047,7 @@
|
|
|
62584
64047
|
"CVE-2026-24215",
|
|
62585
64048
|
"CVE-2026-25592",
|
|
62586
64049
|
"CVE-2026-26015",
|
|
64050
|
+
"CVE-2026-26190",
|
|
62587
64051
|
"CVE-2026-30616",
|
|
62588
64052
|
"CVE-2026-30617",
|
|
62589
64053
|
"CVE-2026-30623",
|
|
@@ -62845,6 +64309,8 @@
|
|
|
62845
64309
|
"CVE-2023-44467",
|
|
62846
64310
|
"CVE-2023-48022",
|
|
62847
64311
|
"CVE-2023-51449",
|
|
64312
|
+
"CVE-2023-6019",
|
|
64313
|
+
"CVE-2023-6021",
|
|
62848
64314
|
"CVE-2024-0132",
|
|
62849
64315
|
"CVE-2024-11392",
|
|
62850
64316
|
"CVE-2024-11393",
|
|
@@ -62881,6 +64347,7 @@
|
|
|
62881
64347
|
"CVE-2025-54136",
|
|
62882
64348
|
"CVE-2025-60455",
|
|
62883
64349
|
"CVE-2025-64496",
|
|
64350
|
+
"CVE-2025-64513",
|
|
62884
64351
|
"CVE-2025-6965",
|
|
62885
64352
|
"CVE-2025-8747",
|
|
62886
64353
|
"CVE-2026-0766",
|
|
@@ -62894,6 +64361,7 @@
|
|
|
62894
64361
|
"CVE-2026-24215",
|
|
62895
64362
|
"CVE-2026-25592",
|
|
62896
64363
|
"CVE-2026-26015",
|
|
64364
|
+
"CVE-2026-26190",
|
|
62897
64365
|
"CVE-2026-30615",
|
|
62898
64366
|
"CVE-2026-30616",
|
|
62899
64367
|
"CVE-2026-30617",
|
|
@@ -63109,6 +64577,8 @@
|
|
|
63109
64577
|
"CVE-2023-50224",
|
|
63110
64578
|
"CVE-2023-51449",
|
|
63111
64579
|
"CVE-2023-52163",
|
|
64580
|
+
"CVE-2023-6019",
|
|
64581
|
+
"CVE-2023-6021",
|
|
63112
64582
|
"CVE-2024-0132",
|
|
63113
64583
|
"CVE-2024-0769",
|
|
63114
64584
|
"CVE-2024-11182",
|
|
@@ -63280,6 +64750,7 @@
|
|
|
63280
64750
|
"CVE-2025-64328",
|
|
63281
64751
|
"CVE-2025-64446",
|
|
63282
64752
|
"CVE-2025-64496",
|
|
64753
|
+
"CVE-2025-64513",
|
|
63283
64754
|
"CVE-2025-6543",
|
|
63284
64755
|
"CVE-2025-6554",
|
|
63285
64756
|
"CVE-2025-6558",
|
|
@@ -63337,6 +64808,7 @@
|
|
|
63337
64808
|
"CVE-2026-25108",
|
|
63338
64809
|
"CVE-2026-25592",
|
|
63339
64810
|
"CVE-2026-26015",
|
|
64811
|
+
"CVE-2026-26190",
|
|
63340
64812
|
"CVE-2026-3055",
|
|
63341
64813
|
"CVE-2026-30616",
|
|
63342
64814
|
"CVE-2026-30617",
|
|
@@ -63961,6 +65433,8 @@
|
|
|
63961
65433
|
"CVE-2023-44467",
|
|
63962
65434
|
"CVE-2023-48022",
|
|
63963
65435
|
"CVE-2023-51449",
|
|
65436
|
+
"CVE-2023-6019",
|
|
65437
|
+
"CVE-2023-6021",
|
|
63964
65438
|
"CVE-2024-0132",
|
|
63965
65439
|
"CVE-2024-11392",
|
|
63966
65440
|
"CVE-2024-11393",
|
|
@@ -64000,6 +65474,7 @@
|
|
|
64000
65474
|
"CVE-2025-54136",
|
|
64001
65475
|
"CVE-2025-60455",
|
|
64002
65476
|
"CVE-2025-64496",
|
|
65477
|
+
"CVE-2025-64513",
|
|
64003
65478
|
"CVE-2025-6965",
|
|
64004
65479
|
"CVE-2025-8747",
|
|
64005
65480
|
"CVE-2026-0766",
|
|
@@ -64012,6 +65487,7 @@
|
|
|
64012
65487
|
"CVE-2026-24215",
|
|
64013
65488
|
"CVE-2026-25592",
|
|
64014
65489
|
"CVE-2026-26015",
|
|
65490
|
+
"CVE-2026-26190",
|
|
64015
65491
|
"CVE-2026-30615",
|
|
64016
65492
|
"CVE-2026-30616",
|
|
64017
65493
|
"CVE-2026-30617",
|
|
@@ -64590,6 +66066,8 @@
|
|
|
64590
66066
|
"CVE-2023-44467",
|
|
64591
66067
|
"CVE-2023-48022",
|
|
64592
66068
|
"CVE-2023-51449",
|
|
66069
|
+
"CVE-2023-6019",
|
|
66070
|
+
"CVE-2023-6021",
|
|
64593
66071
|
"CVE-2024-0132",
|
|
64594
66072
|
"CVE-2024-11392",
|
|
64595
66073
|
"CVE-2024-11393",
|
|
@@ -64629,6 +66107,7 @@
|
|
|
64629
66107
|
"CVE-2025-54136",
|
|
64630
66108
|
"CVE-2025-60455",
|
|
64631
66109
|
"CVE-2025-64496",
|
|
66110
|
+
"CVE-2025-64513",
|
|
64632
66111
|
"CVE-2025-6965",
|
|
64633
66112
|
"CVE-2025-8747",
|
|
64634
66113
|
"CVE-2026-0766",
|
|
@@ -64641,6 +66120,7 @@
|
|
|
64641
66120
|
"CVE-2026-24215",
|
|
64642
66121
|
"CVE-2026-25592",
|
|
64643
66122
|
"CVE-2026-26015",
|
|
66123
|
+
"CVE-2026-26190",
|
|
64644
66124
|
"CVE-2026-30615",
|
|
64645
66125
|
"CVE-2026-30616",
|
|
64646
66126
|
"CVE-2026-30617",
|
|
@@ -64857,6 +66337,8 @@
|
|
|
64857
66337
|
"CVE-2023-44467",
|
|
64858
66338
|
"CVE-2023-48022",
|
|
64859
66339
|
"CVE-2023-51449",
|
|
66340
|
+
"CVE-2023-6019",
|
|
66341
|
+
"CVE-2023-6021",
|
|
64860
66342
|
"CVE-2024-0132",
|
|
64861
66343
|
"CVE-2024-11392",
|
|
64862
66344
|
"CVE-2024-11393",
|
|
@@ -64893,6 +66375,7 @@
|
|
|
64893
66375
|
"CVE-2025-54136",
|
|
64894
66376
|
"CVE-2025-60455",
|
|
64895
66377
|
"CVE-2025-64496",
|
|
66378
|
+
"CVE-2025-64513",
|
|
64896
66379
|
"CVE-2025-8747",
|
|
64897
66380
|
"CVE-2026-0766",
|
|
64898
66381
|
"CVE-2026-22252",
|
|
@@ -64904,6 +66387,7 @@
|
|
|
64904
66387
|
"CVE-2026-24215",
|
|
64905
66388
|
"CVE-2026-25592",
|
|
64906
66389
|
"CVE-2026-26015",
|
|
66390
|
+
"CVE-2026-26190",
|
|
64907
66391
|
"CVE-2026-30615",
|
|
64908
66392
|
"CVE-2026-30616",
|
|
64909
66393
|
"CVE-2026-30617",
|
|
@@ -65550,6 +67034,8 @@
|
|
|
65550
67034
|
"CVE-2023-44467",
|
|
65551
67035
|
"CVE-2023-48022",
|
|
65552
67036
|
"CVE-2023-51449",
|
|
67037
|
+
"CVE-2023-6019",
|
|
67038
|
+
"CVE-2023-6021",
|
|
65553
67039
|
"CVE-2024-0132",
|
|
65554
67040
|
"CVE-2024-11392",
|
|
65555
67041
|
"CVE-2024-11393",
|
|
@@ -65589,6 +67075,7 @@
|
|
|
65589
67075
|
"CVE-2025-54136",
|
|
65590
67076
|
"CVE-2025-60455",
|
|
65591
67077
|
"CVE-2025-64496",
|
|
67078
|
+
"CVE-2025-64513",
|
|
65592
67079
|
"CVE-2025-6965",
|
|
65593
67080
|
"CVE-2025-8747",
|
|
65594
67081
|
"CVE-2026-0766",
|
|
@@ -65601,6 +67088,7 @@
|
|
|
65601
67088
|
"CVE-2026-24215",
|
|
65602
67089
|
"CVE-2026-25592",
|
|
65603
67090
|
"CVE-2026-26015",
|
|
67091
|
+
"CVE-2026-26190",
|
|
65604
67092
|
"CVE-2026-30615",
|
|
65605
67093
|
"CVE-2026-30616",
|
|
65606
67094
|
"CVE-2026-30617",
|
|
@@ -65821,6 +67309,8 @@
|
|
|
65821
67309
|
"CVE-2023-50224",
|
|
65822
67310
|
"CVE-2023-51449",
|
|
65823
67311
|
"CVE-2023-52163",
|
|
67312
|
+
"CVE-2023-6019",
|
|
67313
|
+
"CVE-2023-6021",
|
|
65824
67314
|
"CVE-2024-0132",
|
|
65825
67315
|
"CVE-2024-0769",
|
|
65826
67316
|
"CVE-2024-11182",
|
|
@@ -65992,6 +67482,7 @@
|
|
|
65992
67482
|
"CVE-2025-64328",
|
|
65993
67483
|
"CVE-2025-64446",
|
|
65994
67484
|
"CVE-2025-64496",
|
|
67485
|
+
"CVE-2025-64513",
|
|
65995
67486
|
"CVE-2025-6543",
|
|
65996
67487
|
"CVE-2025-6554",
|
|
65997
67488
|
"CVE-2025-6558",
|
|
@@ -66049,6 +67540,7 @@
|
|
|
66049
67540
|
"CVE-2026-25108",
|
|
66050
67541
|
"CVE-2026-25592",
|
|
66051
67542
|
"CVE-2026-26015",
|
|
67543
|
+
"CVE-2026-26190",
|
|
66052
67544
|
"CVE-2026-3055",
|
|
66053
67545
|
"CVE-2026-30616",
|
|
66054
67546
|
"CVE-2026-30617",
|
|
@@ -66271,6 +67763,8 @@
|
|
|
66271
67763
|
"CVE-2023-50224",
|
|
66272
67764
|
"CVE-2023-51449",
|
|
66273
67765
|
"CVE-2023-52163",
|
|
67766
|
+
"CVE-2023-6019",
|
|
67767
|
+
"CVE-2023-6021",
|
|
66274
67768
|
"CVE-2024-0132",
|
|
66275
67769
|
"CVE-2024-0769",
|
|
66276
67770
|
"CVE-2024-11182",
|
|
@@ -66442,6 +67936,7 @@
|
|
|
66442
67936
|
"CVE-2025-64328",
|
|
66443
67937
|
"CVE-2025-64446",
|
|
66444
67938
|
"CVE-2025-64496",
|
|
67939
|
+
"CVE-2025-64513",
|
|
66445
67940
|
"CVE-2025-6543",
|
|
66446
67941
|
"CVE-2025-6554",
|
|
66447
67942
|
"CVE-2025-6558",
|
|
@@ -66499,6 +67994,7 @@
|
|
|
66499
67994
|
"CVE-2026-25108",
|
|
66500
67995
|
"CVE-2026-25592",
|
|
66501
67996
|
"CVE-2026-26015",
|
|
67997
|
+
"CVE-2026-26190",
|
|
66502
67998
|
"CVE-2026-3055",
|
|
66503
67999
|
"CVE-2026-30616",
|
|
66504
68000
|
"CVE-2026-30617",
|
|
@@ -66752,6 +68248,8 @@
|
|
|
66752
68248
|
"CVE-2023-44467",
|
|
66753
68249
|
"CVE-2023-48022",
|
|
66754
68250
|
"CVE-2023-51449",
|
|
68251
|
+
"CVE-2023-6019",
|
|
68252
|
+
"CVE-2023-6021",
|
|
66755
68253
|
"CVE-2024-0132",
|
|
66756
68254
|
"CVE-2024-11392",
|
|
66757
68255
|
"CVE-2024-11393",
|
|
@@ -66791,6 +68289,7 @@
|
|
|
66791
68289
|
"CVE-2025-54136",
|
|
66792
68290
|
"CVE-2025-60455",
|
|
66793
68291
|
"CVE-2025-64496",
|
|
68292
|
+
"CVE-2025-64513",
|
|
66794
68293
|
"CVE-2025-6965",
|
|
66795
68294
|
"CVE-2025-8747",
|
|
66796
68295
|
"CVE-2026-0766",
|
|
@@ -66803,6 +68302,7 @@
|
|
|
66803
68302
|
"CVE-2026-24215",
|
|
66804
68303
|
"CVE-2026-25592",
|
|
66805
68304
|
"CVE-2026-26015",
|
|
68305
|
+
"CVE-2026-26190",
|
|
66806
68306
|
"CVE-2026-30615",
|
|
66807
68307
|
"CVE-2026-30616",
|
|
66808
68308
|
"CVE-2026-30617",
|
|
@@ -67575,6 +69075,8 @@
|
|
|
67575
69075
|
"CVE-2023-50224",
|
|
67576
69076
|
"CVE-2023-51449",
|
|
67577
69077
|
"CVE-2023-52163",
|
|
69078
|
+
"CVE-2023-6019",
|
|
69079
|
+
"CVE-2023-6021",
|
|
67578
69080
|
"CVE-2024-0132",
|
|
67579
69081
|
"CVE-2024-0769",
|
|
67580
69082
|
"CVE-2024-11182",
|
|
@@ -67746,6 +69248,7 @@
|
|
|
67746
69248
|
"CVE-2025-64328",
|
|
67747
69249
|
"CVE-2025-64446",
|
|
67748
69250
|
"CVE-2025-64496",
|
|
69251
|
+
"CVE-2025-64513",
|
|
67749
69252
|
"CVE-2025-6543",
|
|
67750
69253
|
"CVE-2025-6554",
|
|
67751
69254
|
"CVE-2025-6558",
|
|
@@ -67803,6 +69306,7 @@
|
|
|
67803
69306
|
"CVE-2026-25108",
|
|
67804
69307
|
"CVE-2026-25592",
|
|
67805
69308
|
"CVE-2026-26015",
|
|
69309
|
+
"CVE-2026-26190",
|
|
67806
69310
|
"CVE-2026-3055",
|
|
67807
69311
|
"CVE-2026-30616",
|
|
67808
69312
|
"CVE-2026-30617",
|
|
@@ -68120,6 +69624,8 @@
|
|
|
68120
69624
|
"CVE-2023-44467",
|
|
68121
69625
|
"CVE-2023-48022",
|
|
68122
69626
|
"CVE-2023-51449",
|
|
69627
|
+
"CVE-2023-6019",
|
|
69628
|
+
"CVE-2023-6021",
|
|
68123
69629
|
"CVE-2024-0132",
|
|
68124
69630
|
"CVE-2024-11392",
|
|
68125
69631
|
"CVE-2024-11393",
|
|
@@ -68159,6 +69665,7 @@
|
|
|
68159
69665
|
"CVE-2025-54136",
|
|
68160
69666
|
"CVE-2025-60455",
|
|
68161
69667
|
"CVE-2025-64496",
|
|
69668
|
+
"CVE-2025-64513",
|
|
68162
69669
|
"CVE-2025-6965",
|
|
68163
69670
|
"CVE-2025-8747",
|
|
68164
69671
|
"CVE-2026-0766",
|
|
@@ -68171,6 +69678,7 @@
|
|
|
68171
69678
|
"CVE-2026-24215",
|
|
68172
69679
|
"CVE-2026-25592",
|
|
68173
69680
|
"CVE-2026-26015",
|
|
69681
|
+
"CVE-2026-26190",
|
|
68174
69682
|
"CVE-2026-30615",
|
|
68175
69683
|
"CVE-2026-30616",
|
|
68176
69684
|
"CVE-2026-30617",
|
|
@@ -68469,6 +69977,8 @@
|
|
|
68469
69977
|
"CVE-2023-50224",
|
|
68470
69978
|
"CVE-2023-51449",
|
|
68471
69979
|
"CVE-2023-52163",
|
|
69980
|
+
"CVE-2023-6019",
|
|
69981
|
+
"CVE-2023-6021",
|
|
68472
69982
|
"CVE-2024-0132",
|
|
68473
69983
|
"CVE-2024-0769",
|
|
68474
69984
|
"CVE-2024-11182",
|
|
@@ -68644,6 +70154,7 @@
|
|
|
68644
70154
|
"CVE-2025-64328",
|
|
68645
70155
|
"CVE-2025-64446",
|
|
68646
70156
|
"CVE-2025-64496",
|
|
70157
|
+
"CVE-2025-64513",
|
|
68647
70158
|
"CVE-2025-6543",
|
|
68648
70159
|
"CVE-2025-6554",
|
|
68649
70160
|
"CVE-2025-6558",
|
|
@@ -68702,6 +70213,7 @@
|
|
|
68702
70213
|
"CVE-2026-25108",
|
|
68703
70214
|
"CVE-2026-25592",
|
|
68704
70215
|
"CVE-2026-26015",
|
|
70216
|
+
"CVE-2026-26190",
|
|
68705
70217
|
"CVE-2026-3055",
|
|
68706
70218
|
"CVE-2026-30615",
|
|
68707
70219
|
"CVE-2026-30616",
|
|
@@ -69033,6 +70545,8 @@
|
|
|
69033
70545
|
"CVE-2023-44467",
|
|
69034
70546
|
"CVE-2023-48022",
|
|
69035
70547
|
"CVE-2023-51449",
|
|
70548
|
+
"CVE-2023-6019",
|
|
70549
|
+
"CVE-2023-6021",
|
|
69036
70550
|
"CVE-2024-0132",
|
|
69037
70551
|
"CVE-2024-11392",
|
|
69038
70552
|
"CVE-2024-11393",
|
|
@@ -69071,6 +70585,7 @@
|
|
|
69071
70585
|
"CVE-2025-54136",
|
|
69072
70586
|
"CVE-2025-60455",
|
|
69073
70587
|
"CVE-2025-64496",
|
|
70588
|
+
"CVE-2025-64513",
|
|
69074
70589
|
"CVE-2025-8747",
|
|
69075
70590
|
"CVE-2026-0766",
|
|
69076
70591
|
"CVE-2026-22252",
|
|
@@ -69082,6 +70597,7 @@
|
|
|
69082
70597
|
"CVE-2026-24215",
|
|
69083
70598
|
"CVE-2026-25592",
|
|
69084
70599
|
"CVE-2026-26015",
|
|
70600
|
+
"CVE-2026-26190",
|
|
69085
70601
|
"CVE-2026-30615",
|
|
69086
70602
|
"CVE-2026-30616",
|
|
69087
70603
|
"CVE-2026-30617",
|
|
@@ -69997,6 +71513,8 @@
|
|
|
69997
71513
|
"CVE-2023-44467",
|
|
69998
71514
|
"CVE-2023-48022",
|
|
69999
71515
|
"CVE-2023-51449",
|
|
71516
|
+
"CVE-2023-6019",
|
|
71517
|
+
"CVE-2023-6021",
|
|
70000
71518
|
"CVE-2024-0132",
|
|
70001
71519
|
"CVE-2024-11392",
|
|
70002
71520
|
"CVE-2024-11393",
|
|
@@ -70036,6 +71554,7 @@
|
|
|
70036
71554
|
"CVE-2025-54136",
|
|
70037
71555
|
"CVE-2025-60455",
|
|
70038
71556
|
"CVE-2025-64496",
|
|
71557
|
+
"CVE-2025-64513",
|
|
70039
71558
|
"CVE-2025-6965",
|
|
70040
71559
|
"CVE-2025-8747",
|
|
70041
71560
|
"CVE-2026-0766",
|
|
@@ -70048,6 +71567,7 @@
|
|
|
70048
71567
|
"CVE-2026-24215",
|
|
70049
71568
|
"CVE-2026-25592",
|
|
70050
71569
|
"CVE-2026-26015",
|
|
71570
|
+
"CVE-2026-26190",
|
|
70051
71571
|
"CVE-2026-30615",
|
|
70052
71572
|
"CVE-2026-30616",
|
|
70053
71573
|
"CVE-2026-30617",
|
|
@@ -70125,6 +71645,8 @@
|
|
|
70125
71645
|
"CVE-2023-44467",
|
|
70126
71646
|
"CVE-2023-48022",
|
|
70127
71647
|
"CVE-2023-51449",
|
|
71648
|
+
"CVE-2023-6019",
|
|
71649
|
+
"CVE-2023-6021",
|
|
70128
71650
|
"CVE-2024-0132",
|
|
70129
71651
|
"CVE-2024-11392",
|
|
70130
71652
|
"CVE-2024-11393",
|
|
@@ -70159,6 +71681,7 @@
|
|
|
70159
71681
|
"CVE-2025-54136",
|
|
70160
71682
|
"CVE-2025-60455",
|
|
70161
71683
|
"CVE-2025-64496",
|
|
71684
|
+
"CVE-2025-64513",
|
|
70162
71685
|
"CVE-2025-8747",
|
|
70163
71686
|
"CVE-2026-0766",
|
|
70164
71687
|
"CVE-2026-22252",
|
|
@@ -70170,6 +71693,7 @@
|
|
|
70170
71693
|
"CVE-2026-24215",
|
|
70171
71694
|
"CVE-2026-25592",
|
|
70172
71695
|
"CVE-2026-26015",
|
|
71696
|
+
"CVE-2026-26190",
|
|
70173
71697
|
"CVE-2026-30616",
|
|
70174
71698
|
"CVE-2026-30617",
|
|
70175
71699
|
"CVE-2026-30624",
|
|
@@ -70323,6 +71847,8 @@
|
|
|
70323
71847
|
"CVE-2023-44467",
|
|
70324
71848
|
"CVE-2023-48022",
|
|
70325
71849
|
"CVE-2023-51449",
|
|
71850
|
+
"CVE-2023-6019",
|
|
71851
|
+
"CVE-2023-6021",
|
|
70326
71852
|
"CVE-2024-0132",
|
|
70327
71853
|
"CVE-2024-11392",
|
|
70328
71854
|
"CVE-2024-11393",
|
|
@@ -70356,6 +71882,7 @@
|
|
|
70356
71882
|
"CVE-2025-54136",
|
|
70357
71883
|
"CVE-2025-60455",
|
|
70358
71884
|
"CVE-2025-64496",
|
|
71885
|
+
"CVE-2025-64513",
|
|
70359
71886
|
"CVE-2025-6965",
|
|
70360
71887
|
"CVE-2025-8747",
|
|
70361
71888
|
"CVE-2026-0766",
|
|
@@ -70369,6 +71896,7 @@
|
|
|
70369
71896
|
"CVE-2026-24215",
|
|
70370
71897
|
"CVE-2026-25592",
|
|
70371
71898
|
"CVE-2026-26015",
|
|
71899
|
+
"CVE-2026-26190",
|
|
70372
71900
|
"CVE-2026-30616",
|
|
70373
71901
|
"CVE-2026-30617",
|
|
70374
71902
|
"CVE-2026-30623",
|
|
@@ -70771,6 +72299,8 @@
|
|
|
70771
72299
|
"CVE-2023-50224",
|
|
70772
72300
|
"CVE-2023-51449",
|
|
70773
72301
|
"CVE-2023-52163",
|
|
72302
|
+
"CVE-2023-6019",
|
|
72303
|
+
"CVE-2023-6021",
|
|
70774
72304
|
"CVE-2024-0769",
|
|
70775
72305
|
"CVE-2024-11182",
|
|
70776
72306
|
"CVE-2024-11392",
|
|
@@ -70934,6 +72464,7 @@
|
|
|
70934
72464
|
"CVE-2025-64328",
|
|
70935
72465
|
"CVE-2025-64446",
|
|
70936
72466
|
"CVE-2025-64496",
|
|
72467
|
+
"CVE-2025-64513",
|
|
70937
72468
|
"CVE-2025-6543",
|
|
70938
72469
|
"CVE-2025-6554",
|
|
70939
72470
|
"CVE-2025-6558",
|
|
@@ -70989,6 +72520,7 @@
|
|
|
70989
72520
|
"CVE-2026-25108",
|
|
70990
72521
|
"CVE-2026-25592",
|
|
70991
72522
|
"CVE-2026-26015",
|
|
72523
|
+
"CVE-2026-26190",
|
|
70992
72524
|
"CVE-2026-3055",
|
|
70993
72525
|
"CVE-2026-30615",
|
|
70994
72526
|
"CVE-2026-30616",
|
|
@@ -71241,6 +72773,8 @@
|
|
|
71241
72773
|
"CVE-2023-44467",
|
|
71242
72774
|
"CVE-2023-48022",
|
|
71243
72775
|
"CVE-2023-51449",
|
|
72776
|
+
"CVE-2023-6019",
|
|
72777
|
+
"CVE-2023-6021",
|
|
71244
72778
|
"CVE-2024-0132",
|
|
71245
72779
|
"CVE-2024-11392",
|
|
71246
72780
|
"CVE-2024-11393",
|
|
@@ -71280,6 +72814,7 @@
|
|
|
71280
72814
|
"CVE-2025-54136",
|
|
71281
72815
|
"CVE-2025-60455",
|
|
71282
72816
|
"CVE-2025-64496",
|
|
72817
|
+
"CVE-2025-64513",
|
|
71283
72818
|
"CVE-2025-6965",
|
|
71284
72819
|
"CVE-2025-8747",
|
|
71285
72820
|
"CVE-2026-0766",
|
|
@@ -71292,6 +72827,7 @@
|
|
|
71292
72827
|
"CVE-2026-24215",
|
|
71293
72828
|
"CVE-2026-25592",
|
|
71294
72829
|
"CVE-2026-26015",
|
|
72830
|
+
"CVE-2026-26190",
|
|
71295
72831
|
"CVE-2026-30615",
|
|
71296
72832
|
"CVE-2026-30616",
|
|
71297
72833
|
"CVE-2026-30617",
|
|
@@ -71562,6 +73098,8 @@
|
|
|
71562
73098
|
"CVE-2023-44467",
|
|
71563
73099
|
"CVE-2023-48022",
|
|
71564
73100
|
"CVE-2023-51449",
|
|
73101
|
+
"CVE-2023-6019",
|
|
73102
|
+
"CVE-2023-6021",
|
|
71565
73103
|
"CVE-2024-0132",
|
|
71566
73104
|
"CVE-2024-11392",
|
|
71567
73105
|
"CVE-2024-11393",
|
|
@@ -71600,6 +73138,7 @@
|
|
|
71600
73138
|
"CVE-2025-54136",
|
|
71601
73139
|
"CVE-2025-60455",
|
|
71602
73140
|
"CVE-2025-64496",
|
|
73141
|
+
"CVE-2025-64513",
|
|
71603
73142
|
"CVE-2025-6965",
|
|
71604
73143
|
"CVE-2025-8747",
|
|
71605
73144
|
"CVE-2026-0766",
|
|
@@ -71613,6 +73152,7 @@
|
|
|
71613
73152
|
"CVE-2026-24215",
|
|
71614
73153
|
"CVE-2026-25592",
|
|
71615
73154
|
"CVE-2026-26015",
|
|
73155
|
+
"CVE-2026-26190",
|
|
71616
73156
|
"CVE-2026-30615",
|
|
71617
73157
|
"CVE-2026-30616",
|
|
71618
73158
|
"CVE-2026-30617",
|