@blamejs/exceptd-skills 0.13.97 → 0.13.99
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +1540 -0
- package/data/atlas-ttps.json +8 -0
- package/data/attack-techniques.json +10 -0
- package/data/cve-catalog.json +420 -0
- package/data/cwe-catalog.json +4 -0
- package/data/framework-control-gaps.json +32 -0
- package/data/zeroday-lessons.json +200 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
|
@@ -36087,6 +36087,1454 @@
|
|
|
36087
36087
|
]
|
|
36088
36088
|
}
|
|
36089
36089
|
},
|
|
36090
|
+
"CVE-2023-6019": {
|
|
36091
|
+
"name": "Anyscale Ray Dashboard cpu_profile Command Injection RCE",
|
|
36092
|
+
"rwep": 31,
|
|
36093
|
+
"cvss": 9.8,
|
|
36094
|
+
"cisa_kev": false,
|
|
36095
|
+
"epss_score": null,
|
|
36096
|
+
"referencing_skills": [
|
|
36097
|
+
"kernel-lpe-triage",
|
|
36098
|
+
"ai-attack-surface",
|
|
36099
|
+
"compliance-theater",
|
|
36100
|
+
"attack-surface-pentest",
|
|
36101
|
+
"ot-ics-security",
|
|
36102
|
+
"coordinated-vuln-disclosure",
|
|
36103
|
+
"sector-energy"
|
|
36104
|
+
],
|
|
36105
|
+
"chain": {
|
|
36106
|
+
"cwes": [
|
|
36107
|
+
{
|
|
36108
|
+
"id": "CWE-1037",
|
|
36109
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
36110
|
+
"category": "Hardware / Side Channel"
|
|
36111
|
+
},
|
|
36112
|
+
{
|
|
36113
|
+
"id": "CWE-1039",
|
|
36114
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
36115
|
+
"category": "AI/ML"
|
|
36116
|
+
},
|
|
36117
|
+
{
|
|
36118
|
+
"id": "CWE-125",
|
|
36119
|
+
"name": "Out-of-bounds Read",
|
|
36120
|
+
"category": "Memory Safety"
|
|
36121
|
+
},
|
|
36122
|
+
{
|
|
36123
|
+
"id": "CWE-1357",
|
|
36124
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
36125
|
+
"category": "Supply Chain"
|
|
36126
|
+
},
|
|
36127
|
+
{
|
|
36128
|
+
"id": "CWE-1395",
|
|
36129
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
36130
|
+
"category": "Supply Chain"
|
|
36131
|
+
},
|
|
36132
|
+
{
|
|
36133
|
+
"id": "CWE-1426",
|
|
36134
|
+
"name": "Improper Validation of Generative AI Output",
|
|
36135
|
+
"category": "AI/ML"
|
|
36136
|
+
},
|
|
36137
|
+
{
|
|
36138
|
+
"id": "CWE-22",
|
|
36139
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
36140
|
+
"category": "Path/Resource"
|
|
36141
|
+
},
|
|
36142
|
+
{
|
|
36143
|
+
"id": "CWE-269",
|
|
36144
|
+
"name": "Improper Privilege Management",
|
|
36145
|
+
"category": "Authorization"
|
|
36146
|
+
},
|
|
36147
|
+
{
|
|
36148
|
+
"id": "CWE-287",
|
|
36149
|
+
"name": "Improper Authentication",
|
|
36150
|
+
"category": "Authentication"
|
|
36151
|
+
},
|
|
36152
|
+
{
|
|
36153
|
+
"id": "CWE-306",
|
|
36154
|
+
"name": "Missing Authentication for Critical Function",
|
|
36155
|
+
"category": "Authentication"
|
|
36156
|
+
},
|
|
36157
|
+
{
|
|
36158
|
+
"id": "CWE-352",
|
|
36159
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
36160
|
+
"category": "Session"
|
|
36161
|
+
},
|
|
36162
|
+
{
|
|
36163
|
+
"id": "CWE-362",
|
|
36164
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
36165
|
+
"category": "Concurrency"
|
|
36166
|
+
},
|
|
36167
|
+
{
|
|
36168
|
+
"id": "CWE-416",
|
|
36169
|
+
"name": "Use After Free",
|
|
36170
|
+
"category": "Memory Safety"
|
|
36171
|
+
},
|
|
36172
|
+
{
|
|
36173
|
+
"id": "CWE-434",
|
|
36174
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
36175
|
+
"category": "File Handling"
|
|
36176
|
+
},
|
|
36177
|
+
{
|
|
36178
|
+
"id": "CWE-672",
|
|
36179
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
36180
|
+
"category": "Memory Safety"
|
|
36181
|
+
},
|
|
36182
|
+
{
|
|
36183
|
+
"id": "CWE-732",
|
|
36184
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
36185
|
+
"category": "Authorization"
|
|
36186
|
+
},
|
|
36187
|
+
{
|
|
36188
|
+
"id": "CWE-78",
|
|
36189
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
36190
|
+
"category": "Injection"
|
|
36191
|
+
},
|
|
36192
|
+
{
|
|
36193
|
+
"id": "CWE-787",
|
|
36194
|
+
"name": "Out-of-bounds Write",
|
|
36195
|
+
"category": "Memory Safety"
|
|
36196
|
+
},
|
|
36197
|
+
{
|
|
36198
|
+
"id": "CWE-79",
|
|
36199
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
36200
|
+
"category": "Injection"
|
|
36201
|
+
},
|
|
36202
|
+
{
|
|
36203
|
+
"id": "CWE-798",
|
|
36204
|
+
"name": "Use of Hard-coded Credentials",
|
|
36205
|
+
"category": "Credentials"
|
|
36206
|
+
},
|
|
36207
|
+
{
|
|
36208
|
+
"id": "CWE-89",
|
|
36209
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
36210
|
+
"category": "Injection"
|
|
36211
|
+
},
|
|
36212
|
+
{
|
|
36213
|
+
"id": "CWE-918",
|
|
36214
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
36215
|
+
"category": "Network"
|
|
36216
|
+
},
|
|
36217
|
+
{
|
|
36218
|
+
"id": "CWE-94",
|
|
36219
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
36220
|
+
"category": "Injection"
|
|
36221
|
+
}
|
|
36222
|
+
],
|
|
36223
|
+
"atlas": [
|
|
36224
|
+
{
|
|
36225
|
+
"id": "AML.T0010",
|
|
36226
|
+
"name": "ML Supply Chain Compromise",
|
|
36227
|
+
"tactic": "Initial Access"
|
|
36228
|
+
},
|
|
36229
|
+
{
|
|
36230
|
+
"id": "AML.T0016",
|
|
36231
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
36232
|
+
"tactic": "Resource Development"
|
|
36233
|
+
},
|
|
36234
|
+
{
|
|
36235
|
+
"id": "AML.T0017",
|
|
36236
|
+
"name": "Discover ML Model Ontology",
|
|
36237
|
+
"tactic": "Discovery"
|
|
36238
|
+
},
|
|
36239
|
+
{
|
|
36240
|
+
"id": "AML.T0018",
|
|
36241
|
+
"name": "Backdoor ML Model",
|
|
36242
|
+
"tactic": "Persistence"
|
|
36243
|
+
},
|
|
36244
|
+
{
|
|
36245
|
+
"id": "AML.T0020",
|
|
36246
|
+
"name": "Poison Training Data",
|
|
36247
|
+
"tactic": "ML Attack Staging"
|
|
36248
|
+
},
|
|
36249
|
+
{
|
|
36250
|
+
"id": "AML.T0043",
|
|
36251
|
+
"name": "Craft Adversarial Data",
|
|
36252
|
+
"tactic": "ML Attack Staging"
|
|
36253
|
+
},
|
|
36254
|
+
{
|
|
36255
|
+
"id": "AML.T0051",
|
|
36256
|
+
"name": "LLM Prompt Injection",
|
|
36257
|
+
"tactic": "Execution"
|
|
36258
|
+
},
|
|
36259
|
+
{
|
|
36260
|
+
"id": "AML.T0054",
|
|
36261
|
+
"name": "LLM Jailbreak",
|
|
36262
|
+
"tactic": "Defense Evasion"
|
|
36263
|
+
},
|
|
36264
|
+
{
|
|
36265
|
+
"id": "AML.T0096",
|
|
36266
|
+
"name": "AI API as Covert C2 Channel",
|
|
36267
|
+
"tactic": "Command and Control"
|
|
36268
|
+
}
|
|
36269
|
+
],
|
|
36270
|
+
"d3fend": [
|
|
36271
|
+
{
|
|
36272
|
+
"id": "D3-ASLR",
|
|
36273
|
+
"name": "Address Space Layout Randomization",
|
|
36274
|
+
"tactic": "Harden"
|
|
36275
|
+
},
|
|
36276
|
+
{
|
|
36277
|
+
"id": "D3-CSPP",
|
|
36278
|
+
"name": "Client-server Payload Profiling",
|
|
36279
|
+
"tactic": "Detect"
|
|
36280
|
+
},
|
|
36281
|
+
{
|
|
36282
|
+
"id": "D3-EAL",
|
|
36283
|
+
"name": "Executable Allowlisting",
|
|
36284
|
+
"tactic": "Harden"
|
|
36285
|
+
},
|
|
36286
|
+
{
|
|
36287
|
+
"id": "D3-IOPR",
|
|
36288
|
+
"name": "Input/Output Profiling Resource",
|
|
36289
|
+
"tactic": "Detect"
|
|
36290
|
+
},
|
|
36291
|
+
{
|
|
36292
|
+
"id": "D3-NTA",
|
|
36293
|
+
"name": "Network Traffic Analysis",
|
|
36294
|
+
"tactic": "Detect"
|
|
36295
|
+
},
|
|
36296
|
+
{
|
|
36297
|
+
"id": "D3-PHRA",
|
|
36298
|
+
"name": "Process Hardware Resource Access",
|
|
36299
|
+
"tactic": "Isolate"
|
|
36300
|
+
},
|
|
36301
|
+
{
|
|
36302
|
+
"id": "D3-PSEP",
|
|
36303
|
+
"name": "Process Segment Execution Prevention",
|
|
36304
|
+
"tactic": "Harden"
|
|
36305
|
+
}
|
|
36306
|
+
],
|
|
36307
|
+
"framework_gaps": [
|
|
36308
|
+
{
|
|
36309
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
36310
|
+
"framework": "ALL",
|
|
36311
|
+
"control_name": "AI Pipeline Integrity"
|
|
36312
|
+
},
|
|
36313
|
+
{
|
|
36314
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
36315
|
+
"framework": "ALL",
|
|
36316
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
36317
|
+
},
|
|
36318
|
+
{
|
|
36319
|
+
"id": "CIS-Controls-v8-Control7",
|
|
36320
|
+
"framework": "CIS Controls v8",
|
|
36321
|
+
"control_name": "Continuous Vulnerability Management"
|
|
36322
|
+
},
|
|
36323
|
+
{
|
|
36324
|
+
"id": "CMMC-2.0-Level-2",
|
|
36325
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
36326
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
36327
|
+
},
|
|
36328
|
+
{
|
|
36329
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
36330
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
36331
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
36332
|
+
},
|
|
36333
|
+
{
|
|
36334
|
+
"id": "IEC-62443-3-3",
|
|
36335
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
36336
|
+
"control_name": "System security requirements and security levels"
|
|
36337
|
+
},
|
|
36338
|
+
{
|
|
36339
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
36340
|
+
"framework": "ISO/IEC 27001:2022",
|
|
36341
|
+
"control_name": "Secure coding"
|
|
36342
|
+
},
|
|
36343
|
+
{
|
|
36344
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
36345
|
+
"framework": "ISO/IEC 27001:2022",
|
|
36346
|
+
"control_name": "Management of technical vulnerabilities"
|
|
36347
|
+
},
|
|
36348
|
+
{
|
|
36349
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
36350
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
36351
|
+
"control_name": "AI risk management process"
|
|
36352
|
+
},
|
|
36353
|
+
{
|
|
36354
|
+
"id": "NERC-CIP-007-6-R4",
|
|
36355
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
36356
|
+
"control_name": "Security event monitoring"
|
|
36357
|
+
},
|
|
36358
|
+
{
|
|
36359
|
+
"id": "NIS2-Art21-patch-management",
|
|
36360
|
+
"framework": "EU NIS2 Directive",
|
|
36361
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
36362
|
+
},
|
|
36363
|
+
{
|
|
36364
|
+
"id": "NIST-800-115",
|
|
36365
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
36366
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
36367
|
+
},
|
|
36368
|
+
{
|
|
36369
|
+
"id": "NIST-800-218-SSDF",
|
|
36370
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
36371
|
+
"control_name": "Secure Software Development Framework"
|
|
36372
|
+
},
|
|
36373
|
+
{
|
|
36374
|
+
"id": "NIST-800-53-AC-2",
|
|
36375
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36376
|
+
"control_name": "Account Management"
|
|
36377
|
+
},
|
|
36378
|
+
{
|
|
36379
|
+
"id": "NIST-800-53-SC-8",
|
|
36380
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36381
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
36382
|
+
},
|
|
36383
|
+
{
|
|
36384
|
+
"id": "NIST-800-53-SI-2",
|
|
36385
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36386
|
+
"control_name": "Flaw Remediation"
|
|
36387
|
+
},
|
|
36388
|
+
{
|
|
36389
|
+
"id": "NIST-800-53-SI-3",
|
|
36390
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36391
|
+
"control_name": "Malicious Code Protection"
|
|
36392
|
+
},
|
|
36393
|
+
{
|
|
36394
|
+
"id": "NIST-800-82r3",
|
|
36395
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
36396
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
36397
|
+
},
|
|
36398
|
+
{
|
|
36399
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
36400
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
36401
|
+
"control_name": "Prompt Injection"
|
|
36402
|
+
},
|
|
36403
|
+
{
|
|
36404
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
36405
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
36406
|
+
"control_name": "Sensitive Information Disclosure"
|
|
36407
|
+
},
|
|
36408
|
+
{
|
|
36409
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
36410
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
36411
|
+
"control_name": "Web application penetration testing methodology"
|
|
36412
|
+
},
|
|
36413
|
+
{
|
|
36414
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
36415
|
+
"framework": "PCI DSS 4.0",
|
|
36416
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
36417
|
+
},
|
|
36418
|
+
{
|
|
36419
|
+
"id": "PTES-Pre-engagement",
|
|
36420
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
36421
|
+
"control_name": "Pre-engagement Interactions"
|
|
36422
|
+
},
|
|
36423
|
+
{
|
|
36424
|
+
"id": "SOC2-CC6-logical-access",
|
|
36425
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
36426
|
+
"control_name": "Logical and Physical Access Controls"
|
|
36427
|
+
},
|
|
36428
|
+
{
|
|
36429
|
+
"id": "SOC2-CC9-vendor-management",
|
|
36430
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
36431
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
36432
|
+
}
|
|
36433
|
+
],
|
|
36434
|
+
"attack_refs": [
|
|
36435
|
+
"T0855",
|
|
36436
|
+
"T0883",
|
|
36437
|
+
"T1059",
|
|
36438
|
+
"T1068",
|
|
36439
|
+
"T1078",
|
|
36440
|
+
"T1133",
|
|
36441
|
+
"T1190",
|
|
36442
|
+
"T1548.001",
|
|
36443
|
+
"T1566"
|
|
36444
|
+
],
|
|
36445
|
+
"rfc_refs": [
|
|
36446
|
+
"RFC-4301",
|
|
36447
|
+
"RFC-4303",
|
|
36448
|
+
"RFC-7296"
|
|
36449
|
+
]
|
|
36450
|
+
}
|
|
36451
|
+
},
|
|
36452
|
+
"CVE-2023-6021": {
|
|
36453
|
+
"name": "Anyscale Ray Dashboard Log API Local File Inclusion",
|
|
36454
|
+
"rwep": 27,
|
|
36455
|
+
"cvss": 7.5,
|
|
36456
|
+
"cisa_kev": false,
|
|
36457
|
+
"epss_score": null,
|
|
36458
|
+
"referencing_skills": [
|
|
36459
|
+
"kernel-lpe-triage",
|
|
36460
|
+
"ai-attack-surface",
|
|
36461
|
+
"compliance-theater",
|
|
36462
|
+
"attack-surface-pentest",
|
|
36463
|
+
"ot-ics-security",
|
|
36464
|
+
"coordinated-vuln-disclosure",
|
|
36465
|
+
"sector-energy"
|
|
36466
|
+
],
|
|
36467
|
+
"chain": {
|
|
36468
|
+
"cwes": [
|
|
36469
|
+
{
|
|
36470
|
+
"id": "CWE-1037",
|
|
36471
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
36472
|
+
"category": "Hardware / Side Channel"
|
|
36473
|
+
},
|
|
36474
|
+
{
|
|
36475
|
+
"id": "CWE-1039",
|
|
36476
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
36477
|
+
"category": "AI/ML"
|
|
36478
|
+
},
|
|
36479
|
+
{
|
|
36480
|
+
"id": "CWE-125",
|
|
36481
|
+
"name": "Out-of-bounds Read",
|
|
36482
|
+
"category": "Memory Safety"
|
|
36483
|
+
},
|
|
36484
|
+
{
|
|
36485
|
+
"id": "CWE-1357",
|
|
36486
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
36487
|
+
"category": "Supply Chain"
|
|
36488
|
+
},
|
|
36489
|
+
{
|
|
36490
|
+
"id": "CWE-1395",
|
|
36491
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
36492
|
+
"category": "Supply Chain"
|
|
36493
|
+
},
|
|
36494
|
+
{
|
|
36495
|
+
"id": "CWE-1426",
|
|
36496
|
+
"name": "Improper Validation of Generative AI Output",
|
|
36497
|
+
"category": "AI/ML"
|
|
36498
|
+
},
|
|
36499
|
+
{
|
|
36500
|
+
"id": "CWE-22",
|
|
36501
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
36502
|
+
"category": "Path/Resource"
|
|
36503
|
+
},
|
|
36504
|
+
{
|
|
36505
|
+
"id": "CWE-269",
|
|
36506
|
+
"name": "Improper Privilege Management",
|
|
36507
|
+
"category": "Authorization"
|
|
36508
|
+
},
|
|
36509
|
+
{
|
|
36510
|
+
"id": "CWE-287",
|
|
36511
|
+
"name": "Improper Authentication",
|
|
36512
|
+
"category": "Authentication"
|
|
36513
|
+
},
|
|
36514
|
+
{
|
|
36515
|
+
"id": "CWE-306",
|
|
36516
|
+
"name": "Missing Authentication for Critical Function",
|
|
36517
|
+
"category": "Authentication"
|
|
36518
|
+
},
|
|
36519
|
+
{
|
|
36520
|
+
"id": "CWE-352",
|
|
36521
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
36522
|
+
"category": "Session"
|
|
36523
|
+
},
|
|
36524
|
+
{
|
|
36525
|
+
"id": "CWE-362",
|
|
36526
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
36527
|
+
"category": "Concurrency"
|
|
36528
|
+
},
|
|
36529
|
+
{
|
|
36530
|
+
"id": "CWE-416",
|
|
36531
|
+
"name": "Use After Free",
|
|
36532
|
+
"category": "Memory Safety"
|
|
36533
|
+
},
|
|
36534
|
+
{
|
|
36535
|
+
"id": "CWE-434",
|
|
36536
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
36537
|
+
"category": "File Handling"
|
|
36538
|
+
},
|
|
36539
|
+
{
|
|
36540
|
+
"id": "CWE-672",
|
|
36541
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
36542
|
+
"category": "Memory Safety"
|
|
36543
|
+
},
|
|
36544
|
+
{
|
|
36545
|
+
"id": "CWE-732",
|
|
36546
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
36547
|
+
"category": "Authorization"
|
|
36548
|
+
},
|
|
36549
|
+
{
|
|
36550
|
+
"id": "CWE-78",
|
|
36551
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
36552
|
+
"category": "Injection"
|
|
36553
|
+
},
|
|
36554
|
+
{
|
|
36555
|
+
"id": "CWE-787",
|
|
36556
|
+
"name": "Out-of-bounds Write",
|
|
36557
|
+
"category": "Memory Safety"
|
|
36558
|
+
},
|
|
36559
|
+
{
|
|
36560
|
+
"id": "CWE-79",
|
|
36561
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
36562
|
+
"category": "Injection"
|
|
36563
|
+
},
|
|
36564
|
+
{
|
|
36565
|
+
"id": "CWE-798",
|
|
36566
|
+
"name": "Use of Hard-coded Credentials",
|
|
36567
|
+
"category": "Credentials"
|
|
36568
|
+
},
|
|
36569
|
+
{
|
|
36570
|
+
"id": "CWE-89",
|
|
36571
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
36572
|
+
"category": "Injection"
|
|
36573
|
+
},
|
|
36574
|
+
{
|
|
36575
|
+
"id": "CWE-918",
|
|
36576
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
36577
|
+
"category": "Network"
|
|
36578
|
+
},
|
|
36579
|
+
{
|
|
36580
|
+
"id": "CWE-94",
|
|
36581
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
36582
|
+
"category": "Injection"
|
|
36583
|
+
}
|
|
36584
|
+
],
|
|
36585
|
+
"atlas": [
|
|
36586
|
+
{
|
|
36587
|
+
"id": "AML.T0010",
|
|
36588
|
+
"name": "ML Supply Chain Compromise",
|
|
36589
|
+
"tactic": "Initial Access"
|
|
36590
|
+
},
|
|
36591
|
+
{
|
|
36592
|
+
"id": "AML.T0016",
|
|
36593
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
36594
|
+
"tactic": "Resource Development"
|
|
36595
|
+
},
|
|
36596
|
+
{
|
|
36597
|
+
"id": "AML.T0017",
|
|
36598
|
+
"name": "Discover ML Model Ontology",
|
|
36599
|
+
"tactic": "Discovery"
|
|
36600
|
+
},
|
|
36601
|
+
{
|
|
36602
|
+
"id": "AML.T0018",
|
|
36603
|
+
"name": "Backdoor ML Model",
|
|
36604
|
+
"tactic": "Persistence"
|
|
36605
|
+
},
|
|
36606
|
+
{
|
|
36607
|
+
"id": "AML.T0020",
|
|
36608
|
+
"name": "Poison Training Data",
|
|
36609
|
+
"tactic": "ML Attack Staging"
|
|
36610
|
+
},
|
|
36611
|
+
{
|
|
36612
|
+
"id": "AML.T0043",
|
|
36613
|
+
"name": "Craft Adversarial Data",
|
|
36614
|
+
"tactic": "ML Attack Staging"
|
|
36615
|
+
},
|
|
36616
|
+
{
|
|
36617
|
+
"id": "AML.T0051",
|
|
36618
|
+
"name": "LLM Prompt Injection",
|
|
36619
|
+
"tactic": "Execution"
|
|
36620
|
+
},
|
|
36621
|
+
{
|
|
36622
|
+
"id": "AML.T0054",
|
|
36623
|
+
"name": "LLM Jailbreak",
|
|
36624
|
+
"tactic": "Defense Evasion"
|
|
36625
|
+
},
|
|
36626
|
+
{
|
|
36627
|
+
"id": "AML.T0096",
|
|
36628
|
+
"name": "AI API as Covert C2 Channel",
|
|
36629
|
+
"tactic": "Command and Control"
|
|
36630
|
+
}
|
|
36631
|
+
],
|
|
36632
|
+
"d3fend": [
|
|
36633
|
+
{
|
|
36634
|
+
"id": "D3-ASLR",
|
|
36635
|
+
"name": "Address Space Layout Randomization",
|
|
36636
|
+
"tactic": "Harden"
|
|
36637
|
+
},
|
|
36638
|
+
{
|
|
36639
|
+
"id": "D3-CSPP",
|
|
36640
|
+
"name": "Client-server Payload Profiling",
|
|
36641
|
+
"tactic": "Detect"
|
|
36642
|
+
},
|
|
36643
|
+
{
|
|
36644
|
+
"id": "D3-EAL",
|
|
36645
|
+
"name": "Executable Allowlisting",
|
|
36646
|
+
"tactic": "Harden"
|
|
36647
|
+
},
|
|
36648
|
+
{
|
|
36649
|
+
"id": "D3-IOPR",
|
|
36650
|
+
"name": "Input/Output Profiling Resource",
|
|
36651
|
+
"tactic": "Detect"
|
|
36652
|
+
},
|
|
36653
|
+
{
|
|
36654
|
+
"id": "D3-NTA",
|
|
36655
|
+
"name": "Network Traffic Analysis",
|
|
36656
|
+
"tactic": "Detect"
|
|
36657
|
+
},
|
|
36658
|
+
{
|
|
36659
|
+
"id": "D3-PHRA",
|
|
36660
|
+
"name": "Process Hardware Resource Access",
|
|
36661
|
+
"tactic": "Isolate"
|
|
36662
|
+
},
|
|
36663
|
+
{
|
|
36664
|
+
"id": "D3-PSEP",
|
|
36665
|
+
"name": "Process Segment Execution Prevention",
|
|
36666
|
+
"tactic": "Harden"
|
|
36667
|
+
}
|
|
36668
|
+
],
|
|
36669
|
+
"framework_gaps": [
|
|
36670
|
+
{
|
|
36671
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
36672
|
+
"framework": "ALL",
|
|
36673
|
+
"control_name": "AI Pipeline Integrity"
|
|
36674
|
+
},
|
|
36675
|
+
{
|
|
36676
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
36677
|
+
"framework": "ALL",
|
|
36678
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
36679
|
+
},
|
|
36680
|
+
{
|
|
36681
|
+
"id": "CIS-Controls-v8-Control7",
|
|
36682
|
+
"framework": "CIS Controls v8",
|
|
36683
|
+
"control_name": "Continuous Vulnerability Management"
|
|
36684
|
+
},
|
|
36685
|
+
{
|
|
36686
|
+
"id": "CMMC-2.0-Level-2",
|
|
36687
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
36688
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
36689
|
+
},
|
|
36690
|
+
{
|
|
36691
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
36692
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
36693
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
36694
|
+
},
|
|
36695
|
+
{
|
|
36696
|
+
"id": "IEC-62443-3-3",
|
|
36697
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
36698
|
+
"control_name": "System security requirements and security levels"
|
|
36699
|
+
},
|
|
36700
|
+
{
|
|
36701
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
36702
|
+
"framework": "ISO/IEC 27001:2022",
|
|
36703
|
+
"control_name": "Secure coding"
|
|
36704
|
+
},
|
|
36705
|
+
{
|
|
36706
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
36707
|
+
"framework": "ISO/IEC 27001:2022",
|
|
36708
|
+
"control_name": "Management of technical vulnerabilities"
|
|
36709
|
+
},
|
|
36710
|
+
{
|
|
36711
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
36712
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
36713
|
+
"control_name": "AI risk management process"
|
|
36714
|
+
},
|
|
36715
|
+
{
|
|
36716
|
+
"id": "NERC-CIP-007-6-R4",
|
|
36717
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
36718
|
+
"control_name": "Security event monitoring"
|
|
36719
|
+
},
|
|
36720
|
+
{
|
|
36721
|
+
"id": "NIS2-Art21-patch-management",
|
|
36722
|
+
"framework": "EU NIS2 Directive",
|
|
36723
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
36724
|
+
},
|
|
36725
|
+
{
|
|
36726
|
+
"id": "NIST-800-115",
|
|
36727
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
36728
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
36729
|
+
},
|
|
36730
|
+
{
|
|
36731
|
+
"id": "NIST-800-218-SSDF",
|
|
36732
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
36733
|
+
"control_name": "Secure Software Development Framework"
|
|
36734
|
+
},
|
|
36735
|
+
{
|
|
36736
|
+
"id": "NIST-800-53-AC-2",
|
|
36737
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36738
|
+
"control_name": "Account Management"
|
|
36739
|
+
},
|
|
36740
|
+
{
|
|
36741
|
+
"id": "NIST-800-53-SC-8",
|
|
36742
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36743
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
36744
|
+
},
|
|
36745
|
+
{
|
|
36746
|
+
"id": "NIST-800-53-SI-2",
|
|
36747
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36748
|
+
"control_name": "Flaw Remediation"
|
|
36749
|
+
},
|
|
36750
|
+
{
|
|
36751
|
+
"id": "NIST-800-53-SI-3",
|
|
36752
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36753
|
+
"control_name": "Malicious Code Protection"
|
|
36754
|
+
},
|
|
36755
|
+
{
|
|
36756
|
+
"id": "NIST-800-82r3",
|
|
36757
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
36758
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
36759
|
+
},
|
|
36760
|
+
{
|
|
36761
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
36762
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
36763
|
+
"control_name": "Prompt Injection"
|
|
36764
|
+
},
|
|
36765
|
+
{
|
|
36766
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
36767
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
36768
|
+
"control_name": "Sensitive Information Disclosure"
|
|
36769
|
+
},
|
|
36770
|
+
{
|
|
36771
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
36772
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
36773
|
+
"control_name": "Web application penetration testing methodology"
|
|
36774
|
+
},
|
|
36775
|
+
{
|
|
36776
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
36777
|
+
"framework": "PCI DSS 4.0",
|
|
36778
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
36779
|
+
},
|
|
36780
|
+
{
|
|
36781
|
+
"id": "PTES-Pre-engagement",
|
|
36782
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
36783
|
+
"control_name": "Pre-engagement Interactions"
|
|
36784
|
+
},
|
|
36785
|
+
{
|
|
36786
|
+
"id": "SOC2-CC6-logical-access",
|
|
36787
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
36788
|
+
"control_name": "Logical and Physical Access Controls"
|
|
36789
|
+
},
|
|
36790
|
+
{
|
|
36791
|
+
"id": "SOC2-CC9-vendor-management",
|
|
36792
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
36793
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
36794
|
+
}
|
|
36795
|
+
],
|
|
36796
|
+
"attack_refs": [
|
|
36797
|
+
"T0855",
|
|
36798
|
+
"T0883",
|
|
36799
|
+
"T1059",
|
|
36800
|
+
"T1068",
|
|
36801
|
+
"T1078",
|
|
36802
|
+
"T1133",
|
|
36803
|
+
"T1190",
|
|
36804
|
+
"T1548.001",
|
|
36805
|
+
"T1566"
|
|
36806
|
+
],
|
|
36807
|
+
"rfc_refs": [
|
|
36808
|
+
"RFC-4301",
|
|
36809
|
+
"RFC-4303",
|
|
36810
|
+
"RFC-7296"
|
|
36811
|
+
]
|
|
36812
|
+
}
|
|
36813
|
+
},
|
|
36814
|
+
"CVE-2025-33236": {
|
|
36815
|
+
"name": "NVIDIA NeMo Framework Malicious Model Import Code Injection RCE",
|
|
36816
|
+
"rwep": 27,
|
|
36817
|
+
"cvss": 7.8,
|
|
36818
|
+
"cisa_kev": false,
|
|
36819
|
+
"epss_score": null,
|
|
36820
|
+
"referencing_skills": [
|
|
36821
|
+
"kernel-lpe-triage",
|
|
36822
|
+
"ai-attack-surface",
|
|
36823
|
+
"compliance-theater",
|
|
36824
|
+
"attack-surface-pentest",
|
|
36825
|
+
"ot-ics-security",
|
|
36826
|
+
"coordinated-vuln-disclosure",
|
|
36827
|
+
"sector-energy"
|
|
36828
|
+
],
|
|
36829
|
+
"chain": {
|
|
36830
|
+
"cwes": [
|
|
36831
|
+
{
|
|
36832
|
+
"id": "CWE-1037",
|
|
36833
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
36834
|
+
"category": "Hardware / Side Channel"
|
|
36835
|
+
},
|
|
36836
|
+
{
|
|
36837
|
+
"id": "CWE-1039",
|
|
36838
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
36839
|
+
"category": "AI/ML"
|
|
36840
|
+
},
|
|
36841
|
+
{
|
|
36842
|
+
"id": "CWE-125",
|
|
36843
|
+
"name": "Out-of-bounds Read",
|
|
36844
|
+
"category": "Memory Safety"
|
|
36845
|
+
},
|
|
36846
|
+
{
|
|
36847
|
+
"id": "CWE-1357",
|
|
36848
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
36849
|
+
"category": "Supply Chain"
|
|
36850
|
+
},
|
|
36851
|
+
{
|
|
36852
|
+
"id": "CWE-1395",
|
|
36853
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
36854
|
+
"category": "Supply Chain"
|
|
36855
|
+
},
|
|
36856
|
+
{
|
|
36857
|
+
"id": "CWE-1426",
|
|
36858
|
+
"name": "Improper Validation of Generative AI Output",
|
|
36859
|
+
"category": "AI/ML"
|
|
36860
|
+
},
|
|
36861
|
+
{
|
|
36862
|
+
"id": "CWE-22",
|
|
36863
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
36864
|
+
"category": "Path/Resource"
|
|
36865
|
+
},
|
|
36866
|
+
{
|
|
36867
|
+
"id": "CWE-269",
|
|
36868
|
+
"name": "Improper Privilege Management",
|
|
36869
|
+
"category": "Authorization"
|
|
36870
|
+
},
|
|
36871
|
+
{
|
|
36872
|
+
"id": "CWE-287",
|
|
36873
|
+
"name": "Improper Authentication",
|
|
36874
|
+
"category": "Authentication"
|
|
36875
|
+
},
|
|
36876
|
+
{
|
|
36877
|
+
"id": "CWE-306",
|
|
36878
|
+
"name": "Missing Authentication for Critical Function",
|
|
36879
|
+
"category": "Authentication"
|
|
36880
|
+
},
|
|
36881
|
+
{
|
|
36882
|
+
"id": "CWE-352",
|
|
36883
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
36884
|
+
"category": "Session"
|
|
36885
|
+
},
|
|
36886
|
+
{
|
|
36887
|
+
"id": "CWE-362",
|
|
36888
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
36889
|
+
"category": "Concurrency"
|
|
36890
|
+
},
|
|
36891
|
+
{
|
|
36892
|
+
"id": "CWE-416",
|
|
36893
|
+
"name": "Use After Free",
|
|
36894
|
+
"category": "Memory Safety"
|
|
36895
|
+
},
|
|
36896
|
+
{
|
|
36897
|
+
"id": "CWE-434",
|
|
36898
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
36899
|
+
"category": "File Handling"
|
|
36900
|
+
},
|
|
36901
|
+
{
|
|
36902
|
+
"id": "CWE-672",
|
|
36903
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
36904
|
+
"category": "Memory Safety"
|
|
36905
|
+
},
|
|
36906
|
+
{
|
|
36907
|
+
"id": "CWE-732",
|
|
36908
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
36909
|
+
"category": "Authorization"
|
|
36910
|
+
},
|
|
36911
|
+
{
|
|
36912
|
+
"id": "CWE-78",
|
|
36913
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
36914
|
+
"category": "Injection"
|
|
36915
|
+
},
|
|
36916
|
+
{
|
|
36917
|
+
"id": "CWE-787",
|
|
36918
|
+
"name": "Out-of-bounds Write",
|
|
36919
|
+
"category": "Memory Safety"
|
|
36920
|
+
},
|
|
36921
|
+
{
|
|
36922
|
+
"id": "CWE-79",
|
|
36923
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
36924
|
+
"category": "Injection"
|
|
36925
|
+
},
|
|
36926
|
+
{
|
|
36927
|
+
"id": "CWE-798",
|
|
36928
|
+
"name": "Use of Hard-coded Credentials",
|
|
36929
|
+
"category": "Credentials"
|
|
36930
|
+
},
|
|
36931
|
+
{
|
|
36932
|
+
"id": "CWE-89",
|
|
36933
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
36934
|
+
"category": "Injection"
|
|
36935
|
+
},
|
|
36936
|
+
{
|
|
36937
|
+
"id": "CWE-918",
|
|
36938
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
36939
|
+
"category": "Network"
|
|
36940
|
+
},
|
|
36941
|
+
{
|
|
36942
|
+
"id": "CWE-94",
|
|
36943
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
36944
|
+
"category": "Injection"
|
|
36945
|
+
}
|
|
36946
|
+
],
|
|
36947
|
+
"atlas": [
|
|
36948
|
+
{
|
|
36949
|
+
"id": "AML.T0010",
|
|
36950
|
+
"name": "ML Supply Chain Compromise",
|
|
36951
|
+
"tactic": "Initial Access"
|
|
36952
|
+
},
|
|
36953
|
+
{
|
|
36954
|
+
"id": "AML.T0016",
|
|
36955
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
36956
|
+
"tactic": "Resource Development"
|
|
36957
|
+
},
|
|
36958
|
+
{
|
|
36959
|
+
"id": "AML.T0017",
|
|
36960
|
+
"name": "Discover ML Model Ontology",
|
|
36961
|
+
"tactic": "Discovery"
|
|
36962
|
+
},
|
|
36963
|
+
{
|
|
36964
|
+
"id": "AML.T0018",
|
|
36965
|
+
"name": "Backdoor ML Model",
|
|
36966
|
+
"tactic": "Persistence"
|
|
36967
|
+
},
|
|
36968
|
+
{
|
|
36969
|
+
"id": "AML.T0020",
|
|
36970
|
+
"name": "Poison Training Data",
|
|
36971
|
+
"tactic": "ML Attack Staging"
|
|
36972
|
+
},
|
|
36973
|
+
{
|
|
36974
|
+
"id": "AML.T0043",
|
|
36975
|
+
"name": "Craft Adversarial Data",
|
|
36976
|
+
"tactic": "ML Attack Staging"
|
|
36977
|
+
},
|
|
36978
|
+
{
|
|
36979
|
+
"id": "AML.T0051",
|
|
36980
|
+
"name": "LLM Prompt Injection",
|
|
36981
|
+
"tactic": "Execution"
|
|
36982
|
+
},
|
|
36983
|
+
{
|
|
36984
|
+
"id": "AML.T0054",
|
|
36985
|
+
"name": "LLM Jailbreak",
|
|
36986
|
+
"tactic": "Defense Evasion"
|
|
36987
|
+
},
|
|
36988
|
+
{
|
|
36989
|
+
"id": "AML.T0096",
|
|
36990
|
+
"name": "AI API as Covert C2 Channel",
|
|
36991
|
+
"tactic": "Command and Control"
|
|
36992
|
+
}
|
|
36993
|
+
],
|
|
36994
|
+
"d3fend": [
|
|
36995
|
+
{
|
|
36996
|
+
"id": "D3-ASLR",
|
|
36997
|
+
"name": "Address Space Layout Randomization",
|
|
36998
|
+
"tactic": "Harden"
|
|
36999
|
+
},
|
|
37000
|
+
{
|
|
37001
|
+
"id": "D3-CSPP",
|
|
37002
|
+
"name": "Client-server Payload Profiling",
|
|
37003
|
+
"tactic": "Detect"
|
|
37004
|
+
},
|
|
37005
|
+
{
|
|
37006
|
+
"id": "D3-EAL",
|
|
37007
|
+
"name": "Executable Allowlisting",
|
|
37008
|
+
"tactic": "Harden"
|
|
37009
|
+
},
|
|
37010
|
+
{
|
|
37011
|
+
"id": "D3-IOPR",
|
|
37012
|
+
"name": "Input/Output Profiling Resource",
|
|
37013
|
+
"tactic": "Detect"
|
|
37014
|
+
},
|
|
37015
|
+
{
|
|
37016
|
+
"id": "D3-NTA",
|
|
37017
|
+
"name": "Network Traffic Analysis",
|
|
37018
|
+
"tactic": "Detect"
|
|
37019
|
+
},
|
|
37020
|
+
{
|
|
37021
|
+
"id": "D3-PHRA",
|
|
37022
|
+
"name": "Process Hardware Resource Access",
|
|
37023
|
+
"tactic": "Isolate"
|
|
37024
|
+
},
|
|
37025
|
+
{
|
|
37026
|
+
"id": "D3-PSEP",
|
|
37027
|
+
"name": "Process Segment Execution Prevention",
|
|
37028
|
+
"tactic": "Harden"
|
|
37029
|
+
}
|
|
37030
|
+
],
|
|
37031
|
+
"framework_gaps": [
|
|
37032
|
+
{
|
|
37033
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
37034
|
+
"framework": "ALL",
|
|
37035
|
+
"control_name": "AI Pipeline Integrity"
|
|
37036
|
+
},
|
|
37037
|
+
{
|
|
37038
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
37039
|
+
"framework": "ALL",
|
|
37040
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
37041
|
+
},
|
|
37042
|
+
{
|
|
37043
|
+
"id": "CIS-Controls-v8-Control7",
|
|
37044
|
+
"framework": "CIS Controls v8",
|
|
37045
|
+
"control_name": "Continuous Vulnerability Management"
|
|
37046
|
+
},
|
|
37047
|
+
{
|
|
37048
|
+
"id": "CMMC-2.0-Level-2",
|
|
37049
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
37050
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
37051
|
+
},
|
|
37052
|
+
{
|
|
37053
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
37054
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
37055
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
37056
|
+
},
|
|
37057
|
+
{
|
|
37058
|
+
"id": "IEC-62443-3-3",
|
|
37059
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
37060
|
+
"control_name": "System security requirements and security levels"
|
|
37061
|
+
},
|
|
37062
|
+
{
|
|
37063
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
37064
|
+
"framework": "ISO/IEC 27001:2022",
|
|
37065
|
+
"control_name": "Secure coding"
|
|
37066
|
+
},
|
|
37067
|
+
{
|
|
37068
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
37069
|
+
"framework": "ISO/IEC 27001:2022",
|
|
37070
|
+
"control_name": "Management of technical vulnerabilities"
|
|
37071
|
+
},
|
|
37072
|
+
{
|
|
37073
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
37074
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
37075
|
+
"control_name": "AI risk management process"
|
|
37076
|
+
},
|
|
37077
|
+
{
|
|
37078
|
+
"id": "NERC-CIP-007-6-R4",
|
|
37079
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
37080
|
+
"control_name": "Security event monitoring"
|
|
37081
|
+
},
|
|
37082
|
+
{
|
|
37083
|
+
"id": "NIS2-Art21-patch-management",
|
|
37084
|
+
"framework": "EU NIS2 Directive",
|
|
37085
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
37086
|
+
},
|
|
37087
|
+
{
|
|
37088
|
+
"id": "NIST-800-115",
|
|
37089
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
37090
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
37091
|
+
},
|
|
37092
|
+
{
|
|
37093
|
+
"id": "NIST-800-218-SSDF",
|
|
37094
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
37095
|
+
"control_name": "Secure Software Development Framework"
|
|
37096
|
+
},
|
|
37097
|
+
{
|
|
37098
|
+
"id": "NIST-800-53-AC-2",
|
|
37099
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
37100
|
+
"control_name": "Account Management"
|
|
37101
|
+
},
|
|
37102
|
+
{
|
|
37103
|
+
"id": "NIST-800-53-SC-8",
|
|
37104
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
37105
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
37106
|
+
},
|
|
37107
|
+
{
|
|
37108
|
+
"id": "NIST-800-53-SI-2",
|
|
37109
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
37110
|
+
"control_name": "Flaw Remediation"
|
|
37111
|
+
},
|
|
37112
|
+
{
|
|
37113
|
+
"id": "NIST-800-53-SI-3",
|
|
37114
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
37115
|
+
"control_name": "Malicious Code Protection"
|
|
37116
|
+
},
|
|
37117
|
+
{
|
|
37118
|
+
"id": "NIST-800-82r3",
|
|
37119
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
37120
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
37121
|
+
},
|
|
37122
|
+
{
|
|
37123
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
37124
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
37125
|
+
"control_name": "Prompt Injection"
|
|
37126
|
+
},
|
|
37127
|
+
{
|
|
37128
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
37129
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
37130
|
+
"control_name": "Sensitive Information Disclosure"
|
|
37131
|
+
},
|
|
37132
|
+
{
|
|
37133
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
37134
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
37135
|
+
"control_name": "Web application penetration testing methodology"
|
|
37136
|
+
},
|
|
37137
|
+
{
|
|
37138
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
37139
|
+
"framework": "PCI DSS 4.0",
|
|
37140
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
37141
|
+
},
|
|
37142
|
+
{
|
|
37143
|
+
"id": "PTES-Pre-engagement",
|
|
37144
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
37145
|
+
"control_name": "Pre-engagement Interactions"
|
|
37146
|
+
},
|
|
37147
|
+
{
|
|
37148
|
+
"id": "SOC2-CC6-logical-access",
|
|
37149
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
37150
|
+
"control_name": "Logical and Physical Access Controls"
|
|
37151
|
+
},
|
|
37152
|
+
{
|
|
37153
|
+
"id": "SOC2-CC9-vendor-management",
|
|
37154
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
37155
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
37156
|
+
}
|
|
37157
|
+
],
|
|
37158
|
+
"attack_refs": [
|
|
37159
|
+
"T0855",
|
|
37160
|
+
"T0883",
|
|
37161
|
+
"T1059",
|
|
37162
|
+
"T1068",
|
|
37163
|
+
"T1078",
|
|
37164
|
+
"T1133",
|
|
37165
|
+
"T1190",
|
|
37166
|
+
"T1548.001",
|
|
37167
|
+
"T1566"
|
|
37168
|
+
],
|
|
37169
|
+
"rfc_refs": [
|
|
37170
|
+
"RFC-4301",
|
|
37171
|
+
"RFC-4303",
|
|
37172
|
+
"RFC-7296"
|
|
37173
|
+
]
|
|
37174
|
+
}
|
|
37175
|
+
},
|
|
37176
|
+
"CVE-2024-0129": {
|
|
37177
|
+
"name": "NVIDIA NeMo SaveRestoreConnector .tar Path Traversal to Code Execution",
|
|
37178
|
+
"rwep": 25,
|
|
37179
|
+
"cvss": 7.8,
|
|
37180
|
+
"cisa_kev": false,
|
|
37181
|
+
"epss_score": null,
|
|
37182
|
+
"referencing_skills": [
|
|
37183
|
+
"kernel-lpe-triage",
|
|
37184
|
+
"ai-attack-surface",
|
|
37185
|
+
"compliance-theater",
|
|
37186
|
+
"attack-surface-pentest",
|
|
37187
|
+
"ot-ics-security",
|
|
37188
|
+
"coordinated-vuln-disclosure",
|
|
37189
|
+
"sector-energy"
|
|
37190
|
+
],
|
|
37191
|
+
"chain": {
|
|
37192
|
+
"cwes": [
|
|
37193
|
+
{
|
|
37194
|
+
"id": "CWE-1037",
|
|
37195
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
37196
|
+
"category": "Hardware / Side Channel"
|
|
37197
|
+
},
|
|
37198
|
+
{
|
|
37199
|
+
"id": "CWE-1039",
|
|
37200
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
37201
|
+
"category": "AI/ML"
|
|
37202
|
+
},
|
|
37203
|
+
{
|
|
37204
|
+
"id": "CWE-125",
|
|
37205
|
+
"name": "Out-of-bounds Read",
|
|
37206
|
+
"category": "Memory Safety"
|
|
37207
|
+
},
|
|
37208
|
+
{
|
|
37209
|
+
"id": "CWE-1357",
|
|
37210
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
37211
|
+
"category": "Supply Chain"
|
|
37212
|
+
},
|
|
37213
|
+
{
|
|
37214
|
+
"id": "CWE-1395",
|
|
37215
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
37216
|
+
"category": "Supply Chain"
|
|
37217
|
+
},
|
|
37218
|
+
{
|
|
37219
|
+
"id": "CWE-1426",
|
|
37220
|
+
"name": "Improper Validation of Generative AI Output",
|
|
37221
|
+
"category": "AI/ML"
|
|
37222
|
+
},
|
|
37223
|
+
{
|
|
37224
|
+
"id": "CWE-22",
|
|
37225
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
37226
|
+
"category": "Path/Resource"
|
|
37227
|
+
},
|
|
37228
|
+
{
|
|
37229
|
+
"id": "CWE-269",
|
|
37230
|
+
"name": "Improper Privilege Management",
|
|
37231
|
+
"category": "Authorization"
|
|
37232
|
+
},
|
|
37233
|
+
{
|
|
37234
|
+
"id": "CWE-287",
|
|
37235
|
+
"name": "Improper Authentication",
|
|
37236
|
+
"category": "Authentication"
|
|
37237
|
+
},
|
|
37238
|
+
{
|
|
37239
|
+
"id": "CWE-306",
|
|
37240
|
+
"name": "Missing Authentication for Critical Function",
|
|
37241
|
+
"category": "Authentication"
|
|
37242
|
+
},
|
|
37243
|
+
{
|
|
37244
|
+
"id": "CWE-352",
|
|
37245
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
37246
|
+
"category": "Session"
|
|
37247
|
+
},
|
|
37248
|
+
{
|
|
37249
|
+
"id": "CWE-362",
|
|
37250
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
37251
|
+
"category": "Concurrency"
|
|
37252
|
+
},
|
|
37253
|
+
{
|
|
37254
|
+
"id": "CWE-416",
|
|
37255
|
+
"name": "Use After Free",
|
|
37256
|
+
"category": "Memory Safety"
|
|
37257
|
+
},
|
|
37258
|
+
{
|
|
37259
|
+
"id": "CWE-434",
|
|
37260
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
37261
|
+
"category": "File Handling"
|
|
37262
|
+
},
|
|
37263
|
+
{
|
|
37264
|
+
"id": "CWE-672",
|
|
37265
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
37266
|
+
"category": "Memory Safety"
|
|
37267
|
+
},
|
|
37268
|
+
{
|
|
37269
|
+
"id": "CWE-732",
|
|
37270
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
37271
|
+
"category": "Authorization"
|
|
37272
|
+
},
|
|
37273
|
+
{
|
|
37274
|
+
"id": "CWE-78",
|
|
37275
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
37276
|
+
"category": "Injection"
|
|
37277
|
+
},
|
|
37278
|
+
{
|
|
37279
|
+
"id": "CWE-787",
|
|
37280
|
+
"name": "Out-of-bounds Write",
|
|
37281
|
+
"category": "Memory Safety"
|
|
37282
|
+
},
|
|
37283
|
+
{
|
|
37284
|
+
"id": "CWE-79",
|
|
37285
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
37286
|
+
"category": "Injection"
|
|
37287
|
+
},
|
|
37288
|
+
{
|
|
37289
|
+
"id": "CWE-798",
|
|
37290
|
+
"name": "Use of Hard-coded Credentials",
|
|
37291
|
+
"category": "Credentials"
|
|
37292
|
+
},
|
|
37293
|
+
{
|
|
37294
|
+
"id": "CWE-89",
|
|
37295
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
37296
|
+
"category": "Injection"
|
|
37297
|
+
},
|
|
37298
|
+
{
|
|
37299
|
+
"id": "CWE-918",
|
|
37300
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
37301
|
+
"category": "Network"
|
|
37302
|
+
},
|
|
37303
|
+
{
|
|
37304
|
+
"id": "CWE-94",
|
|
37305
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
37306
|
+
"category": "Injection"
|
|
37307
|
+
}
|
|
37308
|
+
],
|
|
37309
|
+
"atlas": [
|
|
37310
|
+
{
|
|
37311
|
+
"id": "AML.T0010",
|
|
37312
|
+
"name": "ML Supply Chain Compromise",
|
|
37313
|
+
"tactic": "Initial Access"
|
|
37314
|
+
},
|
|
37315
|
+
{
|
|
37316
|
+
"id": "AML.T0016",
|
|
37317
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
37318
|
+
"tactic": "Resource Development"
|
|
37319
|
+
},
|
|
37320
|
+
{
|
|
37321
|
+
"id": "AML.T0017",
|
|
37322
|
+
"name": "Discover ML Model Ontology",
|
|
37323
|
+
"tactic": "Discovery"
|
|
37324
|
+
},
|
|
37325
|
+
{
|
|
37326
|
+
"id": "AML.T0018",
|
|
37327
|
+
"name": "Backdoor ML Model",
|
|
37328
|
+
"tactic": "Persistence"
|
|
37329
|
+
},
|
|
37330
|
+
{
|
|
37331
|
+
"id": "AML.T0020",
|
|
37332
|
+
"name": "Poison Training Data",
|
|
37333
|
+
"tactic": "ML Attack Staging"
|
|
37334
|
+
},
|
|
37335
|
+
{
|
|
37336
|
+
"id": "AML.T0043",
|
|
37337
|
+
"name": "Craft Adversarial Data",
|
|
37338
|
+
"tactic": "ML Attack Staging"
|
|
37339
|
+
},
|
|
37340
|
+
{
|
|
37341
|
+
"id": "AML.T0051",
|
|
37342
|
+
"name": "LLM Prompt Injection",
|
|
37343
|
+
"tactic": "Execution"
|
|
37344
|
+
},
|
|
37345
|
+
{
|
|
37346
|
+
"id": "AML.T0054",
|
|
37347
|
+
"name": "LLM Jailbreak",
|
|
37348
|
+
"tactic": "Defense Evasion"
|
|
37349
|
+
},
|
|
37350
|
+
{
|
|
37351
|
+
"id": "AML.T0096",
|
|
37352
|
+
"name": "AI API as Covert C2 Channel",
|
|
37353
|
+
"tactic": "Command and Control"
|
|
37354
|
+
}
|
|
37355
|
+
],
|
|
37356
|
+
"d3fend": [
|
|
37357
|
+
{
|
|
37358
|
+
"id": "D3-ASLR",
|
|
37359
|
+
"name": "Address Space Layout Randomization",
|
|
37360
|
+
"tactic": "Harden"
|
|
37361
|
+
},
|
|
37362
|
+
{
|
|
37363
|
+
"id": "D3-CSPP",
|
|
37364
|
+
"name": "Client-server Payload Profiling",
|
|
37365
|
+
"tactic": "Detect"
|
|
37366
|
+
},
|
|
37367
|
+
{
|
|
37368
|
+
"id": "D3-EAL",
|
|
37369
|
+
"name": "Executable Allowlisting",
|
|
37370
|
+
"tactic": "Harden"
|
|
37371
|
+
},
|
|
37372
|
+
{
|
|
37373
|
+
"id": "D3-IOPR",
|
|
37374
|
+
"name": "Input/Output Profiling Resource",
|
|
37375
|
+
"tactic": "Detect"
|
|
37376
|
+
},
|
|
37377
|
+
{
|
|
37378
|
+
"id": "D3-NTA",
|
|
37379
|
+
"name": "Network Traffic Analysis",
|
|
37380
|
+
"tactic": "Detect"
|
|
37381
|
+
},
|
|
37382
|
+
{
|
|
37383
|
+
"id": "D3-PHRA",
|
|
37384
|
+
"name": "Process Hardware Resource Access",
|
|
37385
|
+
"tactic": "Isolate"
|
|
37386
|
+
},
|
|
37387
|
+
{
|
|
37388
|
+
"id": "D3-PSEP",
|
|
37389
|
+
"name": "Process Segment Execution Prevention",
|
|
37390
|
+
"tactic": "Harden"
|
|
37391
|
+
}
|
|
37392
|
+
],
|
|
37393
|
+
"framework_gaps": [
|
|
37394
|
+
{
|
|
37395
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
37396
|
+
"framework": "ALL",
|
|
37397
|
+
"control_name": "AI Pipeline Integrity"
|
|
37398
|
+
},
|
|
37399
|
+
{
|
|
37400
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
37401
|
+
"framework": "ALL",
|
|
37402
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
37403
|
+
},
|
|
37404
|
+
{
|
|
37405
|
+
"id": "CIS-Controls-v8-Control7",
|
|
37406
|
+
"framework": "CIS Controls v8",
|
|
37407
|
+
"control_name": "Continuous Vulnerability Management"
|
|
37408
|
+
},
|
|
37409
|
+
{
|
|
37410
|
+
"id": "CMMC-2.0-Level-2",
|
|
37411
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
37412
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
37413
|
+
},
|
|
37414
|
+
{
|
|
37415
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
37416
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
37417
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
37418
|
+
},
|
|
37419
|
+
{
|
|
37420
|
+
"id": "IEC-62443-3-3",
|
|
37421
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
37422
|
+
"control_name": "System security requirements and security levels"
|
|
37423
|
+
},
|
|
37424
|
+
{
|
|
37425
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
37426
|
+
"framework": "ISO/IEC 27001:2022",
|
|
37427
|
+
"control_name": "Secure coding"
|
|
37428
|
+
},
|
|
37429
|
+
{
|
|
37430
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
37431
|
+
"framework": "ISO/IEC 27001:2022",
|
|
37432
|
+
"control_name": "Management of technical vulnerabilities"
|
|
37433
|
+
},
|
|
37434
|
+
{
|
|
37435
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
37436
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
37437
|
+
"control_name": "AI risk management process"
|
|
37438
|
+
},
|
|
37439
|
+
{
|
|
37440
|
+
"id": "NERC-CIP-007-6-R4",
|
|
37441
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
37442
|
+
"control_name": "Security event monitoring"
|
|
37443
|
+
},
|
|
37444
|
+
{
|
|
37445
|
+
"id": "NIS2-Art21-patch-management",
|
|
37446
|
+
"framework": "EU NIS2 Directive",
|
|
37447
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
37448
|
+
},
|
|
37449
|
+
{
|
|
37450
|
+
"id": "NIST-800-115",
|
|
37451
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
37452
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
37453
|
+
},
|
|
37454
|
+
{
|
|
37455
|
+
"id": "NIST-800-218-SSDF",
|
|
37456
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
37457
|
+
"control_name": "Secure Software Development Framework"
|
|
37458
|
+
},
|
|
37459
|
+
{
|
|
37460
|
+
"id": "NIST-800-53-AC-2",
|
|
37461
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
37462
|
+
"control_name": "Account Management"
|
|
37463
|
+
},
|
|
37464
|
+
{
|
|
37465
|
+
"id": "NIST-800-53-SC-8",
|
|
37466
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
37467
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
37468
|
+
},
|
|
37469
|
+
{
|
|
37470
|
+
"id": "NIST-800-53-SI-2",
|
|
37471
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
37472
|
+
"control_name": "Flaw Remediation"
|
|
37473
|
+
},
|
|
37474
|
+
{
|
|
37475
|
+
"id": "NIST-800-53-SI-3",
|
|
37476
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
37477
|
+
"control_name": "Malicious Code Protection"
|
|
37478
|
+
},
|
|
37479
|
+
{
|
|
37480
|
+
"id": "NIST-800-82r3",
|
|
37481
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
37482
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
37483
|
+
},
|
|
37484
|
+
{
|
|
37485
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
37486
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
37487
|
+
"control_name": "Prompt Injection"
|
|
37488
|
+
},
|
|
37489
|
+
{
|
|
37490
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
37491
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
37492
|
+
"control_name": "Sensitive Information Disclosure"
|
|
37493
|
+
},
|
|
37494
|
+
{
|
|
37495
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
37496
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
37497
|
+
"control_name": "Web application penetration testing methodology"
|
|
37498
|
+
},
|
|
37499
|
+
{
|
|
37500
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
37501
|
+
"framework": "PCI DSS 4.0",
|
|
37502
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
37503
|
+
},
|
|
37504
|
+
{
|
|
37505
|
+
"id": "PTES-Pre-engagement",
|
|
37506
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
37507
|
+
"control_name": "Pre-engagement Interactions"
|
|
37508
|
+
},
|
|
37509
|
+
{
|
|
37510
|
+
"id": "SOC2-CC6-logical-access",
|
|
37511
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
37512
|
+
"control_name": "Logical and Physical Access Controls"
|
|
37513
|
+
},
|
|
37514
|
+
{
|
|
37515
|
+
"id": "SOC2-CC9-vendor-management",
|
|
37516
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
37517
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
37518
|
+
}
|
|
37519
|
+
],
|
|
37520
|
+
"attack_refs": [
|
|
37521
|
+
"T0855",
|
|
37522
|
+
"T0883",
|
|
37523
|
+
"T1059",
|
|
37524
|
+
"T1068",
|
|
37525
|
+
"T1078",
|
|
37526
|
+
"T1133",
|
|
37527
|
+
"T1190",
|
|
37528
|
+
"T1548.001",
|
|
37529
|
+
"T1566"
|
|
37530
|
+
],
|
|
37531
|
+
"rfc_refs": [
|
|
37532
|
+
"RFC-4301",
|
|
37533
|
+
"RFC-4303",
|
|
37534
|
+
"RFC-7296"
|
|
37535
|
+
]
|
|
37536
|
+
}
|
|
37537
|
+
},
|
|
36090
37538
|
"CVE-2026-41091": {
|
|
36091
37539
|
"name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
|
|
36092
37540
|
"rwep": 45,
|
|
@@ -62468,6 +63916,9 @@
|
|
|
62468
63916
|
"CVE-2023-44467",
|
|
62469
63917
|
"CVE-2023-48022",
|
|
62470
63918
|
"CVE-2023-51449",
|
|
63919
|
+
"CVE-2023-6019",
|
|
63920
|
+
"CVE-2023-6021",
|
|
63921
|
+
"CVE-2024-0129",
|
|
62471
63922
|
"CVE-2024-0132",
|
|
62472
63923
|
"CVE-2024-11392",
|
|
62473
63924
|
"CVE-2024-11393",
|
|
@@ -62498,6 +63949,7 @@
|
|
|
62498
63949
|
"CVE-2025-30165",
|
|
62499
63950
|
"CVE-2025-30202",
|
|
62500
63951
|
"CVE-2025-32444",
|
|
63952
|
+
"CVE-2025-33236",
|
|
62501
63953
|
"CVE-2025-34291",
|
|
62502
63954
|
"CVE-2025-38352",
|
|
62503
63955
|
"CVE-2025-43300",
|
|
@@ -62869,6 +64321,9 @@
|
|
|
62869
64321
|
"CVE-2023-44467",
|
|
62870
64322
|
"CVE-2023-48022",
|
|
62871
64323
|
"CVE-2023-51449",
|
|
64324
|
+
"CVE-2023-6019",
|
|
64325
|
+
"CVE-2023-6021",
|
|
64326
|
+
"CVE-2024-0129",
|
|
62872
64327
|
"CVE-2024-0132",
|
|
62873
64328
|
"CVE-2024-11392",
|
|
62874
64329
|
"CVE-2024-11393",
|
|
@@ -62897,6 +64352,7 @@
|
|
|
62897
64352
|
"CVE-2025-30165",
|
|
62898
64353
|
"CVE-2025-30202",
|
|
62899
64354
|
"CVE-2025-32444",
|
|
64355
|
+
"CVE-2025-33236",
|
|
62900
64356
|
"CVE-2025-34291",
|
|
62901
64357
|
"CVE-2025-38352",
|
|
62902
64358
|
"CVE-2025-43300",
|
|
@@ -63061,6 +64517,9 @@
|
|
|
63061
64517
|
"CVE-2023-44467",
|
|
63062
64518
|
"CVE-2023-48022",
|
|
63063
64519
|
"CVE-2023-51449",
|
|
64520
|
+
"CVE-2023-6019",
|
|
64521
|
+
"CVE-2023-6021",
|
|
64522
|
+
"CVE-2024-0129",
|
|
63064
64523
|
"CVE-2024-0132",
|
|
63065
64524
|
"CVE-2024-11392",
|
|
63066
64525
|
"CVE-2024-11393",
|
|
@@ -63089,6 +64548,7 @@
|
|
|
63089
64548
|
"CVE-2025-30165",
|
|
63090
64549
|
"CVE-2025-30202",
|
|
63091
64550
|
"CVE-2025-32444",
|
|
64551
|
+
"CVE-2025-33236",
|
|
63092
64552
|
"CVE-2025-34291",
|
|
63093
64553
|
"CVE-2025-38352",
|
|
63094
64554
|
"CVE-2025-43300",
|
|
@@ -63267,6 +64727,9 @@
|
|
|
63267
64727
|
"CVE-2023-44467",
|
|
63268
64728
|
"CVE-2023-48022",
|
|
63269
64729
|
"CVE-2023-51449",
|
|
64730
|
+
"CVE-2023-6019",
|
|
64731
|
+
"CVE-2023-6021",
|
|
64732
|
+
"CVE-2024-0129",
|
|
63270
64733
|
"CVE-2024-0132",
|
|
63271
64734
|
"CVE-2024-11392",
|
|
63272
64735
|
"CVE-2024-11393",
|
|
@@ -63295,6 +64758,7 @@
|
|
|
63295
64758
|
"CVE-2025-30165",
|
|
63296
64759
|
"CVE-2025-30202",
|
|
63297
64760
|
"CVE-2025-32444",
|
|
64761
|
+
"CVE-2025-33236",
|
|
63298
64762
|
"CVE-2025-34291",
|
|
63299
64763
|
"CVE-2025-38352",
|
|
63300
64764
|
"CVE-2025-43300",
|
|
@@ -63577,6 +65041,9 @@
|
|
|
63577
65041
|
"CVE-2023-44467",
|
|
63578
65042
|
"CVE-2023-48022",
|
|
63579
65043
|
"CVE-2023-51449",
|
|
65044
|
+
"CVE-2023-6019",
|
|
65045
|
+
"CVE-2023-6021",
|
|
65046
|
+
"CVE-2024-0129",
|
|
63580
65047
|
"CVE-2024-0132",
|
|
63581
65048
|
"CVE-2024-11392",
|
|
63582
65049
|
"CVE-2024-11393",
|
|
@@ -63606,6 +65073,7 @@
|
|
|
63606
65073
|
"CVE-2025-30165",
|
|
63607
65074
|
"CVE-2025-30202",
|
|
63608
65075
|
"CVE-2025-32444",
|
|
65076
|
+
"CVE-2025-33236",
|
|
63609
65077
|
"CVE-2025-34291",
|
|
63610
65078
|
"CVE-2025-49596",
|
|
63611
65079
|
"CVE-2025-49844",
|
|
@@ -63843,6 +65311,9 @@
|
|
|
63843
65311
|
"CVE-2023-50224",
|
|
63844
65312
|
"CVE-2023-51449",
|
|
63845
65313
|
"CVE-2023-52163",
|
|
65314
|
+
"CVE-2023-6019",
|
|
65315
|
+
"CVE-2023-6021",
|
|
65316
|
+
"CVE-2024-0129",
|
|
63846
65317
|
"CVE-2024-0132",
|
|
63847
65318
|
"CVE-2024-0769",
|
|
63848
65319
|
"CVE-2024-11182",
|
|
@@ -63935,6 +65406,7 @@
|
|
|
63935
65406
|
"CVE-2025-32975",
|
|
63936
65407
|
"CVE-2025-33053",
|
|
63937
65408
|
"CVE-2025-33073",
|
|
65409
|
+
"CVE-2025-33236",
|
|
63938
65410
|
"CVE-2025-34026",
|
|
63939
65411
|
"CVE-2025-34291",
|
|
63940
65412
|
"CVE-2025-35939",
|
|
@@ -64697,6 +66169,9 @@
|
|
|
64697
66169
|
"CVE-2023-44467",
|
|
64698
66170
|
"CVE-2023-48022",
|
|
64699
66171
|
"CVE-2023-51449",
|
|
66172
|
+
"CVE-2023-6019",
|
|
66173
|
+
"CVE-2023-6021",
|
|
66174
|
+
"CVE-2024-0129",
|
|
64700
66175
|
"CVE-2024-0132",
|
|
64701
66176
|
"CVE-2024-11392",
|
|
64702
66177
|
"CVE-2024-11393",
|
|
@@ -64727,6 +66202,7 @@
|
|
|
64727
66202
|
"CVE-2025-30165",
|
|
64728
66203
|
"CVE-2025-30202",
|
|
64729
66204
|
"CVE-2025-32444",
|
|
66205
|
+
"CVE-2025-33236",
|
|
64730
66206
|
"CVE-2025-34291",
|
|
64731
66207
|
"CVE-2025-38352",
|
|
64732
66208
|
"CVE-2025-43300",
|
|
@@ -65328,6 +66804,9 @@
|
|
|
65328
66804
|
"CVE-2023-44467",
|
|
65329
66805
|
"CVE-2023-48022",
|
|
65330
66806
|
"CVE-2023-51449",
|
|
66807
|
+
"CVE-2023-6019",
|
|
66808
|
+
"CVE-2023-6021",
|
|
66809
|
+
"CVE-2024-0129",
|
|
65331
66810
|
"CVE-2024-0132",
|
|
65332
66811
|
"CVE-2024-11392",
|
|
65333
66812
|
"CVE-2024-11393",
|
|
@@ -65358,6 +66837,7 @@
|
|
|
65358
66837
|
"CVE-2025-30165",
|
|
65359
66838
|
"CVE-2025-30202",
|
|
65360
66839
|
"CVE-2025-32444",
|
|
66840
|
+
"CVE-2025-33236",
|
|
65361
66841
|
"CVE-2025-34291",
|
|
65362
66842
|
"CVE-2025-38352",
|
|
65363
66843
|
"CVE-2025-43300",
|
|
@@ -65597,6 +67077,9 @@
|
|
|
65597
67077
|
"CVE-2023-44467",
|
|
65598
67078
|
"CVE-2023-48022",
|
|
65599
67079
|
"CVE-2023-51449",
|
|
67080
|
+
"CVE-2023-6019",
|
|
67081
|
+
"CVE-2023-6021",
|
|
67082
|
+
"CVE-2024-0129",
|
|
65600
67083
|
"CVE-2024-0132",
|
|
65601
67084
|
"CVE-2024-11392",
|
|
65602
67085
|
"CVE-2024-11393",
|
|
@@ -65625,6 +67108,7 @@
|
|
|
65625
67108
|
"CVE-2025-30165",
|
|
65626
67109
|
"CVE-2025-30202",
|
|
65627
67110
|
"CVE-2025-32444",
|
|
67111
|
+
"CVE-2025-33236",
|
|
65628
67112
|
"CVE-2025-34291",
|
|
65629
67113
|
"CVE-2025-38352",
|
|
65630
67114
|
"CVE-2025-43300",
|
|
@@ -66292,6 +67776,9 @@
|
|
|
66292
67776
|
"CVE-2023-44467",
|
|
66293
67777
|
"CVE-2023-48022",
|
|
66294
67778
|
"CVE-2023-51449",
|
|
67779
|
+
"CVE-2023-6019",
|
|
67780
|
+
"CVE-2023-6021",
|
|
67781
|
+
"CVE-2024-0129",
|
|
66295
67782
|
"CVE-2024-0132",
|
|
66296
67783
|
"CVE-2024-11392",
|
|
66297
67784
|
"CVE-2024-11393",
|
|
@@ -66322,6 +67809,7 @@
|
|
|
66322
67809
|
"CVE-2025-30165",
|
|
66323
67810
|
"CVE-2025-30202",
|
|
66324
67811
|
"CVE-2025-32444",
|
|
67812
|
+
"CVE-2025-33236",
|
|
66325
67813
|
"CVE-2025-34291",
|
|
66326
67814
|
"CVE-2025-38352",
|
|
66327
67815
|
"CVE-2025-43300",
|
|
@@ -66565,6 +68053,9 @@
|
|
|
66565
68053
|
"CVE-2023-50224",
|
|
66566
68054
|
"CVE-2023-51449",
|
|
66567
68055
|
"CVE-2023-52163",
|
|
68056
|
+
"CVE-2023-6019",
|
|
68057
|
+
"CVE-2023-6021",
|
|
68058
|
+
"CVE-2024-0129",
|
|
66568
68059
|
"CVE-2024-0132",
|
|
66569
68060
|
"CVE-2024-0769",
|
|
66570
68061
|
"CVE-2024-11182",
|
|
@@ -66657,6 +68148,7 @@
|
|
|
66657
68148
|
"CVE-2025-32975",
|
|
66658
68149
|
"CVE-2025-33053",
|
|
66659
68150
|
"CVE-2025-33073",
|
|
68151
|
+
"CVE-2025-33236",
|
|
66660
68152
|
"CVE-2025-34026",
|
|
66661
68153
|
"CVE-2025-34291",
|
|
66662
68154
|
"CVE-2025-35939",
|
|
@@ -67017,6 +68509,9 @@
|
|
|
67017
68509
|
"CVE-2023-50224",
|
|
67018
68510
|
"CVE-2023-51449",
|
|
67019
68511
|
"CVE-2023-52163",
|
|
68512
|
+
"CVE-2023-6019",
|
|
68513
|
+
"CVE-2023-6021",
|
|
68514
|
+
"CVE-2024-0129",
|
|
67020
68515
|
"CVE-2024-0132",
|
|
67021
68516
|
"CVE-2024-0769",
|
|
67022
68517
|
"CVE-2024-11182",
|
|
@@ -67109,6 +68604,7 @@
|
|
|
67109
68604
|
"CVE-2025-32975",
|
|
67110
68605
|
"CVE-2025-33053",
|
|
67111
68606
|
"CVE-2025-33073",
|
|
68607
|
+
"CVE-2025-33236",
|
|
67112
68608
|
"CVE-2025-34026",
|
|
67113
68609
|
"CVE-2025-34291",
|
|
67114
68610
|
"CVE-2025-35939",
|
|
@@ -67500,6 +68996,9 @@
|
|
|
67500
68996
|
"CVE-2023-44467",
|
|
67501
68997
|
"CVE-2023-48022",
|
|
67502
68998
|
"CVE-2023-51449",
|
|
68999
|
+
"CVE-2023-6019",
|
|
69000
|
+
"CVE-2023-6021",
|
|
69001
|
+
"CVE-2024-0129",
|
|
67503
69002
|
"CVE-2024-0132",
|
|
67504
69003
|
"CVE-2024-11392",
|
|
67505
69004
|
"CVE-2024-11393",
|
|
@@ -67530,6 +69029,7 @@
|
|
|
67530
69029
|
"CVE-2025-30165",
|
|
67531
69030
|
"CVE-2025-30202",
|
|
67532
69031
|
"CVE-2025-32444",
|
|
69032
|
+
"CVE-2025-33236",
|
|
67533
69033
|
"CVE-2025-34291",
|
|
67534
69034
|
"CVE-2025-38352",
|
|
67535
69035
|
"CVE-2025-43300",
|
|
@@ -68325,6 +69825,9 @@
|
|
|
68325
69825
|
"CVE-2023-50224",
|
|
68326
69826
|
"CVE-2023-51449",
|
|
68327
69827
|
"CVE-2023-52163",
|
|
69828
|
+
"CVE-2023-6019",
|
|
69829
|
+
"CVE-2023-6021",
|
|
69830
|
+
"CVE-2024-0129",
|
|
68328
69831
|
"CVE-2024-0132",
|
|
68329
69832
|
"CVE-2024-0769",
|
|
68330
69833
|
"CVE-2024-11182",
|
|
@@ -68417,6 +69920,7 @@
|
|
|
68417
69920
|
"CVE-2025-32975",
|
|
68418
69921
|
"CVE-2025-33053",
|
|
68419
69922
|
"CVE-2025-33073",
|
|
69923
|
+
"CVE-2025-33236",
|
|
68420
69924
|
"CVE-2025-34026",
|
|
68421
69925
|
"CVE-2025-34291",
|
|
68422
69926
|
"CVE-2025-35939",
|
|
@@ -68872,6 +70376,9 @@
|
|
|
68872
70376
|
"CVE-2023-44467",
|
|
68873
70377
|
"CVE-2023-48022",
|
|
68874
70378
|
"CVE-2023-51449",
|
|
70379
|
+
"CVE-2023-6019",
|
|
70380
|
+
"CVE-2023-6021",
|
|
70381
|
+
"CVE-2024-0129",
|
|
68875
70382
|
"CVE-2024-0132",
|
|
68876
70383
|
"CVE-2024-11392",
|
|
68877
70384
|
"CVE-2024-11393",
|
|
@@ -68902,6 +70409,7 @@
|
|
|
68902
70409
|
"CVE-2025-30165",
|
|
68903
70410
|
"CVE-2025-30202",
|
|
68904
70411
|
"CVE-2025-32444",
|
|
70412
|
+
"CVE-2025-33236",
|
|
68905
70413
|
"CVE-2025-34291",
|
|
68906
70414
|
"CVE-2025-38352",
|
|
68907
70415
|
"CVE-2025-43300",
|
|
@@ -69223,6 +70731,9 @@
|
|
|
69223
70731
|
"CVE-2023-50224",
|
|
69224
70732
|
"CVE-2023-51449",
|
|
69225
70733
|
"CVE-2023-52163",
|
|
70734
|
+
"CVE-2023-6019",
|
|
70735
|
+
"CVE-2023-6021",
|
|
70736
|
+
"CVE-2024-0129",
|
|
69226
70737
|
"CVE-2024-0132",
|
|
69227
70738
|
"CVE-2024-0769",
|
|
69228
70739
|
"CVE-2024-11182",
|
|
@@ -69318,6 +70829,7 @@
|
|
|
69318
70829
|
"CVE-2025-32975",
|
|
69319
70830
|
"CVE-2025-33053",
|
|
69320
70831
|
"CVE-2025-33073",
|
|
70832
|
+
"CVE-2025-33236",
|
|
69321
70833
|
"CVE-2025-34026",
|
|
69322
70834
|
"CVE-2025-34291",
|
|
69323
70835
|
"CVE-2025-35939",
|
|
@@ -69789,6 +71301,9 @@
|
|
|
69789
71301
|
"CVE-2023-44467",
|
|
69790
71302
|
"CVE-2023-48022",
|
|
69791
71303
|
"CVE-2023-51449",
|
|
71304
|
+
"CVE-2023-6019",
|
|
71305
|
+
"CVE-2023-6021",
|
|
71306
|
+
"CVE-2024-0129",
|
|
69792
71307
|
"CVE-2024-0132",
|
|
69793
71308
|
"CVE-2024-11392",
|
|
69794
71309
|
"CVE-2024-11393",
|
|
@@ -69818,6 +71333,7 @@
|
|
|
69818
71333
|
"CVE-2025-30165",
|
|
69819
71334
|
"CVE-2025-30202",
|
|
69820
71335
|
"CVE-2025-32444",
|
|
71336
|
+
"CVE-2025-33236",
|
|
69821
71337
|
"CVE-2025-34291",
|
|
69822
71338
|
"CVE-2025-38352",
|
|
69823
71339
|
"CVE-2025-43300",
|
|
@@ -70755,6 +72271,9 @@
|
|
|
70755
72271
|
"CVE-2023-44467",
|
|
70756
72272
|
"CVE-2023-48022",
|
|
70757
72273
|
"CVE-2023-51449",
|
|
72274
|
+
"CVE-2023-6019",
|
|
72275
|
+
"CVE-2023-6021",
|
|
72276
|
+
"CVE-2024-0129",
|
|
70758
72277
|
"CVE-2024-0132",
|
|
70759
72278
|
"CVE-2024-11392",
|
|
70760
72279
|
"CVE-2024-11393",
|
|
@@ -70785,6 +72304,7 @@
|
|
|
70785
72304
|
"CVE-2025-30165",
|
|
70786
72305
|
"CVE-2025-30202",
|
|
70787
72306
|
"CVE-2025-32444",
|
|
72307
|
+
"CVE-2025-33236",
|
|
70788
72308
|
"CVE-2025-34291",
|
|
70789
72309
|
"CVE-2025-38352",
|
|
70790
72310
|
"CVE-2025-43300",
|
|
@@ -70885,6 +72405,9 @@
|
|
|
70885
72405
|
"CVE-2023-44467",
|
|
70886
72406
|
"CVE-2023-48022",
|
|
70887
72407
|
"CVE-2023-51449",
|
|
72408
|
+
"CVE-2023-6019",
|
|
72409
|
+
"CVE-2023-6021",
|
|
72410
|
+
"CVE-2024-0129",
|
|
70888
72411
|
"CVE-2024-0132",
|
|
70889
72412
|
"CVE-2024-11392",
|
|
70890
72413
|
"CVE-2024-11393",
|
|
@@ -70912,6 +72435,7 @@
|
|
|
70912
72435
|
"CVE-2025-30165",
|
|
70913
72436
|
"CVE-2025-30202",
|
|
70914
72437
|
"CVE-2025-32444",
|
|
72438
|
+
"CVE-2025-33236",
|
|
70915
72439
|
"CVE-2025-34291",
|
|
70916
72440
|
"CVE-2025-38352",
|
|
70917
72441
|
"CVE-2025-43300",
|
|
@@ -71085,6 +72609,9 @@
|
|
|
71085
72609
|
"CVE-2023-44467",
|
|
71086
72610
|
"CVE-2023-48022",
|
|
71087
72611
|
"CVE-2023-51449",
|
|
72612
|
+
"CVE-2023-6019",
|
|
72613
|
+
"CVE-2023-6021",
|
|
72614
|
+
"CVE-2024-0129",
|
|
71088
72615
|
"CVE-2024-0132",
|
|
71089
72616
|
"CVE-2024-11392",
|
|
71090
72617
|
"CVE-2024-11393",
|
|
@@ -71112,6 +72639,7 @@
|
|
|
71112
72639
|
"CVE-2025-30165",
|
|
71113
72640
|
"CVE-2025-30202",
|
|
71114
72641
|
"CVE-2025-32444",
|
|
72642
|
+
"CVE-2025-33236",
|
|
71115
72643
|
"CVE-2025-34291",
|
|
71116
72644
|
"CVE-2025-49596",
|
|
71117
72645
|
"CVE-2025-53773",
|
|
@@ -71535,6 +73063,9 @@
|
|
|
71535
73063
|
"CVE-2023-50224",
|
|
71536
73064
|
"CVE-2023-51449",
|
|
71537
73065
|
"CVE-2023-52163",
|
|
73066
|
+
"CVE-2023-6019",
|
|
73067
|
+
"CVE-2023-6021",
|
|
73068
|
+
"CVE-2024-0129",
|
|
71538
73069
|
"CVE-2024-0769",
|
|
71539
73070
|
"CVE-2024-11182",
|
|
71540
73071
|
"CVE-2024-11392",
|
|
@@ -71624,6 +73155,7 @@
|
|
|
71624
73155
|
"CVE-2025-32975",
|
|
71625
73156
|
"CVE-2025-33053",
|
|
71626
73157
|
"CVE-2025-33073",
|
|
73158
|
+
"CVE-2025-33236",
|
|
71627
73159
|
"CVE-2025-34026",
|
|
71628
73160
|
"CVE-2025-34291",
|
|
71629
73161
|
"CVE-2025-35939",
|
|
@@ -72007,6 +73539,9 @@
|
|
|
72007
73539
|
"CVE-2023-44467",
|
|
72008
73540
|
"CVE-2023-48022",
|
|
72009
73541
|
"CVE-2023-51449",
|
|
73542
|
+
"CVE-2023-6019",
|
|
73543
|
+
"CVE-2023-6021",
|
|
73544
|
+
"CVE-2024-0129",
|
|
72010
73545
|
"CVE-2024-0132",
|
|
72011
73546
|
"CVE-2024-11392",
|
|
72012
73547
|
"CVE-2024-11393",
|
|
@@ -72037,6 +73572,7 @@
|
|
|
72037
73572
|
"CVE-2025-30165",
|
|
72038
73573
|
"CVE-2025-30202",
|
|
72039
73574
|
"CVE-2025-32444",
|
|
73575
|
+
"CVE-2025-33236",
|
|
72040
73576
|
"CVE-2025-34291",
|
|
72041
73577
|
"CVE-2025-38352",
|
|
72042
73578
|
"CVE-2025-43300",
|
|
@@ -72330,6 +73866,9 @@
|
|
|
72330
73866
|
"CVE-2023-44467",
|
|
72331
73867
|
"CVE-2023-48022",
|
|
72332
73868
|
"CVE-2023-51449",
|
|
73869
|
+
"CVE-2023-6019",
|
|
73870
|
+
"CVE-2023-6021",
|
|
73871
|
+
"CVE-2024-0129",
|
|
72333
73872
|
"CVE-2024-0132",
|
|
72334
73873
|
"CVE-2024-11392",
|
|
72335
73874
|
"CVE-2024-11393",
|
|
@@ -72361,6 +73900,7 @@
|
|
|
72361
73900
|
"CVE-2025-30165",
|
|
72362
73901
|
"CVE-2025-30202",
|
|
72363
73902
|
"CVE-2025-32444",
|
|
73903
|
+
"CVE-2025-33236",
|
|
72364
73904
|
"CVE-2025-34291",
|
|
72365
73905
|
"CVE-2025-49596",
|
|
72366
73906
|
"CVE-2025-53767",
|