@blamejs/exceptd-skills 0.13.98 → 0.13.100

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +1155 -0
  6. package/data/atlas-ttps.json +9 -0
  7. package/data/attack-techniques.json +9 -0
  8. package/data/cve-catalog.json +318 -0
  9. package/data/cwe-catalog.json +3 -0
  10. package/data/framework-control-gaps.json +24 -0
  11. package/data/zeroday-lessons.json +150 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -36811,6 +36811,1092 @@
36811
36811
  ]
36812
36812
  }
36813
36813
  },
36814
+ "CVE-2025-33236": {
36815
+ "name": "NVIDIA NeMo Framework Malicious Model Import Code Injection RCE",
36816
+ "rwep": 27,
36817
+ "cvss": 7.8,
36818
+ "cisa_kev": false,
36819
+ "epss_score": null,
36820
+ "referencing_skills": [
36821
+ "kernel-lpe-triage",
36822
+ "ai-attack-surface",
36823
+ "compliance-theater",
36824
+ "attack-surface-pentest",
36825
+ "ot-ics-security",
36826
+ "coordinated-vuln-disclosure",
36827
+ "sector-energy"
36828
+ ],
36829
+ "chain": {
36830
+ "cwes": [
36831
+ {
36832
+ "id": "CWE-1037",
36833
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
36834
+ "category": "Hardware / Side Channel"
36835
+ },
36836
+ {
36837
+ "id": "CWE-1039",
36838
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
36839
+ "category": "AI/ML"
36840
+ },
36841
+ {
36842
+ "id": "CWE-125",
36843
+ "name": "Out-of-bounds Read",
36844
+ "category": "Memory Safety"
36845
+ },
36846
+ {
36847
+ "id": "CWE-1357",
36848
+ "name": "Reliance on Insufficiently Trustworthy Component",
36849
+ "category": "Supply Chain"
36850
+ },
36851
+ {
36852
+ "id": "CWE-1395",
36853
+ "name": "Dependency on Vulnerable Third-Party Component",
36854
+ "category": "Supply Chain"
36855
+ },
36856
+ {
36857
+ "id": "CWE-1426",
36858
+ "name": "Improper Validation of Generative AI Output",
36859
+ "category": "AI/ML"
36860
+ },
36861
+ {
36862
+ "id": "CWE-22",
36863
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
36864
+ "category": "Path/Resource"
36865
+ },
36866
+ {
36867
+ "id": "CWE-269",
36868
+ "name": "Improper Privilege Management",
36869
+ "category": "Authorization"
36870
+ },
36871
+ {
36872
+ "id": "CWE-287",
36873
+ "name": "Improper Authentication",
36874
+ "category": "Authentication"
36875
+ },
36876
+ {
36877
+ "id": "CWE-306",
36878
+ "name": "Missing Authentication for Critical Function",
36879
+ "category": "Authentication"
36880
+ },
36881
+ {
36882
+ "id": "CWE-352",
36883
+ "name": "Cross-Site Request Forgery (CSRF)",
36884
+ "category": "Session"
36885
+ },
36886
+ {
36887
+ "id": "CWE-362",
36888
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
36889
+ "category": "Concurrency"
36890
+ },
36891
+ {
36892
+ "id": "CWE-416",
36893
+ "name": "Use After Free",
36894
+ "category": "Memory Safety"
36895
+ },
36896
+ {
36897
+ "id": "CWE-434",
36898
+ "name": "Unrestricted Upload of File with Dangerous Type",
36899
+ "category": "File Handling"
36900
+ },
36901
+ {
36902
+ "id": "CWE-672",
36903
+ "name": "Operation on a Resource after Expiration or Release",
36904
+ "category": "Memory Safety"
36905
+ },
36906
+ {
36907
+ "id": "CWE-732",
36908
+ "name": "Incorrect Permission Assignment for Critical Resource",
36909
+ "category": "Authorization"
36910
+ },
36911
+ {
36912
+ "id": "CWE-78",
36913
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
36914
+ "category": "Injection"
36915
+ },
36916
+ {
36917
+ "id": "CWE-787",
36918
+ "name": "Out-of-bounds Write",
36919
+ "category": "Memory Safety"
36920
+ },
36921
+ {
36922
+ "id": "CWE-79",
36923
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
36924
+ "category": "Injection"
36925
+ },
36926
+ {
36927
+ "id": "CWE-798",
36928
+ "name": "Use of Hard-coded Credentials",
36929
+ "category": "Credentials"
36930
+ },
36931
+ {
36932
+ "id": "CWE-89",
36933
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
36934
+ "category": "Injection"
36935
+ },
36936
+ {
36937
+ "id": "CWE-918",
36938
+ "name": "Server-Side Request Forgery (SSRF)",
36939
+ "category": "Network"
36940
+ },
36941
+ {
36942
+ "id": "CWE-94",
36943
+ "name": "Improper Control of Generation of Code (Code Injection)",
36944
+ "category": "Injection"
36945
+ }
36946
+ ],
36947
+ "atlas": [
36948
+ {
36949
+ "id": "AML.T0010",
36950
+ "name": "ML Supply Chain Compromise",
36951
+ "tactic": "Initial Access"
36952
+ },
36953
+ {
36954
+ "id": "AML.T0016",
36955
+ "name": "Obtain Capabilities: Develop Capabilities",
36956
+ "tactic": "Resource Development"
36957
+ },
36958
+ {
36959
+ "id": "AML.T0017",
36960
+ "name": "Discover ML Model Ontology",
36961
+ "tactic": "Discovery"
36962
+ },
36963
+ {
36964
+ "id": "AML.T0018",
36965
+ "name": "Backdoor ML Model",
36966
+ "tactic": "Persistence"
36967
+ },
36968
+ {
36969
+ "id": "AML.T0020",
36970
+ "name": "Poison Training Data",
36971
+ "tactic": "ML Attack Staging"
36972
+ },
36973
+ {
36974
+ "id": "AML.T0043",
36975
+ "name": "Craft Adversarial Data",
36976
+ "tactic": "ML Attack Staging"
36977
+ },
36978
+ {
36979
+ "id": "AML.T0051",
36980
+ "name": "LLM Prompt Injection",
36981
+ "tactic": "Execution"
36982
+ },
36983
+ {
36984
+ "id": "AML.T0054",
36985
+ "name": "LLM Jailbreak",
36986
+ "tactic": "Defense Evasion"
36987
+ },
36988
+ {
36989
+ "id": "AML.T0096",
36990
+ "name": "AI API as Covert C2 Channel",
36991
+ "tactic": "Command and Control"
36992
+ }
36993
+ ],
36994
+ "d3fend": [
36995
+ {
36996
+ "id": "D3-ASLR",
36997
+ "name": "Address Space Layout Randomization",
36998
+ "tactic": "Harden"
36999
+ },
37000
+ {
37001
+ "id": "D3-CSPP",
37002
+ "name": "Client-server Payload Profiling",
37003
+ "tactic": "Detect"
37004
+ },
37005
+ {
37006
+ "id": "D3-EAL",
37007
+ "name": "Executable Allowlisting",
37008
+ "tactic": "Harden"
37009
+ },
37010
+ {
37011
+ "id": "D3-IOPR",
37012
+ "name": "Input/Output Profiling Resource",
37013
+ "tactic": "Detect"
37014
+ },
37015
+ {
37016
+ "id": "D3-NTA",
37017
+ "name": "Network Traffic Analysis",
37018
+ "tactic": "Detect"
37019
+ },
37020
+ {
37021
+ "id": "D3-PHRA",
37022
+ "name": "Process Hardware Resource Access",
37023
+ "tactic": "Isolate"
37024
+ },
37025
+ {
37026
+ "id": "D3-PSEP",
37027
+ "name": "Process Segment Execution Prevention",
37028
+ "tactic": "Harden"
37029
+ }
37030
+ ],
37031
+ "framework_gaps": [
37032
+ {
37033
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
37034
+ "framework": "ALL",
37035
+ "control_name": "AI Pipeline Integrity"
37036
+ },
37037
+ {
37038
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
37039
+ "framework": "ALL",
37040
+ "control_name": "Prompt Injection as Access Control Failure"
37041
+ },
37042
+ {
37043
+ "id": "CIS-Controls-v8-Control7",
37044
+ "framework": "CIS Controls v8",
37045
+ "control_name": "Continuous Vulnerability Management"
37046
+ },
37047
+ {
37048
+ "id": "CMMC-2.0-Level-2",
37049
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
37050
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
37051
+ },
37052
+ {
37053
+ "id": "FedRAMP-Rev5-Moderate",
37054
+ "framework": "FedRAMP Rev 5 Moderate",
37055
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
37056
+ },
37057
+ {
37058
+ "id": "IEC-62443-3-3",
37059
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
37060
+ "control_name": "System security requirements and security levels"
37061
+ },
37062
+ {
37063
+ "id": "ISO-27001-2022-A.8.28",
37064
+ "framework": "ISO/IEC 27001:2022",
37065
+ "control_name": "Secure coding"
37066
+ },
37067
+ {
37068
+ "id": "ISO-27001-2022-A.8.8",
37069
+ "framework": "ISO/IEC 27001:2022",
37070
+ "control_name": "Management of technical vulnerabilities"
37071
+ },
37072
+ {
37073
+ "id": "ISO-IEC-23894-2023-clause-7",
37074
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
37075
+ "control_name": "AI risk management process"
37076
+ },
37077
+ {
37078
+ "id": "NERC-CIP-007-6-R4",
37079
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
37080
+ "control_name": "Security event monitoring"
37081
+ },
37082
+ {
37083
+ "id": "NIS2-Art21-patch-management",
37084
+ "framework": "EU NIS2 Directive",
37085
+ "control_name": "Vulnerability handling and disclosure"
37086
+ },
37087
+ {
37088
+ "id": "NIST-800-115",
37089
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
37090
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
37091
+ },
37092
+ {
37093
+ "id": "NIST-800-218-SSDF",
37094
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
37095
+ "control_name": "Secure Software Development Framework"
37096
+ },
37097
+ {
37098
+ "id": "NIST-800-53-AC-2",
37099
+ "framework": "NIST SP 800-53 Rev 5",
37100
+ "control_name": "Account Management"
37101
+ },
37102
+ {
37103
+ "id": "NIST-800-53-SC-8",
37104
+ "framework": "NIST SP 800-53 Rev 5",
37105
+ "control_name": "Transmission Confidentiality and Integrity"
37106
+ },
37107
+ {
37108
+ "id": "NIST-800-53-SI-2",
37109
+ "framework": "NIST SP 800-53 Rev 5",
37110
+ "control_name": "Flaw Remediation"
37111
+ },
37112
+ {
37113
+ "id": "NIST-800-53-SI-3",
37114
+ "framework": "NIST SP 800-53 Rev 5",
37115
+ "control_name": "Malicious Code Protection"
37116
+ },
37117
+ {
37118
+ "id": "NIST-800-82r3",
37119
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
37120
+ "control_name": "Guide to Operational Technology (OT) Security"
37121
+ },
37122
+ {
37123
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
37124
+ "framework": "OWASP Top 10 for LLM Applications 2025",
37125
+ "control_name": "Prompt Injection"
37126
+ },
37127
+ {
37128
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
37129
+ "framework": "OWASP Top 10 for LLM Applications 2025",
37130
+ "control_name": "Sensitive Information Disclosure"
37131
+ },
37132
+ {
37133
+ "id": "OWASP-Pen-Testing-Guide-v5",
37134
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
37135
+ "control_name": "Web application penetration testing methodology"
37136
+ },
37137
+ {
37138
+ "id": "PCI-DSS-4.0-6.3.3",
37139
+ "framework": "PCI DSS 4.0",
37140
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
37141
+ },
37142
+ {
37143
+ "id": "PTES-Pre-engagement",
37144
+ "framework": "Penetration Testing Execution Standard (PTES)",
37145
+ "control_name": "Pre-engagement Interactions"
37146
+ },
37147
+ {
37148
+ "id": "SOC2-CC6-logical-access",
37149
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
37150
+ "control_name": "Logical and Physical Access Controls"
37151
+ },
37152
+ {
37153
+ "id": "SOC2-CC9-vendor-management",
37154
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
37155
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
37156
+ }
37157
+ ],
37158
+ "attack_refs": [
37159
+ "T0855",
37160
+ "T0883",
37161
+ "T1059",
37162
+ "T1068",
37163
+ "T1078",
37164
+ "T1133",
37165
+ "T1190",
37166
+ "T1548.001",
37167
+ "T1566"
37168
+ ],
37169
+ "rfc_refs": [
37170
+ "RFC-4301",
37171
+ "RFC-4303",
37172
+ "RFC-7296"
37173
+ ]
37174
+ }
37175
+ },
37176
+ "CVE-2024-0129": {
37177
+ "name": "NVIDIA NeMo SaveRestoreConnector .tar Path Traversal to Code Execution",
37178
+ "rwep": 25,
37179
+ "cvss": 7.8,
37180
+ "cisa_kev": false,
37181
+ "epss_score": null,
37182
+ "referencing_skills": [
37183
+ "kernel-lpe-triage",
37184
+ "ai-attack-surface",
37185
+ "compliance-theater",
37186
+ "attack-surface-pentest",
37187
+ "ot-ics-security",
37188
+ "coordinated-vuln-disclosure",
37189
+ "sector-energy"
37190
+ ],
37191
+ "chain": {
37192
+ "cwes": [
37193
+ {
37194
+ "id": "CWE-1037",
37195
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
37196
+ "category": "Hardware / Side Channel"
37197
+ },
37198
+ {
37199
+ "id": "CWE-1039",
37200
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
37201
+ "category": "AI/ML"
37202
+ },
37203
+ {
37204
+ "id": "CWE-125",
37205
+ "name": "Out-of-bounds Read",
37206
+ "category": "Memory Safety"
37207
+ },
37208
+ {
37209
+ "id": "CWE-1357",
37210
+ "name": "Reliance on Insufficiently Trustworthy Component",
37211
+ "category": "Supply Chain"
37212
+ },
37213
+ {
37214
+ "id": "CWE-1395",
37215
+ "name": "Dependency on Vulnerable Third-Party Component",
37216
+ "category": "Supply Chain"
37217
+ },
37218
+ {
37219
+ "id": "CWE-1426",
37220
+ "name": "Improper Validation of Generative AI Output",
37221
+ "category": "AI/ML"
37222
+ },
37223
+ {
37224
+ "id": "CWE-22",
37225
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
37226
+ "category": "Path/Resource"
37227
+ },
37228
+ {
37229
+ "id": "CWE-269",
37230
+ "name": "Improper Privilege Management",
37231
+ "category": "Authorization"
37232
+ },
37233
+ {
37234
+ "id": "CWE-287",
37235
+ "name": "Improper Authentication",
37236
+ "category": "Authentication"
37237
+ },
37238
+ {
37239
+ "id": "CWE-306",
37240
+ "name": "Missing Authentication for Critical Function",
37241
+ "category": "Authentication"
37242
+ },
37243
+ {
37244
+ "id": "CWE-352",
37245
+ "name": "Cross-Site Request Forgery (CSRF)",
37246
+ "category": "Session"
37247
+ },
37248
+ {
37249
+ "id": "CWE-362",
37250
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
37251
+ "category": "Concurrency"
37252
+ },
37253
+ {
37254
+ "id": "CWE-416",
37255
+ "name": "Use After Free",
37256
+ "category": "Memory Safety"
37257
+ },
37258
+ {
37259
+ "id": "CWE-434",
37260
+ "name": "Unrestricted Upload of File with Dangerous Type",
37261
+ "category": "File Handling"
37262
+ },
37263
+ {
37264
+ "id": "CWE-672",
37265
+ "name": "Operation on a Resource after Expiration or Release",
37266
+ "category": "Memory Safety"
37267
+ },
37268
+ {
37269
+ "id": "CWE-732",
37270
+ "name": "Incorrect Permission Assignment for Critical Resource",
37271
+ "category": "Authorization"
37272
+ },
37273
+ {
37274
+ "id": "CWE-78",
37275
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
37276
+ "category": "Injection"
37277
+ },
37278
+ {
37279
+ "id": "CWE-787",
37280
+ "name": "Out-of-bounds Write",
37281
+ "category": "Memory Safety"
37282
+ },
37283
+ {
37284
+ "id": "CWE-79",
37285
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
37286
+ "category": "Injection"
37287
+ },
37288
+ {
37289
+ "id": "CWE-798",
37290
+ "name": "Use of Hard-coded Credentials",
37291
+ "category": "Credentials"
37292
+ },
37293
+ {
37294
+ "id": "CWE-89",
37295
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
37296
+ "category": "Injection"
37297
+ },
37298
+ {
37299
+ "id": "CWE-918",
37300
+ "name": "Server-Side Request Forgery (SSRF)",
37301
+ "category": "Network"
37302
+ },
37303
+ {
37304
+ "id": "CWE-94",
37305
+ "name": "Improper Control of Generation of Code (Code Injection)",
37306
+ "category": "Injection"
37307
+ }
37308
+ ],
37309
+ "atlas": [
37310
+ {
37311
+ "id": "AML.T0010",
37312
+ "name": "ML Supply Chain Compromise",
37313
+ "tactic": "Initial Access"
37314
+ },
37315
+ {
37316
+ "id": "AML.T0016",
37317
+ "name": "Obtain Capabilities: Develop Capabilities",
37318
+ "tactic": "Resource Development"
37319
+ },
37320
+ {
37321
+ "id": "AML.T0017",
37322
+ "name": "Discover ML Model Ontology",
37323
+ "tactic": "Discovery"
37324
+ },
37325
+ {
37326
+ "id": "AML.T0018",
37327
+ "name": "Backdoor ML Model",
37328
+ "tactic": "Persistence"
37329
+ },
37330
+ {
37331
+ "id": "AML.T0020",
37332
+ "name": "Poison Training Data",
37333
+ "tactic": "ML Attack Staging"
37334
+ },
37335
+ {
37336
+ "id": "AML.T0043",
37337
+ "name": "Craft Adversarial Data",
37338
+ "tactic": "ML Attack Staging"
37339
+ },
37340
+ {
37341
+ "id": "AML.T0051",
37342
+ "name": "LLM Prompt Injection",
37343
+ "tactic": "Execution"
37344
+ },
37345
+ {
37346
+ "id": "AML.T0054",
37347
+ "name": "LLM Jailbreak",
37348
+ "tactic": "Defense Evasion"
37349
+ },
37350
+ {
37351
+ "id": "AML.T0096",
37352
+ "name": "AI API as Covert C2 Channel",
37353
+ "tactic": "Command and Control"
37354
+ }
37355
+ ],
37356
+ "d3fend": [
37357
+ {
37358
+ "id": "D3-ASLR",
37359
+ "name": "Address Space Layout Randomization",
37360
+ "tactic": "Harden"
37361
+ },
37362
+ {
37363
+ "id": "D3-CSPP",
37364
+ "name": "Client-server Payload Profiling",
37365
+ "tactic": "Detect"
37366
+ },
37367
+ {
37368
+ "id": "D3-EAL",
37369
+ "name": "Executable Allowlisting",
37370
+ "tactic": "Harden"
37371
+ },
37372
+ {
37373
+ "id": "D3-IOPR",
37374
+ "name": "Input/Output Profiling Resource",
37375
+ "tactic": "Detect"
37376
+ },
37377
+ {
37378
+ "id": "D3-NTA",
37379
+ "name": "Network Traffic Analysis",
37380
+ "tactic": "Detect"
37381
+ },
37382
+ {
37383
+ "id": "D3-PHRA",
37384
+ "name": "Process Hardware Resource Access",
37385
+ "tactic": "Isolate"
37386
+ },
37387
+ {
37388
+ "id": "D3-PSEP",
37389
+ "name": "Process Segment Execution Prevention",
37390
+ "tactic": "Harden"
37391
+ }
37392
+ ],
37393
+ "framework_gaps": [
37394
+ {
37395
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
37396
+ "framework": "ALL",
37397
+ "control_name": "AI Pipeline Integrity"
37398
+ },
37399
+ {
37400
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
37401
+ "framework": "ALL",
37402
+ "control_name": "Prompt Injection as Access Control Failure"
37403
+ },
37404
+ {
37405
+ "id": "CIS-Controls-v8-Control7",
37406
+ "framework": "CIS Controls v8",
37407
+ "control_name": "Continuous Vulnerability Management"
37408
+ },
37409
+ {
37410
+ "id": "CMMC-2.0-Level-2",
37411
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
37412
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
37413
+ },
37414
+ {
37415
+ "id": "FedRAMP-Rev5-Moderate",
37416
+ "framework": "FedRAMP Rev 5 Moderate",
37417
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
37418
+ },
37419
+ {
37420
+ "id": "IEC-62443-3-3",
37421
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
37422
+ "control_name": "System security requirements and security levels"
37423
+ },
37424
+ {
37425
+ "id": "ISO-27001-2022-A.8.28",
37426
+ "framework": "ISO/IEC 27001:2022",
37427
+ "control_name": "Secure coding"
37428
+ },
37429
+ {
37430
+ "id": "ISO-27001-2022-A.8.8",
37431
+ "framework": "ISO/IEC 27001:2022",
37432
+ "control_name": "Management of technical vulnerabilities"
37433
+ },
37434
+ {
37435
+ "id": "ISO-IEC-23894-2023-clause-7",
37436
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
37437
+ "control_name": "AI risk management process"
37438
+ },
37439
+ {
37440
+ "id": "NERC-CIP-007-6-R4",
37441
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
37442
+ "control_name": "Security event monitoring"
37443
+ },
37444
+ {
37445
+ "id": "NIS2-Art21-patch-management",
37446
+ "framework": "EU NIS2 Directive",
37447
+ "control_name": "Vulnerability handling and disclosure"
37448
+ },
37449
+ {
37450
+ "id": "NIST-800-115",
37451
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
37452
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
37453
+ },
37454
+ {
37455
+ "id": "NIST-800-218-SSDF",
37456
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
37457
+ "control_name": "Secure Software Development Framework"
37458
+ },
37459
+ {
37460
+ "id": "NIST-800-53-AC-2",
37461
+ "framework": "NIST SP 800-53 Rev 5",
37462
+ "control_name": "Account Management"
37463
+ },
37464
+ {
37465
+ "id": "NIST-800-53-SC-8",
37466
+ "framework": "NIST SP 800-53 Rev 5",
37467
+ "control_name": "Transmission Confidentiality and Integrity"
37468
+ },
37469
+ {
37470
+ "id": "NIST-800-53-SI-2",
37471
+ "framework": "NIST SP 800-53 Rev 5",
37472
+ "control_name": "Flaw Remediation"
37473
+ },
37474
+ {
37475
+ "id": "NIST-800-53-SI-3",
37476
+ "framework": "NIST SP 800-53 Rev 5",
37477
+ "control_name": "Malicious Code Protection"
37478
+ },
37479
+ {
37480
+ "id": "NIST-800-82r3",
37481
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
37482
+ "control_name": "Guide to Operational Technology (OT) Security"
37483
+ },
37484
+ {
37485
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
37486
+ "framework": "OWASP Top 10 for LLM Applications 2025",
37487
+ "control_name": "Prompt Injection"
37488
+ },
37489
+ {
37490
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
37491
+ "framework": "OWASP Top 10 for LLM Applications 2025",
37492
+ "control_name": "Sensitive Information Disclosure"
37493
+ },
37494
+ {
37495
+ "id": "OWASP-Pen-Testing-Guide-v5",
37496
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
37497
+ "control_name": "Web application penetration testing methodology"
37498
+ },
37499
+ {
37500
+ "id": "PCI-DSS-4.0-6.3.3",
37501
+ "framework": "PCI DSS 4.0",
37502
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
37503
+ },
37504
+ {
37505
+ "id": "PTES-Pre-engagement",
37506
+ "framework": "Penetration Testing Execution Standard (PTES)",
37507
+ "control_name": "Pre-engagement Interactions"
37508
+ },
37509
+ {
37510
+ "id": "SOC2-CC6-logical-access",
37511
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
37512
+ "control_name": "Logical and Physical Access Controls"
37513
+ },
37514
+ {
37515
+ "id": "SOC2-CC9-vendor-management",
37516
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
37517
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
37518
+ }
37519
+ ],
37520
+ "attack_refs": [
37521
+ "T0855",
37522
+ "T0883",
37523
+ "T1059",
37524
+ "T1068",
37525
+ "T1078",
37526
+ "T1133",
37527
+ "T1190",
37528
+ "T1548.001",
37529
+ "T1566"
37530
+ ],
37531
+ "rfc_refs": [
37532
+ "RFC-4301",
37533
+ "RFC-4303",
37534
+ "RFC-7296"
37535
+ ]
37536
+ }
37537
+ },
37538
+ "CVE-2025-32434": {
37539
+ "name": "PyTorch torch.load Remote Code Execution Despite weights_only=True",
37540
+ "rwep": 33,
37541
+ "cvss": 9.8,
37542
+ "cisa_kev": false,
37543
+ "epss_score": null,
37544
+ "referencing_skills": [
37545
+ "kernel-lpe-triage",
37546
+ "ai-attack-surface",
37547
+ "compliance-theater",
37548
+ "attack-surface-pentest",
37549
+ "ot-ics-security",
37550
+ "coordinated-vuln-disclosure",
37551
+ "sector-energy"
37552
+ ],
37553
+ "chain": {
37554
+ "cwes": [
37555
+ {
37556
+ "id": "CWE-1037",
37557
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
37558
+ "category": "Hardware / Side Channel"
37559
+ },
37560
+ {
37561
+ "id": "CWE-1039",
37562
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
37563
+ "category": "AI/ML"
37564
+ },
37565
+ {
37566
+ "id": "CWE-125",
37567
+ "name": "Out-of-bounds Read",
37568
+ "category": "Memory Safety"
37569
+ },
37570
+ {
37571
+ "id": "CWE-1357",
37572
+ "name": "Reliance on Insufficiently Trustworthy Component",
37573
+ "category": "Supply Chain"
37574
+ },
37575
+ {
37576
+ "id": "CWE-1395",
37577
+ "name": "Dependency on Vulnerable Third-Party Component",
37578
+ "category": "Supply Chain"
37579
+ },
37580
+ {
37581
+ "id": "CWE-1426",
37582
+ "name": "Improper Validation of Generative AI Output",
37583
+ "category": "AI/ML"
37584
+ },
37585
+ {
37586
+ "id": "CWE-22",
37587
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
37588
+ "category": "Path/Resource"
37589
+ },
37590
+ {
37591
+ "id": "CWE-269",
37592
+ "name": "Improper Privilege Management",
37593
+ "category": "Authorization"
37594
+ },
37595
+ {
37596
+ "id": "CWE-287",
37597
+ "name": "Improper Authentication",
37598
+ "category": "Authentication"
37599
+ },
37600
+ {
37601
+ "id": "CWE-306",
37602
+ "name": "Missing Authentication for Critical Function",
37603
+ "category": "Authentication"
37604
+ },
37605
+ {
37606
+ "id": "CWE-352",
37607
+ "name": "Cross-Site Request Forgery (CSRF)",
37608
+ "category": "Session"
37609
+ },
37610
+ {
37611
+ "id": "CWE-362",
37612
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
37613
+ "category": "Concurrency"
37614
+ },
37615
+ {
37616
+ "id": "CWE-416",
37617
+ "name": "Use After Free",
37618
+ "category": "Memory Safety"
37619
+ },
37620
+ {
37621
+ "id": "CWE-434",
37622
+ "name": "Unrestricted Upload of File with Dangerous Type",
37623
+ "category": "File Handling"
37624
+ },
37625
+ {
37626
+ "id": "CWE-672",
37627
+ "name": "Operation on a Resource after Expiration or Release",
37628
+ "category": "Memory Safety"
37629
+ },
37630
+ {
37631
+ "id": "CWE-732",
37632
+ "name": "Incorrect Permission Assignment for Critical Resource",
37633
+ "category": "Authorization"
37634
+ },
37635
+ {
37636
+ "id": "CWE-78",
37637
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
37638
+ "category": "Injection"
37639
+ },
37640
+ {
37641
+ "id": "CWE-787",
37642
+ "name": "Out-of-bounds Write",
37643
+ "category": "Memory Safety"
37644
+ },
37645
+ {
37646
+ "id": "CWE-79",
37647
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
37648
+ "category": "Injection"
37649
+ },
37650
+ {
37651
+ "id": "CWE-798",
37652
+ "name": "Use of Hard-coded Credentials",
37653
+ "category": "Credentials"
37654
+ },
37655
+ {
37656
+ "id": "CWE-89",
37657
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
37658
+ "category": "Injection"
37659
+ },
37660
+ {
37661
+ "id": "CWE-918",
37662
+ "name": "Server-Side Request Forgery (SSRF)",
37663
+ "category": "Network"
37664
+ },
37665
+ {
37666
+ "id": "CWE-94",
37667
+ "name": "Improper Control of Generation of Code (Code Injection)",
37668
+ "category": "Injection"
37669
+ }
37670
+ ],
37671
+ "atlas": [
37672
+ {
37673
+ "id": "AML.T0010",
37674
+ "name": "ML Supply Chain Compromise",
37675
+ "tactic": "Initial Access"
37676
+ },
37677
+ {
37678
+ "id": "AML.T0016",
37679
+ "name": "Obtain Capabilities: Develop Capabilities",
37680
+ "tactic": "Resource Development"
37681
+ },
37682
+ {
37683
+ "id": "AML.T0017",
37684
+ "name": "Discover ML Model Ontology",
37685
+ "tactic": "Discovery"
37686
+ },
37687
+ {
37688
+ "id": "AML.T0018",
37689
+ "name": "Backdoor ML Model",
37690
+ "tactic": "Persistence"
37691
+ },
37692
+ {
37693
+ "id": "AML.T0020",
37694
+ "name": "Poison Training Data",
37695
+ "tactic": "ML Attack Staging"
37696
+ },
37697
+ {
37698
+ "id": "AML.T0043",
37699
+ "name": "Craft Adversarial Data",
37700
+ "tactic": "ML Attack Staging"
37701
+ },
37702
+ {
37703
+ "id": "AML.T0051",
37704
+ "name": "LLM Prompt Injection",
37705
+ "tactic": "Execution"
37706
+ },
37707
+ {
37708
+ "id": "AML.T0054",
37709
+ "name": "LLM Jailbreak",
37710
+ "tactic": "Defense Evasion"
37711
+ },
37712
+ {
37713
+ "id": "AML.T0096",
37714
+ "name": "AI API as Covert C2 Channel",
37715
+ "tactic": "Command and Control"
37716
+ }
37717
+ ],
37718
+ "d3fend": [
37719
+ {
37720
+ "id": "D3-ASLR",
37721
+ "name": "Address Space Layout Randomization",
37722
+ "tactic": "Harden"
37723
+ },
37724
+ {
37725
+ "id": "D3-CSPP",
37726
+ "name": "Client-server Payload Profiling",
37727
+ "tactic": "Detect"
37728
+ },
37729
+ {
37730
+ "id": "D3-EAL",
37731
+ "name": "Executable Allowlisting",
37732
+ "tactic": "Harden"
37733
+ },
37734
+ {
37735
+ "id": "D3-IOPR",
37736
+ "name": "Input/Output Profiling Resource",
37737
+ "tactic": "Detect"
37738
+ },
37739
+ {
37740
+ "id": "D3-NTA",
37741
+ "name": "Network Traffic Analysis",
37742
+ "tactic": "Detect"
37743
+ },
37744
+ {
37745
+ "id": "D3-PHRA",
37746
+ "name": "Process Hardware Resource Access",
37747
+ "tactic": "Isolate"
37748
+ },
37749
+ {
37750
+ "id": "D3-PSEP",
37751
+ "name": "Process Segment Execution Prevention",
37752
+ "tactic": "Harden"
37753
+ }
37754
+ ],
37755
+ "framework_gaps": [
37756
+ {
37757
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
37758
+ "framework": "ALL",
37759
+ "control_name": "AI Pipeline Integrity"
37760
+ },
37761
+ {
37762
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
37763
+ "framework": "ALL",
37764
+ "control_name": "Prompt Injection as Access Control Failure"
37765
+ },
37766
+ {
37767
+ "id": "CIS-Controls-v8-Control7",
37768
+ "framework": "CIS Controls v8",
37769
+ "control_name": "Continuous Vulnerability Management"
37770
+ },
37771
+ {
37772
+ "id": "CMMC-2.0-Level-2",
37773
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
37774
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
37775
+ },
37776
+ {
37777
+ "id": "FedRAMP-Rev5-Moderate",
37778
+ "framework": "FedRAMP Rev 5 Moderate",
37779
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
37780
+ },
37781
+ {
37782
+ "id": "IEC-62443-3-3",
37783
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
37784
+ "control_name": "System security requirements and security levels"
37785
+ },
37786
+ {
37787
+ "id": "ISO-27001-2022-A.8.28",
37788
+ "framework": "ISO/IEC 27001:2022",
37789
+ "control_name": "Secure coding"
37790
+ },
37791
+ {
37792
+ "id": "ISO-27001-2022-A.8.8",
37793
+ "framework": "ISO/IEC 27001:2022",
37794
+ "control_name": "Management of technical vulnerabilities"
37795
+ },
37796
+ {
37797
+ "id": "ISO-IEC-23894-2023-clause-7",
37798
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
37799
+ "control_name": "AI risk management process"
37800
+ },
37801
+ {
37802
+ "id": "NERC-CIP-007-6-R4",
37803
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
37804
+ "control_name": "Security event monitoring"
37805
+ },
37806
+ {
37807
+ "id": "NIS2-Art21-patch-management",
37808
+ "framework": "EU NIS2 Directive",
37809
+ "control_name": "Vulnerability handling and disclosure"
37810
+ },
37811
+ {
37812
+ "id": "NIST-800-115",
37813
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
37814
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
37815
+ },
37816
+ {
37817
+ "id": "NIST-800-218-SSDF",
37818
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
37819
+ "control_name": "Secure Software Development Framework"
37820
+ },
37821
+ {
37822
+ "id": "NIST-800-53-AC-2",
37823
+ "framework": "NIST SP 800-53 Rev 5",
37824
+ "control_name": "Account Management"
37825
+ },
37826
+ {
37827
+ "id": "NIST-800-53-SC-8",
37828
+ "framework": "NIST SP 800-53 Rev 5",
37829
+ "control_name": "Transmission Confidentiality and Integrity"
37830
+ },
37831
+ {
37832
+ "id": "NIST-800-53-SI-2",
37833
+ "framework": "NIST SP 800-53 Rev 5",
37834
+ "control_name": "Flaw Remediation"
37835
+ },
37836
+ {
37837
+ "id": "NIST-800-53-SI-3",
37838
+ "framework": "NIST SP 800-53 Rev 5",
37839
+ "control_name": "Malicious Code Protection"
37840
+ },
37841
+ {
37842
+ "id": "NIST-800-82r3",
37843
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
37844
+ "control_name": "Guide to Operational Technology (OT) Security"
37845
+ },
37846
+ {
37847
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
37848
+ "framework": "OWASP Top 10 for LLM Applications 2025",
37849
+ "control_name": "Prompt Injection"
37850
+ },
37851
+ {
37852
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
37853
+ "framework": "OWASP Top 10 for LLM Applications 2025",
37854
+ "control_name": "Sensitive Information Disclosure"
37855
+ },
37856
+ {
37857
+ "id": "OWASP-Pen-Testing-Guide-v5",
37858
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
37859
+ "control_name": "Web application penetration testing methodology"
37860
+ },
37861
+ {
37862
+ "id": "PCI-DSS-4.0-6.3.3",
37863
+ "framework": "PCI DSS 4.0",
37864
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
37865
+ },
37866
+ {
37867
+ "id": "PTES-Pre-engagement",
37868
+ "framework": "Penetration Testing Execution Standard (PTES)",
37869
+ "control_name": "Pre-engagement Interactions"
37870
+ },
37871
+ {
37872
+ "id": "SOC2-CC6-logical-access",
37873
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
37874
+ "control_name": "Logical and Physical Access Controls"
37875
+ },
37876
+ {
37877
+ "id": "SOC2-CC9-vendor-management",
37878
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
37879
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
37880
+ }
37881
+ ],
37882
+ "attack_refs": [
37883
+ "T0855",
37884
+ "T0883",
37885
+ "T1059",
37886
+ "T1068",
37887
+ "T1078",
37888
+ "T1133",
37889
+ "T1190",
37890
+ "T1548.001",
37891
+ "T1566"
37892
+ ],
37893
+ "rfc_refs": [
37894
+ "RFC-4301",
37895
+ "RFC-4303",
37896
+ "RFC-7296"
37897
+ ]
37898
+ }
37899
+ },
36814
37900
  "CVE-2026-41091": {
36815
37901
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
36816
37902
  "rwep": 45,
@@ -63194,6 +64280,7 @@
63194
64280
  "CVE-2023-51449",
63195
64281
  "CVE-2023-6019",
63196
64282
  "CVE-2023-6021",
64283
+ "CVE-2024-0129",
63197
64284
  "CVE-2024-0132",
63198
64285
  "CVE-2024-11392",
63199
64286
  "CVE-2024-11393",
@@ -63223,7 +64310,9 @@
63223
64310
  "CVE-2025-23266",
63224
64311
  "CVE-2025-30165",
63225
64312
  "CVE-2025-30202",
64313
+ "CVE-2025-32434",
63226
64314
  "CVE-2025-32444",
64315
+ "CVE-2025-33236",
63227
64316
  "CVE-2025-34291",
63228
64317
  "CVE-2025-38352",
63229
64318
  "CVE-2025-43300",
@@ -63597,6 +64686,7 @@
63597
64686
  "CVE-2023-51449",
63598
64687
  "CVE-2023-6019",
63599
64688
  "CVE-2023-6021",
64689
+ "CVE-2024-0129",
63600
64690
  "CVE-2024-0132",
63601
64691
  "CVE-2024-11392",
63602
64692
  "CVE-2024-11393",
@@ -63624,7 +64714,9 @@
63624
64714
  "CVE-2025-23266",
63625
64715
  "CVE-2025-30165",
63626
64716
  "CVE-2025-30202",
64717
+ "CVE-2025-32434",
63627
64718
  "CVE-2025-32444",
64719
+ "CVE-2025-33236",
63628
64720
  "CVE-2025-34291",
63629
64721
  "CVE-2025-38352",
63630
64722
  "CVE-2025-43300",
@@ -63791,6 +64883,7 @@
63791
64883
  "CVE-2023-51449",
63792
64884
  "CVE-2023-6019",
63793
64885
  "CVE-2023-6021",
64886
+ "CVE-2024-0129",
63794
64887
  "CVE-2024-0132",
63795
64888
  "CVE-2024-11392",
63796
64889
  "CVE-2024-11393",
@@ -63818,7 +64911,9 @@
63818
64911
  "CVE-2025-23266",
63819
64912
  "CVE-2025-30165",
63820
64913
  "CVE-2025-30202",
64914
+ "CVE-2025-32434",
63821
64915
  "CVE-2025-32444",
64916
+ "CVE-2025-33236",
63822
64917
  "CVE-2025-34291",
63823
64918
  "CVE-2025-38352",
63824
64919
  "CVE-2025-43300",
@@ -63999,6 +65094,7 @@
63999
65094
  "CVE-2023-51449",
64000
65095
  "CVE-2023-6019",
64001
65096
  "CVE-2023-6021",
65097
+ "CVE-2024-0129",
64002
65098
  "CVE-2024-0132",
64003
65099
  "CVE-2024-11392",
64004
65100
  "CVE-2024-11393",
@@ -64026,7 +65122,9 @@
64026
65122
  "CVE-2025-23266",
64027
65123
  "CVE-2025-30165",
64028
65124
  "CVE-2025-30202",
65125
+ "CVE-2025-32434",
64029
65126
  "CVE-2025-32444",
65127
+ "CVE-2025-33236",
64030
65128
  "CVE-2025-34291",
64031
65129
  "CVE-2025-38352",
64032
65130
  "CVE-2025-43300",
@@ -64311,6 +65409,7 @@
64311
65409
  "CVE-2023-51449",
64312
65410
  "CVE-2023-6019",
64313
65411
  "CVE-2023-6021",
65412
+ "CVE-2024-0129",
64314
65413
  "CVE-2024-0132",
64315
65414
  "CVE-2024-11392",
64316
65415
  "CVE-2024-11393",
@@ -64339,7 +65438,9 @@
64339
65438
  "CVE-2025-23266",
64340
65439
  "CVE-2025-30165",
64341
65440
  "CVE-2025-30202",
65441
+ "CVE-2025-32434",
64342
65442
  "CVE-2025-32444",
65443
+ "CVE-2025-33236",
64343
65444
  "CVE-2025-34291",
64344
65445
  "CVE-2025-49596",
64345
65446
  "CVE-2025-49844",
@@ -64579,6 +65680,7 @@
64579
65680
  "CVE-2023-52163",
64580
65681
  "CVE-2023-6019",
64581
65682
  "CVE-2023-6021",
65683
+ "CVE-2024-0129",
64582
65684
  "CVE-2024-0132",
64583
65685
  "CVE-2024-0769",
64584
65686
  "CVE-2024-11182",
@@ -64662,6 +65764,7 @@
64662
65764
  "CVE-2025-31277",
64663
65765
  "CVE-2025-32432",
64664
65766
  "CVE-2025-32433",
65767
+ "CVE-2025-32434",
64665
65768
  "CVE-2025-32444",
64666
65769
  "CVE-2025-32463",
64667
65770
  "CVE-2025-32701",
@@ -64671,6 +65774,7 @@
64671
65774
  "CVE-2025-32975",
64672
65775
  "CVE-2025-33053",
64673
65776
  "CVE-2025-33073",
65777
+ "CVE-2025-33236",
64674
65778
  "CVE-2025-34026",
64675
65779
  "CVE-2025-34291",
64676
65780
  "CVE-2025-35939",
@@ -65435,6 +66539,7 @@
65435
66539
  "CVE-2023-51449",
65436
66540
  "CVE-2023-6019",
65437
66541
  "CVE-2023-6021",
66542
+ "CVE-2024-0129",
65438
66543
  "CVE-2024-0132",
65439
66544
  "CVE-2024-11392",
65440
66545
  "CVE-2024-11393",
@@ -65464,7 +66569,9 @@
65464
66569
  "CVE-2025-23266",
65465
66570
  "CVE-2025-30165",
65466
66571
  "CVE-2025-30202",
66572
+ "CVE-2025-32434",
65467
66573
  "CVE-2025-32444",
66574
+ "CVE-2025-33236",
65468
66575
  "CVE-2025-34291",
65469
66576
  "CVE-2025-38352",
65470
66577
  "CVE-2025-43300",
@@ -66068,6 +67175,7 @@
66068
67175
  "CVE-2023-51449",
66069
67176
  "CVE-2023-6019",
66070
67177
  "CVE-2023-6021",
67178
+ "CVE-2024-0129",
66071
67179
  "CVE-2024-0132",
66072
67180
  "CVE-2024-11392",
66073
67181
  "CVE-2024-11393",
@@ -66097,7 +67205,9 @@
66097
67205
  "CVE-2025-23266",
66098
67206
  "CVE-2025-30165",
66099
67207
  "CVE-2025-30202",
67208
+ "CVE-2025-32434",
66100
67209
  "CVE-2025-32444",
67210
+ "CVE-2025-33236",
66101
67211
  "CVE-2025-34291",
66102
67212
  "CVE-2025-38352",
66103
67213
  "CVE-2025-43300",
@@ -66339,6 +67449,7 @@
66339
67449
  "CVE-2023-51449",
66340
67450
  "CVE-2023-6019",
66341
67451
  "CVE-2023-6021",
67452
+ "CVE-2024-0129",
66342
67453
  "CVE-2024-0132",
66343
67454
  "CVE-2024-11392",
66344
67455
  "CVE-2024-11393",
@@ -66366,7 +67477,9 @@
66366
67477
  "CVE-2025-23266",
66367
67478
  "CVE-2025-30165",
66368
67479
  "CVE-2025-30202",
67480
+ "CVE-2025-32434",
66369
67481
  "CVE-2025-32444",
67482
+ "CVE-2025-33236",
66370
67483
  "CVE-2025-34291",
66371
67484
  "CVE-2025-38352",
66372
67485
  "CVE-2025-43300",
@@ -67036,6 +68149,7 @@
67036
68149
  "CVE-2023-51449",
67037
68150
  "CVE-2023-6019",
67038
68151
  "CVE-2023-6021",
68152
+ "CVE-2024-0129",
67039
68153
  "CVE-2024-0132",
67040
68154
  "CVE-2024-11392",
67041
68155
  "CVE-2024-11393",
@@ -67065,7 +68179,9 @@
67065
68179
  "CVE-2025-23266",
67066
68180
  "CVE-2025-30165",
67067
68181
  "CVE-2025-30202",
68182
+ "CVE-2025-32434",
67068
68183
  "CVE-2025-32444",
68184
+ "CVE-2025-33236",
67069
68185
  "CVE-2025-34291",
67070
68186
  "CVE-2025-38352",
67071
68187
  "CVE-2025-43300",
@@ -67311,6 +68427,7 @@
67311
68427
  "CVE-2023-52163",
67312
68428
  "CVE-2023-6019",
67313
68429
  "CVE-2023-6021",
68430
+ "CVE-2024-0129",
67314
68431
  "CVE-2024-0132",
67315
68432
  "CVE-2024-0769",
67316
68433
  "CVE-2024-11182",
@@ -67394,6 +68511,7 @@
67394
68511
  "CVE-2025-31277",
67395
68512
  "CVE-2025-32432",
67396
68513
  "CVE-2025-32433",
68514
+ "CVE-2025-32434",
67397
68515
  "CVE-2025-32444",
67398
68516
  "CVE-2025-32463",
67399
68517
  "CVE-2025-32701",
@@ -67403,6 +68521,7 @@
67403
68521
  "CVE-2025-32975",
67404
68522
  "CVE-2025-33053",
67405
68523
  "CVE-2025-33073",
68524
+ "CVE-2025-33236",
67406
68525
  "CVE-2025-34026",
67407
68526
  "CVE-2025-34291",
67408
68527
  "CVE-2025-35939",
@@ -67765,6 +68884,7 @@
67765
68884
  "CVE-2023-52163",
67766
68885
  "CVE-2023-6019",
67767
68886
  "CVE-2023-6021",
68887
+ "CVE-2024-0129",
67768
68888
  "CVE-2024-0132",
67769
68889
  "CVE-2024-0769",
67770
68890
  "CVE-2024-11182",
@@ -67848,6 +68968,7 @@
67848
68968
  "CVE-2025-31277",
67849
68969
  "CVE-2025-32432",
67850
68970
  "CVE-2025-32433",
68971
+ "CVE-2025-32434",
67851
68972
  "CVE-2025-32444",
67852
68973
  "CVE-2025-32463",
67853
68974
  "CVE-2025-32701",
@@ -67857,6 +68978,7 @@
67857
68978
  "CVE-2025-32975",
67858
68979
  "CVE-2025-33053",
67859
68980
  "CVE-2025-33073",
68981
+ "CVE-2025-33236",
67860
68982
  "CVE-2025-34026",
67861
68983
  "CVE-2025-34291",
67862
68984
  "CVE-2025-35939",
@@ -68250,6 +69372,7 @@
68250
69372
  "CVE-2023-51449",
68251
69373
  "CVE-2023-6019",
68252
69374
  "CVE-2023-6021",
69375
+ "CVE-2024-0129",
68253
69376
  "CVE-2024-0132",
68254
69377
  "CVE-2024-11392",
68255
69378
  "CVE-2024-11393",
@@ -68279,7 +69402,9 @@
68279
69402
  "CVE-2025-23266",
68280
69403
  "CVE-2025-30165",
68281
69404
  "CVE-2025-30202",
69405
+ "CVE-2025-32434",
68282
69406
  "CVE-2025-32444",
69407
+ "CVE-2025-33236",
68283
69408
  "CVE-2025-34291",
68284
69409
  "CVE-2025-38352",
68285
69410
  "CVE-2025-43300",
@@ -69077,6 +70202,7 @@
69077
70202
  "CVE-2023-52163",
69078
70203
  "CVE-2023-6019",
69079
70204
  "CVE-2023-6021",
70205
+ "CVE-2024-0129",
69080
70206
  "CVE-2024-0132",
69081
70207
  "CVE-2024-0769",
69082
70208
  "CVE-2024-11182",
@@ -69160,6 +70286,7 @@
69160
70286
  "CVE-2025-31277",
69161
70287
  "CVE-2025-32432",
69162
70288
  "CVE-2025-32433",
70289
+ "CVE-2025-32434",
69163
70290
  "CVE-2025-32444",
69164
70291
  "CVE-2025-32463",
69165
70292
  "CVE-2025-32701",
@@ -69169,6 +70296,7 @@
69169
70296
  "CVE-2025-32975",
69170
70297
  "CVE-2025-33053",
69171
70298
  "CVE-2025-33073",
70299
+ "CVE-2025-33236",
69172
70300
  "CVE-2025-34026",
69173
70301
  "CVE-2025-34291",
69174
70302
  "CVE-2025-35939",
@@ -69626,6 +70754,7 @@
69626
70754
  "CVE-2023-51449",
69627
70755
  "CVE-2023-6019",
69628
70756
  "CVE-2023-6021",
70757
+ "CVE-2024-0129",
69629
70758
  "CVE-2024-0132",
69630
70759
  "CVE-2024-11392",
69631
70760
  "CVE-2024-11393",
@@ -69655,7 +70784,9 @@
69655
70784
  "CVE-2025-23266",
69656
70785
  "CVE-2025-30165",
69657
70786
  "CVE-2025-30202",
70787
+ "CVE-2025-32434",
69658
70788
  "CVE-2025-32444",
70789
+ "CVE-2025-33236",
69659
70790
  "CVE-2025-34291",
69660
70791
  "CVE-2025-38352",
69661
70792
  "CVE-2025-43300",
@@ -69979,6 +71110,7 @@
69979
71110
  "CVE-2023-52163",
69980
71111
  "CVE-2023-6019",
69981
71112
  "CVE-2023-6021",
71113
+ "CVE-2024-0129",
69982
71114
  "CVE-2024-0132",
69983
71115
  "CVE-2024-0769",
69984
71116
  "CVE-2024-11182",
@@ -70065,6 +71197,7 @@
70065
71197
  "CVE-2025-31277",
70066
71198
  "CVE-2025-32432",
70067
71199
  "CVE-2025-32433",
71200
+ "CVE-2025-32434",
70068
71201
  "CVE-2025-32444",
70069
71202
  "CVE-2025-32463",
70070
71203
  "CVE-2025-32701",
@@ -70074,6 +71207,7 @@
70074
71207
  "CVE-2025-32975",
70075
71208
  "CVE-2025-33053",
70076
71209
  "CVE-2025-33073",
71210
+ "CVE-2025-33236",
70077
71211
  "CVE-2025-34026",
70078
71212
  "CVE-2025-34291",
70079
71213
  "CVE-2025-35939",
@@ -70547,6 +71681,7 @@
70547
71681
  "CVE-2023-51449",
70548
71682
  "CVE-2023-6019",
70549
71683
  "CVE-2023-6021",
71684
+ "CVE-2024-0129",
70550
71685
  "CVE-2024-0132",
70551
71686
  "CVE-2024-11392",
70552
71687
  "CVE-2024-11393",
@@ -70575,7 +71710,9 @@
70575
71710
  "CVE-2025-23266",
70576
71711
  "CVE-2025-30165",
70577
71712
  "CVE-2025-30202",
71713
+ "CVE-2025-32434",
70578
71714
  "CVE-2025-32444",
71715
+ "CVE-2025-33236",
70579
71716
  "CVE-2025-34291",
70580
71717
  "CVE-2025-38352",
70581
71718
  "CVE-2025-43300",
@@ -71515,6 +72652,7 @@
71515
72652
  "CVE-2023-51449",
71516
72653
  "CVE-2023-6019",
71517
72654
  "CVE-2023-6021",
72655
+ "CVE-2024-0129",
71518
72656
  "CVE-2024-0132",
71519
72657
  "CVE-2024-11392",
71520
72658
  "CVE-2024-11393",
@@ -71544,7 +72682,9 @@
71544
72682
  "CVE-2025-23266",
71545
72683
  "CVE-2025-30165",
71546
72684
  "CVE-2025-30202",
72685
+ "CVE-2025-32434",
71547
72686
  "CVE-2025-32444",
72687
+ "CVE-2025-33236",
71548
72688
  "CVE-2025-34291",
71549
72689
  "CVE-2025-38352",
71550
72690
  "CVE-2025-43300",
@@ -71647,6 +72787,7 @@
71647
72787
  "CVE-2023-51449",
71648
72788
  "CVE-2023-6019",
71649
72789
  "CVE-2023-6021",
72790
+ "CVE-2024-0129",
71650
72791
  "CVE-2024-0132",
71651
72792
  "CVE-2024-11392",
71652
72793
  "CVE-2024-11393",
@@ -71673,7 +72814,9 @@
71673
72814
  "CVE-2025-23266",
71674
72815
  "CVE-2025-30165",
71675
72816
  "CVE-2025-30202",
72817
+ "CVE-2025-32434",
71676
72818
  "CVE-2025-32444",
72819
+ "CVE-2025-33236",
71677
72820
  "CVE-2025-34291",
71678
72821
  "CVE-2025-38352",
71679
72822
  "CVE-2025-43300",
@@ -71849,6 +72992,7 @@
71849
72992
  "CVE-2023-51449",
71850
72993
  "CVE-2023-6019",
71851
72994
  "CVE-2023-6021",
72995
+ "CVE-2024-0129",
71852
72996
  "CVE-2024-0132",
71853
72997
  "CVE-2024-11392",
71854
72998
  "CVE-2024-11393",
@@ -71875,7 +73019,9 @@
71875
73019
  "CVE-2025-23266",
71876
73020
  "CVE-2025-30165",
71877
73021
  "CVE-2025-30202",
73022
+ "CVE-2025-32434",
71878
73023
  "CVE-2025-32444",
73024
+ "CVE-2025-33236",
71879
73025
  "CVE-2025-34291",
71880
73026
  "CVE-2025-49596",
71881
73027
  "CVE-2025-53773",
@@ -72301,6 +73447,7 @@
72301
73447
  "CVE-2023-52163",
72302
73448
  "CVE-2023-6019",
72303
73449
  "CVE-2023-6021",
73450
+ "CVE-2024-0129",
72304
73451
  "CVE-2024-0769",
72305
73452
  "CVE-2024-11182",
72306
73453
  "CVE-2024-11392",
@@ -72381,6 +73528,7 @@
72381
73528
  "CVE-2025-31277",
72382
73529
  "CVE-2025-32432",
72383
73530
  "CVE-2025-32433",
73531
+ "CVE-2025-32434",
72384
73532
  "CVE-2025-32444",
72385
73533
  "CVE-2025-32463",
72386
73534
  "CVE-2025-32701",
@@ -72390,6 +73538,7 @@
72390
73538
  "CVE-2025-32975",
72391
73539
  "CVE-2025-33053",
72392
73540
  "CVE-2025-33073",
73541
+ "CVE-2025-33236",
72393
73542
  "CVE-2025-34026",
72394
73543
  "CVE-2025-34291",
72395
73544
  "CVE-2025-35939",
@@ -72775,6 +73924,7 @@
72775
73924
  "CVE-2023-51449",
72776
73925
  "CVE-2023-6019",
72777
73926
  "CVE-2023-6021",
73927
+ "CVE-2024-0129",
72778
73928
  "CVE-2024-0132",
72779
73929
  "CVE-2024-11392",
72780
73930
  "CVE-2024-11393",
@@ -72804,7 +73954,9 @@
72804
73954
  "CVE-2025-23266",
72805
73955
  "CVE-2025-30165",
72806
73956
  "CVE-2025-30202",
73957
+ "CVE-2025-32434",
72807
73958
  "CVE-2025-32444",
73959
+ "CVE-2025-33236",
72808
73960
  "CVE-2025-34291",
72809
73961
  "CVE-2025-38352",
72810
73962
  "CVE-2025-43300",
@@ -73100,6 +74252,7 @@
73100
74252
  "CVE-2023-51449",
73101
74253
  "CVE-2023-6019",
73102
74254
  "CVE-2023-6021",
74255
+ "CVE-2024-0129",
73103
74256
  "CVE-2024-0132",
73104
74257
  "CVE-2024-11392",
73105
74258
  "CVE-2024-11393",
@@ -73130,7 +74283,9 @@
73130
74283
  "CVE-2025-23266",
73131
74284
  "CVE-2025-30165",
73132
74285
  "CVE-2025-30202",
74286
+ "CVE-2025-32434",
73133
74287
  "CVE-2025-32444",
74288
+ "CVE-2025-33236",
73134
74289
  "CVE-2025-34291",
73135
74290
  "CVE-2025-49596",
73136
74291
  "CVE-2025-53767",