@blamejs/exceptd-skills 0.13.99 → 0.13.101

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +1156 -1
  6. package/data/atlas-ttps.json +8 -2
  7. package/data/attack-techniques.json +6 -0
  8. package/data/cve-catalog.json +318 -1
  9. package/data/cwe-catalog.json +3 -0
  10. package/data/framework-control-gaps.json +28 -2
  11. package/data/zeroday-lessons.json +150 -0
  12. package/manifest.json +44 -44
  13. package/package.json +2 -2
  14. package/sbom.cdx.json +25 -25
package/data/_indexes/chains.json CHANGED
@@ -37535,6 +37535,1092 @@
37535
37535
  ]
37536
37536
  }
37537
37537
  },
37538
+ "CVE-2025-32434": {
37539
+ "name": "PyTorch torch.load Remote Code Execution Despite weights_only=True",
37540
+ "rwep": 33,
37541
+ "cvss": 9.8,
37542
+ "cisa_kev": false,
37543
+ "epss_score": null,
37544
+ "referencing_skills": [
37545
+ "kernel-lpe-triage",
37546
+ "ai-attack-surface",
37547
+ "compliance-theater",
37548
+ "attack-surface-pentest",
37549
+ "ot-ics-security",
37550
+ "coordinated-vuln-disclosure",
37551
+ "sector-energy"
37552
+ ],
37553
+ "chain": {
37554
+ "cwes": [
37555
+ {
37556
+ "id": "CWE-1037",
37557
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
37558
+ "category": "Hardware / Side Channel"
37559
+ },
37560
+ {
37561
+ "id": "CWE-1039",
37562
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
37563
+ "category": "AI/ML"
37564
+ },
37565
+ {
37566
+ "id": "CWE-125",
37567
+ "name": "Out-of-bounds Read",
37568
+ "category": "Memory Safety"
37569
+ },
37570
+ {
37571
+ "id": "CWE-1357",
37572
+ "name": "Reliance on Insufficiently Trustworthy Component",
37573
+ "category": "Supply Chain"
37574
+ },
37575
+ {
37576
+ "id": "CWE-1395",
37577
+ "name": "Dependency on Vulnerable Third-Party Component",
37578
+ "category": "Supply Chain"
37579
+ },
37580
+ {
37581
+ "id": "CWE-1426",
37582
+ "name": "Improper Validation of Generative AI Output",
37583
+ "category": "AI/ML"
37584
+ },
37585
+ {
37586
+ "id": "CWE-22",
37587
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
37588
+ "category": "Path/Resource"
37589
+ },
37590
+ {
37591
+ "id": "CWE-269",
37592
+ "name": "Improper Privilege Management",
37593
+ "category": "Authorization"
37594
+ },
37595
+ {
37596
+ "id": "CWE-287",
37597
+ "name": "Improper Authentication",
37598
+ "category": "Authentication"
37599
+ },
37600
+ {
37601
+ "id": "CWE-306",
37602
+ "name": "Missing Authentication for Critical Function",
37603
+ "category": "Authentication"
37604
+ },
37605
+ {
37606
+ "id": "CWE-352",
37607
+ "name": "Cross-Site Request Forgery (CSRF)",
37608
+ "category": "Session"
37609
+ },
37610
+ {
37611
+ "id": "CWE-362",
37612
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
37613
+ "category": "Concurrency"
37614
+ },
37615
+ {
37616
+ "id": "CWE-416",
37617
+ "name": "Use After Free",
37618
+ "category": "Memory Safety"
37619
+ },
37620
+ {
37621
+ "id": "CWE-434",
37622
+ "name": "Unrestricted Upload of File with Dangerous Type",
37623
+ "category": "File Handling"
37624
+ },
37625
+ {
37626
+ "id": "CWE-672",
37627
+ "name": "Operation on a Resource after Expiration or Release",
37628
+ "category": "Memory Safety"
37629
+ },
37630
+ {
37631
+ "id": "CWE-732",
37632
+ "name": "Incorrect Permission Assignment for Critical Resource",
37633
+ "category": "Authorization"
37634
+ },
37635
+ {
37636
+ "id": "CWE-78",
37637
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
37638
+ "category": "Injection"
37639
+ },
37640
+ {
37641
+ "id": "CWE-787",
37642
+ "name": "Out-of-bounds Write",
37643
+ "category": "Memory Safety"
37644
+ },
37645
+ {
37646
+ "id": "CWE-79",
37647
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
37648
+ "category": "Injection"
37649
+ },
37650
+ {
37651
+ "id": "CWE-798",
37652
+ "name": "Use of Hard-coded Credentials",
37653
+ "category": "Credentials"
37654
+ },
37655
+ {
37656
+ "id": "CWE-89",
37657
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
37658
+ "category": "Injection"
37659
+ },
37660
+ {
37661
+ "id": "CWE-918",
37662
+ "name": "Server-Side Request Forgery (SSRF)",
37663
+ "category": "Network"
37664
+ },
37665
+ {
37666
+ "id": "CWE-94",
37667
+ "name": "Improper Control of Generation of Code (Code Injection)",
37668
+ "category": "Injection"
37669
+ }
37670
+ ],
37671
+ "atlas": [
37672
+ {
37673
+ "id": "AML.T0010",
37674
+ "name": "ML Supply Chain Compromise",
37675
+ "tactic": "Initial Access"
37676
+ },
37677
+ {
37678
+ "id": "AML.T0016",
37679
+ "name": "Obtain Capabilities: Develop Capabilities",
37680
+ "tactic": "Resource Development"
37681
+ },
37682
+ {
37683
+ "id": "AML.T0017",
37684
+ "name": "Discover ML Model Ontology",
37685
+ "tactic": "Discovery"
37686
+ },
37687
+ {
37688
+ "id": "AML.T0018",
37689
+ "name": "Backdoor ML Model",
37690
+ "tactic": "Persistence"
37691
+ },
37692
+ {
37693
+ "id": "AML.T0020",
37694
+ "name": "Poison Training Data",
37695
+ "tactic": "ML Attack Staging"
37696
+ },
37697
+ {
37698
+ "id": "AML.T0043",
37699
+ "name": "Craft Adversarial Data",
37700
+ "tactic": "ML Attack Staging"
37701
+ },
37702
+ {
37703
+ "id": "AML.T0051",
37704
+ "name": "LLM Prompt Injection",
37705
+ "tactic": "Execution"
37706
+ },
37707
+ {
37708
+ "id": "AML.T0054",
37709
+ "name": "LLM Jailbreak",
37710
+ "tactic": "Defense Evasion"
37711
+ },
37712
+ {
37713
+ "id": "AML.T0096",
37714
+ "name": "AI API as Covert C2 Channel",
37715
+ "tactic": "Command and Control"
37716
+ }
37717
+ ],
37718
+ "d3fend": [
37719
+ {
37720
+ "id": "D3-ASLR",
37721
+ "name": "Address Space Layout Randomization",
37722
+ "tactic": "Harden"
37723
+ },
37724
+ {
37725
+ "id": "D3-CSPP",
37726
+ "name": "Client-server Payload Profiling",
37727
+ "tactic": "Detect"
37728
+ },
37729
+ {
37730
+ "id": "D3-EAL",
37731
+ "name": "Executable Allowlisting",
37732
+ "tactic": "Harden"
37733
+ },
37734
+ {
37735
+ "id": "D3-IOPR",
37736
+ "name": "Input/Output Profiling Resource",
37737
+ "tactic": "Detect"
37738
+ },
37739
+ {
37740
+ "id": "D3-NTA",
37741
+ "name": "Network Traffic Analysis",
37742
+ "tactic": "Detect"
37743
+ },
37744
+ {
37745
+ "id": "D3-PHRA",
37746
+ "name": "Process Hardware Resource Access",
37747
+ "tactic": "Isolate"
37748
+ },
37749
+ {
37750
+ "id": "D3-PSEP",
37751
+ "name": "Process Segment Execution Prevention",
37752
+ "tactic": "Harden"
37753
+ }
37754
+ ],
37755
+ "framework_gaps": [
37756
+ {
37757
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
37758
+ "framework": "ALL",
37759
+ "control_name": "AI Pipeline Integrity"
37760
+ },
37761
+ {
37762
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
37763
+ "framework": "ALL",
37764
+ "control_name": "Prompt Injection as Access Control Failure"
37765
+ },
37766
+ {
37767
+ "id": "CIS-Controls-v8-Control7",
37768
+ "framework": "CIS Controls v8",
37769
+ "control_name": "Continuous Vulnerability Management"
37770
+ },
37771
+ {
37772
+ "id": "CMMC-2.0-Level-2",
37773
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
37774
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
37775
+ },
37776
+ {
37777
+ "id": "FedRAMP-Rev5-Moderate",
37778
+ "framework": "FedRAMP Rev 5 Moderate",
37779
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
37780
+ },
37781
+ {
37782
+ "id": "IEC-62443-3-3",
37783
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
37784
+ "control_name": "System security requirements and security levels"
37785
+ },
37786
+ {
37787
+ "id": "ISO-27001-2022-A.8.28",
37788
+ "framework": "ISO/IEC 27001:2022",
37789
+ "control_name": "Secure coding"
37790
+ },
37791
+ {
37792
+ "id": "ISO-27001-2022-A.8.8",
37793
+ "framework": "ISO/IEC 27001:2022",
37794
+ "control_name": "Management of technical vulnerabilities"
37795
+ },
37796
+ {
37797
+ "id": "ISO-IEC-23894-2023-clause-7",
37798
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
37799
+ "control_name": "AI risk management process"
37800
+ },
37801
+ {
37802
+ "id": "NERC-CIP-007-6-R4",
37803
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
37804
+ "control_name": "Security event monitoring"
37805
+ },
37806
+ {
37807
+ "id": "NIS2-Art21-patch-management",
37808
+ "framework": "EU NIS2 Directive",
37809
+ "control_name": "Vulnerability handling and disclosure"
37810
+ },
37811
+ {
37812
+ "id": "NIST-800-115",
37813
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
37814
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
37815
+ },
37816
+ {
37817
+ "id": "NIST-800-218-SSDF",
37818
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
37819
+ "control_name": "Secure Software Development Framework"
37820
+ },
37821
+ {
37822
+ "id": "NIST-800-53-AC-2",
37823
+ "framework": "NIST SP 800-53 Rev 5",
37824
+ "control_name": "Account Management"
37825
+ },
37826
+ {
37827
+ "id": "NIST-800-53-SC-8",
37828
+ "framework": "NIST SP 800-53 Rev 5",
37829
+ "control_name": "Transmission Confidentiality and Integrity"
37830
+ },
37831
+ {
37832
+ "id": "NIST-800-53-SI-2",
37833
+ "framework": "NIST SP 800-53 Rev 5",
37834
+ "control_name": "Flaw Remediation"
37835
+ },
37836
+ {
37837
+ "id": "NIST-800-53-SI-3",
37838
+ "framework": "NIST SP 800-53 Rev 5",
37839
+ "control_name": "Malicious Code Protection"
37840
+ },
37841
+ {
37842
+ "id": "NIST-800-82r3",
37843
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
37844
+ "control_name": "Guide to Operational Technology (OT) Security"
37845
+ },
37846
+ {
37847
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
37848
+ "framework": "OWASP Top 10 for LLM Applications 2025",
37849
+ "control_name": "Prompt Injection"
37850
+ },
37851
+ {
37852
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
37853
+ "framework": "OWASP Top 10 for LLM Applications 2025",
37854
+ "control_name": "Sensitive Information Disclosure"
37855
+ },
37856
+ {
37857
+ "id": "OWASP-Pen-Testing-Guide-v5",
37858
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
37859
+ "control_name": "Web application penetration testing methodology"
37860
+ },
37861
+ {
37862
+ "id": "PCI-DSS-4.0-6.3.3",
37863
+ "framework": "PCI DSS 4.0",
37864
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
37865
+ },
37866
+ {
37867
+ "id": "PTES-Pre-engagement",
37868
+ "framework": "Penetration Testing Execution Standard (PTES)",
37869
+ "control_name": "Pre-engagement Interactions"
37870
+ },
37871
+ {
37872
+ "id": "SOC2-CC6-logical-access",
37873
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
37874
+ "control_name": "Logical and Physical Access Controls"
37875
+ },
37876
+ {
37877
+ "id": "SOC2-CC9-vendor-management",
37878
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
37879
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
37880
+ }
37881
+ ],
37882
+ "attack_refs": [
37883
+ "T0855",
37884
+ "T0883",
37885
+ "T1059",
37886
+ "T1068",
37887
+ "T1078",
37888
+ "T1133",
37889
+ "T1190",
37890
+ "T1548.001",
37891
+ "T1566"
37892
+ ],
37893
+ "rfc_refs": [
37894
+ "RFC-4301",
37895
+ "RFC-4303",
37896
+ "RFC-7296"
37897
+ ]
37898
+ }
37899
+ },
37900
+ "CVE-2026-45829": {
37901
+ "name": "ChromaDB FastAPI Pre-Auth Remote Code Execution (ChromaToast)",
37902
+ "rwep": 44,
37903
+ "cvss": 10,
37904
+ "cisa_kev": false,
37905
+ "epss_score": null,
37906
+ "referencing_skills": [
37907
+ "kernel-lpe-triage",
37908
+ "ai-attack-surface",
37909
+ "compliance-theater",
37910
+ "attack-surface-pentest",
37911
+ "ot-ics-security",
37912
+ "coordinated-vuln-disclosure",
37913
+ "sector-energy"
37914
+ ],
37915
+ "chain": {
37916
+ "cwes": [
37917
+ {
37918
+ "id": "CWE-1037",
37919
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
37920
+ "category": "Hardware / Side Channel"
37921
+ },
37922
+ {
37923
+ "id": "CWE-1039",
37924
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
37925
+ "category": "AI/ML"
37926
+ },
37927
+ {
37928
+ "id": "CWE-125",
37929
+ "name": "Out-of-bounds Read",
37930
+ "category": "Memory Safety"
37931
+ },
37932
+ {
37933
+ "id": "CWE-1357",
37934
+ "name": "Reliance on Insufficiently Trustworthy Component",
37935
+ "category": "Supply Chain"
37936
+ },
37937
+ {
37938
+ "id": "CWE-1395",
37939
+ "name": "Dependency on Vulnerable Third-Party Component",
37940
+ "category": "Supply Chain"
37941
+ },
37942
+ {
37943
+ "id": "CWE-1426",
37944
+ "name": "Improper Validation of Generative AI Output",
37945
+ "category": "AI/ML"
37946
+ },
37947
+ {
37948
+ "id": "CWE-22",
37949
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
37950
+ "category": "Path/Resource"
37951
+ },
37952
+ {
37953
+ "id": "CWE-269",
37954
+ "name": "Improper Privilege Management",
37955
+ "category": "Authorization"
37956
+ },
37957
+ {
37958
+ "id": "CWE-287",
37959
+ "name": "Improper Authentication",
37960
+ "category": "Authentication"
37961
+ },
37962
+ {
37963
+ "id": "CWE-306",
37964
+ "name": "Missing Authentication for Critical Function",
37965
+ "category": "Authentication"
37966
+ },
37967
+ {
37968
+ "id": "CWE-352",
37969
+ "name": "Cross-Site Request Forgery (CSRF)",
37970
+ "category": "Session"
37971
+ },
37972
+ {
37973
+ "id": "CWE-362",
37974
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
37975
+ "category": "Concurrency"
37976
+ },
37977
+ {
37978
+ "id": "CWE-416",
37979
+ "name": "Use After Free",
37980
+ "category": "Memory Safety"
37981
+ },
37982
+ {
37983
+ "id": "CWE-434",
37984
+ "name": "Unrestricted Upload of File with Dangerous Type",
37985
+ "category": "File Handling"
37986
+ },
37987
+ {
37988
+ "id": "CWE-672",
37989
+ "name": "Operation on a Resource after Expiration or Release",
37990
+ "category": "Memory Safety"
37991
+ },
37992
+ {
37993
+ "id": "CWE-732",
37994
+ "name": "Incorrect Permission Assignment for Critical Resource",
37995
+ "category": "Authorization"
37996
+ },
37997
+ {
37998
+ "id": "CWE-78",
37999
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
38000
+ "category": "Injection"
38001
+ },
38002
+ {
38003
+ "id": "CWE-787",
38004
+ "name": "Out-of-bounds Write",
38005
+ "category": "Memory Safety"
38006
+ },
38007
+ {
38008
+ "id": "CWE-79",
38009
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
38010
+ "category": "Injection"
38011
+ },
38012
+ {
38013
+ "id": "CWE-798",
38014
+ "name": "Use of Hard-coded Credentials",
38015
+ "category": "Credentials"
38016
+ },
38017
+ {
38018
+ "id": "CWE-89",
38019
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
38020
+ "category": "Injection"
38021
+ },
38022
+ {
38023
+ "id": "CWE-918",
38024
+ "name": "Server-Side Request Forgery (SSRF)",
38025
+ "category": "Network"
38026
+ },
38027
+ {
38028
+ "id": "CWE-94",
38029
+ "name": "Improper Control of Generation of Code (Code Injection)",
38030
+ "category": "Injection"
38031
+ }
38032
+ ],
38033
+ "atlas": [
38034
+ {
38035
+ "id": "AML.T0010",
38036
+ "name": "ML Supply Chain Compromise",
38037
+ "tactic": "Initial Access"
38038
+ },
38039
+ {
38040
+ "id": "AML.T0016",
38041
+ "name": "Obtain Capabilities: Develop Capabilities",
38042
+ "tactic": "Resource Development"
38043
+ },
38044
+ {
38045
+ "id": "AML.T0017",
38046
+ "name": "Discover ML Model Ontology",
38047
+ "tactic": "Discovery"
38048
+ },
38049
+ {
38050
+ "id": "AML.T0018",
38051
+ "name": "Backdoor ML Model",
38052
+ "tactic": "Persistence"
38053
+ },
38054
+ {
38055
+ "id": "AML.T0020",
38056
+ "name": "Poison Training Data",
38057
+ "tactic": "ML Attack Staging"
38058
+ },
38059
+ {
38060
+ "id": "AML.T0043",
38061
+ "name": "Craft Adversarial Data",
38062
+ "tactic": "ML Attack Staging"
38063
+ },
38064
+ {
38065
+ "id": "AML.T0051",
38066
+ "name": "LLM Prompt Injection",
38067
+ "tactic": "Execution"
38068
+ },
38069
+ {
38070
+ "id": "AML.T0054",
38071
+ "name": "LLM Jailbreak",
38072
+ "tactic": "Defense Evasion"
38073
+ },
38074
+ {
38075
+ "id": "AML.T0096",
38076
+ "name": "AI API as Covert C2 Channel",
38077
+ "tactic": "Command and Control"
38078
+ }
38079
+ ],
38080
+ "d3fend": [
38081
+ {
38082
+ "id": "D3-ASLR",
38083
+ "name": "Address Space Layout Randomization",
38084
+ "tactic": "Harden"
38085
+ },
38086
+ {
38087
+ "id": "D3-CSPP",
38088
+ "name": "Client-server Payload Profiling",
38089
+ "tactic": "Detect"
38090
+ },
38091
+ {
38092
+ "id": "D3-EAL",
38093
+ "name": "Executable Allowlisting",
38094
+ "tactic": "Harden"
38095
+ },
38096
+ {
38097
+ "id": "D3-IOPR",
38098
+ "name": "Input/Output Profiling Resource",
38099
+ "tactic": "Detect"
38100
+ },
38101
+ {
38102
+ "id": "D3-NTA",
38103
+ "name": "Network Traffic Analysis",
38104
+ "tactic": "Detect"
38105
+ },
38106
+ {
38107
+ "id": "D3-PHRA",
38108
+ "name": "Process Hardware Resource Access",
38109
+ "tactic": "Isolate"
38110
+ },
38111
+ {
38112
+ "id": "D3-PSEP",
38113
+ "name": "Process Segment Execution Prevention",
38114
+ "tactic": "Harden"
38115
+ }
38116
+ ],
38117
+ "framework_gaps": [
38118
+ {
38119
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
38120
+ "framework": "ALL",
38121
+ "control_name": "AI Pipeline Integrity"
38122
+ },
38123
+ {
38124
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
38125
+ "framework": "ALL",
38126
+ "control_name": "Prompt Injection as Access Control Failure"
38127
+ },
38128
+ {
38129
+ "id": "CIS-Controls-v8-Control7",
38130
+ "framework": "CIS Controls v8",
38131
+ "control_name": "Continuous Vulnerability Management"
38132
+ },
38133
+ {
38134
+ "id": "CMMC-2.0-Level-2",
38135
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
38136
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
38137
+ },
38138
+ {
38139
+ "id": "FedRAMP-Rev5-Moderate",
38140
+ "framework": "FedRAMP Rev 5 Moderate",
38141
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
38142
+ },
38143
+ {
38144
+ "id": "IEC-62443-3-3",
38145
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
38146
+ "control_name": "System security requirements and security levels"
38147
+ },
38148
+ {
38149
+ "id": "ISO-27001-2022-A.8.28",
38150
+ "framework": "ISO/IEC 27001:2022",
38151
+ "control_name": "Secure coding"
38152
+ },
38153
+ {
38154
+ "id": "ISO-27001-2022-A.8.8",
38155
+ "framework": "ISO/IEC 27001:2022",
38156
+ "control_name": "Management of technical vulnerabilities"
38157
+ },
38158
+ {
38159
+ "id": "ISO-IEC-23894-2023-clause-7",
38160
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
38161
+ "control_name": "AI risk management process"
38162
+ },
38163
+ {
38164
+ "id": "NERC-CIP-007-6-R4",
38165
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
38166
+ "control_name": "Security event monitoring"
38167
+ },
38168
+ {
38169
+ "id": "NIS2-Art21-patch-management",
38170
+ "framework": "EU NIS2 Directive",
38171
+ "control_name": "Vulnerability handling and disclosure"
38172
+ },
38173
+ {
38174
+ "id": "NIST-800-115",
38175
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
38176
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
38177
+ },
38178
+ {
38179
+ "id": "NIST-800-218-SSDF",
38180
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
38181
+ "control_name": "Secure Software Development Framework"
38182
+ },
38183
+ {
38184
+ "id": "NIST-800-53-AC-2",
38185
+ "framework": "NIST SP 800-53 Rev 5",
38186
+ "control_name": "Account Management"
38187
+ },
38188
+ {
38189
+ "id": "NIST-800-53-SC-8",
38190
+ "framework": "NIST SP 800-53 Rev 5",
38191
+ "control_name": "Transmission Confidentiality and Integrity"
38192
+ },
38193
+ {
38194
+ "id": "NIST-800-53-SI-2",
38195
+ "framework": "NIST SP 800-53 Rev 5",
38196
+ "control_name": "Flaw Remediation"
38197
+ },
38198
+ {
38199
+ "id": "NIST-800-53-SI-3",
38200
+ "framework": "NIST SP 800-53 Rev 5",
38201
+ "control_name": "Malicious Code Protection"
38202
+ },
38203
+ {
38204
+ "id": "NIST-800-82r3",
38205
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
38206
+ "control_name": "Guide to Operational Technology (OT) Security"
38207
+ },
38208
+ {
38209
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
38210
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38211
+ "control_name": "Prompt Injection"
38212
+ },
38213
+ {
38214
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
38215
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38216
+ "control_name": "Sensitive Information Disclosure"
38217
+ },
38218
+ {
38219
+ "id": "OWASP-Pen-Testing-Guide-v5",
38220
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
38221
+ "control_name": "Web application penetration testing methodology"
38222
+ },
38223
+ {
38224
+ "id": "PCI-DSS-4.0-6.3.3",
38225
+ "framework": "PCI DSS 4.0",
38226
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
38227
+ },
38228
+ {
38229
+ "id": "PTES-Pre-engagement",
38230
+ "framework": "Penetration Testing Execution Standard (PTES)",
38231
+ "control_name": "Pre-engagement Interactions"
38232
+ },
38233
+ {
38234
+ "id": "SOC2-CC6-logical-access",
38235
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
38236
+ "control_name": "Logical and Physical Access Controls"
38237
+ },
38238
+ {
38239
+ "id": "SOC2-CC9-vendor-management",
38240
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
38241
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
38242
+ }
38243
+ ],
38244
+ "attack_refs": [
38245
+ "T0855",
38246
+ "T0883",
38247
+ "T1059",
38248
+ "T1068",
38249
+ "T1078",
38250
+ "T1133",
38251
+ "T1190",
38252
+ "T1548.001",
38253
+ "T1566"
38254
+ ],
38255
+ "rfc_refs": [
38256
+ "RFC-4301",
38257
+ "RFC-4303",
38258
+ "RFC-7296"
38259
+ ]
38260
+ }
38261
+ },
38262
+ "CVE-2025-67818": {
38263
+ "name": "Weaviate Backup Restore ZipSlip Path Traversal",
38264
+ "rwep": 25,
38265
+ "cvss": 7.2,
38266
+ "cisa_kev": false,
38267
+ "epss_score": null,
38268
+ "referencing_skills": [
38269
+ "kernel-lpe-triage",
38270
+ "ai-attack-surface",
38271
+ "compliance-theater",
38272
+ "attack-surface-pentest",
38273
+ "ot-ics-security",
38274
+ "coordinated-vuln-disclosure",
38275
+ "sector-energy"
38276
+ ],
38277
+ "chain": {
38278
+ "cwes": [
38279
+ {
38280
+ "id": "CWE-1037",
38281
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
38282
+ "category": "Hardware / Side Channel"
38283
+ },
38284
+ {
38285
+ "id": "CWE-1039",
38286
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
38287
+ "category": "AI/ML"
38288
+ },
38289
+ {
38290
+ "id": "CWE-125",
38291
+ "name": "Out-of-bounds Read",
38292
+ "category": "Memory Safety"
38293
+ },
38294
+ {
38295
+ "id": "CWE-1357",
38296
+ "name": "Reliance on Insufficiently Trustworthy Component",
38297
+ "category": "Supply Chain"
38298
+ },
38299
+ {
38300
+ "id": "CWE-1395",
38301
+ "name": "Dependency on Vulnerable Third-Party Component",
38302
+ "category": "Supply Chain"
38303
+ },
38304
+ {
38305
+ "id": "CWE-1426",
38306
+ "name": "Improper Validation of Generative AI Output",
38307
+ "category": "AI/ML"
38308
+ },
38309
+ {
38310
+ "id": "CWE-22",
38311
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
38312
+ "category": "Path/Resource"
38313
+ },
38314
+ {
38315
+ "id": "CWE-269",
38316
+ "name": "Improper Privilege Management",
38317
+ "category": "Authorization"
38318
+ },
38319
+ {
38320
+ "id": "CWE-287",
38321
+ "name": "Improper Authentication",
38322
+ "category": "Authentication"
38323
+ },
38324
+ {
38325
+ "id": "CWE-306",
38326
+ "name": "Missing Authentication for Critical Function",
38327
+ "category": "Authentication"
38328
+ },
38329
+ {
38330
+ "id": "CWE-352",
38331
+ "name": "Cross-Site Request Forgery (CSRF)",
38332
+ "category": "Session"
38333
+ },
38334
+ {
38335
+ "id": "CWE-362",
38336
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
38337
+ "category": "Concurrency"
38338
+ },
38339
+ {
38340
+ "id": "CWE-416",
38341
+ "name": "Use After Free",
38342
+ "category": "Memory Safety"
38343
+ },
38344
+ {
38345
+ "id": "CWE-434",
38346
+ "name": "Unrestricted Upload of File with Dangerous Type",
38347
+ "category": "File Handling"
38348
+ },
38349
+ {
38350
+ "id": "CWE-672",
38351
+ "name": "Operation on a Resource after Expiration or Release",
38352
+ "category": "Memory Safety"
38353
+ },
38354
+ {
38355
+ "id": "CWE-732",
38356
+ "name": "Incorrect Permission Assignment for Critical Resource",
38357
+ "category": "Authorization"
38358
+ },
38359
+ {
38360
+ "id": "CWE-78",
38361
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
38362
+ "category": "Injection"
38363
+ },
38364
+ {
38365
+ "id": "CWE-787",
38366
+ "name": "Out-of-bounds Write",
38367
+ "category": "Memory Safety"
38368
+ },
38369
+ {
38370
+ "id": "CWE-79",
38371
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
38372
+ "category": "Injection"
38373
+ },
38374
+ {
38375
+ "id": "CWE-798",
38376
+ "name": "Use of Hard-coded Credentials",
38377
+ "category": "Credentials"
38378
+ },
38379
+ {
38380
+ "id": "CWE-89",
38381
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
38382
+ "category": "Injection"
38383
+ },
38384
+ {
38385
+ "id": "CWE-918",
38386
+ "name": "Server-Side Request Forgery (SSRF)",
38387
+ "category": "Network"
38388
+ },
38389
+ {
38390
+ "id": "CWE-94",
38391
+ "name": "Improper Control of Generation of Code (Code Injection)",
38392
+ "category": "Injection"
38393
+ }
38394
+ ],
38395
+ "atlas": [
38396
+ {
38397
+ "id": "AML.T0010",
38398
+ "name": "ML Supply Chain Compromise",
38399
+ "tactic": "Initial Access"
38400
+ },
38401
+ {
38402
+ "id": "AML.T0016",
38403
+ "name": "Obtain Capabilities: Develop Capabilities",
38404
+ "tactic": "Resource Development"
38405
+ },
38406
+ {
38407
+ "id": "AML.T0017",
38408
+ "name": "Discover ML Model Ontology",
38409
+ "tactic": "Discovery"
38410
+ },
38411
+ {
38412
+ "id": "AML.T0018",
38413
+ "name": "Backdoor ML Model",
38414
+ "tactic": "Persistence"
38415
+ },
38416
+ {
38417
+ "id": "AML.T0020",
38418
+ "name": "Poison Training Data",
38419
+ "tactic": "ML Attack Staging"
38420
+ },
38421
+ {
38422
+ "id": "AML.T0043",
38423
+ "name": "Craft Adversarial Data",
38424
+ "tactic": "ML Attack Staging"
38425
+ },
38426
+ {
38427
+ "id": "AML.T0051",
38428
+ "name": "LLM Prompt Injection",
38429
+ "tactic": "Execution"
38430
+ },
38431
+ {
38432
+ "id": "AML.T0054",
38433
+ "name": "LLM Jailbreak",
38434
+ "tactic": "Defense Evasion"
38435
+ },
38436
+ {
38437
+ "id": "AML.T0096",
38438
+ "name": "AI API as Covert C2 Channel",
38439
+ "tactic": "Command and Control"
38440
+ }
38441
+ ],
38442
+ "d3fend": [
38443
+ {
38444
+ "id": "D3-ASLR",
38445
+ "name": "Address Space Layout Randomization",
38446
+ "tactic": "Harden"
38447
+ },
38448
+ {
38449
+ "id": "D3-CSPP",
38450
+ "name": "Client-server Payload Profiling",
38451
+ "tactic": "Detect"
38452
+ },
38453
+ {
38454
+ "id": "D3-EAL",
38455
+ "name": "Executable Allowlisting",
38456
+ "tactic": "Harden"
38457
+ },
38458
+ {
38459
+ "id": "D3-IOPR",
38460
+ "name": "Input/Output Profiling Resource",
38461
+ "tactic": "Detect"
38462
+ },
38463
+ {
38464
+ "id": "D3-NTA",
38465
+ "name": "Network Traffic Analysis",
38466
+ "tactic": "Detect"
38467
+ },
38468
+ {
38469
+ "id": "D3-PHRA",
38470
+ "name": "Process Hardware Resource Access",
38471
+ "tactic": "Isolate"
38472
+ },
38473
+ {
38474
+ "id": "D3-PSEP",
38475
+ "name": "Process Segment Execution Prevention",
38476
+ "tactic": "Harden"
38477
+ }
38478
+ ],
38479
+ "framework_gaps": [
38480
+ {
38481
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
38482
+ "framework": "ALL",
38483
+ "control_name": "AI Pipeline Integrity"
38484
+ },
38485
+ {
38486
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
38487
+ "framework": "ALL",
38488
+ "control_name": "Prompt Injection as Access Control Failure"
38489
+ },
38490
+ {
38491
+ "id": "CIS-Controls-v8-Control7",
38492
+ "framework": "CIS Controls v8",
38493
+ "control_name": "Continuous Vulnerability Management"
38494
+ },
38495
+ {
38496
+ "id": "CMMC-2.0-Level-2",
38497
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
38498
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
38499
+ },
38500
+ {
38501
+ "id": "FedRAMP-Rev5-Moderate",
38502
+ "framework": "FedRAMP Rev 5 Moderate",
38503
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
38504
+ },
38505
+ {
38506
+ "id": "IEC-62443-3-3",
38507
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
38508
+ "control_name": "System security requirements and security levels"
38509
+ },
38510
+ {
38511
+ "id": "ISO-27001-2022-A.8.28",
38512
+ "framework": "ISO/IEC 27001:2022",
38513
+ "control_name": "Secure coding"
38514
+ },
38515
+ {
38516
+ "id": "ISO-27001-2022-A.8.8",
38517
+ "framework": "ISO/IEC 27001:2022",
38518
+ "control_name": "Management of technical vulnerabilities"
38519
+ },
38520
+ {
38521
+ "id": "ISO-IEC-23894-2023-clause-7",
38522
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
38523
+ "control_name": "AI risk management process"
38524
+ },
38525
+ {
38526
+ "id": "NERC-CIP-007-6-R4",
38527
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
38528
+ "control_name": "Security event monitoring"
38529
+ },
38530
+ {
38531
+ "id": "NIS2-Art21-patch-management",
38532
+ "framework": "EU NIS2 Directive",
38533
+ "control_name": "Vulnerability handling and disclosure"
38534
+ },
38535
+ {
38536
+ "id": "NIST-800-115",
38537
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
38538
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
38539
+ },
38540
+ {
38541
+ "id": "NIST-800-218-SSDF",
38542
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
38543
+ "control_name": "Secure Software Development Framework"
38544
+ },
38545
+ {
38546
+ "id": "NIST-800-53-AC-2",
38547
+ "framework": "NIST SP 800-53 Rev 5",
38548
+ "control_name": "Account Management"
38549
+ },
38550
+ {
38551
+ "id": "NIST-800-53-SC-8",
38552
+ "framework": "NIST SP 800-53 Rev 5",
38553
+ "control_name": "Transmission Confidentiality and Integrity"
38554
+ },
38555
+ {
38556
+ "id": "NIST-800-53-SI-2",
38557
+ "framework": "NIST SP 800-53 Rev 5",
38558
+ "control_name": "Flaw Remediation"
38559
+ },
38560
+ {
38561
+ "id": "NIST-800-53-SI-3",
38562
+ "framework": "NIST SP 800-53 Rev 5",
38563
+ "control_name": "Malicious Code Protection"
38564
+ },
38565
+ {
38566
+ "id": "NIST-800-82r3",
38567
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
38568
+ "control_name": "Guide to Operational Technology (OT) Security"
38569
+ },
38570
+ {
38571
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
38572
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38573
+ "control_name": "Prompt Injection"
38574
+ },
38575
+ {
38576
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
38577
+ "framework": "OWASP Top 10 for LLM Applications 2025",
38578
+ "control_name": "Sensitive Information Disclosure"
38579
+ },
38580
+ {
38581
+ "id": "OWASP-Pen-Testing-Guide-v5",
38582
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
38583
+ "control_name": "Web application penetration testing methodology"
38584
+ },
38585
+ {
38586
+ "id": "PCI-DSS-4.0-6.3.3",
38587
+ "framework": "PCI DSS 4.0",
38588
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
38589
+ },
38590
+ {
38591
+ "id": "PTES-Pre-engagement",
38592
+ "framework": "Penetration Testing Execution Standard (PTES)",
38593
+ "control_name": "Pre-engagement Interactions"
38594
+ },
38595
+ {
38596
+ "id": "SOC2-CC6-logical-access",
38597
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
38598
+ "control_name": "Logical and Physical Access Controls"
38599
+ },
38600
+ {
38601
+ "id": "SOC2-CC9-vendor-management",
38602
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
38603
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
38604
+ }
38605
+ ],
38606
+ "attack_refs": [
38607
+ "T0855",
38608
+ "T0883",
38609
+ "T1059",
38610
+ "T1068",
38611
+ "T1078",
38612
+ "T1133",
38613
+ "T1190",
38614
+ "T1548.001",
38615
+ "T1566"
38616
+ ],
38617
+ "rfc_refs": [
38618
+ "RFC-4301",
38619
+ "RFC-4303",
38620
+ "RFC-7296"
38621
+ ]
38622
+ }
38623
+ },
37538
38624
  "CVE-2026-41091": {
37539
38625
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
37540
38626
  "rwep": 45,
@@ -63948,6 +65034,7 @@
63948
65034
  "CVE-2025-23266",
63949
65035
  "CVE-2025-30165",
63950
65036
  "CVE-2025-30202",
65037
+ "CVE-2025-32434",
63951
65038
  "CVE-2025-32444",
63952
65039
  "CVE-2025-33236",
63953
65040
  "CVE-2025-34291",
@@ -63960,6 +65047,7 @@
63960
65047
  "CVE-2025-60455",
63961
65048
  "CVE-2025-64496",
63962
65049
  "CVE-2025-64513",
65050
+ "CVE-2025-67818",
63963
65051
  "CVE-2025-6965",
63964
65052
  "CVE-2025-8747",
63965
65053
  "CVE-2026-0766",
@@ -63988,6 +65076,7 @@
63988
65076
  "CVE-2026-42208",
63989
65077
  "CVE-2026-45321",
63990
65078
  "CVE-2026-45498",
65079
+ "CVE-2026-45829",
63991
65080
  "CVE-2026-46300",
63992
65081
  "CVE-2026-46333",
63993
65082
  "CVE-2026-9082",
@@ -64351,6 +65440,7 @@
64351
65440
  "CVE-2025-23266",
64352
65441
  "CVE-2025-30165",
64353
65442
  "CVE-2025-30202",
65443
+ "CVE-2025-32434",
64354
65444
  "CVE-2025-32444",
64355
65445
  "CVE-2025-33236",
64356
65446
  "CVE-2025-34291",
@@ -64361,6 +65451,7 @@
64361
65451
  "CVE-2025-60455",
64362
65452
  "CVE-2025-64496",
64363
65453
  "CVE-2025-64513",
65454
+ "CVE-2025-67818",
64364
65455
  "CVE-2025-6965",
64365
65456
  "CVE-2025-8747",
64366
65457
  "CVE-2026-0766",
@@ -64388,6 +65479,7 @@
64388
65479
  "CVE-2026-42208",
64389
65480
  "CVE-2026-45321",
64390
65481
  "CVE-2026-45498",
65482
+ "CVE-2026-45829",
64391
65483
  "CVE-2026-46300",
64392
65484
  "CVE-2026-46333",
64393
65485
  "CVE-2026-9082",
@@ -64547,6 +65639,7 @@
64547
65639
  "CVE-2025-23266",
64548
65640
  "CVE-2025-30165",
64549
65641
  "CVE-2025-30202",
65642
+ "CVE-2025-32434",
64550
65643
  "CVE-2025-32444",
64551
65644
  "CVE-2025-33236",
64552
65645
  "CVE-2025-34291",
@@ -64557,6 +65650,7 @@
64557
65650
  "CVE-2025-60455",
64558
65651
  "CVE-2025-64496",
64559
65652
  "CVE-2025-64513",
65653
+ "CVE-2025-67818",
64560
65654
  "CVE-2025-6965",
64561
65655
  "CVE-2025-8747",
64562
65656
  "CVE-2026-0766",
@@ -64584,6 +65678,7 @@
64584
65678
  "CVE-2026-42208",
64585
65679
  "CVE-2026-45321",
64586
65680
  "CVE-2026-45498",
65681
+ "CVE-2026-45829",
64587
65682
  "CVE-2026-46300",
64588
65683
  "CVE-2026-46333",
64589
65684
  "CVE-2026-9082",
@@ -64757,6 +65852,7 @@
64757
65852
  "CVE-2025-23266",
64758
65853
  "CVE-2025-30165",
64759
65854
  "CVE-2025-30202",
65855
+ "CVE-2025-32434",
64760
65856
  "CVE-2025-32444",
64761
65857
  "CVE-2025-33236",
64762
65858
  "CVE-2025-34291",
@@ -64767,6 +65863,7 @@
64767
65863
  "CVE-2025-60455",
64768
65864
  "CVE-2025-64496",
64769
65865
  "CVE-2025-64513",
65866
+ "CVE-2025-67818",
64770
65867
  "CVE-2025-6965",
64771
65868
  "CVE-2025-8747",
64772
65869
  "CVE-2026-0766",
@@ -64794,6 +65891,7 @@
64794
65891
  "CVE-2026-42208",
64795
65892
  "CVE-2026-45321",
64796
65893
  "CVE-2026-45498",
65894
+ "CVE-2026-45829",
64797
65895
  "CVE-2026-46300",
64798
65896
  "CVE-2026-46333",
64799
65897
  "CVE-2026-9082",
@@ -65072,6 +66170,7 @@
65072
66170
  "CVE-2025-23266",
65073
66171
  "CVE-2025-30165",
65074
66172
  "CVE-2025-30202",
66173
+ "CVE-2025-32434",
65075
66174
  "CVE-2025-32444",
65076
66175
  "CVE-2025-33236",
65077
66176
  "CVE-2025-34291",
@@ -65082,6 +66181,7 @@
65082
66181
  "CVE-2025-60455",
65083
66182
  "CVE-2025-64496",
65084
66183
  "CVE-2025-64513",
66184
+ "CVE-2025-67818",
65085
66185
  "CVE-2025-6965",
65086
66186
  "CVE-2025-8747",
65087
66187
  "CVE-2026-0766",
@@ -65109,6 +66209,7 @@
65109
66209
  "CVE-2026-40933",
65110
66210
  "CVE-2026-42208",
65111
66211
  "CVE-2026-45321",
66212
+ "CVE-2026-45829",
65112
66213
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
65113
66214
  "MAL-2026-3083",
65114
66215
  "MAL-2026-NODE-IPC-STEALER"
@@ -65397,6 +66498,7 @@
65397
66498
  "CVE-2025-31277",
65398
66499
  "CVE-2025-32432",
65399
66500
  "CVE-2025-32433",
66501
+ "CVE-2025-32434",
65400
66502
  "CVE-2025-32444",
65401
66503
  "CVE-2025-32463",
65402
66504
  "CVE-2025-32701",
@@ -65492,6 +66594,7 @@
65492
66594
  "CVE-2025-6558",
65493
66595
  "CVE-2025-66376",
65494
66596
  "CVE-2025-66644",
66597
+ "CVE-2025-67818",
65495
66598
  "CVE-2025-68461",
65496
66599
  "CVE-2025-68613",
65497
66600
  "CVE-2025-68645",
@@ -65575,6 +66678,7 @@
65575
66678
  "CVE-2026-43500",
65576
66679
  "CVE-2026-45321",
65577
66680
  "CVE-2026-45498",
66681
+ "CVE-2026-45829",
65578
66682
  "CVE-2026-46300",
65579
66683
  "CVE-2026-46333",
65580
66684
  "CVE-2026-5281",
@@ -66201,6 +67305,7 @@
66201
67305
  "CVE-2025-23266",
66202
67306
  "CVE-2025-30165",
66203
67307
  "CVE-2025-30202",
67308
+ "CVE-2025-32434",
66204
67309
  "CVE-2025-32444",
66205
67310
  "CVE-2025-33236",
66206
67311
  "CVE-2025-34291",
@@ -66213,6 +67318,7 @@
66213
67318
  "CVE-2025-60455",
66214
67319
  "CVE-2025-64496",
66215
67320
  "CVE-2025-64513",
67321
+ "CVE-2025-67818",
66216
67322
  "CVE-2025-6965",
66217
67323
  "CVE-2025-8747",
66218
67324
  "CVE-2026-0766",
@@ -66241,6 +67347,7 @@
66241
67347
  "CVE-2026-42208",
66242
67348
  "CVE-2026-45321",
66243
67349
  "CVE-2026-45498",
67350
+ "CVE-2026-45829",
66244
67351
  "CVE-2026-46300",
66245
67352
  "CVE-2026-46333",
66246
67353
  "CVE-2026-9082",
@@ -66836,6 +67943,7 @@
66836
67943
  "CVE-2025-23266",
66837
67944
  "CVE-2025-30165",
66838
67945
  "CVE-2025-30202",
67946
+ "CVE-2025-32434",
66839
67947
  "CVE-2025-32444",
66840
67948
  "CVE-2025-33236",
66841
67949
  "CVE-2025-34291",
@@ -66848,6 +67956,7 @@
66848
67956
  "CVE-2025-60455",
66849
67957
  "CVE-2025-64496",
66850
67958
  "CVE-2025-64513",
67959
+ "CVE-2025-67818",
66851
67960
  "CVE-2025-6965",
66852
67961
  "CVE-2025-8747",
66853
67962
  "CVE-2026-0766",
@@ -66876,6 +67985,7 @@
66876
67985
  "CVE-2026-42208",
66877
67986
  "CVE-2026-45321",
66878
67987
  "CVE-2026-45498",
67988
+ "CVE-2026-45829",
66879
67989
  "CVE-2026-46300",
66880
67990
  "CVE-2026-46333",
66881
67991
  "CVE-2026-9082",
@@ -67107,6 +68217,7 @@
67107
68217
  "CVE-2025-23266",
67108
68218
  "CVE-2025-30165",
67109
68219
  "CVE-2025-30202",
68220
+ "CVE-2025-32434",
67110
68221
  "CVE-2025-32444",
67111
68222
  "CVE-2025-33236",
67112
68223
  "CVE-2025-34291",
@@ -67118,6 +68229,7 @@
67118
68229
  "CVE-2025-60455",
67119
68230
  "CVE-2025-64496",
67120
68231
  "CVE-2025-64513",
68232
+ "CVE-2025-67818",
67121
68233
  "CVE-2025-8747",
67122
68234
  "CVE-2026-0766",
67123
68235
  "CVE-2026-22252",
@@ -67143,6 +68255,7 @@
67143
68255
  "CVE-2026-41091",
67144
68256
  "CVE-2026-45321",
67145
68257
  "CVE-2026-45498",
68258
+ "CVE-2026-45829",
67146
68259
  "CVE-2026-46300",
67147
68260
  "CVE-2026-46333",
67148
68261
  "CVE-2026-9082",
@@ -67808,6 +68921,7 @@
67808
68921
  "CVE-2025-23266",
67809
68922
  "CVE-2025-30165",
67810
68923
  "CVE-2025-30202",
68924
+ "CVE-2025-32434",
67811
68925
  "CVE-2025-32444",
67812
68926
  "CVE-2025-33236",
67813
68927
  "CVE-2025-34291",
@@ -67820,6 +68934,7 @@
67820
68934
  "CVE-2025-60455",
67821
68935
  "CVE-2025-64496",
67822
68936
  "CVE-2025-64513",
68937
+ "CVE-2025-67818",
67823
68938
  "CVE-2025-6965",
67824
68939
  "CVE-2025-8747",
67825
68940
  "CVE-2026-0766",
@@ -67848,6 +68963,7 @@
67848
68963
  "CVE-2026-42208",
67849
68964
  "CVE-2026-45321",
67850
68965
  "CVE-2026-45498",
68966
+ "CVE-2026-45829",
67851
68967
  "CVE-2026-46300",
67852
68968
  "CVE-2026-46333",
67853
68969
  "CVE-2026-9082",
@@ -68139,6 +69255,7 @@
68139
69255
  "CVE-2025-31277",
68140
69256
  "CVE-2025-32432",
68141
69257
  "CVE-2025-32433",
69258
+ "CVE-2025-32434",
68142
69259
  "CVE-2025-32444",
68143
69260
  "CVE-2025-32463",
68144
69261
  "CVE-2025-32701",
@@ -68234,6 +69351,7 @@
68234
69351
  "CVE-2025-6558",
68235
69352
  "CVE-2025-66376",
68236
69353
  "CVE-2025-66644",
69354
+ "CVE-2025-67818",
68237
69355
  "CVE-2025-68461",
68238
69356
  "CVE-2025-68613",
68239
69357
  "CVE-2025-68645",
@@ -68317,6 +69435,7 @@
68317
69435
  "CVE-2026-43500",
68318
69436
  "CVE-2026-45321",
68319
69437
  "CVE-2026-45498",
69438
+ "CVE-2026-45829",
68320
69439
  "CVE-2026-46300",
68321
69440
  "CVE-2026-46333",
68322
69441
  "CVE-2026-5281",
@@ -68595,6 +69714,7 @@
68595
69714
  "CVE-2025-31277",
68596
69715
  "CVE-2025-32432",
68597
69716
  "CVE-2025-32433",
69717
+ "CVE-2025-32434",
68598
69718
  "CVE-2025-32444",
68599
69719
  "CVE-2025-32463",
68600
69720
  "CVE-2025-32701",
@@ -68690,6 +69810,7 @@
68690
69810
  "CVE-2025-6558",
68691
69811
  "CVE-2025-66376",
68692
69812
  "CVE-2025-66644",
69813
+ "CVE-2025-67818",
68693
69814
  "CVE-2025-68461",
68694
69815
  "CVE-2025-68613",
68695
69816
  "CVE-2025-68645",
@@ -68773,6 +69894,7 @@
68773
69894
  "CVE-2026-43500",
68774
69895
  "CVE-2026-45321",
68775
69896
  "CVE-2026-45498",
69897
+ "CVE-2026-45829",
68776
69898
  "CVE-2026-46300",
68777
69899
  "CVE-2026-46333",
68778
69900
  "CVE-2026-5281",
@@ -69028,6 +70150,7 @@
69028
70150
  "CVE-2025-23266",
69029
70151
  "CVE-2025-30165",
69030
70152
  "CVE-2025-30202",
70153
+ "CVE-2025-32434",
69031
70154
  "CVE-2025-32444",
69032
70155
  "CVE-2025-33236",
69033
70156
  "CVE-2025-34291",
@@ -69040,6 +70163,7 @@
69040
70163
  "CVE-2025-60455",
69041
70164
  "CVE-2025-64496",
69042
70165
  "CVE-2025-64513",
70166
+ "CVE-2025-67818",
69043
70167
  "CVE-2025-6965",
69044
70168
  "CVE-2025-8747",
69045
70169
  "CVE-2026-0766",
@@ -69068,6 +70192,7 @@
69068
70192
  "CVE-2026-42208",
69069
70193
  "CVE-2026-45321",
69070
70194
  "CVE-2026-45498",
70195
+ "CVE-2026-45829",
69071
70196
  "CVE-2026-46300",
69072
70197
  "CVE-2026-46333",
69073
70198
  "CVE-2026-9082",
@@ -69911,6 +71036,7 @@
69911
71036
  "CVE-2025-31277",
69912
71037
  "CVE-2025-32432",
69913
71038
  "CVE-2025-32433",
71039
+ "CVE-2025-32434",
69914
71040
  "CVE-2025-32444",
69915
71041
  "CVE-2025-32463",
69916
71042
  "CVE-2025-32701",
@@ -70006,6 +71132,7 @@
70006
71132
  "CVE-2025-6558",
70007
71133
  "CVE-2025-66376",
70008
71134
  "CVE-2025-66644",
71135
+ "CVE-2025-67818",
70009
71136
  "CVE-2025-68461",
70010
71137
  "CVE-2025-68613",
70011
71138
  "CVE-2025-68645",
@@ -70089,6 +71216,7 @@
70089
71216
  "CVE-2026-43500",
70090
71217
  "CVE-2026-45321",
70091
71218
  "CVE-2026-45498",
71219
+ "CVE-2026-45829",
70092
71220
  "CVE-2026-46300",
70093
71221
  "CVE-2026-46333",
70094
71222
  "CVE-2026-5281",
@@ -70408,6 +71536,7 @@
70408
71536
  "CVE-2025-23266",
70409
71537
  "CVE-2025-30165",
70410
71538
  "CVE-2025-30202",
71539
+ "CVE-2025-32434",
70411
71540
  "CVE-2025-32444",
70412
71541
  "CVE-2025-33236",
70413
71542
  "CVE-2025-34291",
@@ -70420,6 +71549,7 @@
70420
71549
  "CVE-2025-60455",
70421
71550
  "CVE-2025-64496",
70422
71551
  "CVE-2025-64513",
71552
+ "CVE-2025-67818",
70423
71553
  "CVE-2025-6965",
70424
71554
  "CVE-2025-8747",
70425
71555
  "CVE-2026-0766",
@@ -70448,6 +71578,7 @@
70448
71578
  "CVE-2026-42208",
70449
71579
  "CVE-2026-45321",
70450
71580
  "CVE-2026-45498",
71581
+ "CVE-2026-45829",
70451
71582
  "CVE-2026-46300",
70452
71583
  "CVE-2026-46333",
70453
71584
  "CVE-2026-9082",
@@ -70820,6 +71951,7 @@
70820
71951
  "CVE-2025-31277",
70821
71952
  "CVE-2025-32432",
70822
71953
  "CVE-2025-32433",
71954
+ "CVE-2025-32434",
70823
71955
  "CVE-2025-32444",
70824
71956
  "CVE-2025-32463",
70825
71957
  "CVE-2025-32701",
@@ -70916,6 +72048,7 @@
70916
72048
  "CVE-2025-6558",
70917
72049
  "CVE-2025-66376",
70918
72050
  "CVE-2025-66644",
72051
+ "CVE-2025-67818",
70919
72052
  "CVE-2025-68461",
70920
72053
  "CVE-2025-68613",
70921
72054
  "CVE-2025-68645",
@@ -71002,6 +72135,7 @@
71002
72135
  "CVE-2026-43500",
71003
72136
  "CVE-2026-45321",
71004
72137
  "CVE-2026-45498",
72138
+ "CVE-2026-45829",
71005
72139
  "CVE-2026-46300",
71006
72140
  "CVE-2026-46333",
71007
72141
  "CVE-2026-5281",
@@ -71332,6 +72466,7 @@
71332
72466
  "CVE-2025-23266",
71333
72467
  "CVE-2025-30165",
71334
72468
  "CVE-2025-30202",
72469
+ "CVE-2025-32434",
71335
72470
  "CVE-2025-32444",
71336
72471
  "CVE-2025-33236",
71337
72472
  "CVE-2025-34291",
@@ -71344,6 +72479,7 @@
71344
72479
  "CVE-2025-60455",
71345
72480
  "CVE-2025-64496",
71346
72481
  "CVE-2025-64513",
72482
+ "CVE-2025-67818",
71347
72483
  "CVE-2025-8747",
71348
72484
  "CVE-2026-0766",
71349
72485
  "CVE-2026-22252",
@@ -71369,6 +72505,7 @@
71369
72505
  "CVE-2026-41091",
71370
72506
  "CVE-2026-45321",
71371
72507
  "CVE-2026-45498",
72508
+ "CVE-2026-45829",
71372
72509
  "CVE-2026-46300",
71373
72510
  "CVE-2026-46333",
71374
72511
  "CVE-2026-9082",
@@ -72303,6 +73440,7 @@
72303
73440
  "CVE-2025-23266",
72304
73441
  "CVE-2025-30165",
72305
73442
  "CVE-2025-30202",
73443
+ "CVE-2025-32434",
72306
73444
  "CVE-2025-32444",
72307
73445
  "CVE-2025-33236",
72308
73446
  "CVE-2025-34291",
@@ -72315,6 +73453,7 @@
72315
73453
  "CVE-2025-60455",
72316
73454
  "CVE-2025-64496",
72317
73455
  "CVE-2025-64513",
73456
+ "CVE-2025-67818",
72318
73457
  "CVE-2025-6965",
72319
73458
  "CVE-2025-8747",
72320
73459
  "CVE-2026-0766",
@@ -72343,6 +73482,7 @@
72343
73482
  "CVE-2026-42208",
72344
73483
  "CVE-2026-45321",
72345
73484
  "CVE-2026-45498",
73485
+ "CVE-2026-45829",
72346
73486
  "CVE-2026-46300",
72347
73487
  "CVE-2026-46333",
72348
73488
  "CVE-2026-9082",
@@ -72434,6 +73574,7 @@
72434
73574
  "CVE-2025-23266",
72435
73575
  "CVE-2025-30165",
72436
73576
  "CVE-2025-30202",
73577
+ "CVE-2025-32434",
72437
73578
  "CVE-2025-32444",
72438
73579
  "CVE-2025-33236",
72439
73580
  "CVE-2025-34291",
@@ -72444,6 +73585,7 @@
72444
73585
  "CVE-2025-60455",
72445
73586
  "CVE-2025-64496",
72446
73587
  "CVE-2025-64513",
73588
+ "CVE-2025-67818",
72447
73589
  "CVE-2025-8747",
72448
73590
  "CVE-2026-0766",
72449
73591
  "CVE-2026-22252",
@@ -72468,6 +73610,7 @@
72468
73610
  "CVE-2026-41091",
72469
73611
  "CVE-2026-45321",
72470
73612
  "CVE-2026-45498",
73613
+ "CVE-2026-45829",
72471
73614
  "CVE-2026-46300",
72472
73615
  "CVE-2026-46333",
72473
73616
  "CVE-2026-9082",
@@ -72638,6 +73781,7 @@
72638
73781
  "CVE-2025-23266",
72639
73782
  "CVE-2025-30165",
72640
73783
  "CVE-2025-30202",
73784
+ "CVE-2025-32434",
72641
73785
  "CVE-2025-32444",
72642
73786
  "CVE-2025-33236",
72643
73787
  "CVE-2025-34291",
@@ -72647,6 +73791,7 @@
72647
73791
  "CVE-2025-60455",
72648
73792
  "CVE-2025-64496",
72649
73793
  "CVE-2025-64513",
73794
+ "CVE-2025-67818",
72650
73795
  "CVE-2025-6965",
72651
73796
  "CVE-2025-8747",
72652
73797
  "CVE-2026-0766",
@@ -72671,7 +73816,8 @@
72671
73816
  "CVE-2026-34159",
72672
73817
  "CVE-2026-39884",
72673
73818
  "CVE-2026-40933",
72674
- "CVE-2026-42208"
73819
+ "CVE-2026-42208",
73820
+ "CVE-2026-45829"
72675
73821
  ]
72676
73822
  },
72677
73823
  "CWE-1188": {
@@ -73146,6 +74292,7 @@
73146
74292
  "CVE-2025-31277",
73147
74293
  "CVE-2025-32432",
73148
74294
  "CVE-2025-32433",
74295
+ "CVE-2025-32434",
73149
74296
  "CVE-2025-32444",
73150
74297
  "CVE-2025-32463",
73151
74298
  "CVE-2025-32701",
@@ -73236,6 +74383,7 @@
73236
74383
  "CVE-2025-6558",
73237
74384
  "CVE-2025-66376",
73238
74385
  "CVE-2025-66644",
74386
+ "CVE-2025-67818",
73239
74387
  "CVE-2025-68461",
73240
74388
  "CVE-2025-68613",
73241
74389
  "CVE-2025-68645",
@@ -73312,6 +74460,7 @@
73312
74460
  "CVE-2026-42945",
73313
74461
  "CVE-2026-45321",
73314
74462
  "CVE-2026-45498",
74463
+ "CVE-2026-45829",
73315
74464
  "CVE-2026-46300",
73316
74465
  "CVE-2026-46333",
73317
74466
  "CVE-2026-5281",
@@ -73571,6 +74720,7 @@
73571
74720
  "CVE-2025-23266",
73572
74721
  "CVE-2025-30165",
73573
74722
  "CVE-2025-30202",
74723
+ "CVE-2025-32434",
73574
74724
  "CVE-2025-32444",
73575
74725
  "CVE-2025-33236",
73576
74726
  "CVE-2025-34291",
@@ -73583,6 +74733,7 @@
73583
74733
  "CVE-2025-60455",
73584
74734
  "CVE-2025-64496",
73585
74735
  "CVE-2025-64513",
74736
+ "CVE-2025-67818",
73586
74737
  "CVE-2025-6965",
73587
74738
  "CVE-2025-8747",
73588
74739
  "CVE-2026-0766",
@@ -73610,6 +74761,7 @@
73610
74761
  "CVE-2026-41091",
73611
74762
  "CVE-2026-45321",
73612
74763
  "CVE-2026-45498",
74764
+ "CVE-2026-45829",
73613
74765
  "CVE-2026-46300",
73614
74766
  "CVE-2026-46333",
73615
74767
  "CVE-2026-9082",
@@ -73899,6 +75051,7 @@
73899
75051
  "CVE-2025-23266",
73900
75052
  "CVE-2025-30165",
73901
75053
  "CVE-2025-30202",
75054
+ "CVE-2025-32434",
73902
75055
  "CVE-2025-32444",
73903
75056
  "CVE-2025-33236",
73904
75057
  "CVE-2025-34291",
@@ -73909,6 +75062,7 @@
73909
75062
  "CVE-2025-60455",
73910
75063
  "CVE-2025-64496",
73911
75064
  "CVE-2025-64513",
75065
+ "CVE-2025-67818",
73912
75066
  "CVE-2025-6965",
73913
75067
  "CVE-2025-8747",
73914
75068
  "CVE-2026-0766",
@@ -73938,6 +75092,7 @@
73938
75092
  "CVE-2026-42897",
73939
75093
  "CVE-2026-43284",
73940
75094
  "CVE-2026-45321",
75095
+ "CVE-2026-45829",
73941
75096
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
73942
75097
  "MAL-2026-3083",
73943
75098
  "MAL-2026-NODE-IPC-STEALER",