@blamejs/exceptd-skills 0.13.99 → 0.13.100

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +385 -0
  6. package/data/atlas-ttps.json +3 -0
  7. package/data/attack-techniques.json +3 -0
  8. package/data/cve-catalog.json +106 -0
  9. package/data/cwe-catalog.json +1 -0
  10. package/data/framework-control-gaps.json +8 -0
  11. package/data/zeroday-lessons.json +50 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/CHANGELOG.md CHANGED
@@ -1,5 +1,9 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.13.100 — 2026-05-25
4
+
5
+ CVE catalog — PyTorch torch.load RCE despite weights_only=True. Adds **CVE-2025-32434** (CWE-502, NIST CVSS 9.8 CRITICAL): PyTorch's `torch.load` executes attacker code from a crafted checkpoint even when called with `weights_only=True` — the setting the ecosystem recommended as the safe way to load untrusted models — so pipelines that followed that guidance on ≤ 2.5.1 remain vulnerable; fixed in 2.6.0. Maps MITRE ATLAS AML.T0010 / AML.T0011 / AML.T0011.000 and ATT&CK T1204 / T1059 / T1195.002, and reuses the untrusted-model-artifact control (NEW-CTRL-091) shared with the Keras, Hugging Face Transformers, and NeMo entries — a model checkpoint is executable code regardless of "safe" load flags. CVE count 378 → 379.
6
+
3
7
  ## 0.13.99 — 2026-05-25
4
8
 
5
9
  CVE catalog — NVIDIA NeMo model-load code execution. Adds two flaws in NeMo, NVIDIA's LLM training/customization framework, both where loading an untrusted model executes code. **CVE-2025-33236** (CWE-94, CNA NVIDIA CVSS 7.8; NVD unscored) — importing a malicious AI model triggers code injection and NeMo silently runs attacker code; fixed in 2.6.1 (Cato CTRL research). **CVE-2024-0129** (CWE-22, NIST CVSS 7.8 / NVIDIA 6.3) — the SaveRestoreConnector extracts a `.nemo` (`.tar`) model archive without path restriction, so a malicious model writes to an arbitrary path and can execute code; fixed in r2.0.0rc0. Both map MITRE ATLAS AML.T0010 / AML.T0011 / AML.T0011.000 and ATT&CK T1204 / T1059 / T1195.002, and reuse the untrusted-model-artifact control (NEW-CTRL-091) shared with the Keras and Hugging Face Transformers entries — a model file is executable code, so untrusted models must be provenance-verified and sandboxed. CVE count 376 → 378.
package/data/_indexes/_meta.json CHANGED
@@ -1,21 +1,21 @@
1
1
  {
2
2
  "schema_version": "1.1.0",
3
- "generated_at": "2026-05-26T05:25:23.717Z",
3
+ "generated_at": "2026-05-26T05:42:13.652Z",
4
4
  "generator": "scripts/build-indexes.js",
5
5
  "source_count": 54,
6
6
  "source_hashes": {
7
- "manifest.json": "45cc99953cc1ed1d82719235963a7043684e6b0b479df042a777b8e91bdb3a79",
8
- "data/atlas-ttps.json": "1d6af00f40bae56a85c26fc3aae16f3c1b5dd3480e2e9e8c5209d6809e52a71f",
9
- "data/attack-techniques.json": "e0246557b3da97de96c0429dc8cb27e334f5311488052604e4639646bbe2bb9d",
10
- "data/cve-catalog.json": "ed351d06ef74a0a2772eaaa4a4a97776dc00d83b4583e86adaaf2ac2b9316300",
11
- "data/cwe-catalog.json": "e3b256755c16f6915ab8bd8cadc50856c765e29a6e1195b281a0989dde4952b0",
7
+ "manifest.json": "a124f4c5277f994a7b103df4168494c8966a7bcb6ec4b6b0b80923cad2473e95",
8
+ "data/atlas-ttps.json": "0c3b467b6f2f522506340ecd9f72192940475dbf2a8fcb59db967b5d9cf7dadd",
9
+ "data/attack-techniques.json": "643203bd90b130cbb4a6ec06197532057a5951bb38058df12d7ebdcd6f66a1c7",
10
+ "data/cve-catalog.json": "71080698bd88b7f5a9e6a5f8e544a2501945f2dd5b5a8db3796d02802c060da5",
11
+ "data/cwe-catalog.json": "8a66b854f7e80c5b11dd53e80d7acc79671346145fc4f9bfc9f01842005185fc",
12
12
  "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
13
13
  "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
14
14
  "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
15
- "data/framework-control-gaps.json": "1f6d838f4220999e5f4eaba37f0afe0a11b5aef41ffed88b376198a161fe3ed8",
15
+ "data/framework-control-gaps.json": "8e906ae7533754388aff17a6d84bec20413c39d764540622acf36570e9f235c4",
16
16
  "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
17
17
  "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
18
- "data/zeroday-lessons.json": "a3688e9081422350fd0058e1fc91f77dad04f5e8790abdb26f8e9420e7f86ceb",
18
+ "data/zeroday-lessons.json": "293979e529dc05909e330705ec5086abf36cc541fc153329d7b24d7c6bf5ead6",
19
19
  "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
20
20
  "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
21
21
  "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
72
72
  "dlp_refs": 0
73
73
  },
74
74
  "trigger_table_entries": 538,
75
- "chains_cve_entries": 367,
75
+ "chains_cve_entries": 368,
76
76
  "chains_cwe_entries": 171,
77
77
  "jurisdictions_indexed": 29,
78
78
  "handoff_dag_nodes": 42,
package/data/_indexes/activity-feed.json CHANGED
@@ -149,7 +149,7 @@
149
149
  "artifact": "data/cve-catalog.json",
150
150
  "path": "data/cve-catalog.json",
151
151
  "schema_version": "1.0.0",
152
- "entry_count": 378
152
+ "entry_count": 379
153
153
  },
154
154
  {
155
155
  "date": "2026-05-18",
@@ -165,7 +165,7 @@
165
165
  "artifact": "data/zeroday-lessons.json",
166
166
  "path": "data/zeroday-lessons.json",
167
167
  "schema_version": "1.1.0",
168
- "entry_count": 373
168
+ "entry_count": 374
169
169
  },
170
170
  {
171
171
  "date": "2026-05-17",
package/data/_indexes/catalog-summaries.json CHANGED
@@ -62,7 +62,7 @@
62
62
  "rebuild_after_days": 365,
63
63
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
64
64
  },
65
- "entry_count": 378,
65
+ "entry_count": 379,
66
66
  "sample_keys": [
67
67
  "CVE-2025-53773",
68
68
  "CVE-2026-30615",
@@ -238,7 +238,7 @@
238
238
  "rebuild_after_days": 365,
239
239
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
240
240
  },
241
- "entry_count": 373,
241
+ "entry_count": 374,
242
242
  "sample_keys": [
243
243
  "CVE-2026-31431",
244
244
  "CVE-2025-53773",
package/data/_indexes/chains.json CHANGED
@@ -37535,6 +37535,368 @@
37535
37535
  ]
37536
37536
  }
37537
37537
  },
37538
+ "CVE-2025-32434": {
37539
+ "name": "PyTorch torch.load Remote Code Execution Despite weights_only=True",
37540
+ "rwep": 33,
37541
+ "cvss": 9.8,
37542
+ "cisa_kev": false,
37543
+ "epss_score": null,
37544
+ "referencing_skills": [
37545
+ "kernel-lpe-triage",
37546
+ "ai-attack-surface",
37547
+ "compliance-theater",
37548
+ "attack-surface-pentest",
37549
+ "ot-ics-security",
37550
+ "coordinated-vuln-disclosure",
37551
+ "sector-energy"
37552
+ ],
37553
+ "chain": {
37554
+ "cwes": [
37555
+ {
37556
+ "id": "CWE-1037",
37557
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
37558
+ "category": "Hardware / Side Channel"
37559
+ },
37560
+ {
37561
+ "id": "CWE-1039",
37562
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
37563
+ "category": "AI/ML"
37564
+ },
37565
+ {
37566
+ "id": "CWE-125",
37567
+ "name": "Out-of-bounds Read",
37568
+ "category": "Memory Safety"
37569
+ },
37570
+ {
37571
+ "id": "CWE-1357",
37572
+ "name": "Reliance on Insufficiently Trustworthy Component",
37573
+ "category": "Supply Chain"
37574
+ },
37575
+ {
37576
+ "id": "CWE-1395",
37577
+ "name": "Dependency on Vulnerable Third-Party Component",
37578
+ "category": "Supply Chain"
37579
+ },
37580
+ {
37581
+ "id": "CWE-1426",
37582
+ "name": "Improper Validation of Generative AI Output",
37583
+ "category": "AI/ML"
37584
+ },
37585
+ {
37586
+ "id": "CWE-22",
37587
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
37588
+ "category": "Path/Resource"
37589
+ },
37590
+ {
37591
+ "id": "CWE-269",
37592
+ "name": "Improper Privilege Management",
37593
+ "category": "Authorization"
37594
+ },
37595
+ {
37596
+ "id": "CWE-287",
37597
+ "name": "Improper Authentication",
37598
+ "category": "Authentication"
37599
+ },
37600
+ {
37601
+ "id": "CWE-306",
37602
+ "name": "Missing Authentication for Critical Function",
37603
+ "category": "Authentication"
37604
+ },
37605
+ {
37606
+ "id": "CWE-352",
37607
+ "name": "Cross-Site Request Forgery (CSRF)",
37608
+ "category": "Session"
37609
+ },
37610
+ {
37611
+ "id": "CWE-362",
37612
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
37613
+ "category": "Concurrency"
37614
+ },
37615
+ {
37616
+ "id": "CWE-416",
37617
+ "name": "Use After Free",
37618
+ "category": "Memory Safety"
37619
+ },
37620
+ {
37621
+ "id": "CWE-434",
37622
+ "name": "Unrestricted Upload of File with Dangerous Type",
37623
+ "category": "File Handling"
37624
+ },
37625
+ {
37626
+ "id": "CWE-672",
37627
+ "name": "Operation on a Resource after Expiration or Release",
37628
+ "category": "Memory Safety"
37629
+ },
37630
+ {
37631
+ "id": "CWE-732",
37632
+ "name": "Incorrect Permission Assignment for Critical Resource",
37633
+ "category": "Authorization"
37634
+ },
37635
+ {
37636
+ "id": "CWE-78",
37637
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
37638
+ "category": "Injection"
37639
+ },
37640
+ {
37641
+ "id": "CWE-787",
37642
+ "name": "Out-of-bounds Write",
37643
+ "category": "Memory Safety"
37644
+ },
37645
+ {
37646
+ "id": "CWE-79",
37647
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
37648
+ "category": "Injection"
37649
+ },
37650
+ {
37651
+ "id": "CWE-798",
37652
+ "name": "Use of Hard-coded Credentials",
37653
+ "category": "Credentials"
37654
+ },
37655
+ {
37656
+ "id": "CWE-89",
37657
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
37658
+ "category": "Injection"
37659
+ },
37660
+ {
37661
+ "id": "CWE-918",
37662
+ "name": "Server-Side Request Forgery (SSRF)",
37663
+ "category": "Network"
37664
+ },
37665
+ {
37666
+ "id": "CWE-94",
37667
+ "name": "Improper Control of Generation of Code (Code Injection)",
37668
+ "category": "Injection"
37669
+ }
37670
+ ],
37671
+ "atlas": [
37672
+ {
37673
+ "id": "AML.T0010",
37674
+ "name": "ML Supply Chain Compromise",
37675
+ "tactic": "Initial Access"
37676
+ },
37677
+ {
37678
+ "id": "AML.T0016",
37679
+ "name": "Obtain Capabilities: Develop Capabilities",
37680
+ "tactic": "Resource Development"
37681
+ },
37682
+ {
37683
+ "id": "AML.T0017",
37684
+ "name": "Discover ML Model Ontology",
37685
+ "tactic": "Discovery"
37686
+ },
37687
+ {
37688
+ "id": "AML.T0018",
37689
+ "name": "Backdoor ML Model",
37690
+ "tactic": "Persistence"
37691
+ },
37692
+ {
37693
+ "id": "AML.T0020",
37694
+ "name": "Poison Training Data",
37695
+ "tactic": "ML Attack Staging"
37696
+ },
37697
+ {
37698
+ "id": "AML.T0043",
37699
+ "name": "Craft Adversarial Data",
37700
+ "tactic": "ML Attack Staging"
37701
+ },
37702
+ {
37703
+ "id": "AML.T0051",
37704
+ "name": "LLM Prompt Injection",
37705
+ "tactic": "Execution"
37706
+ },
37707
+ {
37708
+ "id": "AML.T0054",
37709
+ "name": "LLM Jailbreak",
37710
+ "tactic": "Defense Evasion"
37711
+ },
37712
+ {
37713
+ "id": "AML.T0096",
37714
+ "name": "AI API as Covert C2 Channel",
37715
+ "tactic": "Command and Control"
37716
+ }
37717
+ ],
37718
+ "d3fend": [
37719
+ {
37720
+ "id": "D3-ASLR",
37721
+ "name": "Address Space Layout Randomization",
37722
+ "tactic": "Harden"
37723
+ },
37724
+ {
37725
+ "id": "D3-CSPP",
37726
+ "name": "Client-server Payload Profiling",
37727
+ "tactic": "Detect"
37728
+ },
37729
+ {
37730
+ "id": "D3-EAL",
37731
+ "name": "Executable Allowlisting",
37732
+ "tactic": "Harden"
37733
+ },
37734
+ {
37735
+ "id": "D3-IOPR",
37736
+ "name": "Input/Output Profiling Resource",
37737
+ "tactic": "Detect"
37738
+ },
37739
+ {
37740
+ "id": "D3-NTA",
37741
+ "name": "Network Traffic Analysis",
37742
+ "tactic": "Detect"
37743
+ },
37744
+ {
37745
+ "id": "D3-PHRA",
37746
+ "name": "Process Hardware Resource Access",
37747
+ "tactic": "Isolate"
37748
+ },
37749
+ {
37750
+ "id": "D3-PSEP",
37751
+ "name": "Process Segment Execution Prevention",
37752
+ "tactic": "Harden"
37753
+ }
37754
+ ],
37755
+ "framework_gaps": [
37756
+ {
37757
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
37758
+ "framework": "ALL",
37759
+ "control_name": "AI Pipeline Integrity"
37760
+ },
37761
+ {
37762
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
37763
+ "framework": "ALL",
37764
+ "control_name": "Prompt Injection as Access Control Failure"
37765
+ },
37766
+ {
37767
+ "id": "CIS-Controls-v8-Control7",
37768
+ "framework": "CIS Controls v8",
37769
+ "control_name": "Continuous Vulnerability Management"
37770
+ },
37771
+ {
37772
+ "id": "CMMC-2.0-Level-2",
37773
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
37774
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
37775
+ },
37776
+ {
37777
+ "id": "FedRAMP-Rev5-Moderate",
37778
+ "framework": "FedRAMP Rev 5 Moderate",
37779
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
37780
+ },
37781
+ {
37782
+ "id": "IEC-62443-3-3",
37783
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
37784
+ "control_name": "System security requirements and security levels"
37785
+ },
37786
+ {
37787
+ "id": "ISO-27001-2022-A.8.28",
37788
+ "framework": "ISO/IEC 27001:2022",
37789
+ "control_name": "Secure coding"
37790
+ },
37791
+ {
37792
+ "id": "ISO-27001-2022-A.8.8",
37793
+ "framework": "ISO/IEC 27001:2022",
37794
+ "control_name": "Management of technical vulnerabilities"
37795
+ },
37796
+ {
37797
+ "id": "ISO-IEC-23894-2023-clause-7",
37798
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
37799
+ "control_name": "AI risk management process"
37800
+ },
37801
+ {
37802
+ "id": "NERC-CIP-007-6-R4",
37803
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
37804
+ "control_name": "Security event monitoring"
37805
+ },
37806
+ {
37807
+ "id": "NIS2-Art21-patch-management",
37808
+ "framework": "EU NIS2 Directive",
37809
+ "control_name": "Vulnerability handling and disclosure"
37810
+ },
37811
+ {
37812
+ "id": "NIST-800-115",
37813
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
37814
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
37815
+ },
37816
+ {
37817
+ "id": "NIST-800-218-SSDF",
37818
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
37819
+ "control_name": "Secure Software Development Framework"
37820
+ },
37821
+ {
37822
+ "id": "NIST-800-53-AC-2",
37823
+ "framework": "NIST SP 800-53 Rev 5",
37824
+ "control_name": "Account Management"
37825
+ },
37826
+ {
37827
+ "id": "NIST-800-53-SC-8",
37828
+ "framework": "NIST SP 800-53 Rev 5",
37829
+ "control_name": "Transmission Confidentiality and Integrity"
37830
+ },
37831
+ {
37832
+ "id": "NIST-800-53-SI-2",
37833
+ "framework": "NIST SP 800-53 Rev 5",
37834
+ "control_name": "Flaw Remediation"
37835
+ },
37836
+ {
37837
+ "id": "NIST-800-53-SI-3",
37838
+ "framework": "NIST SP 800-53 Rev 5",
37839
+ "control_name": "Malicious Code Protection"
37840
+ },
37841
+ {
37842
+ "id": "NIST-800-82r3",
37843
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
37844
+ "control_name": "Guide to Operational Technology (OT) Security"
37845
+ },
37846
+ {
37847
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
37848
+ "framework": "OWASP Top 10 for LLM Applications 2025",
37849
+ "control_name": "Prompt Injection"
37850
+ },
37851
+ {
37852
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
37853
+ "framework": "OWASP Top 10 for LLM Applications 2025",
37854
+ "control_name": "Sensitive Information Disclosure"
37855
+ },
37856
+ {
37857
+ "id": "OWASP-Pen-Testing-Guide-v5",
37858
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
37859
+ "control_name": "Web application penetration testing methodology"
37860
+ },
37861
+ {
37862
+ "id": "PCI-DSS-4.0-6.3.3",
37863
+ "framework": "PCI DSS 4.0",
37864
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
37865
+ },
37866
+ {
37867
+ "id": "PTES-Pre-engagement",
37868
+ "framework": "Penetration Testing Execution Standard (PTES)",
37869
+ "control_name": "Pre-engagement Interactions"
37870
+ },
37871
+ {
37872
+ "id": "SOC2-CC6-logical-access",
37873
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
37874
+ "control_name": "Logical and Physical Access Controls"
37875
+ },
37876
+ {
37877
+ "id": "SOC2-CC9-vendor-management",
37878
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
37879
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
37880
+ }
37881
+ ],
37882
+ "attack_refs": [
37883
+ "T0855",
37884
+ "T0883",
37885
+ "T1059",
37886
+ "T1068",
37887
+ "T1078",
37888
+ "T1133",
37889
+ "T1190",
37890
+ "T1548.001",
37891
+ "T1566"
37892
+ ],
37893
+ "rfc_refs": [
37894
+ "RFC-4301",
37895
+ "RFC-4303",
37896
+ "RFC-7296"
37897
+ ]
37898
+ }
37899
+ },
37538
37900
  "CVE-2026-41091": {
37539
37901
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
37540
37902
  "rwep": 45,
@@ -63948,6 +64310,7 @@
63948
64310
  "CVE-2025-23266",
63949
64311
  "CVE-2025-30165",
63950
64312
  "CVE-2025-30202",
64313
+ "CVE-2025-32434",
63951
64314
  "CVE-2025-32444",
63952
64315
  "CVE-2025-33236",
63953
64316
  "CVE-2025-34291",
@@ -64351,6 +64714,7 @@
64351
64714
  "CVE-2025-23266",
64352
64715
  "CVE-2025-30165",
64353
64716
  "CVE-2025-30202",
64717
+ "CVE-2025-32434",
64354
64718
  "CVE-2025-32444",
64355
64719
  "CVE-2025-33236",
64356
64720
  "CVE-2025-34291",
@@ -64547,6 +64911,7 @@
64547
64911
  "CVE-2025-23266",
64548
64912
  "CVE-2025-30165",
64549
64913
  "CVE-2025-30202",
64914
+ "CVE-2025-32434",
64550
64915
  "CVE-2025-32444",
64551
64916
  "CVE-2025-33236",
64552
64917
  "CVE-2025-34291",
@@ -64757,6 +65122,7 @@
64757
65122
  "CVE-2025-23266",
64758
65123
  "CVE-2025-30165",
64759
65124
  "CVE-2025-30202",
65125
+ "CVE-2025-32434",
64760
65126
  "CVE-2025-32444",
64761
65127
  "CVE-2025-33236",
64762
65128
  "CVE-2025-34291",
@@ -65072,6 +65438,7 @@
65072
65438
  "CVE-2025-23266",
65073
65439
  "CVE-2025-30165",
65074
65440
  "CVE-2025-30202",
65441
+ "CVE-2025-32434",
65075
65442
  "CVE-2025-32444",
65076
65443
  "CVE-2025-33236",
65077
65444
  "CVE-2025-34291",
@@ -65397,6 +65764,7 @@
65397
65764
  "CVE-2025-31277",
65398
65765
  "CVE-2025-32432",
65399
65766
  "CVE-2025-32433",
65767
+ "CVE-2025-32434",
65400
65768
  "CVE-2025-32444",
65401
65769
  "CVE-2025-32463",
65402
65770
  "CVE-2025-32701",
@@ -66201,6 +66569,7 @@
66201
66569
  "CVE-2025-23266",
66202
66570
  "CVE-2025-30165",
66203
66571
  "CVE-2025-30202",
66572
+ "CVE-2025-32434",
66204
66573
  "CVE-2025-32444",
66205
66574
  "CVE-2025-33236",
66206
66575
  "CVE-2025-34291",
@@ -66836,6 +67205,7 @@
66836
67205
  "CVE-2025-23266",
66837
67206
  "CVE-2025-30165",
66838
67207
  "CVE-2025-30202",
67208
+ "CVE-2025-32434",
66839
67209
  "CVE-2025-32444",
66840
67210
  "CVE-2025-33236",
66841
67211
  "CVE-2025-34291",
@@ -67107,6 +67477,7 @@
67107
67477
  "CVE-2025-23266",
67108
67478
  "CVE-2025-30165",
67109
67479
  "CVE-2025-30202",
67480
+ "CVE-2025-32434",
67110
67481
  "CVE-2025-32444",
67111
67482
  "CVE-2025-33236",
67112
67483
  "CVE-2025-34291",
@@ -67808,6 +68179,7 @@
67808
68179
  "CVE-2025-23266",
67809
68180
  "CVE-2025-30165",
67810
68181
  "CVE-2025-30202",
68182
+ "CVE-2025-32434",
67811
68183
  "CVE-2025-32444",
67812
68184
  "CVE-2025-33236",
67813
68185
  "CVE-2025-34291",
@@ -68139,6 +68511,7 @@
68139
68511
  "CVE-2025-31277",
68140
68512
  "CVE-2025-32432",
68141
68513
  "CVE-2025-32433",
68514
+ "CVE-2025-32434",
68142
68515
  "CVE-2025-32444",
68143
68516
  "CVE-2025-32463",
68144
68517
  "CVE-2025-32701",
@@ -68595,6 +68968,7 @@
68595
68968
  "CVE-2025-31277",
68596
68969
  "CVE-2025-32432",
68597
68970
  "CVE-2025-32433",
68971
+ "CVE-2025-32434",
68598
68972
  "CVE-2025-32444",
68599
68973
  "CVE-2025-32463",
68600
68974
  "CVE-2025-32701",
@@ -69028,6 +69402,7 @@
69028
69402
  "CVE-2025-23266",
69029
69403
  "CVE-2025-30165",
69030
69404
  "CVE-2025-30202",
69405
+ "CVE-2025-32434",
69031
69406
  "CVE-2025-32444",
69032
69407
  "CVE-2025-33236",
69033
69408
  "CVE-2025-34291",
@@ -69911,6 +70286,7 @@
69911
70286
  "CVE-2025-31277",
69912
70287
  "CVE-2025-32432",
69913
70288
  "CVE-2025-32433",
70289
+ "CVE-2025-32434",
69914
70290
  "CVE-2025-32444",
69915
70291
  "CVE-2025-32463",
69916
70292
  "CVE-2025-32701",
@@ -70408,6 +70784,7 @@
70408
70784
  "CVE-2025-23266",
70409
70785
  "CVE-2025-30165",
70410
70786
  "CVE-2025-30202",
70787
+ "CVE-2025-32434",
70411
70788
  "CVE-2025-32444",
70412
70789
  "CVE-2025-33236",
70413
70790
  "CVE-2025-34291",
@@ -70820,6 +71197,7 @@
70820
71197
  "CVE-2025-31277",
70821
71198
  "CVE-2025-32432",
70822
71199
  "CVE-2025-32433",
71200
+ "CVE-2025-32434",
70823
71201
  "CVE-2025-32444",
70824
71202
  "CVE-2025-32463",
70825
71203
  "CVE-2025-32701",
@@ -71332,6 +71710,7 @@
71332
71710
  "CVE-2025-23266",
71333
71711
  "CVE-2025-30165",
71334
71712
  "CVE-2025-30202",
71713
+ "CVE-2025-32434",
71335
71714
  "CVE-2025-32444",
71336
71715
  "CVE-2025-33236",
71337
71716
  "CVE-2025-34291",
@@ -72303,6 +72682,7 @@
72303
72682
  "CVE-2025-23266",
72304
72683
  "CVE-2025-30165",
72305
72684
  "CVE-2025-30202",
72685
+ "CVE-2025-32434",
72306
72686
  "CVE-2025-32444",
72307
72687
  "CVE-2025-33236",
72308
72688
  "CVE-2025-34291",
@@ -72434,6 +72814,7 @@
72434
72814
  "CVE-2025-23266",
72435
72815
  "CVE-2025-30165",
72436
72816
  "CVE-2025-30202",
72817
+ "CVE-2025-32434",
72437
72818
  "CVE-2025-32444",
72438
72819
  "CVE-2025-33236",
72439
72820
  "CVE-2025-34291",
@@ -72638,6 +73019,7 @@
72638
73019
  "CVE-2025-23266",
72639
73020
  "CVE-2025-30165",
72640
73021
  "CVE-2025-30202",
73022
+ "CVE-2025-32434",
72641
73023
  "CVE-2025-32444",
72642
73024
  "CVE-2025-33236",
72643
73025
  "CVE-2025-34291",
@@ -73146,6 +73528,7 @@
73146
73528
  "CVE-2025-31277",
73147
73529
  "CVE-2025-32432",
73148
73530
  "CVE-2025-32433",
73531
+ "CVE-2025-32434",
73149
73532
  "CVE-2025-32444",
73150
73533
  "CVE-2025-32463",
73151
73534
  "CVE-2025-32701",
@@ -73571,6 +73954,7 @@
73571
73954
  "CVE-2025-23266",
73572
73955
  "CVE-2025-30165",
73573
73956
  "CVE-2025-30202",
73957
+ "CVE-2025-32434",
73574
73958
  "CVE-2025-32444",
73575
73959
  "CVE-2025-33236",
73576
73960
  "CVE-2025-34291",
@@ -73899,6 +74283,7 @@
73899
74283
  "CVE-2025-23266",
73900
74284
  "CVE-2025-30165",
73901
74285
  "CVE-2025-30202",
74286
+ "CVE-2025-32434",
73902
74287
  "CVE-2025-32444",
73903
74288
  "CVE-2025-33236",
73904
74289
  "CVE-2025-34291",
package/data/atlas-ttps.json CHANGED
@@ -150,6 +150,7 @@
150
150
  "CVE-2024-11394",
151
151
  "CVE-2024-37032",
152
152
  "CVE-2025-1550",
153
+ "CVE-2025-32434",
153
154
  "CVE-2025-33236",
154
155
  "CVE-2025-8747",
155
156
  "CVE-2026-22778",
@@ -1281,6 +1282,7 @@
1281
1282
  "CVE-2024-11394",
1282
1283
  "CVE-2024-21513",
1283
1284
  "CVE-2025-1550",
1285
+ "CVE-2025-32434",
1284
1286
  "CVE-2025-33236",
1285
1287
  "CVE-2025-8747",
1286
1288
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG"
@@ -2841,6 +2843,7 @@
2841
2843
  "CVE-2024-11393",
2842
2844
  "CVE-2024-11394",
2843
2845
  "CVE-2025-1550",
2846
+ "CVE-2025-32434",
2844
2847
  "CVE-2025-33236",
2845
2848
  "CVE-2025-8747"
2846
2849
  ]
package/data/attack-techniques.json CHANGED
@@ -295,6 +295,7 @@
295
295
  "CVE-2025-1753",
296
296
  "CVE-2025-23254",
297
297
  "CVE-2025-30165",
298
+ "CVE-2025-32434",
298
299
  "CVE-2025-32444",
299
300
  "CVE-2025-33236",
300
301
  "CVE-2025-34291",
@@ -1128,6 +1129,7 @@
1128
1129
  "CVE-2024-11394",
1129
1130
  "CVE-2024-3094",
1130
1131
  "CVE-2025-1550",
1132
+ "CVE-2025-32434",
1131
1133
  "CVE-2025-33236",
1132
1134
  "CVE-2025-8747",
1133
1135
  "CVE-2026-45321",
@@ -4312,6 +4314,7 @@
4312
4314
  "CVE-2024-11393",
4313
4315
  "CVE-2024-11394",
4314
4316
  "CVE-2025-1550",
4317
+ "CVE-2025-32434",
4315
4318
  "CVE-2025-33236",
4316
4319
  "CVE-2025-8747"
4317
4320
  ]